🛡️ Threat Modeling Starter Training – Back by Popular Demand!
𝗧𝗛𝗥𝗘𝗔𝗧 𝗠𝗢𝗗𝗘𝗟𝗟𝗜𝗡𝗚 𝗦𝗧𝗔𝗥𝗧𝗘𝗥 𝗧𝗥𝗔𝗜𝗡𝗜𝗡𝗚 (8h) with 𝗥𝗔𝗟𝗣𝗛 𝗔𝗡𝗗𝗔𝗟𝗜𝗦

Perfect for beginner/intermediate software/security engineers/pentesters: master STRIDE, DREAD, PASTA methodologies to build threat models from scratch. Cover basics, terminologies, real-life examples (network/app), processes, mitigations, and full models with risk ratings. Hands-on exercises + tools like OWASP Threat Dragon. Leave ready to threat model any function/method and minimize software risks from day one. Basic code/cybersecurity knowledge helpful.

Led by Ralph Andalis https://pretalx.com/bsidesluxembourg-2026/speaker/8BUAGA/ : Senior Pentester (Middle East), ex-Microsoft Senior Security Engineer (threat modeling, code review, pentesting), OWASP ASVS contributor, 10+ years experience (NCC Group, EY, HP Fortify). Trained BSides Vancouver/Orlando 2025, OWASP AppSec PNW speaker.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #ThreatModeling #Workshop #OWASP #ThreatDragon #STRIDE #DREAD #PASTE

Security is shifting from technical to behavioral.
James Robinson, CISO at Netskope:
“Employees are both cybersecurity’s most important and weakest component.”
• Shadow AI expanding
• Employees using genAI without visibility
• Risk driven by usage, not intent

Read more:
https://www.technadu.com/how-a-teen-found-cars-in-a-farming-community-discovered-a-passion-for-networking-and-now-leads-security-where-employees-love-to-experiment-with-ai-tools/623624/

#CISODecoded #GenAI #ShadowAI #Cybersecurity #ThreatModeling

Last chance to RSVP for our March Meetup!

Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.

In this edition we have 1 long form talk.

Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.

RSVP at https://buff.ly/G72uBEA

#cybersecurity #infrastructuresecurity #security #threatmodeling

Hot take from a guy who spent two decades at investigating cyber crimes:

The term "hacker" tells you almost nothing useful.

What matters, what actually predicts behavior, tactics, and targets,
is WHY they're doing it.

The intelligence community has used M.I.C.E for 70 years to understand spies. That model is shifted to a new ear of online threats.

Money. Ideology. Curiosity . Ego.

I wrote a book applying it to cybersecurity. Not because it's theoretical.

Because in the field, understanding motivation is how you get ahead of attacks.

A money-motivated attacker runs a different kill chain than an ego-driven one.

Treat them the same and your defenses will always be one step behind.

Happy to talk through any of it here. The infosec community on Bluesky
has been one of the best conversations I've had about this stuff.

Book: 'How MICE Threaten Cyber Security' on Amazon.
https://a.co/d/0awR4gNr

#infosec #cybersecurity #threatmodeling

Grab a spot at the March Meetup!

Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.

In this edition we have 1 long form talk.

Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.

RSVP at https://buff.ly/G72uBEA

#cybersecurity #infrastructuresecurity #security #threatmodeling

RSVP for our March Meetup!

Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.

In this edition we have 1 long form talk.

Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.

RSVP at https://buff.ly/G72uBEA

#cybersecurity #infrastructuresecurity #security #threatmodeling

In this month's meetup we have switched things a bit. We will have 1 long form talk with plenty of chances to discuss.

Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.

Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.

RSVP fast as we are already filling up at https://buff.ly/G72uBEA

#cyberthreat #infrastructuresecurity #security #threatmodeling

A poll on a debate I am having at work with a colleague.

In my case, the code we are considering is infrastructure-as-code; so terraform, cloudformation, CDK, etc. So I'm not as focused on app code like React, NodeJS, Python, etc. Infrastructure code. I'll put my opinions in a reply to this post so that I don't bias answers.

Asserted: You can do a threat model in the IDE using only the code and artifacts present in the repo.

#threatmodel #threatmodeling #appsec #iac

RE: https://hachyderm.io/@evacide/116178700239265110

hot take: @protonprivacy didn’t fail you. YOUR OPSEC failed you.

encryption ≠ anonymity. these are not the same thing and never have been.

Proton did exactly what they said they’d do - encrypted your emails and complied with lawful Swiss legal orders. that’s the whole deal. that’s what you signed up for.

the credit card you used to pay for your “anonymous” account was never part of the encryption. that was always traceable. that was always a liability.

and here’s the kicker - Proton literally accepts Monero and cash. they gave you the tools. you chose the Visa.

#infosec #opsec #privacy #ProtonMail #threatmodeling #monero​​​​​​​​​​​​​​​​

Operational resilience stress test: physical strikes on AWS facilities.

Two UAE data centers directly struck, one Bahrain facility damaged. Structural and power impacts confirmed, fire suppression triggered secondary water damage.

Architectural implications:
• Regional redundancy can absorb single-facility failure
• Multi-zone impact increases capacity strain
• Physical concentration risk remains under-modeled
• Geopolitical targeting of critical infrastructure is evolving
AWS regions are segmented into availability zones, physically separated yet within limited geographic proximity.

Risk reality:
Cloud is distributed — not dematerialized.
Security and resilience teams should evaluate:
- Cross-region active-active configurations
- Conflict-zone dependency exposure
- Infrastructure concentration mapping
- Real-time migration readiness
Is physical conflict integrated into your threat model?

Source: https://www.securityweek.com/iranian-strikes-on-amazon-data-centers-highlight-industrys-vulnerability-to-physical-disasters/

Engage below.
Follow TechNadu for infosec, infrastructure resilience, and geopolitical tech risk intelligence.
Repost to inform your network.

#Infosec #CloudSecurity #AWS #CriticalInfrastructure #GeopoliticalRisk #DisasterRecovery #BusinessContinuity #CyberResilience #CloudRisk #DigitalInfrastructure #ThreatModeling