Shostack + Friends Blog

Recent Blog Posts, Page 34

Podcast: DevSecOps

I recently chatted with Mark Miller over at DevSecOps (13 Feb 2019)

 

The Queen of the Skies and Innovation

Innovation, regulation, and more. (10 Feb 2019)

 

Nature and Nurture in Threat Modeling

What comes easily should still be taught and elaborated upon. (06 Feb 2019)

 

Fire Doesn't Innovate by Kip Boyle (Book Review)

An unexpected book review. (04 Feb 2019)

 

Incentives and Multifactor Authentication

What if we gamified security? (01 Feb 2019)

 

Threat Modeling: Attackers May Adapt, Respond

Reasons for failure in real-world security (31 Jan 2019)

 

Threat Modeling as Code

Exploring threat models as code. (23 Jan 2019)

 

LinkedIn Learning: Producing a Video

My Linkedin Learning course is getting really strong positive feedback. Today, I want to peel back the cover a bit, and talk about how it came to be. (10 Jan 2019)

 

IriusRisk 2.0

I’m excited to be able to share “Announcement: IriusRisk Threat Modeling Platform 2.0 Released.” (10 Jan 2019)

 

Scaling Threat Modeling Training

For the last few years, I've been delivering in-person threat modeling training. I've trained groups ranging from 2 to 100 people at a time, and I've done classes as short as a few hours and as long as a week. (02 Jan 2019)

 

Beyond Elf on a Shelf

Happy Holidays! (24 Dec 2018)

 

High ROI Security Advisory Boards

Discussing the value of Security Advisory Boards (21 Dec 2018)

 

Pivots and Payloads

A new game from SANS for understanding pen test methodology, tactics, and tools. (17 Dec 2018)

 

Resources for Infosec Skillbuilding

The Threat Modeling Book has been featured on a list of resources by Digital Guardian. (12 Dec 2018)

 

House Oversight Committee on Equifax

The House Oversight Committee has released a scathing report on Equifax... (11 Dec 2018)