Threatmodel'ista - Tash Norris

Posted on Tuesday, Jan 1, 2019

Download as an MP3 by right-clicking here and choosing “save as.”

Show Notes

We’re back after a long time and I hope you missed us 🙂, this episode is part of a new series of recording from DevSecCon in London (

DevSecCon is a really exciting conference where you can hear really good talk about the devsecops best practice and more.

Our guest for this sessions is Tash Norris(@TashJNorris) .

Tash is working for Photobox asSenior Cloud Security and Threat Model-er.

We’re really glad to met Tash as she’s expose use a lot of juicy information about her background and a lot of best practice.

“Trying to keep all your toys in a box but all they want to escape at the time and they break on the same time” - Tash gave the best definition of devsecops I heard so far.


  • DevSecCon - Corridors of the conference [ 02:00 ]
  • Cloud - Not focusing on a unique problem [03:38]
  • Cloud Security - start from scratch [05:10]
  • Food could the solution to involve developer in your security program [07:20]
  • Threat Modeling interaction with other team [09:30]
  • Security Automation - The state [10:17]
  • Best $100 spent [11:00]
  • DevSecOps - Explain to a child [11:00]
  • Tash’s Message [12:40]
  • Tash Journey to the security world [13:00]
  • Opsec - How to get your personal security seriously [14:40]

Book recommendation

Terrorism and counter-intelligence: How Terrorist Groups Elude Detection book here Counterintelligence Theory and Practice by Hank Prunckun book here

Further reading and brain foods

  • Threat Modeling designing for security by Adam Shostack.

  • General Framework for AI and Security Threat - here

  • A note on KGB style here


Tash Norris

Tash Norris

Tash is working for Photobox as Senior Cloud Security and Threat Model-er.


William Thiam

William Thiam

Doudou Thiam also known as William was “born and bread” in Dakar. For the last decade a proud Londoner and entrepreneur. Since 2011 my focus is to design and launch high end team head hunting programs. A passion for philosophy, politic and history. Let’ s learn lean and leap together!

Paul Dubourg

Paul Dubourg

Paul Dubourg is your euro citizen…French spanish english The catch…. a classic engineer path..combine with an entrepreunarial spirit in the hacking and cyber world. Now developing 3 cyber practices on compliances and hacking related cyber market he is also delivering a unique cyber masterclass for a nice portifolio of UK and French businesses. Podcast addict since his young age, creating security podcast were a natural step forward.