About Shostack + Associates

 

Training

We deliver the best threat modeling training available. Our catalog ranges from one minute videos to multi-day instructor led offerings, and all focus on developing skills that can be applied immediately. Our customers include individuals and organizations of all sizes around the world.

Read More > >

Consulting

Shostack + Associates is a trusted specialized security consultancy, focused on meeting the unique needs of each client through a variety of services including threat modeling, security engineering and risk management.

Read More > >

Coaching

As organizations start to build muscle in threat modeling, Shostack + Associates can act as your personal trainer, understanding your goals and helping you achieve them faster. We stay on top of your goals, identify and overcome obstacles together, and get you where you're going faster and with fewer injuries (like upset developers or executives).

Read More > >

Projects we've delivered have spanned from solving hard technical security problems through business strategy. Our experience includes both building and securing products, services and businesses. That gives us a unique perspective, focused on solving your problems in the most effective ways.

Sample Offerings

We have delivered value to organizations of all sizes around the world.

  •   Hands on threat modeling training for 75 security engineers at a Fortune 50 technology company.
  •   Security engineering process analysis and improvement for a top-ten bank
  •   Security Development Lifecycle design and coaching for a Fortune 100 manufacturer
  •   Expert witness services
  •   Security and risk assessment for a new SaaS offering with PHI and other sensitive data

Value Propositions

Shostack and Associates clients get:

  •   More secure products and services
  •   Avoid crises because of security flaws
  •   Mature and nuanced analysis of risk
  •   Credible consultants with proven experience
  •   A strategic approach for engaging regulators