We deliver training to organizations of all sizes around the world. Our catalog ranges from one minute videos all the way through multi-day instructor led offerings.Read More > >
Shostack + Associates is a specialized security consultancy, focused on meeting the unique needs of each client through a variety of services including threat modeling, security engineering and risk management.Read More > >
As organizations start to build muscle in threat modeling, Shostack + Associates can act as your personal trainer, understanding your goals and helping you achieve them faster. We stay on top of your goals, identify and overcome obstacles together, and get you where you're going faster and with fewer injuries (like upset developers or executives).Read More > >
Projects we've delivered have spanned from solving hard technical security problems through business strategy. Our experience includes both building and securing products, services and businesses. That gives us a unique perspective, focused on solving your problems in the most effective ways.
We have delivered value to organizations of all sizes around the world.
- Hands on threat modeling training for 75 security engineers at a Fortune 50 technology company.
- Security engineering process analysis and improvement for a top-ten bank
- Security Development Lifecycle design and coaching for a Fortune 100 manufacturer
- Expert witness services
- Security and risk assessment for a new SaaS offering with PHI and other sensitive data
Shostack and Associates clients get:
- More secure products and services
- Avoid crises because of security flaws
- Mature and nuanced analysis of risk
- Credible consultants with proven experience
- A strategic approach for engaging regulators