Threat Modeling Security in a Connected World

Threat Modeling Security in a Connected World

April 12, 2018, 2:30 PM - 3:30 PM

Sands 305 Level 1


With cyber-attacks and breaches on the rise, organizations are increasing their focus and competency in prevention and remediation. Professional cybersecurity specialists have established and leveraged a variety of effective practices to assess organizational specific threats they face as well as a step-wise process to determine their impact, priority, and measures to minimize their likelihood.

This presentation will focus on the key principal of threat models, how they operate, and are different from how the physical security industry commonly assesses risks (and are taught) in their organization today. In this session, Terry will introduce and review the first detailed threat model built for physical security. This area of research contains thousands of permutations of targets, methods and visibility of impact. Professional hacker Joe Luna will be on hand to discuss in parallel the psychology, behavior and tools adversaries use as we discuss the model and take questions from the audience.

With the evolution of 3-tier models, cloud, connected networks and devices, cryptography, and APIs, Physical Security infrastructure has been evolving to resemble IT for the past few years and along with it the same sets of challenges and risks. Unfortunately, professionals in the physical security industry, as a whole, have not subscribed to the same methodology and principles as their counterparts in information security and as a result, have greater exposure than they realize.

In this day and age, organizations can’t just buy their way to security either by having enough budget or by relying on product selection to do the work for them. Instead, the process must be targeted, unique and meaningful. Attendees will learn how to modernize their risk assessment process that builds a clear vision of effective future requirements that is inclusive of building proper controls, policy and functional demand - as a pre-requisite to determining technology, features and considering vendors.

Learning Objectives:
1. Introduction to threat models. History, application, etc.
2. Understand the role and value of threat models in physical security
3. How to change the assessment process, when to leverage.


  • Terry Gold


    Principal Analyst

    D6 Research

    Terry is the founder of D6 Research a vendor-neutral research and advisory firm specializing in security, identity, and authentication across the...

  • Joe Luna


    Managing Partner

    Furtim, Inc.

    Joe Luna has over 20 years of Information Security experience in various operational and leadership roles where he has an established track record...


  1. Show SIA Education@ISC


  1. Track
    Connected Security People & Process

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.