Worthwhile Books May 2022
These are the books that I read in the second quarter, 2022 that are worth your time.
Shostack + Friends Blog
CyberPeace
A new book on cyberpeace!
Future of Appsec podcast
A really fun episode with Adam joining Harshill Parikh of Tromzo's Future of Appsec podcast.
FDA Draft Premarket Guidance
The FDA has issued draft guidance for pre-market security
The Grimes Model of Scams
Roger Grimes has an exciting new model of scams that's going to transform how we teach people ot defend against them.
Short reads, March 2022
Interesting articles from around the internet, March edition
The Evergreen Running Aground Problem
The Evergreen line has had another ship run aground.
How Executives Can Use Threat Modeling
You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.
Elevation of Defenses
Using games to help us explore engineering techniques
I need an extension!
A few lessons from the Mazda radio incident.
How To Choose a Threat Modeling Training
Understanding how to choose the right threat modeling training can give you the education you want for the skills you need.
Ten Questions we hope the CSRB answers
The new Cyber Safety Review Board is an opportunity to get better faster.
Worthwhile Books Q1 2022
These are the books that I read in the second half of 2021 that I think are worth your time.
Wearing Many Hats
Fascinating history of a transformation in how hackers were seen.
Elevation of Privilege: New Cards for 2022
Holy cow, we’ve added new cards to Elevation of Privilege!