I presented a few days ago at Cleveland’s Information Security Summit. My topic was originally to be about Threat Modeling, using a system-centric approach to analyzing the threats, assets, and vulnerabilities of an application. Because there was another session being presented on threat modeling, I wanted to offer something unique. To that end, I reworked the presentation to include a section about the Security Development Lifecycle and how threat modeling fits within it.

While the slide deck won’t give you all the information from the session, it will provide you with the highlights. The PDF version can be found here.