BSides Vancouver 2026

Threat modelling is considered to be a critical component of Secure Software Development Lifecycle, yet many engineering organizations struggle to do it effectively and extract the full value. There’s a ton of information available on threat modelling, though most of it seems to be too theoretical, resulting in threat models that are generic and not actionable.

This hands-on workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a threat model.

Key Learning Objectives
* How to "right-size" threat models for agile engineering organizations.
* Practical tips on building better threat models.
* Using agentic AI for design artifacts and source code analysis to boost speed and depth of your threat models.
* Making threat models actionable - what happens after the threat model is created is more important than the threat model on its own.

Target audience and pre-requisites
This workshop is great for security engineers, software engineers, DevOps engineers, technical product managers. No prior threat modeling experience is required. Bring a laptop.