Threat Modelling at Scale: Breaking Down Cloud Complexity
Hanna Papirna, Emma Yuan Fang
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
In the rapidly evolving landscape of cloud-native applications, traditional threat modeling approaches often fall short, leaving organizations vulnerable to sophisticated attacks. This talk by Hanna Papirna and Emma Yuan Fang at Cloud Village addresses this critical challenge, presenting a pragmatic framework for scaling threat modeling to the complexity of multi-tenant, microservices-based cloud architectures. The speakers emphasize the need to move beyond simplistic network diagrams and adopt a more granular, decomposed view of cloud systems to effectively identify and mitigate risks.
AI review
Competent, practitioner-oriented talk that packages known-good ideas — block decomposition, zero-trust boundaries, STRIDE-for-cloud, DREAD scoring — into a coherent workflow for multi-tenant microservices threat modeling. The Storm-0558 reference and the live Stride GPT demo add texture, but nothing here is original research; it's synthesis and methodology, delivered cleanly at Cloud Village tier.