Name: Threat Modeling: Lessons from Star Wars - Adam Shostack
Start: 2015-10-13T20:40:00Z
End: 2015-10-13T20:40:42.000Z
Location: BrightTALK
Rating: 4.5

Looking for expertise and information to advance your career and tackle your challenges? Subscribe and join us for the educational webinars in APAC time zone. Earn CPEs quickly and at no cost by attending webinars: 1 hour of webinar equals 1 CPE. We welcome members and non members alike.

近年、国内でも大手企業へのサイバー攻撃が相次ぎ、検知を回避した侵害が長期間発覚せず、被害を拡大させてしまうケースが報告されています。サイバー犯罪の被害額やセキュリティ対策のコストは年々増加しており、この悪循環を断ち切るには、従来型の防御だけでは不十分です。多くの企業はいまだに「いかに脅威の侵入を防ぐか」という戦略のみに頼りがちですが、それだけでは進化し続ける脅威に対応しきれません。本セッションでは、サイバーレジリエンスを強化し、事業継続性の向上を実現する環境を構築する新しいアプローチをご紹介します。

脅威の進化にどう立ち向かうか？新時代のセキュリティ戦略

The cost of cybercrime and the price of cyber-security increases every year. To break this cycle we need to think differently. Henry Ford said about the development of the motor car “If I asked people what they wanted, they would have said faster horses”. Too many security strategies are built around a better version of what we did last year. We need to shift this approach. In this session we will look at alternative approaches including the use of security graphs to build a more resilient environment.

In this webinar, you will learn:
- Shift from reactive security postures and into a breach-adaptive mindset
- Breach containment is key to cyber resilience

Navigating the Changing Threat Landscape

サプライチェーンは経営リスクの１つであり、多様な課題を抱えています。その中でもメールのサプライチェーンリスクは重要なテーマです。メールは取引先とのやり取りで最も多く利用される一方で、攻撃者にとっても代表的な侵入口であり、取引先の信頼関係を逆手に取った形で日本国内でも脅威が拡大しています。本講演では、こうした現状を踏まえ、メールを起点とするサプライチェーン攻撃の特徴と、日本企業が取るべき防御の取り組み方、そしてサプライチェーン全体を強化するための実践的アプローチをご紹介します。

見落とされがちなサプライチェーン - 信頼している取引先から届くメール、本当に安全だと言えますか？

The cybersecurity landscape is evolving rapidly. As cyberthreats grow in complexity, organizations must stay ahead of the curve by anticipating what’s next. So, what’s in store for our industry in the coming year?

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he recaps the good, the bad, and the ugly cybersecurity events of 2025 and shares his top five cybersecurity predictions for 2026. This webinar provides a forward-looking perspective, equipping attendees with the insights and strategies needed to stay ahead of emerging threats and capitalize on new opportunities.

The Road Ahead: Top Five Cybersecurity Predictions for 2026

New to the security industry? Or thinking about transitioning into an information security role? If so, this webinar is for you. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he provides a one-hour ‘crash course’ on the entire security industry, including:

- Size and growth of the security industry
- Useful vocabulary terms and buzz words
- Five types of cyberthreat actors 
- Modern cyberthreats and tactics
- Categories of security defenses
- Common security job roles
- Security industry ecosystem

Security Industry 101: What Every Newcomer Needs to Know

Join this live online session as our panel of experts deep dive into SSCP and answer your questions. We’ll go over certification requirements, the domains, self-study resources, training options and more to help you build confidence so you’re ready on exam day.

What You'll Learn: 

- Certification Requirements: Understand what it takes to become a SSCP.
- Domains of Knowledge: Get familiar with the key areas covered and the exam format.
- Study Resources: Discover effective tools and strategies to enhance your preparation.
- Expert Q&A: Have your burning questions answered by industry professionals and an authorized instructor.

Save your spot now.

Presenters:
- Revanth Davuluri, SSCP, CC, OT/ICS Cybersecurity Engineer
- Utkarsh Utsava, CCSP, SSCP, Cyber Security Design Senior Specialist
- Ajit Pal Singh Wadhwan, CISSP, CCSP, SSCP Authorized Instructor

SSCP EXAM READY: Ask the Experts Before You Sit

The rise of artificial intelligence in cybersecurity is both a blessing and a curse. AI is redefining the cybersecurity battlefield, offering unprecedented advantages for security teams and threat actors.

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores AI’s transformative impact on the IT security industry. On the defense side, AI is revolutionizing threat detection, automating incident response, and predicting vulnerabilities before they’re exploited. However, threat actors are also leveraging AI to enhance phishing attacks, create evasive malware, and orchestrate sophisticated social engineering campaigns. 

This webinar provides a balanced view of AI’s dual role in cybersecurity, showcasing both the opportunities and challenges it presents. Gain insights into how IT security teams can adopt AI to stay ahead, while understanding how adversaries may use it to their advantage. With expert commentary and real-world examples, this session equips attendees with the knowledge to navigate AI’s impact on the evolving threat landscape.

From Shield to Spear: How AI is Reshaping Cyber Defense and Offense

Join this live online session as our panel of experts deep dive into CCSP and answer your questions. We’ll go over certification requirements, the domains, self-study resources, training options and more to help you build confidence so you’re ready on exam day.

What You'll Learn: 

- Certification Requirements: Understand what it takes to become a CCSP.
- Domains of Knowledge: Get familiar with the key areas covered and the exam format.
- Study Resources: Discover effective tools and strategies to enhance your preparation.
- Expert Q&A: Have your burning questions answered by industry professionals and an authorized instructor.

Save your spot now.

Presenters:
- Ajit Pal Singh Wadhwan, CISSP, CCSP, SSCP, ISC2 Authorized Instructor
- Affan Shaikh, CISSP, CCSP, Deputy Vice President, IT Security
- Kamlesh Singh, CISSP, CCSP, Cyber and Cloud Security Leader

CCSP EXAM READY: Ask the Experts Before You Sit

The threat landscape continues to evolve at breakneck speed. In 2024 alone, Akamai observed over 311 billion web application and API attacks—a 33% year-over-year jump. Ransomware rose 37% globally, with quadruple extortion emerging as the latest tactic of choice. AI-driven threats, vulnerable APIs, and Ransomware-as-a-Service (RaaS) are on the rise, resulting in the attack landscape evolving at a very rapid pace - one where threat actors are now faster, stealthier, and more coordinated than ever. With APIs fast becoming a preferred attack vector and ransomware becoming the new normal, organizations need to start adapting their security posture to counter these modern threats that are getting increasingly sophisticated by the day. 

Join this session to learn about: 
- How AI and GenAI are being used in modern ransomware attacks
- Hacktivism + RaaS: New trend of hybrid groups mixing political ideology with ransomware 
- Why protecting APIs should be front and center of your security strategy 
- Recommended mitigations to protect against these threats based on continuous visibility, enhanced resilience and AI-powered defenses.

How Ransomware, APIs, and AI are Rewriting the Rules of Cyber Defense

Join this live online session as our panel of experts deep dive into CISSP and answer your questions. We’ll go over certification requirements, the domains, self-study resources, training options and more to help you build confidence so you’re ready on exam day.

What You'll Learn: 

- Certification Requirements: Understand what it takes to become a CISSP.
- Domains of Knowledge: Get familiar with the key areas covered and the exam format.
- Study Resources: Discover effective tools and strategies to enhance your preparation
- Expert Q&A: Have your burning questions answered by industry professionals and an authorized instructor.

Save your spot now.

Presenters:
- Richa Garg, CISSP, CCSP, SSCP, Principal Architect
- Shafaat Khan, CISSP, CC, Cyber Security Analyst
- Luqman Haniff Bin Omar, CISSP, CCSP, CGRC, ISC2 Authorized Instructor

CISSP EXAM READY: Ask the Experts Before You Sit

Today’s cyberthreat landscape is marked by sophisticated attacks, including ransomware, deepfakes, and advanced persistent threats. The rise of AI-powered malware, supply chain vulnerabilities, and insider risks compounds challenges. 

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores the cutting-edge advancements driving the evolution of IT security, such as continuous threat exposure management (CTEM), identity threat detection and response (ITDR), passwordless authentication, and more. This session offers practical advice on implementing these innovations to protect your organization against complex and emerging risks. Whether you’re planning for growth or looking to bolster your current defenses, this webinar delivers the insights you need.

The Future is Here: Top IT Security Technologies Shaping 2025

Join this online session as our panel of experts deep dive into Certified in Cybersecurity (CC) and answer your questions. We’ll go over certification requirements, the domains, self-study resources, training options and more to help you build confidence so you’re ready on exam day.

What You'll Learn: 

- Certification Requirements: Understand what it takes to become a certified CC professional.
- Domains of Knowledge: Get familiar with the key areas covered and the exam format.
- Study Resources: Discover effective tools and strategies to enhance your preparation
- Expert Q&A: Have your burning questions answered by industry professionals and an authorized instructor.

Presenters:
• Ajit Pal Singh Wadhwan, CISSP, CCSP, Authorized Instructor
• Hritik Bhandari, CC, Software Engineer
• Beenu P B, CISSP, CC, Information Security Platform Engineer

CC EXAM READY: Ask the Experts Before You Sit

Ransomware attacks have reached unprecedented levels of sophistication, targeting organizations across all industries and sectors. As these threats evolve, so too must the strategies to combat them.

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he provides a deep dive into strategies that can help organizations effectively navigate the ransomware threat lifecycle. From advanced prevention techniques and risk mitigation to streamlined recovery processes, this session covers every critical aspect of ransomware readiness. Don’t let ransomware catch you off guard—join us to build your defenses, improve your response capabilities, and recover faster when faced with a ransomware event.

Surviving Ransomware: Strategies to Defend, Respond, and Recover

As cloud adoption surges, so does the speed and sophistication of attacks. Traditional static detection and response can’t keep up in today’s fast-moving, multi-cloud environments.  

Join Palo Alto Networks and ISC2 for this on-demand webinar to explore actionable best practices for modern cloud detection, investigation, and response (CDR). We’ll cover how security teams are leveraging CDR to keep up with the speed and diversity of cloud-native attacks.  

In this session, you'll learn:  
<ul><li>Lessons from real-world multi-cloud incidents  </li>
<li> Why cloud security must start with prevention, not just detection  </li>
<li> How to cut through the noise and focus on what really matters  </li>
<li> Key capabilities to demand in a CDR solution — and red flags to avoid </li>
<li> How to ready your SecOps team for cloud-native response </li></ul>

Best Practices for Cloud Detection and Response: Real-World Lessons from Multi-Cloud Attacks

Deepfakes are no longer a distant concern—they’re an active threat to businesses, governments, and individuals. As deepfake technology grows more sophisticated, security teams face mounting challenges in combating its misuse. 

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he discusses the evolution of deepfakes, methods for their detection, and strategies for mitigating risks. From leveraging AI to enhance defenses to improving security awareness amongst your workforce, attendees will gain actionable guidance to stay ahead of this growing challenge.

The Rise of Deepfakes: How Smart Security Teams Stay Ahead

より多くの企業がクラウドに移行する中、クラウドセキュリティのプロフェッショナルの需要が高まっています。世界的に認められているCCSPを取得することで、クラウドにおけるデータ、アプリケーション、インフラを設計・管理・保護するための高度な知識とスキルを有していることをアピールできます。

本セミナーでは、ISC2について、またCCSP資格の概要、試験、認定維持についてご紹介後、ISC2公式 CCSP CBK トレーニングで実際に講師を務めるISC2認定講師 諸角氏が、CCSP CBKの一部を解説します。 
 
第一部：「ISC2とCCSP資格のご紹介」 (小熊 慶一郎氏) 
資格のご紹介、取得までの道のり、資格の維持についてお話するとともに参加者からの質問にお答えします。
 
第二部：CCSP CBK 第6章　モジュール3「プライバシーの問題の理解」解説（諸角 昌宏氏）

今回は、CCSP CBK 第6章「クラウドガバナンス:  法務、リスク、コンプライアンス」から、クラウド上でのプライバシーデータの取り扱いをピックアップして解説します。プライバシーの問題、個人データをクラウド上で取り扱うには、国ごとに定められている法律を理解することが必要です。それぞれの国・地域の法律の特徴、プライバシー要件等を理解し、クラウド上で取り扱う場合の注意点などを、CCSP CBKに従って解説します。

ISC2 Online Information Session 2025: クラウドセキュリティ資格「CCSP」紹介セミナー

Join us for a deep dive into Systems Security Certified Practitioner (SSCP), the security operations and network security credential from ISC2, creator of the CISSP.  

As organizations continue to pursue digital transformation initiatives, the threat landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s where SSCP from ISC2 comes in — to help fill the gap.

The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets. It shows you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures. 
 
In this 60-minute live virtual session, you’ll learn: 
- If SSCP is right for you 
- About the exam prep options and tips
- What to expect on exam day
- How to become endorsed and maintain your certification 

Plus! Get answers to your SSCP questions during the Q&A section. 

Register now and begin your SSCP certification journey today!

Systems Security Certified Practitioner (SSCP) Information Session

ISC2 が提供するグローバルスタンダードなサイバーセキュリティ資格 CISSP（Certified Information Systems Security Professional） について、詳しくご紹介するオンラインセッションを開催します。

CISSP は、サイバーセキュリティ分野におけるリーダーシップと専門性を証明する資格として、世界中で高く評価されており、取得はキャリアの大きな投資となります。組織全体のセキュリティ戦略を設計・構築・運用できる高度な知識とスキルを証明するこの資格は、ベンダー資格をすでに取得している方にとっても、より広範で実践的なスキルを補完・強化するものです。

第一部：「ISC2とCISSP資格のご紹介」 (小熊 慶一郎氏)
資格のご紹介、取得までの道のり、資格の維持についてお話するとともに参加者からの質問にお答えします。

第二部：「情報セキュリティを学ぶ前に知っておきたいこと」（河野 省二 氏）

さらに、Q&Aセッションでは、参加者の皆さまからのご質問にもリアルタイムでお答えします。
今すぐご登録いただき、CISSP 認定への第一歩を踏み出しましょう！

Online Information Session 2025: サイバーセキュリティ資格「CISSP」紹介セミナー

It’s probably not too often that you’ll get this perspective. Star Wars was really all about information disclosure threats! You’ll want to find out more as noted presenter and author Adam Shostack, references one of George Lucas’ epic sagas to deliver lessons on threat modeling. Not only was the Death Star badly threat modeled, the politics between Darth Vader and Gran Moff Tarkin distracted incidence response after the plans were stolen. This session will provide you with proven foundations for effective threat modeling as you develop and deploy systems. Adam will help you understand what works for threat modeling and how various approaches conflict or align. The force is strong with this session.

Threat Modeling: Lessons from Star Wars - Adam Shostack

(ISC)2;

Threats;

Threat

Modeling;

Infosecurity

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Threat Modeling: Lessons from Star Wars - Adam Shostack

Presented by

About this talk

ISC2 APAC Secure Webinars