Shostack + Friends Blog

Recent Blog Posts, Page 24

A PCI Threat Model

Compliance isn't Security, oh and something I wrote. (24 Sep 2020)

 

Mentions

A few recent mentions (23 Sep 2020)

 

Starting Threat Modeling: Focused Retrospectives are Key

Don't skip this important step. (17 Sep 2020)

 

Threat Modeling, Insiders and Incentives

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling. (10 Sep 2020)

 

Phil Venables Blogging

It's not LinkedIn posts or Tweets, but a real live blog. (07 Sep 2020)

 

The Uber CSO indictment

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment (28 Aug 2020)

 

Podcast with Sidney Dekker

This is a really interesting podcast interview with Sidney Dekker, who's one of the most important thinkers in safety. (26 Aug 2020)

 

Elevation of Privilege In The Time of Cholera

How to play in person games while maintaining safe distances. (24 Aug 2020)

 

Worthwhile Books Q2 2020

These are the books that I read in Q2 2020 that I think are worth your time. (19 Aug 2020)

 

Better Taught Than Caught!

Informal training may work in some cases, but Threat Modeling skills should be passed on through more formal means. (18 Aug 2020)

 

Information Disclosure In Depth

I have something to disclose... (14 Aug 2020)

 

MDIC Annual Public Forum

I'll be speaking at the MDIC's Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. (13 Aug 2020)

 

When to Threat Model

A talk from the Biohacking Village at DefCon brought up a good point. (12 Aug 2020)

 

Maximizing the Value of Virtual Security Conferences

A few tips on getting the most out of attending a virtual security conference. (31 Jul 2020)

 

Sociotechnical Approach to Cyber Security

A recent post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security, shares the context of socio-technical approaches. (24 Jul 2020)