Sebastien Deleersnyder ,
Sebastien Deleersnyder, also known as Seba, is a highly accomplished individual in the field of cybersecurity. He is the CTO and co-founder of Toreon, as well as the COO and lead threat modeling trainer of Data Protection Institute. Seba holds a Master's degree in Software Engineering from the University of Ghent, and has extensive experience in the development and training of secure software. He is the founder of the Belgian chapter of OWASP and a former member of the OWASP Foundation Board. In 2022, Seba was honored as the Cyber Security Personality of the Year by the Cyber Security Coalition in Belgium, where he currently serves as the chair of the new AppSec focus group. Through his leadership on OWASP projects such as OWASP SAMM, Seba has made a significant impact in improving global security. He is currently focused on adapting application security models to the evolving landscape of DevOps and raising awareness of the importance of threat modeling among a wider audience.
Training: Advanced Whiteboard Hacking – aka Hands-on Threat Modeling
This updated Black Hat edition training offers hands-on threat modeling exercises based on real-world projects, to equip participants with skills as Threat Modeling Practitioners. The course integrates exercises using MITRE ATT&CK, Agile and DevOps practices, and includes a challenge on threat modeling a Machine Learning-Powered Chatbot. Participants will engage in CTF-style challenges, battling for control over an offshore wind turbine park, in a threat modeling war game.
For beginner to intermediate learners, the training includes a two-hour introductory self-paced module. Exercises focus on practical use cases with detailed environments, questions, and templates. Students, in teams of 3-4, will do challenges: - Diagramming techniques for a travel booking service - Threat modeling cloud-based update services for IoT kiosks - Developing attack trees against a nuclear research facility - Using MITRE ATT&CK for SOC Risk-Based Alerting systems - Mitigating threats in payment services with microservices and S3 buckets - Applying the OWASP Threat Modeling Playbook in agile development - Securing CI/CD pipelines
Each exercise concludes with group discussions and documented solutions. Participants receive the Threat Modeling Playbook, a year of online learning platform access, and will get feedback and guidance on an after-training assignment.