If you're a software developer, systems manager, or security professional, this deeply practical book will show you how to use threat modeling in the security development lifecycle and the overall software and systems design processes. The book's website is now here, integrated into this site.
Control-Alt-Hack™ is a tabletop card game about white hat hacking, based on game mechanics by gaming powerhouse Steve Jackson Games (Munchkin and GURPS) and developed in collaboration with Tammy Denning and Yoshi Kohno. More here.
Elevation of Privilege: the Threat Modeling Game
The easy way to get started threat modeling. You can download a copy from the my github page, and there's a blog post with the announcement. Since the creation of Elevation of Privilege, there's been a move towards games with a security purpose, and I maintain a list of Tabletop Security Games.
The New School of Information Security (book)
We examine some of the ongoing shortcomings of the information security profession, and propose some very practical steps that any individual or organization can take to improve things. Available from fine booksellers There was a blog inspired by the book at newschoolsecurity.com, the content has migrated to Adam & Friends. More here.
Microsoft SDL Threat Modeling Tool (software)
I drove the creation and release of several revisions of the SDL Threat Modeling Tool, which is available as a free download from MSDN.
After the 2nd Workshop on Vulnerability Databases at Purdue, I worked hard to make the Common Vulnerabilities and Exposures list a reality. The CVE is now broadly used and I'm an Emeritus Advisor.
Zero Knowledge Systems, Evil Genius Team (1999-2002)
At Zero-Knowledge Systems, I had the privilege of building and leading a team of Evil Geniuses who helped build some really amazing technologies.