About Shostack + Associates



We deliver the best threat modeling training available. Our catalog ranges from one minute videos to multi-day live instruction offerings, and all focus on developing skills that can be applied immediately. Our customers include individuals and organizations of all sizes around the world.

Read More > >


Shostack + Associates is a trusted specialized security consultancy, focused on meeting the unique needs of each client through a variety of services including threat modeling, security engineering and risk management.

Read More > >


As organizations start to build muscle in threat modeling, Shostack + Associates can act as your personal trainer, understanding your goals and helping you achieve them faster. We stay on top of your goals, identify and overcome obstacles together, and get you where you're going faster and with fewer injuries (like upset developers or executives).

Read More > >

Shostack + Associates now focuses on delivering great learning experiences, primarily around threat modeling, including classic training and also helping leaders learn to navigate the complex organizational changes that often surround threat modeling.

Overall, projects we've delivered have spanned from solving hard technical security problems through business strategy. Our experience includes both building and securing products, services and businesses. That gives us a unique perspective, focused on solving your problems in the most effective ways.

Sample Offerings

We have delivered value to organizations of all sizes around the world.

  •   Hands on threat modeling training for 150 security engineers at a Fortune 50 technology company.
  •   Security engineering process analysis and improvement for a top-ten bank
  •   Security Development Lifecycle design and coaching for a Fortune 100 manufacturer
  •   Expert witness services

Value Propositions

Shostack + Associates clients get:

  •   More secure products and services
  •   Avoid crises because of security flaws
  •   Mature and nuanced analysis of risk
  •   Credible consultants with proven experience
  •   A strategic approach for engaging regulators