DeepSec 2025 Talk: Securing the Death Star: Threat modeling in a galaxy far, far away…. – Coen Goedegebure
The Galactic Empire is on the verge of releasing its biggest, most valuable and most important asset: the Death Star. You, the newly appointed Chief Imperial Security Officer, are responsible for improving its security posture. The previous CISO was “let go” and now it’s your job to clean up their mess. Your boss, Darth Vader, is breathing heavily down your neck. He is not amused with the project already over budget in both resources and time, and security will only add to that. His unconventional yet persuasive leadership style convinces you to make this your top-most priority. How will you approach the massive task of securing the Death Star? This presentation will tell an untold story in the Star Wars universe in which the Death Star’s threats and mitigations were identified and prioritised before its release. Securing an artificial moon with a crew of over 2 million people might put the task of securing your software application into perspective.
We asked Coen a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- The story in this talk deserves to be part of Star Wars canon.
- During the talk you will step into the shoes of the newly appointed CISO of the Galactic Empire.
- You’ll map evil personas, uncover threats and explore mitigations for the Empire’s most valuable asset.
- Securing a moon-sized battle station with 2 million crew might put your own product’s security into perspective.
- Han shot first.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I’m a big fantasy and Sci-Fi fan, and Star Wars has always been a favourite. Pair that with my passion for security, and it just clicked. Years ago I saw a talk that used Star Wars as a metaphor for security, and it really stuck with me. That universe is such a great storytelling vehicle for explaining complex ideas, and combining it with cyber security makes the lessons both fun and memorable.
Why do you think this is an important topic?
At its core, my talk is about threat modeling. It matters because it shifts security from reacting to attacks to designing with attackers in mind. That way, teams can see where systems are most at risk, make smarter design choices and build technology that’s resilient from the start. Just ask the Galactic Empire what happens when you overlook a small design flaw…
Is there something you want everybody to know – some good advice for
our readers maybe?
Security at its core is all about people. Technology and processes matter, but it’s people who design systems, make mistakes, spot flaws and fix them. Put people first and everything else has a chance to work.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
AI, mark my words, we’ll probably hear more of that in the future… All jokes aside, AI will be the new droid army, enhancing the attacker-defender cat & mouse game: helping defenders identify threats faster, but also giving attackers new ways to scale their creativity. The real downfall won’t be the tech itself, but organizations that still skip the basics, like threat modeling their own ‘Death Stars’ before launch.
Coen is founder of Scyon and is passionate about everything related to cyber security. He started his professional career over 20 years ago and has since then worked as a software engineer and architect both in the Netherlands and abroad. Over time he discovered that building software was fun, but breaking stuff was even more fulfilling… and he discovered his passion for cyber security. Going all-in with ethical hacking, bug bounties, participating in international hacking competitions, secure coding and multiple CISO roles, he combined his skills to build bridges between the business, software development and cyber security domains. More than 3 years ago, he founded Scyon with the goal of helping organisations in adopting a shift-left approach to their cyber security efforts and bolster their overall cyber resilience. In his spare time, Coen loves to spend time with his family, kitesurf, play guitar, participate in competitive hacking tournaments and share his experience and passion with the world.