Last year I spoke at the West Coast Security Forum and awarded the Best Presenter Award. I was happy to be invited back and speak at this West Coast Security Forum, on Threat Modeling: Improving the Application Lifecycle on November 14, 2005 in Vancouver BC. http://www.wcsf.com Personally, this is one of my favorite Security topics as this reinforces the issue that Security is a process and not a product. Threat modeling ties nicely into the Applicaiton Lifecylce and effectively using tools to assist with Security and pinpoint areas that requires Code Security Review. Without a methodology in place, code security reviews would be extremely diffcult to do when you have ten thousands line of codes. You require a process that will highlight the areas in your applicaiton that requires a Code Security Review.
This year the theme will be on Identity Management which is quickly becoming a major concern in the IT industry. A good look at Microsoft approach to Identity Management can be found on my colleague--Ryan Storgaard--blog. http://blogs.msdn.com/stoey/archive/2005/07/08/436934.aspx
Hope to see everyone at this year West Coast Security Forum. Please drop by the Microsoft exhibitor booth and say hello.