I'm currently available as an independent consultant around application security, security design, security architecture, operational security, process change, and related fields. I'm interested in considering full-time positions too; my resume is here. I'm also available as a public speaker.
I have a Patreon, here, where you can subscribe to support my security and systems-focused writing. You sign up for a fixed amount per essay (with an optional monthly cap), and you'll be notified every time I publish something new. At higher support levels, you'll get early access, a chance to get in-depth answers to your questions, and even for more general consulting time.
© 2021 Eleanor Saitta.
I've been giving talks about threat modeling and security design for some time now, and I'm currently working on turning that material into full-blown training curricula. I do not normally teach operational security practices for field staff, but I do offer operational security strategy training, either as part of an operational security consulting review or as a stand-alone training. As I develop this and other training material, I'll add it to this page.
Threat modeling is the core of the software security lifecycle and is where you determine if the system you've designed and architected can deliver on its security requirements. Threat models also let you catch otherwise expensive requirements-level vulnerabilities much earlier. Security design is the process of determining what kind of system, which security properties, and which participation or behavior structures will allow the people using the system to accomplish their goals in the world, given their adversaries.
Together, threat modeling and security design determine much of the security impact that a new system will have. If your team is building systems, and particularly if they expect those systems to be used by high-risk or specifically-targeted users, it's critical that you understand these processes. In this training, you'll receive a broad overview of how threat modeling and security design fit into the software development lifecycle, and then we'll dive into subjects including designing for participation, security invariants and ceremonies, participatory design, and how to build a formal threat model.
This is a fast-paced course but it's suitable for a range of staff, including product managers, user experience and user interface designers, systems architects, and experienced developers. The exact content will be tailored to the class composition.
Many organizations realize they need to rework their operational security after an incident, or, if they're lucky, when they're expanding or moving their field operations into new regions. Figuring out where to start and how to move forward is often quite challenging. While I can also work with your team on an operational security review, up to and including developing detailed operating procedures, it's normally more useful for teams to do this work in-house. Operational security process change is a long-term, cultural process and it's critical that it moves in harmony with the existing work practices. Managing this process means that senior staff need to understand how to think about operational security, and that's where this class comes in.
In this class, organization staff will learn how to think about operational security. They will learn about how different domains of security can interact, and how tightly-integrated all kinds of staff safety are. The class will learn how to think about risk as an organization, and about the relationship between holistic staff care and on-the-groun outcomes. We'll cover both specific planning tools and operational procedure frameworks for turning operational security into an organizational practice. Finally, we'll talk about the process of process change itself, to give staff an understanding of how to implement their operational security strategy.
While much of what this course covers is the same regardless of the operating environment, it will also be customized on the basis of the specific scenarios of concern. It's strongly preferred to run this course for senior staff with decision-making power within the organization, but it can also be useful to split staff into multiple sections for process reasons.
I've been working in application security since 2003, and doing research around threat modeling and security architecture since 2004. In 2012, I moved to the NGO sector and started working with high-risk teams, looking at operational security, cross-domain challenges, and the specific demands of high-risk and decentralized systems, and in 2016 I brought that experience back to the commercial world. Over the past decade-and-change I've worked for a number of the best-known boutique security consultancies in the business and done projects for Fortune 500 companies, early phase start-ups, NGOs working in conflict regions, and everything in between. For more information on my background see here; for my resume, see here. References and rates are available upon request.