BSidesLuxembourg19h ago

Another talk announcement for BSides Luxembourg!

๐Ÿง ๐Ÿ” ๐—ช๐—›๐—”๐—ง ๐——๐—ข๐—˜๐—ฆ ๐—ง๐—›๐—ฅ๐—˜๐—”๐—ง ๐— ๐—ข๐——๐—˜๐—Ÿ๐—œ๐—ก๐—š ๐—ฆ๐—ข๐—Ÿ๐—ฉ๐—˜ ๐—™๐—ข๐—ฅ ๐—”๐—œ ๐—ฆ๐—˜๐—–๐—จ๐—ฅ๐—œ๐—ง๐—ฌ? โ€“ Nathan Pembe ๐Ÿ›ก๏ธ

AI doesnโ€™t create entirely new risksโ€”it amplifies the ones you already have. So how do you decide what actually matters?

This talk shows how threat modeling becomes a powerful decision-making toolโ€”helping teams identify real attack paths, prioritize security efforts, and align technical controls with compliance requirements like ISO 27001, AI Act, and NIS2. Itโ€™s not about theoryโ€”itโ€™s about making smarter security decisions from the start.

Nathan Pembe https://www.linkedin.com/in/nathanpembe/ is a Senior AppSec Consultant at NVISO, helping teams embed security into design and delivery through practical threat modeling and secure architecture practices.

๐Ÿ“… Conference Dates: 6โ€“8 May 2026 | 09:00โ€“18:00
๐Ÿ“ 14, Porte de France, Esch-sur-Alzette, Luxembourg
๐ŸŽŸ๏ธ Tickets: https://2026.bsides.lu/tickets/
๐Ÿ“… Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
๐Ÿ‘‰ Browse sessions, track talks in real time, and plan your schedule on Hacker Tracker: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #ThreatModeling #AppSec #AIAct #NIS2 #CyberSecurity

cmw19h ago
#threatmodeling so easy, literally a 6-year-old can do it.

Get your kids included early in planning your network security setup. Frame it in terms they can reason in and their models are spot on. Even including a DMZ for guests and visiting magicians.

Thank you for attending my TED talk on #parenting.
Show threadkoehntopp ~ :3d ago

@bkastl
Es gibt ja diese bekannte Analyse bezรผglich Kosten fรผr Security zu Zeitpunkt im SDLC.

Ich bin es ja gewohnt, dass man absurde intellektuelle Kopfstรคnde macht, um Security trotzdem so spรคt und mit so wenig menschlichem Denken wie mรถglich zu machen (๐Ÿคท๐Ÿปโ€โ™‚๏ธ), aber das ist jetzt eine neue Eskalation ๐Ÿคฃ

#threatmodeling

OWASP Ottawa4d ago

๐Ÿšจ OWASP Ottawa April 2026 Meetup - Featuring Rodrigo Rocha! ๐Ÿšจ

OWASP Ottawa is excited to announce our April 2026 meetup featuring Rodrigo Rocha present their talk โ€œThreat Modeling in Practice: From Diagram to Defense". The details are as follows:

๐Ÿ“ Location: 150 Louis-Pasteur Private, University of Ottawa, Room 580
๐Ÿ“… Date: April 15, 2026
โฐ Time: 6:00 PM EST - Arrival, networking, & pizza! ๐Ÿ•
6:30 PM EST - Technical Talk

Threat Modeling is often seen as heavy, theoretical, or compliance-driven, which leads to it being skipped. This session will focus on Rodrigo introducing a practical, lightweight approach to Threat Modeling that fits directly into agile workflows.

Using a real-world healthcare portal example, Rodrigo will walk us through the process from drawing a simple data flow diagram to identifying critical assets, mapping real attack scenarios (via MITRE CAPEC), linking root causes (CWE), and translating them into testable security requirements using OWASP ASVS.

Whether youโ€™re a student, early-career professional, or seasoned practitioner looking to learn more about Threat Modeling, come aboard and learn from experts!

We look forward to seeing you there in-person! If you cannot attend the event, you can watch the livestream on our YouTube channel.

๐ŸŽฅ : https://www.youtube.com/@OWASP_Ottawa

Our Github Chapter page: https://github.com/OWASP-Ottawa/chapter-guide/blob/main/Nextevent/tab_nextevent.md

#OWASP #Ottawa #Cybersecurity #ThreatModeling #InfoSec #AppSec #TechCommunity

OWASP Foundation4d ago

Great news OWASP! The Global #AppSec USA Call for Presentations has officially opened! Submit your talk and join us in San Francisco!

https://sessionize.com/owasp-global-appsec-us-2026-cfp-SF/

#cybersecurity #devsecops #threatmodeling #infosec

BSidesLuxembourgMar 25

๐Ÿ›ก๏ธ Threat Modeling Starter Training โ€“ Back by Popular Demand!
๐—ง๐—›๐—ฅ๐—˜๐—”๐—ง ๐— ๐—ข๐——๐—˜๐—Ÿ๐—Ÿ๐—œ๐—ก๐—š ๐—ฆ๐—ง๐—”๐—ฅ๐—ง๐—˜๐—ฅ ๐—ง๐—ฅ๐—”๐—œ๐—ก๐—œ๐—ก๐—š (8h) with ๐—ฅ๐—”๐—Ÿ๐—ฃ๐—› ๐—”๐—ก๐——๐—”๐—Ÿ๐—œ๐—ฆ

Perfect for beginner/intermediate software/security engineers/pentesters: master STRIDE, DREAD, PASTA methodologies to build threat models from scratch. Cover basics, terminologies, real-life examples (network/app), processes, mitigations, and full models with risk ratings. Hands-on exercises + tools like OWASP Threat Dragon. Leave ready to threat model any function/method and minimize software risks from day one. Basic code/cybersecurity knowledge helpful.

Led by Ralph Andalis https://pretalx.com/bsidesluxembourg-2026/speaker/8BUAGA/ : Senior Pentester (Middle East), ex-Microsoft Senior Security Engineer (threat modeling, code review, pentesting), OWASP ASVS contributor, 10+ years experience (NCC Group, EY, HP Fortify). Trained BSides Vancouver/Orlando 2025, OWASP AppSec PNW speaker.

๐Ÿ“… Conference Dates: 6โ€“8 May 2026 | 09:00โ€“18:00
๐Ÿ“ 14, Porte de France, Esch-sur-Alzette, Luxembourg
๐ŸŽŸ๏ธ Tickets: https://2026.bsides.lu/tickets/
๐Ÿ“… Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #ThreatModeling #Workshop #OWASP #ThreatDragon #STRIDE #DREAD #PASTE

TechNaduMar 25

Security is shifting from technical to behavioral.
James Robinson, CISO at Netskope:
โ€œEmployees are both cybersecurityโ€™s most important and weakest component.โ€
โ€ข Shadow AI expanding
โ€ข Employees using genAI without visibility
โ€ข Risk driven by usage, not intent

Read more:
https://www.technadu.com/how-a-teen-found-cars-in-a-farming-community-discovered-a-passion-for-networking-and-now-leads-security-where-employees-love-to-experiment-with-ai-tools/623624/

#CISODecoded #GenAI #ShadowAI #Cybersecurity #ThreatModeling

Boston Security MeetupMar 15

Last chance to RSVP for our March Meetup!

Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.

In this edition we have 1 long form talk.

Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.

RSVP at https://buff.ly/G72uBEA

#cybersecurity #infrastructuresecurity #security #threatmodeling

Anthony KraudeltMar 13

Hot take from a guy who spent two decades at investigating cyber crimes:

The term "hacker" tells you almost nothing useful.

What matters, what actually predicts behavior, tactics, and targets,
is WHY they're doing it.

The intelligence community has used M.I.C.E for 70 years to understand spies. That model is shifted to a new ear of online threats.

Money. Ideology. Curiosity . Ego.

I wrote a book applying it to cybersecurity. Not because it's theoretical.

Because in the field, understanding motivation is how you get ahead of attacks.

A money-motivated attacker runs a different kill chain than an ego-driven one.

Treat them the same and your defenses will always be one step behind.

Happy to talk through any of it here. The infosec community on Bluesky
has been one of the best conversations I've had about this stuff.

Book: 'How MICE Threaten Cyber Security' on Amazon.
https://a.co/d/0awR4gNr

#infosec #cybersecurity #threatmodeling

How MICE Threaten Cyber Security: The Mindsets Behind Threat-actors in Our Digital Age: Kraudelt, Anthony: 9798242742079: Amazon.com: Books

How MICE Threaten Cyber Security: The Mindsets Behind Threat-actors in Our Digital Age [Kraudelt, Anthony] on Amazon.com. *FREE* shipping on qualifying offers. How MICE Threaten Cyber Security: The Mindsets Behind Threat-actors in Our Digital Age

Boston Security MeetupMar 12

Grab a spot at the March Meetup!

Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.

In this edition we have 1 long form talk.

Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.

RSVP at https://buff.ly/G72uBEA

#cybersecurity #infrastructuresecurity #security #threatmodeling