This project will provide materials for a half, or full day security workshop.
In this session, participants will:
- Learn about security control types.
- Learn about threats, risks and vulnerabilities.
- Learn about threat modeling.
- Practice with threat modeling.
- Learn about hardening and secure coding.
- Theorycraft hardening and secure coding.
- Learn about incident response.
- Play an incident response game.
All of this will happen through the lens of the world-famous book and movie Jurassic Park.
We do not have any rights whatsoever, nor do we claim any, to the intelectual properties involved with Jurassic Park.
Aside from referring to the book's title, we will not use any trademarks or characters that are directly associated with the book.
Jurassic Park is used as a frame of reference because most participants in this workshop are familiar with the story. And because it's awesome!
Jurassic Park is a perfect showcase of threats, vulnerabilities, risks and of failing security controls. It makes learning about information security concepts accessible to people who are completely new to the field.
The idea for this project popped up when Willem Keesman and Tess Sluijter-Stek were joking around in a study group for ISC2's Certified in Cybersecurity exam.
We were discussing detering vs preventative security controls, wondering when exactly a wall or fence isn't just a preventative control, but also a deterant. A reference was made to "A Jurassic Park fence!", which got the ball rolling.
No! In 2021 Corey Garst held a one-hour presentation called Threat modeling Jurassic Park with Python at a Python Frederick meetup.
Corey's slides and Jurassic Park threat models are here, on Github.
First up, we will come up with a course design for the workshop, followed by an outline of the curriculum.
Based on these, we will create course materials, slides, exercises and supporting materials.
We've decided to offer these files under the Creative Commons, BY-NC-SA license: Non-Commercial, Attribution and Share Alike. You can read all about it in the LICENSE.txt file. Basically: you can re-use these files as you see fit but not for commercial purposes, as long as you attribute us as the original source and you re-share your own modifications.