RunAsRadio
RunAsRadio

Threat Modeling in the Cloud with Romina Druta & Daniela Cruzes

Show #946 Wednesday, August 21, 2024
Download Podcast

About Show #946

What are the threats your cloud application and infrastructure are facing? While at NDC Oslo, Richard chatted with Daniela Cruzes and Romina Druta about their work building threat models for cloud-based applications. Daniela discusses how modeling helps to understand security concerns before applications are deployed and attacked - often, security retrofits are time-consuming and expensive, so thinking them through beforehand has enormous benefits. Romina dives into the supply chain side of threats - open-source libraries with backdoors, even down to development tools with malware. There are a lot of threats - but when you look, there are often great solutions as well. You'll need to collaborate with development to secure things, but security isn't optional and is worth fighting for.

Links

Recorded June 12, 2024

 
Dr. Daniela S. Cruzes is a Professor at the Norwegian University of Science and Technology (NTNU) and a Security Officer in VISMA. Previously, she worked as a senior research scientist at SINTEF in Norway. She has also been a researcher fellow at the University of Maryland and Fraunhofer Center for Experimental Software Engineering-Maryland. Dr. Daniela Cruzes received her Dr.ing in experimental software engineering from the University of Campinas - UNICAMP in Brazil in 2007. Her research interests are empirical software engineering, research methods and theory development, synthesis of SE studies, software security, software testing and agile and DevOps.
Romina Druta is a Cloud Security Architect and Security Researcher in VISMA, where she is focusing on security for cloud platforms. She has acquired a broad range of technical knowledge in systems administration and operations during her different working experiences as a system engineer. Her research interests include cloud computing, design and architecture of secure and reliable systems, DevOps practices and processes but also research methods and procedures.
 

Show Comments

blog comments powered by Disqus