ATLSECCON 2025

Threat modeling is an essential part of the system development lifecycle and should be continuously updated whenever a system undergoes changes. Traditionally, security architects create an initial threat model and review it periodically, but this approach can leave critical risks undetected between review cycles. Agile threat modeling integrates developers into the process, allowing security concerns to be addressed as soon as changes are committed. This presentation explores threat modeling in the context of machine learning (ML) pipelines, demonstrating how application-specific risks can be combined with ML model risk cards. Key topics include the importance of threat modeling in ML development, different methodologies such as STRIDE, LINDDUN, and MITRE ATLAS, and how they work together. A hands-on example will showcase "Threat Modeling as Code" using ThreAgile, an open-source tool applied to a personal assistant GenAI project. The session will conclude with best practices and an overview of the limitations of various threat modeling approaches.

Vehicles have come a long way and are no longer just mechanical moving parts. Modern vehicles function using more technology than ever, leaving them potentially vulnerable. This presentaion will cover the possible attack vectors affecting current generations of vehicles, looking at examples pulled from recent real world incidents. It will also explore some new potential vectors and threats that we may see presented in future generations of vehicles. Additionally, we will look at the way these systems can be tested and secured as well as the potential risks assosicated with these attack vectors. We will also take a look at what the industry is currently doing related to automotive security through the use of security standards. The goal of this presentation is to highlight the potential risks of modern vehicles and what can be done to secure them.

As cybersecurity threats continue to escalate in complexity and frequency, organizations increasingly rely on automation to enhance their defenses. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as powerful tools for streamlining operations and reducing the burden of repetitive tasks on security teams. However, implementing SOAR is not without its challenges. This presentation will explore the common challenges organizations encounter when deploying SOAR and provide actionable strategies to overcome them. By examining real-world scenarios and best practices, attendees will gain insights into managing expectations, developing effective playbooks, addressing training and adoption barriers, and ensuring seamless integration with existing tools such as Security Information and Event Management (SIEM) systems. The session will cover practical approaches to conducting readiness assessments, planning phased rollouts, and measuring success to ensure that SOAR implementations deliver tangible results. Additionally, lessons learned from successful deployments will be shared to help participants avoid common pitfalls and realize the full potential of SOAR in their security operations.