Shostack + Friends Blog

In a simpler age, Matt Stoller famously lost his job for critiquing Google. (09 Oct 2020)

Expanding on our distributed class structure. (07 Oct 2020)

Compliance isn't Security, oh and something I wrote. (24 Sep 2020)

A few recent mentions (23 Sep 2020)

Don't skip this important step. (17 Sep 2020)

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling. (10 Sep 2020)

It's not LinkedIn posts or Tweets, but a real live blog. (07 Sep 2020)

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment (28 Aug 2020)

This is a really interesting podcast interview with Sidney Dekker, who's one of the most important thinkers in safety. (26 Aug 2020)

How to play in person games while maintaining safe distances. (24 Aug 2020)

These are the books that I read in Q2 2020 that I think are worth your time. (19 Aug 2020)

Informal training may work in some cases, but Threat Modeling skills should be passed on through more formal means. (18 Aug 2020)

I have something to disclose... (14 Aug 2020)

I'll be speaking at the MDIC's Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. (13 Aug 2020)

A talk from the Biohacking Village at DefCon brought up a good point. (12 Aug 2020)