About Shostack + Associates

Kymberlee Price

COO, Instructor, Principal Consultant

Kymberlee Price has spent more than two decades in Application Security and community stewardship, helping product engineering teams think more clearly about the systems they build. Her work centers on contextualizing security as a facet of overall quality, clarifying system behavior, setting explicit expectations, and building trust across functions so that security becomes part of how design and implementation decisions are made instead of a gate applied after the fact. A recognized innovator and expert in the information security industry, Kymberlee not only speaks regularly at security conferences around the world, but has also contributed meaningfully to the broader security community through her service on multiple conference review boards and program committees, helping to shape technical dialogue, mentor practitioners, and elevate emerging voices.   Kymberlee Price on LinkedIn

Erik Service

Instructor, Senior Consultant, Sales

Erik Service is a senior cybersecurity architect and threat modeling specialist with over 18 years of experience securing complex, cloud-native and ML-enabled systems. His work enhances security for organizations operating in highly regulated environments such as sensitive industry verticals such as healthcare and medical technology, financial services, and government.

Erik specializes in threat modeling everything from web applications to large language models, medical devices, cloud platforms and payments infrastructure, helping teams identify architectural, privacy, and adversarial AI threats early in the design process. Beyond technical analysis, he is known for his collaborative, people-first approach, influencing stakeholders to adopt secure-by-design practices that scale. He is a frequent threat modeling instructor at industry forums including OWASP and Black Hat and holds an MSc from McGill University along with multiple security and privacy certifications.   Erik Service on LinkedIn

Jamie Dicken

Instructor, Principal Consultant

Jamie Dicken has worked across much of cybersecurity domain, including product security, DevSecOps, security tooling and automation, and GRC. Prior to her transition into cybersecurity, she spent the first half of her career as a software engineer and technical manager at two Fortune 15 healthcare companies, where she focused on designing, building, and delivering new features to the market. Now Jamie focuses on protecting systems like the ones she used to build and transforming the ways that engineering teams and security professionals work together. Jamie is currently a Director of Security Platforms & Architecture and freelances as a threat modeling instructor and consultant at Shostack + Associates.   Jamie Dicken on LinkedIn

Shoshana Cox

Instructor

Shoshana Cox is a prominent AI security architect, researcher, and strategist with over a decade of experience in mission-critical AI. Her work focuses on bridging the gap between probabilistic AI systems and deterministic security requirements and providing high-level strategy and training for C-suite executives and technical teams globally. Currently serving as the CEO and Head of Research at Bermuda Hundred Strategies, she specializes in the intersection of AI, national security, and threat modeling. She is a member of the core author team for the OWASP AI Exchange, where she contributes to international engineering standards and technical requirements for the EU AI Act. Her professional background spans roles as a mathematician, red team lead, data scientist, and Chief Data Officer.

Shoshana is widely recognized for her work on MLSecOps and AI defensive architectures, authoring technical papers and holding a patent in AI security (US 12,093,400 B1). She is an active voice in the industry through her Substack newsletter, Angles of Attack, where she provides in depth analysis on topics like agentic memory, AI red teaming, and the security risks of generative AI.

Shoshana freelances as a threat modeling instructor with Shostack + Associates.   Shoshana Cox on LinkedIn

Michael Novack

Instructor

Michael Novack is an AI Security Architect specializing in securing enterprise AI systems, AI agents, and explainability-driven controls. His background spans software engineering and application security architecture in the financial services and insurance sectors, experience he brings to designing principles-first security programs that integrate practices such as threat modeling, security champions programs, secrets management, and AI strategy.

Michael's current focus is on advancing secure enterprise AI adoption, helping organizations implement monitoring, explainability, and governance capabilities that allow teams to understand, manage, and mitigate AI risk with confidence.

In parallel, Michael designs interactive learning tools that make complex AI and security topics more approachable, including an AI strategy board game and a cybersecurity awareness card game. These tools help teams communicate technical topics more effectively and bridge the gap between product, security, and business stakeholders.

Michael freelances as a threat modeling instructor with Shostack + Associates.   Michael Novack on LinkedIn

Valery Berestetsky

Instructor

Valery Berestetsky is a seasoned information security professional with over 25 years of demonstrated industrial experience that covers a wide range of technologies and customer exposure. Valery is experienced in application security, security risk assessments and compliance evaluations, as well as the complete project security life cycle, particularly in the requirements gathering, design, development and deployment phases and building security into all these phases. Valery’s career includes years of information security experience with industrial leaders such as Microsoft, GE Healthcare and Nortel Networks. Currently Valery is contributing his knowledge as a threat modeling instructor with Shostack + Associates.   Valery Berestetsky on LinkedIn

Kent Sullivan

Accelerator Program Principal Consultant

Kent has spent years fostering deep collaboration among team members and recognizes how hard it is to achieve this in a high-pressure corporate environment. He has coached teams through difficult changes and taught them survival skills for managing the change and thriving in the resulting new situations. Kent also has taught and coached teams on how to integrate lean, customer-centered mindsets and practices into their daily work, so that they greatly reduce the risk of producing something customers don’t need or want. Kent believes strongly that integrating insights extracted from diverse data sources (design research, market research, telemetry, social networking, etc.) greatly increases the chances of those insights being breakthrough in nature. During his long tenure at Microsoft, it was Kent’s pleasure to work on a wide variety of products, especially Windows 95, where he led the exploratory user research that produced the taskbar and Start menu, as well as the iterative research that helped nail down the details.   Kent Sullivan on LinkedIn

Jessica Purdy

Accelerator Program Senior Consultant, Business Operations

Jessica Purdy is an expert in organizational management and strategic transformation. As a member of the Shostack + Associates Accelerator Program delivery team, her experience guiding business leaders to objectively measure their organizational culture’s key health indicators, identify gaps, and plan targeted improvement initiatives is instrumental in the success of security engineering programs. Jessica is also the founder of FIC Human Resources Partners.   Jessica Purdy on LinkedIn

Adrienne Dandy

Senior Consultant, Program Manager, Technical Writer

Adrienne Dandy is a versatile security professional whose extensive experience in security operations and Product Security Incident Response is shaped by her foundation in technical writing. With a strong background in product security, program management, and cross-functional collaboration, she has supported teams at organizations of many sizes and structures. Her incident response experience includes vulnerability disclosure coordination that earns public recognition from security researchers and open-source risk management across multiple product verticals. Her crisis response experience includes ransom attacks, high-conflict researcher de-escalation, and crisis management process design. Her user-centric and data driven approach values clarity, steady scalable processes, and careful coordination.   Adrienne Dandy on LinkedIn

Mark Ramsdell

Lead Technical Producer

Mark is a seasoned virtual assistant and "technology therapist" dedicated to creating high-impact learning environments through intentional design. With over 35 years of experience in higher education, he bridges the gap between complex technology and learner success. Mark has expertly moderated live sessions across diverse sectors—from academic classrooms to specialized training for threat modeling, automotive management, and restoration technicians. Now semi-retired in Central New York, Mark continues to apply his deep instructional technology expertise to improve educational outcomes. Outside of his professional work, he is a devoted husband, father, and grandfather who remains active in his community as a volunteer with the local fire company and ScoutsBSA.   Mark Ramsdell on LinkedIn

Heidi Rosemont

Technical Producer

Heidi is an online program operations specialist who designs engaging, human-centered virtual experiences. With expertise in education, non-verbal communication, and group dynamics, she creates spaces where participants and facilitators feel seen, supported, and motivated to engage. She partners with organizations in leadership development, medical education, team building, and mission-driven industries to facilitate impactful online programs with clarity, warmth, and technical ease. Off-screen, she enjoys baking for her husband and caring for her sheep — still happiest in a pair of coveralls with dirt on her hands.   Heidi Rosemont on LinkedIn