“Making the Case for a Cybersecurity Moon Shot” is my latest, over at Dark Reading.
“There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.”
I did a podcast with Mark Miller over at DevSecOps days. It was a fun conversation, and you can have a listen at “Anticipating Failure through Threat Modeling w/ Adam Shostack.”
This is a really interesting post* about how many simple solutions to border security fail in the real world.
- Not everywhere has the infrastructure necessary to upload large datasets to the cloud
- Most cloud providers are in not-great jurisdictions for some threat models.
- Lying to border authorities, even by omission, ends badly.
Fact is, the majority of “but why don’t you just…” solutions in this space either require lying, reliance on infrastructure that may be non-existent or jurisdictionally compromised, or fails openly.
The “post” was originally a long Twitter thread, which is archived, for the moment, at ThreadReader App, which is a far, far better UI than Twitter.
I’m excited to be able to share “Announcement: IriusRisk Threat Modeling Platform 2.0 Released.”
If you’re looking to scale your enterprise threat modeling program, this is worth a look.
Lance Cottrell has a blog “The Why and How of High ROI Security Advisory Boards” over at the Ntrepid blog.
I’m pleased to be a part of the board he’s discussing, and will quibble slightly — I don’t think it’s easy to maximize the value of the board. It’s taken effort on the part of both Ntrepid staff and executives and also the board, and the result is clearly high value.
Thanks to the kind folks Digital Guardian for including my threat modeling book in their list of “The Best Resources for InfoSec Skillbuilding.”
It’s particularly gratifying to see that the work is standing the test of time.
There’s an interesting article in the CBC, where journalists took a set of flights, swabbed surfaces, and worked with a microbiologist to culture their samples.
What they found will shock you!
Well, airplanes are filthy. Not really shocking. What was surprising to me was that the dirtiest of the surfaces they tested was the headrest. (They did not test the armrests.) Also, the seat pocket is a nice incubator and rarely cleaned. Not all that surprising, but I hadn’t considered it.
Ron Woerner had me on as a guest in his business of security podcast series. It was fun to tease out some of the business justifications for threat modeling, and the podcast is now live at itunes. You can learn more about the series at Business of Security Podcast Series.
The fine folks at Logmein have released a version of Elevation of Privilege that adds privacy! Check out the fine work by Mark Vinkovits at their blog, “Privacy-By-Design Can Be Entertaining” by Mark Vinkovits.