threat modeling

I’ve been threat modeling for a long time, and at Microsoft, had the lovely opportunity to put some rigor into not only threat modeling, but into threat modeling in a consistent, predictable, repeatable way. Because I did that work at Microsoft, sometimes people question how it would work for a startup, and I want to…

Read More Threat Modeling At a Startup

Gabrielle Gianelli has pulled back the curtain on how Etsy threat modeled a new marketing campaign. (“Threat Modeling for Marketing Campaigns.”) I’m really happy to see this post, and the approach that they’ve taken: First, we wanted to make our program sustainable through proactive defenses. When we designed the program we tried to bake in…

Read More Etsy's Threat Modeling

For Star Wars day, I’m happy to share this event poster for my talk at Ada’s Books in Seattle Technical Presentation: Adam Shostack shares Threat Modeling Lessons with Star Wars. This will be a less technical talk with plenty of discussion and interactivity, drawing on some of the content from “Security Lessons from Star Wars,”…

Read More Seattle event: Ada's Books