John Volock

Providing a practical hands on talk to how to approach doing Model Based Systems Engineering (MBSE) and Security as a unified model. Lessons learned over the past 24 months from an MDM making the transition, and places where we got more ROI than expected. Hands on examples of importing and using CWEs, ATT&CK, CAPEC, and other defined frameworks within SysML tools, that reduce most security items to risk taxonomy and trust models. Real world examples of how we transitioned documentation, and of real medical devices.

John has spent his career across various parts of the Safety Critical Industry: Planes, Trains, Automobiles, Industrial Controls and Medical. DevOps, Firmware, Software or Systems, he's done it. He really likes to break things, including himself, leading to his taking a patients perspective often.