Shostack + Friends Blog

Recent Blog Posts, Page 34

Scaling Threat Modeling Training

For the last few years, I've been delivering in-person threat modeling training. I've trained groups ranging from 2 to 100 people at a time, and I've done classes as short as a few hours and as long as a week. (02 Jan 2019)

 

Beyond Elf on a Shelf

Happy Holidays! (24 Dec 2018)

 

High ROI Security Advisory Boards

Discussing the value of Security Advisory Boards (21 Dec 2018)

 

Pivots and Payloads

A new game from SANS for understanding pen test methodology, tactics, and tools. (17 Dec 2018)

 

Resources for Infosec Skillbuilding

The Threat Modeling Book has been featured on a list of resources by Digital Guardian. (12 Dec 2018)

 

House Oversight Committee on Equifax

The House Oversight Committee has released a scathing report on Equifax... (11 Dec 2018)

 

Structures, Engineering and Security

J.E. Gordon’s Structures, or Why Things Don’t Fall Down is a fascinating and accessible book. Why don’t things fall down? It turns out this is a simple question with some very deep answers. (07 Dec 2018)

 

Gavelblocken, 2018

The Gavle Goat is up. (29 Nov 2018)

 

Books which are worth your time: Q4

Some books worth reading. (26 Nov 2018)

 

Threat Modeling in 2018: Attacks, Impacts and Other Updates

Check out my talk from Blackhat 2018 (15 Nov 2018)

 

Change in the Weather

Some recent changes in the weather... (09 Nov 2018)

 

Airline Safety

Airplanes are filthy... (01 Nov 2018)

 

Podcast with Ron Woerner

Another podcast, another chance to talk about Threat Modeling (29 Oct 2018)

 

Privacy Extension to Elevation of Privilege game

An extended version of Elevation of Privilege, now with Privacy. (17 Oct 2018)

 

Measuring ROI for DMARC

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance. (16 Oct 2018)