Explore cloud threat modeling techniques in this 40-minute RSA Conference talk by Randall Brooks and Jon-Michael Brook. Learn how to combat misconceptions about protecting everything from everyone by focusing on determining what to protect, who to protect it from, and how to protect it. Discover the importance of identifying attack surfaces to eliminate common architectural flaws. Delve into various aspects of threat modeling, including system/software-centric and attack-centric approaches, the five major steps, and the STRIDE threat categories. Examine real-world examples, such as the Home Alone attack tree and the Trojan threat model. Gain insights into cloud-specific threat modeling using the Cloud Security Alliance's Top Threats Working Group and Cloud Controls Matrix. Analyze a case study scenario involving Dow Jones 2019, and learn about asset provenance, pedigree, and threat modeling consistency. By the end of this talk, acquire practical knowledge on applying cloud threat modeling techniques to enhance security in architecture design and application development. Read more