Most of my time, I'm helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we're early in developing the science around how to build an SDL that works.
I want to talk about two books: Bounce, by Matthew Syed and Range, by David Epstein. I want to talk about them together in part because Range is explicitly framed as a response to Bounce.
This week's threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? by Laurens Sion and colleagues.
These are the books I read in the first quarter (and forgot to mention last quarter) that I think are worth your time.
On Linkedin, Peter Dowdall had a very important response to my post on remote threat modeling.
How do we replace the in-person whiteboard sessions essential to Threat Modeling when we are distanced and working remotely?
Pandemic Safety in Star Wars
New training being developed, seeking interest.
I know many readers are here for the threat modeling, and I could claim that this is the “what are we going to do about it” post, which it is, but I don't want to have to blog all threat modeling all the time. So this is the “Seattle is a month into COVID-19” post.
This post comes from a conversation I had on Linkedin with Clint Gibler.
While I can't fix things, I can at least make my LinkedIn courses free for a time.
Exploring supply chain threat modeling with Alexa
At Blackhat this summer, I'll be offering threat modeling training at Blackhat. Last year, these sold out quickly, so don't wait!
Risk Framework and Machine Learning
As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there.
