Georges Bolssens , Toreon
Georges Bolssens embarked on his coding journey in the early 1990s and delved into the realm of application security in 2017. With an inherent passion for teaching, Georges is not only a seasoned developer but also an adept communicator. His unique talent lies in simplifying intricate subjects through relatable analogies, making him an engaging and effective speaker.
Having undertaken numerous consulting assignments among which he can list vulnerability scanning and penetration testing as a "lone wolf", taking on the role of Security Champion in a Medical Device development team and acting as internal Application Security Coordinator at a Big4-consultancy firm. Throughout his career and in all these assignments, Georges has assumed the role of cybersecurity educator for a diverse spectrum of professionals. His guidance has illuminated the path for individuals ranging from legal experts to ethical hackers and all those in between.
In his capacity as an Application- and Product Security Consultant at Toreon, Georges has been instrumental in assisting numerous clients in constructing comprehensive threat models for their digital assets. His expertise and commitment led threat-modeling authorities Sebastien Deleersnyder and Steven Wierckx to appointment as a co-instructor for Toreon's distinguished "Advanced Whiteboard Hacking – a.k.a. Hands-on Threat Modeling" course. Notably, he taught this course at the esteemed "BlackHat USA", "OWASP BeNeLux" and "Troopers" conferences to a wide variety of international cybersecurity professionals.
Training: Advanced Whiteboard Hacking – aka Hands-on Threat Modeling
This updated Black Hat edition training offers hands-on threat modeling exercises based on real-world projects, to equip participants with skills as Threat Modeling Practitioners. The course integrates exercises using MITRE ATT&CK, Agile and DevOps practices, and includes a challenge on threat modeling a Machine Learning-Powered Chatbot. Participants will engage in CTF-style challenges, battling for control over an offshore wind turbine park, in a threat modeling war game.
For beginner to intermediate learners, the training includes a two-hour introductory self-paced module. Exercises focus on practical use cases with detailed environments, questions, and templates. Students, in teams of 3-4, will do challenges: - Diagramming techniques for a travel booking service - Threat modeling cloud-based update services for IoT kiosks - Developing attack trees against a nuclear research facility - Using MITRE ATT&CK for SOC Risk-Based Alerting systems - Mitigating threats in payment services with microservices and S3 buckets - Applying the OWASP Threat Modeling Playbook in agile development - Securing CI/CD pipelines
Each exercise concludes with group discussions and documented solutions. Participants receive the Threat Modeling Playbook, a year of online learning platform access, and will get feedback and guidance on an after-training assignment.