Shostack + Friends Blog

Reasons for failure in real-world security (31 Jan 2019)

Exploring threat models as code. (23 Jan 2019)

My Linkedin Learning course is getting really strong positive feedback. Today, I want to peel back the cover a bit, and talk about how it came to be. (10 Jan 2019)

I’m excited to be able to share “Announcement: IriusRisk Threat Modeling Platform 2.0 Released.” (10 Jan 2019)

For the last few years, I've been delivering in-person threat modeling training. I've trained groups ranging from 2 to 100 people at a time, and I've done classes as short as a few hours and as long as a week. (02 Jan 2019)

Happy Holidays! (24 Dec 2018)

Discussing the value of Security Advisory Boards (21 Dec 2018)

A new game from SANS for understanding pen test methodology, tactics, and tools. (17 Dec 2018)

The Threat Modeling Book has been featured on a list of resources by Digital Guardian. (12 Dec 2018)

The House Oversight Committee has released a scathing report on Equifax... (11 Dec 2018)

J.E. Gordon’s Structures, or Why Things Don’t Fall Down is a fascinating and accessible book. Why don’t things fall down? It turns out this is a simple question with some very deep answers. (07 Dec 2018)

The Gavle Goat is up. (29 Nov 2018)

Some books worth reading. (26 Nov 2018)

Check out my talk from Blackhat 2018 (15 Nov 2018)

Some recent changes in the weather... (09 Nov 2018)