Shostack + Friends Blog Archive

 

Threat Modeling: Chinese Edition

I’m excited to say that Threat Modeling: Designing for Security is now available in Chinese. This is a pretty exciting milestone for me — it’s my first book translation, and it joins Elevation of Privilege as my second translation into Chinese. You can buy it from Amazon.cn.

 

Jolt Award for Threat Modeling

I am super-pleased to report that Threat Modeling: Designing for Security has been named a Jolt Finalist, the first security-centered book to make that list since Schneier’s Secrets and Lies in 2001. My thanks to the judges, most especially to Gastón Hillar for the constructive criticism that “Unluckily, the author has chosen to focus on […]

 

Threat Modeling: The East Coast Book Tour

I’m planning to be on the East Coast from June 16-27, giving threat modeling book talks. (My very popular “Threat Modeling Lessons from Star Wars.”) I’m reaching out to find venues which would like me to come by and speak. My plan is to arrive in Washington DC on the 16th, and end in Boston, […]

 

Threat Modeling and Operations

One very important question that’s frequently asked is “what about threat modeling for operations?” I wanted to ensure that Threat Modeling: Designing for Security focused on both development and operations. To do that, I got help from Russ McRee. For those who don’t know Russ, he’s a SANS incident handler as well as a collegue […]

 

My Technical Editor: Chris Wysopal

When Wiley asked me about a technical editor for Threat Modeling: Designing for Security, I had a long list of requirements. I wanted someone who could consider the various scenarios where threat modeling is important, including software development and operations. I wanted someone who understood the topic deeply, and had the experience of teaching threat […]

 

Threat Modeling: Designing for Security

I am super-excited to announce that my new book, Threat Modeling: Designing for Security (Wiley, 2014) is now available wherever fine books are sold! The official description: If you’re a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and the overall […]

 

5 Years of New School

Five years ago Friday was the official publication date of The New School of Information Security. I want to take this opportunity to look back a little and look forward to the next few years. Five years ago, fear of a breach and its consequences was nearly universal, and few people thought anything but pain […]

 

ThreatPost Podcast with Adam Shostack

Last week I did a podcast with Dennis Fisher. In it, we touched on what I might change in the book. Take a listen at: “Adam Shostack on Methods of Compromise, the New School and Learning“

 

New School of Information Security Book Reading at Ada's

Last Sunday, I did a book reading at Ada’s Technical Books. As I say in the video, I was excited because while I’ve talked about the New School, and I’ve given talks about the New School, I hadn’t done a book reading, in part because of the nature of the book, and my personal comfort […]

 
 

Book Reading in Seattle on Sunday

This Sunday I’ll be reading from the New School at 4PM on Sunday at Ada’s Technical Books in Capitol Hill. If you’re in the area, you should come!

 

Ahem: The New School is more than Data

In “Why The New School Is Important,” Alex writes: Being New School won’t solve your problems. What a New School mindset will do for you is help you begin to understand what your problems actually are. So without arguing with the rest of Alex’s post, I’m forced to beg to differ. The New School is […]

 

Thanks!

Andrew and I want to say thank you to Dave Marsh. His review of our book includes this: I’d have to say that the first few pages of this book had more of an impact on me that the sum of all the pages of any other security-related book I had ever read It’s really […]

 

Adam signing today at RSA

I’ll be in the RSA bookstore today at noon, signing books. Please drop on by. PS: I’m now signing Kindles, too.

 

Howard Schmidt's talk at RSA

The New York Times has a short article by Markoff, “U.S. to Reveal Rules on Internet Security.” The article focuses first on declassification, and goes on to say: In his first public speaking engagement at the RSA Conference, which is scheduled to open Tuesday, Mr. Schmidt said he would focus on two themes: partnerships and […]

 

Thank you!

For the opportunity to do this:

 

More New School Reviews

Gary McGraw says buy it for the cover: The New School of Information Security is a book worth buying for the cover alone. I know of no other computer security book with a Kandinski on the front. Even though I know Adam Shostack from way back (and never could have predicted that he would become […]

 

The Principal-Agent Problem in Security

There’s a fascinating article in the New York Times, “At Bear Stearns, Meet the New Boss.” What makes it fascinating is the human emotion displayed: “In this room are people who have built this firm and lost a lot, our fortunes,” one Bear executive said to Mr. Dimon with anger in his voice. “What will […]

 

First in-depth review

Andre Gironda writes “Implications of The New School:” Additionally, the authors immediately begin the book with how they are going to write it — how they don’t reference anything in great detail, but that the endnotes should suffice. This also put me off a bit… that is — until I got to the endnotes! Certainly […]

 

More New School feedback

Our editor says that the Safari e-book edition of The New School is now available. Hardcopies should be out in a week or so. Jon Pincus gives us a mention in his long article “Indeed! The Economist on “computer science as a social science”” and comments that we “explicitly include discussions of diversity in the […]

 

Reactions to "The New School:" Thank you!

A big thank you to those of you who picked up the New school in your blogs and mailing lists. Ryan Hurst says: This is a concept I know I beleive in, one I have discussed numerous times with folks over beer; with that being said I can’t wait to get my copy to see […]

 

The New School of Information Security

A few days ago, we turned in the very last edits to The New School of Information Security to Addison-Wesley. My co-author, Andrew Stewart, and I are both really excited. The New School is a systemic look at dysfunction within information security, and a look at some of the ways people are looking to make […]