Shostack + Friends Blog

Posts in category "doing it differently"

Is Cybersecurity Awareness Month Worth the Money?

How can we measure the ROI on an awareness month? (18 Nov 2024)

This time for sure, Pinky!

If everyone agrees on what we should do, why do we seem incapable of doing it? (23 Apr 2021)

IoT Security & Threat Modeling

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling. (22 Apr 2021)

I generally try to stay on technical topics, because my understanding is that's what readers want. But events are overwhelming and I believe that not speaking out is now a political choice. (03 Jun 2020)

Science of Security, Science for Security

Recent article in Bentham’s Gaze (09 Apr 2019)

‘No Need’ to tell the public (?!?)

Secrecy isn't the best policy when it comes to public health. (08 Apr 2019)

Leave Those Numbers for April 1st

Over-inflated numbers won't scare me into buying your ‘solution’. (02 Apr 2019)

Facebook's Privacy Constitution

[no description provided] (11 Mar 2019)

Pivots and Payloads

A new game from SANS for understanding pen test methodology, tactics, and tools. (17 Dec 2018)

Just Culture and Information Security

[no description provided] (09 May 2018)

Threat Model Thursday: ARM's Network Camera TMSA

[no description provided] (05 Apr 2018)

Doing Science with Near Misses

Near misses are an important source of information for avoiding accidents, and it's a shame we don't use them in cybersecurity. (06 Feb 2018)

Learning from Near Misses

[no description provided] (04 Dec 2017)

Interesting Monday Reads

Each of these is long and thought-provoking and worth savoring. (14 Aug 2017)

Introducing Cyber Portfolio Management

[no description provided] (21 Feb 2017)

2017 and Tidal Forces

[no description provided] (13 Jan 2017)

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.