February 2019

Post thumbnail

I’m quite happy to say that my next Linkedin Learning course has launched! This one is all about spoofing. It’s titled “Threat Modeling: Spoofing in Depth.” It’s free until at least a week after RSA. Also, I’m exploring the idea that security professionals lack a shared body of knowledge about attacks, and that an entertaining…

Read More Spoofing in Depth

At RSA, I’ll be speaking 3 times at the conference, and once at a private event for Continuum: “2028 Future State: Long Live the Firewall?” with Jennifer Minella, Harry Sverdlove and Marcus Ranum. March 5 | 1:00 PM – 1:50 PM | Moscone West 3001 Threat modeling brunch with IriusRisk March 6 | 10 –…

Read More Adam @ RSA

Post thumbnail

Chris Eng said “Someone should set up a GoFundMe to send whoever wrote the hit piece on password managers to a threat modeling class.” And while it’s pretty amusing, you know, I teach threat modeling classes. I spend a lot of time crafting explicit learning goals, considering and refining instructional methods, and so when a…

Read More What Should Training Cover?

I did a podcast with Mark Miller over at DevSecOps days. It was a fun conversation, and you can have a listen at “Anticipating Failure through Threat Modeling w/ Adam Shostack.”

Read More Podcast: DevSecOps

Post thumbnail

I hate reviewing books by people I know, because I am a picky reader, and if you can’t say anything nice, don’t say anything at all. I also tend to hate management books, because they often substitute jargon for crisp thinking. So I am surprised, but, here I am, writing a review of Kip Boyle’s…

Read More “Fire Doesn’t Innovate” by Kip Boyle (Book Review)