Threat modelling for different technology sectors


Project overview:

  • Goal: Findings common threats in different technology sectors such as OT, IoT, Automotive, etc.
  • Location: Amsterdam/Eindhoven
  • Timeframe: 3-6 months
  • Starting: January-February 20220*
  • Complexity: Medium
  • Team: Product Manufacturers
  • Category: Risk assessment
  • Supervisor: Anna Prudnikova


*For 6 months internship the topic can be used as a Master thesis project. The list of tasks will be adjusted based on the duration

As a student, you have:

Education:

  • an HBO, WO, MSc preferably, in computer science or the cyber security field.


Technical skills:

  • The knowledge of cyber security risk management domain;
  • Understanding of STRIDE methodology and knowledge of specifics for different technology sectors is a plus.


Soft skills:

  • The ability to work well in an international team environment;
  • Good communication skills, self-organization;
  • Clear documentation writing skills.


The project you will be working on:

Secura is offering Threat Modeling as one of the initial assessments to its clients. The main focus is currently on applications and IT infrastructures. Secura uses the STRIDE methodology for threat modeling and likes the simplicity yet effectiveness of raising security awareness during the process. The output of threat modeling can be further used to create test scenarios (to confirm whether the attacks are feasible by means of penetration testing) and be incorporated into risk assessments.

However, the STRIDE methodology is quite a high level and only provides the general directions for creating the potential threats. Moreover, recently we see an increase in demand to perform threat modeling for products and systems in different sectors such as Automotive, OT, IoT, automotive, maritime, medical, etc. Those sectors often have specific regulatory requirements applicable for developed threat models (for example, for the automotive sector there is a setlist of threats that should be considered while performing threat modeling). This all leads to the need to further develop Secura’s threat modeling methodology and expand it towards multiple sectors as well.

As an intern, you will be tasked with the following:

  1. Identify specific requirements for threat modeling applicable for different technology sectors including OT, IoT, Automotive, Maritime, Medical.
  2. Identify the common grounds for threat modeling for different technology sectors.
  3. Prepare the lists of applicable threats and guidance for conducting threat modeling for different technology sectors.
  4. Create the report and other relevant templates (such as service offerings) for threat modeling.

Contact us

We would like to receive your CV and motivation letter by mail via jobs@secura.com.

Send email keyboard_arrow_right