Shostack + Friends Blog

 

Happy Star Wars Day: A Big Announcement & Small Gift

Exciting news from Adam Shostack on Star Wars Day 2022 A snippet from the opening crawl of the newest Shostack online course

May the Fourth Be With You!

This is a particularly joyous Star Wars Day for me because I finally get to share some very exciting news! Later this year, Wiley will be publishing my newest book “Threats: What Every Engineer Should Learn From Star Wars.”

After decades implementing and teaching cybersecurity, I’ve learned — we can’t wait for “Jedi Knights” to show up and secure our systems. There aren’t enough security experts who wield their powers for good, designing secure systems. Developing deep expertise will take time — time we no longer have.

But they are not our only hope, there is another way… when I started at Microsoft, I very quickly learned that even when we had engineers who wanted to secure large products (like Windows) or relatively simple products (like Word), that I couldn't do it alone. We all need to progress towards mastery at a pace that works for us.

If we want secure systems we must teach engineers what security means and how to do it. We have to find compelling and relatable ways to ensure everyone has the same foundational knowledge. This must include software engineers and project managers who aren’t cybersecurity experts. In my decades of teaching, I've found the answers often lie in stories from a long time ago in a galaxy far, far away.

Timeless Threats

Just like there are timeless tropes in fiction, there are broad, timeless sets of threats.

Star Wars gives us a large and accessible set of examples. Concrete examples, whether they are real or fictional, help people grasp complex ideas. Being playful encourages creative thinking about threats and that leads to more secure design.

Threats will bring together examples from both Star Wars and real life to teach every engineer the fundamentals of how to find security problems as they build systems. These lessons will include:

  • Which timeless threats keep raising their ugly heads
  • The concrete details and true stories of where those threats have emerged (struck? manifested?)
  • A framework for organizing the complex, sprawling world of security threats

Even though we don’t have a pre-order link yet, you can sign up below and we’ll email you as soon as pre-orders open up.

You can also get early access to some of the content if you sign up as a “beta reader.” I’m looking for technologists (including developers, SRE, or other IT professionals) who’d like a chance to read the book early and provide feedback. If you’re interested just check “Beta Reader” on the form below.

[Edit: Outdated form removed]

A Star Wars Day Gift

In honor of Star Wars Day, I also wanted to share four lessons from one of our favorite droids. I hope you have as much fun watching them as I did putting them together. If you’re feeling inspired, please submit your answers to the extra credit questions in the YouTube comments or via email to threatmodeling [at] gmail.com for a chance to win a free book.

May the Fourth Be With You!