Ashley Ward, CTO at ControlPlane, shares his extensive expertise in cybersecurity and agile leadership. He emphasizes the importance of collaborative threat modeling in cloud-native environments, tackling the unique challenges posed by microservices and rapid release cycles. Ward discusses the integration of AI in security practices, warning of the increased risks as technology becomes more accessible to hackers. He advocates for continuous improvement in security by revisiting and adapting threat models to keep pace with evolving digital landscapes.
46:32
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
volunteer_activism ADVICE
Start with What You Know
Start threat modeling with what you know within your area of expertise.
Then, collaborate with adjacent teams to gain broader perspectives and identify shared mitigations.
volunteer_activism ADVICE
Use Frameworks, Iterate
Use established frameworks like the CIA triad to guide threat modeling, even for beginners.
Don't aim for perfection; iterate and improve your models over time.
volunteer_activism ADVICE
Visualize with Attack Trees
Visualize threats using attack trees to identify high-impact paths.
Prioritize addressing risks along those critical paths.
Get the Snipd Podcast app to discover more snips from this episode
In this month's episode, Steve and Glenn chatted with Ashley Ward to discuss topics around threat modelling.
Ashley is a highly experienced CTO at ControlPlan with expertise in cloud-native architectures and cybersecurity, known for leading transformative initiatives across startups and large enterprises, including as Group CTO for a €4.5 billion company. He excels in scaling organisations through agile, FinOps, and DevSecOps, while inspiring teams and engaging with stakeholders at all levels. As a Justice of the Peace since 2017, Ashley brings additional strengths in decision-making, public speaking, and community-focused leadership.
In this episode of DSO Overflow, Ashley Ward, CTO at Control Plane, discusses threat modelling in cloud-native environments, security challenges, and the impact of emerging technologies like AI. Ward explains that threat modeling should start with existing knowledge and highlights the benefits of collaborative, iterative approaches. He emphasises involving various teams in the process to account for application, platform, and infrastructure layers. Ward also discusses practical frameworks, such as the CIA triad and STRIDE, and points out the specific challenges in cloud-native threat modelling, like microservices and fast-paced release cycles. Regarding AI, he cautions about the heightened risks, as AI democratises hacking capabilities. Ward advocates for using AI thoughtfully in threat modelling and encourages companies to adopt proactive security strategies. He concludes by encouraging organisations to embrace threat modelling as an evolving, essential practice.
DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.
DSO Overflow