{"id":144091624,"date":"2023-02-21T15:50:00","date_gmt":"2023-02-21T15:50:00","guid":{"rendered":"https:\/\/danconn.dev\/blog\/2023\/02\/21\/openuk-state-of-open-con-23-talk-modelling-threats-in-the-open-source\/"},"modified":"2024-07-28T11:34:02","modified_gmt":"2024-07-28T11:34:02","slug":"openuk-state-of-open-con-23-talk-modelling-threats-in-the-open-source","status":"publish","type":"post","link":"https:\/\/danconn.dev\/blog\/2023\/02\/21\/openuk-state-of-open-con-23-talk-modelling-threats-in-the-open-source\/","title":{"rendered":"OpenUK State of Open Con 23 Talk – Modelling Threats in The Open (Source)"},"content":{"rendered":"

I get to do my 2nd in person talk and a very nervous me realised it’s a much larger and more serious stage (gulp)!<\/h2>

Wow! If you\u2019d have said even 6 months ago that my next talk would be talking at OpenUK\u2019s State of Open Con alongside Camille Stewart Gloster (Deputy National Cyber Director, Technology & Ecosystem Security at The White House), Chi Onwurah (Labour MP for Newcastle upon Tyne Central & Shadow Minister Science, Research & Technology), Damani Corbin (Strategy & EcoSystem Growth at Boeing) and Jimmy Wales (yes THE JIMMY WALES FROM WIKIPEDIA!!), well I\u2019d have thought you were bonkers – yet here we are!<\/p>

I\u2019ll be honest, this talk was incredibly nerve wracking for me. Firstly, the venue. Very serious and very huge! I don\u2019t think my initial puns went down well and I realised that perhaps I should have been wearing something much smarter than a t-shirt. This was the stage and half of the room and it was incredibly daunting when the tables were filled!<\/p>

\"\"\/<\/figure>

Secondly, Andrew Martin and my friend, Sal Kimmich, were the hosts for the security track and I\u2019m great admirers of their work. In a separate body of work to the one I explain in my talk, Andrew\u2019s company, Control Plane, had also threat modelled Argo CD (in a much more comprehensive manner than I did) so I was rather nervous to see what he thought about it!<\/p>

Thirdly I say \u201cya know\u201d a lot! I joked later that I suffered a \u201cyaknow-mageddon\u201d!That being said I did thoroughly enjoy it and I really loved the conference as a whole! I have loved the idea of OpenUK and what they do, and seeing this conference in action was fantastic!<\/p>

Yaknowmaggedon Time!<\/h2>

The aim of the talk was to introduce threat modelling at a high level. OpenUK is full of people from various pillars of the open source world such as open software, open hardware and open data, and I aimed for this talk on a cybersecurity concept to be as inclusive to all as it could be. I do joke about the overuse of \u201cya know\u201d but to be honest, it went OK and people were very kind afterwards and interested in threat modelling and the collaborative process we had going with Michael Crenshaw, Zach Aller, and Sal Kimmich on teh Argo CD project. By the way if you do want to see any of the docs produced and a glimpse into what can be done with the awesome Threagile, then you can find my GitHub fork of Michael\u2019s repo here!<\/a>Also here is the talk if you just want to watch that. As usual, below are my thoughts around the talk and concepts to pull from it:<\/p>

\n