On 26th November 2022 Guest lecture Committee of SCIT invited Mr. Ashish Kulkarni, an APAC leader in a large MNC. He is PGCP graduate from IIM Nagpur. Leading a team of more than 250 in the security and privacy area, Mr. Kulkarni is also a seasoned speaker of the ISACA cyber security forum. Mr. Kulkarni wanted the session to be more of a dialogue rather than a monologue. The lecture started with an overview of threat modeling. Sharing his industrial experience, he emphasized Application security and the necessity of threat modeling, after which he talked about various types of threat modeling. Mr. Kulkarni told students about the threat modeling in SDLC and how the approach toward application security has evolved over time. He talked in detail about two main methodologies of threat modeling, STRIDE, which is a threat identification methodology, and DREAD, which is a threat prioritizing methodology. The session went to a conclusion with a discussion on challenges in threat modeling like stakeholders’ availability and time, Legacy app. system, and skilled resources. Mr. Kulkarni, before ending his session, gave students an idea of next-generation threat modeling and automated threat modeling, which are considered modern approaches. The overall session was very knowledgeable and full of relevant information. Guest lecture Committee SPOC Gaurav Bhosle felicitated the guest with a token of appreciation.

Gandharva Singh

26/11/2022