Threat Modeling: Designing for Security (book; videos)
If you're a software developer, systems manager, or security professional, this deeply practical book will show you how to use threat modeling in the security development lifecycle and the overall software and systems design processes. The book's website is threatmodelingbook.com. Also there's set of Linkedin Learning courses. Start with "Learning Threat Modeling," and continue at my instructor page.
Control-Alt-Hack™ is a tabletop card game about white hat hacking, based on game mechanics by gaming powerhouse Steve Jackson Games (Munchkin and GURPS) and developed in collaboration with Tammy Denning and Yoshi Kohno.
Elevation of Privilege: the Threat Modeling Game
The easy way to get started threat modeling. You can download a copy from the my github page, and there's a blog post with the announcement. Since the creation of Elevation of Privilege, there's been a move towards games with a security purpose, and I maintain a list of "Tabletop Security Games." There's a set of links about the game there.
The New School of Information Security (book)
We examine some of the ongoing shortcomings of the information security profession, and propose some very practical steps that any individual or organization can take to improve things. Available from fine booksellers now. ( Amazon or Addison Wesley's InformIT ). By Adam Shostack and Andrew Stewart. There was a blog inspired by the book at newschoolsecurity.com, the content has migrated to Adam & Friends.
Microsoft SDL Threat Modeling Tool (software)
I drove the creation and release of several revisions of the SDL Threat Modeling Tool, which is available as a free download from MSDN.
After the 2nd Workshop on Vulnerability Databases at Purdue, I worked hard to make the Common Vulnerabilities and Exposures list a reality. The CVE is now broadly used and I'm an Emeritus Advisor.
Zero Knowledge Systems, Evil Genius Team (1999-2002)
At Zero-Knowledge Systems, I had the privilege of building and leading a team of Evil Geniuses who helped build some really amazing technologies.
Privacy Enhancing Technologies Symposium
I've been a member of the steering committee for this academic series of workshops. I organized the 2nd in 2002 in San Francisco and the 9th in Seattle.
International Financial Cryptography Conference (1997-2003)
I was the Vice-President of the International Financial Cryptography Association, which is dedicated to bringing together cryptographers, bankers, and others to advance the theory and practice of Financial Cryptography.