I’m quite happy to say that my next Linkedin Learning course has launched! This one is all about spoofing. It’s titled “Threat Modeling: Spoofing in Depth.” It’s free until at least a week after RSA. Also, I’m exploring the idea that security professionals lack a shared body of knowledge about attacks, and that an entertaining…Read More Spoofing in Depth
At RSA, I’ll be speaking 3 times at the conference, and once at a private event for Continuum: “2028 Future State: Long Live the Firewall?” with Jennifer Minella, Harry Sverdlove and Marcus Ranum. March 5 | 1:00 PM – 1:50 PM | Moscone West 3001 Threat modeling brunch with IriusRisk March 6 | 10 –…Read More Adam @ RSA
Chris Eng said “Someone should set up a GoFundMe to send whoever wrote the hit piece on password managers to a threat modeling class.” And while it’s pretty amusing, you know, I teach threat modeling classes. I spend a lot of time crafting explicit learning goals, considering and refining instructional methods, and so when a…Read More What Should Training Cover?
“Making the Case for a Cybersecurity Moon Shot” is my latest, over at Dark Reading. “There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.”Read More A Cybersecurity Moon Shot
Apparently, “Dolphins Seem to Use Toxic Pufferfish to Get High.” Of course, pufferfish toxins are also part of why the fish is a delicacy in Japan. It just goes to show that nature finds its own, chaotic, uses for things.Read More Dolphins and Pufferfish
I’m getting ready for the 5-year anniversary of my book, “Threat Modeling: Designing for Security.” As part of that, I would love to see the book have more than 55 5 ⭐ reviews on Amazon. If you found the book valuable, I would appreciate it if you could take a few minutes to write a…Read More 55 5 ⭐ Reviews?
I did a podcast with Mark Miller over at DevSecOps days. It was a fun conversation, and you can have a listen at “Anticipating Failure through Threat Modeling w/ Adam Shostack.”Read More Podcast: DevSecOps
The Seattle Times has a story today about how “50 years ago today, the first 747 took off and changed aviation.” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership. For an upcoming flight, I paid extra to reserve an upper…Read More The Queen of the Skies and Innovation
Josh Corman opened a bit of a can of worms a day or two ago, asking on Twitter: “pls RT: who are the 3-5 best, most natural Threat Modeling minds? Esp for NonSecurity people. @adamshostack is a given.” (Thanks!) What I normally say to this is I don’t think I’m naturally good at finding replay…Read More Nature and Nurture in Threat Modeling
I hate reviewing books by people I know, because I am a picky reader, and if you can’t say anything nice, don’t say anything at all. I also tend to hate management books, because they often substitute jargon for crisp thinking. So I am surprised, but, here I am, writing a review of Kip Boyle’s…Read More “Fire Doesn’t Innovate” by Kip Boyle (Book Review)