Room 1 

13:40 - 14:40 


Talk (60 min)

Maximising Security with Threat Modelling in the Cloud

Despite the growing adoption of cloud hosting by companies for their services, the presence of security flaws in their deployed infrastructure remains a concern.


As a result, there is a clear need to employ a shift left strategy to proactively mitigate these flaws in production. Through this presentation, we share the lessons learned from analyzing security issues in multiple Visma cloud projects, along with our approach to performing security threat modeling of cloud infrastructure using data aggregation from security flaws.

Romina Druta

Romina Druta is a Senior Infrastructure Engineer and Security Researcher in VISMA, where she is focusing on security for cloud platforms. She has acquired a broad range of technical knowledge in systems administration and operations during her different working experiences as a system engineer. Her research interests include cloud computing, design and architecture of secure and reliable systems, DevOps practices and processes but also research methods and procedures.

Daniela Cruzes

Dr. Daniela S. Cruzes is a Professor at the Norwegian University of Science and Technology (NTNU) and a Lead Security Researcher in VISMA. Previously, she worked as a senior research scientist at SINTEF in Norway. She has also been a researcher fellow at the University of Maryland and Fraunhofer Center for Experimental Software Engineering-Maryland. Dr. Daniela Cruzes received her in experimental software engineering from the University of Campinas - UNICAMP in Brazil in 2007. Her research interests are empirical software engineering, research methods and theory development, synthesis of SE studies, software security, software testing and agile and DevOps.