We're Launching a New Book


Securing software from attacks can feel overwhelming.
But software engineers are our only hope.

The Force will guide you... with a little help from your favorite droids and Jedi Knights.

Get Notified

How does R2-D2 know who Obi-Wan Kenobi is?
How does he decide to play the recording of Princess Leia for Obi-Wan, but not Luke?

Threats: What Every Engineer Should Learn From Star Wars provides a fun and jargon-free introduction to this crucial cybersecurity knowledge. The Star Wars franchise offers an accessible set of examples of real world cyber threats. For over a decade, Adam Shostack, author of the highly regarded and successful Threat Modeling: Designing for Security, has been using lessons from Star Wars to teach about security. Threats: What Every Engineer Should Learn From Star Wars carries those themes to the audience of software developers.

The brain is an amazing analogy machine which is why fictional examples provide the perfect learning tool for complex, abstract concepts. Just like there are timeless tropes in fiction, there are broad, timeless categories of threats.

Using technical examples taken from Star Wars, Adam teaches readers how to apply their life experiences to the technical systems that they build so they can find security problems. Using accessible threat categories, readers learn to filter vast amounts of security information into smaller, more manageable pieces.

In this book, you’ll learn:

We are so excited about this book that we couldn’t let another Star Wars Day go by without sharing the news that Wiley will be publishing the book early in 2023. (Wiley not only published Threat Modeling, but Wiley-Blackwell has a line of books like The Ultimate Star Wars and Philosophy…)

That announcement schedule means we don’t have a pre-order link available for you just yet, but we’ll be happy to let you know. The easiest way is to sign up for “Adam’s New Thing,” a very low volume announcements list (fewer than a dozen messages each year). If you’d like to help, Adam is looking for technologists including developers, SRE, and other IT professionals who’d like a chance to read the book early and provide feedback - “beta readers.” If you’re interested…

You can also subscribe to the Adam & Friends blog via RSS or substack - these are higher volume, and talk about more than the book. And if you’re looking for training sooner…

Sign up here to be a beta reader.

Meet Adam Shostack
Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's an Affiliate Professor at the University of Washington, a member of the BlackHat Review Board, a Linkedin Learning Author and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack + Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.