Martin Dubé President & co-founder, Corsek
Martin is president and co-founder of Corsek, a cybersecurity consulting firm specializing in offensive security services. With over ten years of hands-on experience, he has led security engagements across diverse industries and previously served as technical lead and manager at a large organization. Through Corsek, he works to deliver practical security results that combine technical expertise with strategic value.
Talk: Offensive Security and Threat Modeling, an unlikely collaboration
Talks will be streamed on YouTube and Twitch for free.
Offensive Security and Threat Modeling are two worlds that rarely intersect even in the most mature and security minded organizations. However, they both can be about the same subject, a given system, and the same overarching goal: to improve the security posture of that system.
This talk is the fruition of an unlikely team up of two specialists: one in offensive security, who engages organizations with external pentesting and one in application security, who performs threat modeling as part of the internal software development process.
Both could be working on activities of the same security program, but are they often put in the same room the way they will be put on stage here? Will they fight or end up shaking their heads in unison for consternation? What are the actual gains of having them work to bring together offensive security and threat modeling?
To answer that, we will introduce the foundations for both crafts with obligatory definitions, but also give opinionated takes on goals and value for effectiveness and productive engagements.
By the end of this talk, you’ll see how pentesting can evolve from opportunistic to strategic, and how threat modeling assumptions can be validated, confirmed and prioritized. All that aligned with business needs, and with some much needed collaboration between the two disciplines.