Skip to main content

Personal Projects

ThreatQuest

Secure landing zones have been an architecture trend in the cloud for some time. Part of its implementation also involves creating a central platform team which among everything else maintains security of the platform through allowlisting/denylisting services and creating guardrails for safe configuration of those.

The process usually follows a pattern where the team performs a threat model of the service application teams require. Depending on organisation's apetite, basic minimum standard across all services will be required. During this process, suggested guardrails will also be created and pushed to production so if a developer wants to for example create a publicly facing VM, he/she can't because guardrail will prevent them from pushing this configuration deemed insecure by the organisation.

Depending on the size of organisation, this process can take many months to complete initially because engineers should be expected to perform analysis against underlying APIs (known and unknown if possible) that support the application as well as frontend/user base wrappers such as CLIs and cloud portals. Furthermore, the services are subject to constant change and cloud providers are constantly updating their features that it's impossible to track this real-time. This means that process of threat modelling has to be reviewed periodically for any new changes. And yes, you guessed it - it is extremley time consuming.

I used this as an excuse to skill myself up when it comes to my knoledge of LLMs through addressing this problem. This is how I came about the idea of ThreatQuest - an LLM backed tool that can help security engineers perform these threat models more efficiently and thus more frequently.

I will refrain myself from sharing too much information now, as the tool is still in progress and I plan to open source it. However, I will say that it will be based of a trained LLM model on a comprehensive set of threatmodels created by myself, supporting all three major cloud providers and able to run in Azure Open AI and GCP Vertex.