Adversary-Based Threat Modeling and Risk Analysis

Presenter: Julian Cohen

The security industry has been talking about powerful concepts like adversary intelligence and attacker cost for a long time now, but most organizations are not using these concepts in their security programs, causing teams to make poor defensive decisions and waste resources on efforts that do not stop real adversaries.

Adversary-Based Threat Modeling and Risk Analysis uses these concepts to prioritize more accurately and execute more efficiently than traditional security programs.  These new risk profiles, attacker playbooks, and attacker cost models inform more effective controls, strategies, and policies than traditional security risk frameworks.

In this talk, we build a security program around reliable adversary intelligence.  We build risk profiles, attacker playbooks, and attacker cost models using adversary-based risk analysis.  We then use these datasets to inform better controls, strategies, and policies in our security program.

We focus on picking the controls that are most effective at reducing the risk of successful execution of the playbooks that our adversaries use every day.  This is only possible with a security program built around reliable adversary intelligence.

We take a deep dive into the practicalities of implementing these concepts within your organization, including what metrics matter to show to management, how this impacts hiring, and how this modifies core workflows within the security team.