Snakeoil AcademySpeak at PyCon AU 2021

Threat Modeling the Death Star

Mario Areias


A software developer turned DevSecOps. His passions are open source, security and privacy. He spent the last few years doing security in a few fintech start ups. Now as a DevSecOps Engineer at Lendi he focus on being secure while being Agile.

Threat Modeling the Death Star

It is a known fact the Empire needs to up their security game. The Rebellion hack their ships, steal their plans and even create backdoors!

In this talk we will help the Empire by threat modelling the Death Star. Traditionally, Threat Models have been a slow and boring process that ends up with a giant document detailed any possible security problem. This approach, although useful in the past, is not necessarily good in an ever changing environment (or when you have Jedis as enemies!).

I will introduce Attack Trees and how they can fit quite well in a DevOps world. Also, I will challenge some of the assumptions about threat models. Hopefully, I will convince the audience that Threat Models can be fun, useful, inclusive and make people think in a very different way.

Come and Join the Dark side! We might save the Empire after all!

Conference schedule listing