Shostack + Friends Blog

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling. (22 Apr 2021)

A bunch of people recently asked me about Robert Reichel’s post 'How We Threat Model,' and I wanted to use it to pick up on Threat Model Thursdays. (16 Apr 2021)

The timing of updates is not coincidental. (14 Apr 2021)

I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there's a strong expectation that training involves whiteboards... (13 Apr 2021)

Developing a training program is hard, especially when it will be delivered remotely. (06 Apr 2021)

For Passover, we made a lamb and bitter greens pizza. Now, you may be saying to yourself that that’s wrong, but allow me to explain. (01 Apr 2021)

Through the pandemic, I’ve rebuilt the way I teach threat modeling. The new structure and the platforms I needed to adapt for my corporate clients also allows me to offer the courses to the public. (30 Mar 2021)

Microsoft AutoUpdate for Mac has gotten exceptionally aggressive about running. Even if you use launchctl to disable it, you get a pop up roughly every 15 minutes of using an Office program. (26 Mar 2021)

Thoughts on the issues with the Ever Given blocking the Suez Canal. (26 Mar 2021)

(24 Mar 2021)

For pi day, we celebrated with a set of pies (15 Mar 2021)

Bringing threat modeling to more and more people, now through a series of courses on LinkedIn. (23 Feb 2021)

It was just over a year ago that I last walked out of the Seattle airport. Some thoughts from a very frequent flyer on the pandemic so far. (18 Feb 2021)

Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program. (15 Feb 2021)

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now. (28 Jan 2021)