The presentation discusses the use of threat modeling in a fictitious example of a workload architecture, and the importance of prototyping early to understand how technologies integrate with each other and what can go wrong.
- The example architecture includes an external facing service using TLS, mutual TLS for service communication, and web identity federation for accessing AWS services
- Two approaches are presented: a simple web service and a service mesh approach using Istio and OPA
- Data flow diagrams are essential for threat modeling and can be used to apply STRIDE to individual communications
- Prototyping early helps to understand technology integration and potential issues
- The presentation includes a relevant anecdote about a last-minute issue with AWS policies on S3 buckets