Threat personas are a tool to improve communication when discussing cyber security threats.
We use simple language, rather than practitioner terminology, so that they are accessible to infosec, technology and business teams alike. Their narrative-driven approach paints a rich picture that is easy for anyone to understand.
They fit between high-level labels (like cyber-criminal) and specific threat actor groups (like Tangerine Flamingo).
Often infosec practitioners, developers and business colleagues lack a clear picture of who they are trying to defend their organisation from.
This project contains the threat persona output from the Open Security Summit 2020 session Threat Personas and Application Vulnerability Scoring Model , by Phil Huggins and Robin Oldham. We had the objective to educate participants on personas and to create skeleton 'personas' for different threat actors.
An example set of threat personas, created byOSS2020 participants, can be found in this PDF.
We have found from experience that threat personas are a useful tool in a variety of use cases. We want to provide a collection of personas that teams can pick up, tailor, and use within their organisations without having to reinvent the wheel.
Pick up and use these example personas within your own organisation!
You may find some of the narratives, or characteristics, don't fit with your business operations and so you may find it beneficial to tailor them to your specific organisational environment.
- Awareness campaigns
- Threat modelling
- Risk identification / assessment
Plus many more. Let us know how you're using Threat Personas.
A persona is comprised of the following components:
- Name: Humanise them with a name, optionally add a pithy headline
- Face: A face helps bring them to life
- Relationship: Either
ExternalorInternal - Intent: Either
MaliciousorNon-Malicious - Narrative: Where you get to create their backstory and explain their history, location, motivations, desires, concerns, and more.
- Attributes:
- Goals: One of
Curiosity,Personal fame,Personal gain,National interests,Revenge - Opportunity:
Connected to the Internet,Physically nearby,Access to connected partner,Access to organisations,Access to specific network/system - Skilss:
No technical skills,End user,Power user,Developer,Researcher - Knowledge:
External to organisation,Ex-organisation insider,Organisation partner,Customer,Employee,Other insider - Deterrability:
Unconcerned criminal,Careful criminal,Careless law-abiding,Careful law-abiding
- Goals: One of
You can find a selection of examples within the persona directory of this project.
- Vladimir Starsky: Hacker for Hire (view on GitHub)
- Leona Wolff: Organised crime boss turned cyber criminal (view on GitHub)
- Bret Devlin: Thrill-seeking Red Teamer (view on GitHub)
- Dimitra Contos: DevOps Engineer (view on GitHub)
We welcome contributions to this collection. If you've created a new threat persona then please raise a PR.
You can use tools, like Name Generator and Generated Photos, to help generate content for personas.
The personas here are fictitious and any resemblance to real persons or other real-life entities is purely coincidental.
This resource is freely available under the Creative Commons Zero License (CC.0), so please use, share, modify and improve it!