The conversation went something like this:

Me: “Hey Chris, want to co-present at RSA? I have this idea around how we fix things when we get dropped into a new org and they have a cloud security mess.”

Chris: “Sure, you want to write up the description and submit it?”

Me: “Yep, on it!”

[A couple months later]

Chris: “So what’s this Universal Cloud Threat Model you put in the description?”

Me: “Oh, I just thought we’d make fun of all the edgy cloud security attack research since nearly every attack is just the same 3 things over and over.”

Chris: “Yeah, sounds about right, want to hop on a quick call to map out the slides?”

[A two hour spontaneous Zoom call later]

Chris: “Crap, I think we need to write a paper.”

Me: “Really?”

Chris: “Yeah, this is good stuff.”

Me: “Fine. But only if we can put my cat in as a threat actor. He just broke a bowl and is making a move on my bourbon .”

Chris: “Sure, what’s his name?”

Me: “Goose”

Chris: “Well what did you expect?”


You can download the UCTM here.

And read Chris’ absolutely epic announcement post in the voice of Winston Churchill!