Remembering Peter Neumann
Peter Neumann helped define the field, and my career. He'll be missed terribly.
Shostack + Friends Blog
Recent Blog Posts
PHANTOM-B goes to Black Hat
A busy Black Hat: A new talk, a new practical tool, and a deadline you should know about
HIPAA Updates and Threat Models
HIPAA reform seems to lead to published threat models, and that’s going to be a hard change.
Claude Opus 4.7 and Threat Modeling
LLMs are great at providing credible answers to questions. And those answers are worth looking at closely.
Black Hat training earlybird pricing ends soon
All about the upcoming Threat Modeling Intensive with Complete AI at Black Hat and why you should be the early bird
Appsec roundup - April 2026
The importance of slow time in work is a theme for April, along with how Claude optimized away its own security rules. Also fun games collected at RSA!
Clever Clippings Star Wars Art
Showcasing some Star Wars art to celebrate Revenge of the Fifth
May the Fourth Be With You!
Celebrating Star Wars Day with a look at what Darth Maul’s training can teach you.
LLM Threat Modeling Is Fun
Exploring the fun in LLM threat modeling, and how it’s both an interface choice and a possibly ‘dark pattern’
Lessons from Threat Modeling Intensive With AI
Actionable lessons from delivering Threat Modeling with AI, and using AI more generally.
Measuring the ROI of threat modeling: moving from activity to impact
Shostack + Associates COO Kymberlee Price shares her experience measuring the impact of secure design engineering practices on security outcomes
Adam reflects on BSides SF and RSAC
Adam finally caught his breath and sat down to reflect on BSides SF and RSAC 2026.
One week left for Threat Modeling AI Systems Early Bird pricing
One week left to take advantage of Early Bird pricing for our new Threat Modeling AI Systems course.
Artemis and Cybersecurity
Some thoughts on Artemis
DevSecOps: Lessons from the ST:TNG Crew
On First Contact Day, we dive into the lessons that security engineers can learn from the crew.