MASTERCLASS

TMT: Threat Modelling Testing, from modelling to integration

Threat modelling often ends as diagrams and documents: risks are identified, but nothing continuously verifies that mitigations actually work. This hands-on masterclass will bridge that gap with TMT (Threat Modelling Testing), a practical workflow to convert STRIDE threats into concrete, repeatable security tests you can run throughout your SSDLC.

In this masterclass, the speaker will show how to turn threat modelling from a one-time exercise into a practical testing workflow that teams can sustain. The masterclass will cover how to identify meaningful threats with STRIDE and EoP, translate them into testable hypotheses, choose the right validation techniques for each stage of delivery, and capture evidence that supports remediation and regression prevention. Participants will see how these practices fit into real engineering constraints, from pull requests and CI pipelines to staging and production.

What you’ll learn

Session details

Sara Martínez

Sara has enjoyed testing and automation for more than 10 years, ensuring high quality products in industries such as Telecommunications, Geolocation, Big Data, and Power Electronics. In 2019, she shifted her focus to cybersecurity testing, applying her knowledge of quality assurance to testing security software products. Since then, Sara has continued to improve her skills and integrate cybersecurity into every aspect of her work and research.