At Blackhat USA, I’ll be teaching Applied Threat Modeling. This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on the first day and then going deep into each of the four questions: what are we working on, what can go wrong,…Read More Applied Threat Modeling at Blackhat 2021!
The second video in my 60 second series!Read More Why Threat Model?
I’m thrilled that Juneteenth will be a Federal holiday. We need more holidays that celebrate freedom, and there’s few events that increase freedom as much as emancipating people who were enslaved. That is, freeing them from the threat violence would be used against them, and they would have no recourse. The United States also needs…Read More Juneteenth: A New Federal Holiday
I’m exploring the concept of very fast threat modeling videos, and have posted the first one. Feedback welcome!Read More Fast threat modeling videos
You know what’s not in my threat model? A meteor hitting a volcano…And that’s ok! Your threat modeling should be focused on the threats that are likely to impact your systems. So unless your system is your evil supervillain volcano lair, a meteor is likely out of scope. And unless you have giant space lasers,…Read More “Not in my threat model”?
There’s an infinite number of studies of ransomware lately, all breathlessly talking about how to fight this dangerous threat. They’re all dangerously wrong. Ransomware is not the problem. I’m being intentionally provocative in my latest Dark Reading ColumnRead More Ransomware is Not the Problem
Finally! A Cybersecurity Safety Review Board is a new article by Steve Bellovin and myself at Lawfare. One element of President Biden’s executive order on cybersecurity establishes a board to investigate major incidents involving government computers in somewhat the way that the National Transportation Safety Board investigates aviation disasters. The two of us, among many…Read More Thoughts on the Executive Order
The Supreme Court has ruled in the van Buren case, and there’s a good summary on the EFF’s blog: “The decision is a victory for all Internet users, as it affirmed that online services cannot use the CFAA’s criminal provisions to enforce limitations on how or why you use their service…” As I said at…Read More Van Buren
People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. The most important thing I’ve learned is the importance of conceptualizing what you want it to look like. The other thing I’ve learned is that the more expensive gear is usually more expensive for decent…Read More Recording Lectures