I have something to disclose: the release of my new course on information disclosurehas just launched on Linkedin! 🎉🥂 To celebrate, I’ve made it easier to disclose the contents by making it free for you link here Please help me disclose this information to the world!Read More Information Disclosure In Depth!
I’ll be speaking at the MDIC’s Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. Join us shortly!Read More MDIC Annual Public Forum
At the Biohacking Village at Defcon, there was an interesting talk on Includes No Dirt threat modeling. I thought this slide was particularly interesting. As threat modeling moves from an idea through pilots and deployments, and we develop the organizational disciplines of threat modeling, the question of ‘when do we do this’ comes up. There’s…Read More When to Threat Model
Nathan Hamiel has a really good post on Maximizing The Value of Virtual Security Conferences. To his key point of ‘know what you want to get out of it’ and ‘know what it would take to make it happen,’ I want to add two ideas: First, take notes with a pen and paper. This is…Read More Maximizing The Value of Virtual Security Conferences
There’s a post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security. Her post shares the context of socio-technical approaches, discussed the (re-named) RISCS institute, and shares the current problem book. The post and the problem book are both worth a careful read. (I’m honored to be an advisor to the…Read More Sociotechnical Approach to Cyber Security
It will come as no surprise to regular readers of this blog that I prefer the written word to audio and video, but 2020 being 2020, I now have a YouTube Channel, with the first video below:Read More Video series
With engineering, courage, and leadership, we can do amazing things.Read More Happy Apollo 11 Day!
I enjoyed being a guest on Software Engineering Radio: Adam Shostack on Threat Modeling. It’s a substantial, in depth interview, running nearly 80 minutes, and covering a wide variety of topics.Read More Software Engineering Radio
The EFF has filed an amicus brief on the Computer Fraud and Abuse Act: Washington, D.C.—The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding…Read More Amicus Brief on CFAA
The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. It’s an important and broad coalition to protect the ability of American companies to deliver security to their customers. I’m honored to be one of the signers.Read More Internet Society Opposition to LAED Act