Shostack + Friends Blog

Recent Blog Posts, Page 18

How To Choose a Threat Modeling Training

Understanding how to choose the right threat modeling training can give you the education you want for the skills you need. (18 Feb 2022)

 

Ten Questions we hope the CSRB answers

The new Cyber Safety Review Board is an opportunity to get better faster. (09 Feb 2022)

 

Worthwhile Books Q1 2022

These are the books that I read in the second half of 2021 that I think are worth your time. (28 Jan 2022)

 

Wearing Many Hats

Fascinating history of a transformation in how hackers were seen. (24 Jan 2022)

 

#WeHackPurple: Podcast Episode with Tanya Janca

Adam on #WeHackPurple podcast (22 Jan 2022)

 

Elevation of Privilege: New Cards for 2022

Holy cow, we’ve added new cards to Elevation of Privilege! (20 Jan 2022)

 

Threat Modeling Open Training: First Quarter, 2022

Open threat modeling training, Q1 2022 (13 Jan 2022)

 

Letterlocking

Letterlocking is a lost art of protecting letters from surriptitious readers. (12 Jan 2022)

 

25 Years in AppSec: Looking Back, Looking Forward

My opening keynote from Appsec Global 2021 (10 Jan 2022)

 

The Allegory of Rocks and Sand

As the year closes out, I'm thinking a lot about the allegory of the rocks and the sand. You should, too. (29 Dec 2021)

 

Missed it by that much!

Missed it by that much! (16 Dec 2021)

 

Fast, Cheap + Good Whitepaper

Threat modeling doesn't need to be a slow, heavyweight activity! (15 Dec 2021)

 

Gävle Goat, 2021 edition

There are some things the pandemic can't stop. Gävle, Sweden putting up a straw goat is one of them. (11 Dec 2021)

 

FDA Threat Modeling Playbook Now Available

How to threat model medical devices? The FDA has released a playbook! (30 Nov 2021)

 

Medical Device Threat Modeling Webinar

An important webinar by MDIC about the medical device threat modeling playbook is now available! (21 Nov 2021)