| Track: | Threat Model |
|---|---|
| When: | Thu PM-3 |
| Where: | Kings |
| Organizers | Steven Wierckx Steven Wierckx , Orid Ahmed Orid Ahmed |
| Participants | Adam Shostack Adam Shostack , Fraser Scott Fraser Scott , Luis Saiz Luis Saiz , Sara Davis Sara Davis , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris |
Why
Training is a crucial activity in AppSec. Security must abandon the silo in which it has lived the last decades to become one more indicator of the quality of a software product. And to do this we need to train people and make security something transversal. Gamification has become a very interesting alternative to train people. As children we learn by playing and we should not stop learning while we play when we become adults.
What
Open discussion: There are some traditional card games out there to learn Threat Modeling but… wouldn’t be great to play a collaborative Role-playing Game (RPG) about Threat Modeling? Users can play in teams to defeat another teams trying to find weaknesses in the countermeasures of the digital world each team has to build.
Outcomes
This Working Session will publish a document with the specifications of the game.
Register as participant
To register as participant add Threat Model training through Gamification to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions