2025-08-09 –, TR313
Among security professionals, threat modeling is considered one of the de-facto standard methods to identify and assess potential security issues of technical systems. By defining and documenting a project's security context (e.g., what problems does it claim to solve, how is it supposed to be used, how is it expected to be operated), defining security objectives and taking a look at how these objectives could be violated by a potential attacker, projects can identify the most relevant security safeguards and spend their valuable time on security measures and practices that actually matter.
This session will give an introduction to the basic vocabulary of threat modeling (what are threats, vulnerabilities, risks and counter measures), show how free software projects can get started on defining their project's threat model, what free online resources are available to learn more about threat modeling, and what free and open source tools can be used to document and communicate a threat model to both users and contributors of the project.
初學者
Simon has worked both professionally and as a volunteer in various areas of free and open-source software, as well as security. After completing his Bachelor's degree in security, he began his professional career as what would now be called a "SecDevOps" engineer, developing infrastructure automation code and deploying and operating automated patch and vulnerability management systems. Following that, he transitioned into a product manager role in the Austrian public health insurance sector, where he was involved in setting up and running the FOSS strategy board, clearance processes, and community engagement programs.
In the last couple of years, Simon has worked as a security consultant and subsequently started his own business to focus on the intersection of software user rights, security, and IT strategy. His aim is to help both for-profit and non-profit organizations succeed in creating sustainable and resilient organizational and technical systems that support their organizational goals, empower their users, and are secure.
For leisure, Simon is an avid board gamer and tabletop RPG game master.