Who Are We Kidding with Attacker-Centered Threat Modeling?
Don't go into Threat Modeling with this mindset.
Shostack + Friends Blog
Interesting Reads: Risk, Automation, lessons and more!
Just what the title says.
Quick Threat Model Links October 2019
Just a few things for now
OWASP Portland: Talk and Podcast
I recently had a chance to speak at the meeting for the Portland, Oregon chapter of OWASP
Interesting reads
Sharing for you, bookmarking for me.
Capture the Flag events and eSports
A breakdown of CTFs and eSports
Course announcement: Tampering in Depth!
I'm excited to announce that I'm hitting my STRIDE and Linkedin has released the second course in my in-depth exploration of STRIDE: Tampering.
Threat Modeling Building Blocks
Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights.
Interesting Reads, August 19
Just what the title says
Training At Embedded Systems Security Days
I'm excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8.
Toolbox: After a Conference
How to get back into the workflow after time away at conferences.
Blackhat Best Practice
Reminders about some conference best practices.
Actionable Followups from the Capital One Breach
What have we learned and what steps can we take?
Valuing CyberSecurity Research Datasets
A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research.
Happy Apollo Day!
Today is the 50th Anniversary of ‘One small step for a man, one giant leap for mankind.’