The Grimes Model of Scams
Roger Grimes has an exciting new model of scams that's going to transform how we teach people ot defend against them.
Shostack + Friends Blog
Short reads, March 2022
Interesting articles from around the internet, March edition
The Evergreen Running Aground Problem
The Evergreen line has had another ship run aground.
How Executives Can Use Threat Modeling
You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.
Elevation of Defenses
Using games to help us explore engineering techniques
I need an extension!
A few lessons from the Mazda radio incident.
How To Choose a Threat Modeling Training
Understanding how to choose the right threat modeling training can give you the education you want for the skills you need.
Ten Questions we hope the CSRB answers
The new Cyber Safety Review Board is an opportunity to get better faster.
Worthwhile Books Q1 2022
These are the books that I read in the second half of 2021 that I think are worth your time.
Wearing Many Hats
Fascinating history of a transformation in how hackers were seen.
#WeHackPurple: Podcast Episode with Tanya Janca
Adam on #WeHackPurple podcast
Elevation of Privilege: New Cards for 2022
Holy cow, we’ve added new cards to Elevation of Privilege!
Threat Modeling Open Training: First Quarter, 2022
Open threat modeling training, Q1 2022
Letterlocking
Letterlocking is a lost art of protecting letters from surriptitious readers.
25 Years in AppSec: Looking Back, Looking Forward
My opening keynote from Appsec Global 2021