About Shostack + Associates

 

Training

We deliver the best threat modeling training available. Our catalog ranges from one minute videos to multi-day live instruction offerings, and all focus on developing skills that can be applied immediately. Our customers include individuals and organizations of all sizes around the world.

Read More > >

Consulting

Shostack + Associates is a trusted specialized security consultancy, focused on meeting the unique needs of each client through a variety of services including threat modeling, security engineering and risk management.

Read More > >

Coaching

As organizations start to build muscle in threat modeling, Shostack + Associates can act as your personal trainer, understanding your goals and helping you achieve them faster. We stay on top of your goals, identify and overcome obstacles together, and get you where you're going faster and with fewer injuries (like upset developers or executives).

Read More > >

Shostack + Associates helps customers deliver better products, faster and with less churn or internal conflict. Our approach focuses on threat modeling as a way to “measure twice, cut once.” Adam Shostack founded the company that bears his name in 2016.

 

Our associates include:

Jamie Dicken black and white headshot

Jamie Dicken (Instructor)

Jamie Dicken has worked across much of the cybersecurity domain, including application security, DevSecOps, security chaos engineering, continuous control validation, security tooling and automation, security posture maturation, security architecture, and governance, risk, and compliance. Prior to her transition into cybersecurity, she spent 8 years as a software engineer and technical manager at two Fortune 15 healthcare companies, where she focused on designing, building, and delivering new features to the market. Now Jamie focuses on protecting systems like the ones she used to build and transforming the ways that engineering teams and security professionals work together. Jamie is currently the Senior Manager of Product Security Assurance at New Relic, leading a team focused on application security, threat modeling, pentesting, and DevSecOps enablement. She also freelances as a threat modeling instructor at Shostack + Associates. Her professional passions include leading high-performing teams, executing on high-profile strategic initiatives, championing employee growth and development, and mentoring women and minorities in technology. Outside of work, Jamie has lots of adventures with her two mischievous little boys and amazingly supportive husband. She enjoys spending time outdoors and sewing clothing.

Kent Sullivan headshot

Kent Sullivan (Principal Consultant)

Kent has spent years fostering deep collaboration among team members and recognizes how hard it is to achieve this in a high-pressure corporate environment. He has coached teams through difficult changes and taught them survival skills for managing the change and thriving in the resulting new situations. Kent also has taught and coached teams on how to integrate lean, customer-centered mindsets and practices into their daily work, so that they greatly reduce the risk of producing something customers don’t need or want. Kent believes strongly that integrating insights extracted from diverse data sources (design research, market research, telemetry, social networking, etc.) greatly increases the chances of those insights being breakthrough in nature. During his long tenure at Microsoft, it was Kent’s pleasure to work on a wide variety of products, especially Windows 95, where he led the exploratory user research that produced the taskbar and Start menu, as well as the iterative research that helped nail down the details.

Valery Berestetsky headshot

Valery Berestetsky (Instructor)

Valery Berestetsky is a seasoned information security professional with over 25 years of demonstrated industrial experience that covers a wide range of technologies and customer exposure. Valery is experienced in application security, security risk assessments and compliance evaluations, as well as the complete project security life cycle, particularly in the requirements gathering, design, development and deployment phases and building security into all these phases. Valery’s career includes years of information security experience with industrial leaders such as Microsoft, GE Healthcare and Nortel Networks. Currently Valery is contributing his knowledge as a threat modeling instructor with Shostack + Associates.

 

Branding, Design, and Web

This website has gone through many iterations over the years. As of Fall 2021, we're really happy with the playful yet modern version you see now. The updated design and streamlined functionality was made reality through the creativity and hard work of a fantastic team. Thank you Melanie, Paola, Connie, and Jessi.

Brand Development / Management

Melanie Warner led the team in defining and refining the Shostack brand through the selection of colors, typography, and more. She is the owner of Hotiron Creative and creates logos and brand identity for researchers, companies, and conferences in the cybersecurity space.

Graphic Design

Paola Coda crafted page layouts and element composition to ensure all content would appear consistent in the new design. Paola runs Coda Creative Inc. providing a wide range of graphic design services for mid-size companies, with special expertise in the high tech industry and in collateral and immersive design for events.

Website Development

Connie “Sunfire” Hill used their expertise of semantic and accessible HTML5 and CSS3 to build the website to the specifications developed by the team. Sunfire is a freelance web developer and co-owner of Hitsaru, LLC, a consulting firm that specializes in information security and related technologies.

Brand Consultant

Jessi Purdy advised the creative team on the perceptions, personality and brand traits that clients and audiences connect with, allowing them to define and create a design aesthetic that was authentic to Adam and Shostack + Associates. Jessi engages in creative media endeavors through the Invited In Media division of FIC Human Resources Partners.