Shostack + Friends Blog

I want to talk about two books: Bounce, by Matthew Syed and Range, by David Epstein. I want to talk about them together in part because Range is explicitly framed as a response to Bounce. (08 May 2020)

This week's threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? by Laurens Sion and colleagues. (23 Apr 2020)

These are the books I read in the first quarter (and forgot to mention last quarter) that I think are worth your time. (14 Apr 2020)

On Linkedin, Peter Dowdall had a very important response to my post on remote threat modeling. (02 Apr 2020)

How do we replace the in-person whiteboard sessions essential to Threat Modeling when we are distanced and working remotely? (30 Mar 2020)

Pandemic Safety in Star Wars (27 Mar 2020)

New training being developed, seeking interest. (26 Mar 2020)

I know many readers are here for the threat modeling, and I could claim that this is the “what are we going to do about it” post, which it is, but I don't want to have to blog all threat modeling all the time. So this is the “Seattle is a month into COVID-19” post. (23 Mar 2020)

This post comes from a conversation I had on Linkedin with Clint Gibler. (19 Mar 2020)

While I can't fix things, I can at least make my LinkedIn courses free for a time. (17 Mar 2020)

Exploring supply chain threat modeling with Alexa (05 Mar 2020)

At Blackhat this summer, I'll be offering threat modeling training at Blackhat. Last year, these sold out quickly, so don't wait! (02 Mar 2020)

Risk Framework and Machine Learning (27 Feb 2020)

As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there. (26 Feb 2020)

My course, “Repudiation in Depth” is now live on Linkedin Learning. This is the fourth course in my Learning Threat Modeling series. (11 Feb 2020)