Magic Security Dust


New from Shostack + Associates!

Threat modeling is the measure once, cut twice of cybersecurity. Structured techniques help you understand the danger so you can create a focused defensive security strategy. But they’re expensive and slow!

Over the years, many people have told me that threat modeling really helps — once they get it up and running. But they hate having to collaborate with people. They hate having to trust them.

Once they get over those challenges, they worry about the time threat modeling takes, they worry about challenges in delivering training and measuring execution and consistency. And they ask me do something about these problems.

So we’ve created Magic Security Dust™ to meet the needs of the least discerning producers out there. Just sprinkle some on your products and tell people “Your security is important to us.”

Introducing Magic Security Dust

Available Now

You can buy inferior, knock-off Magic Security Dust™ from lots of places. The only place to get the very finest Magic Security Dust™ is from Agile Stationery.


The people in the video are fictitious. Any resemblance to actual persons (living or deceased), places, buildings, and products, processes or methodologies is coincidental. The opinions expressed are not representative of those of the performers or their employers.

Do not taunt magic security dust, it’s very emotionally immature and may replace all your code with PHP 4 that implements dynamic SQL and stores your passwords in an open S3 bucket.

Magic Security Dust™ does not work and isn’t even trademarked.


Our approach

While we believe that threat modeling can be pretty magical, the magic is in the doing, not the hope. If you’re interested in sprinkling magic security dust on your systems, either because it’s all you have the budget for or to make a point, we really did package some up. (It’s so magical that it may transform itself into glitter paper as it comes into contact with mortal air.)

If you think that magic isn’t going to meet your needs, we’re happy to talk to you about effective threat modeling and how to achieve it at reasonable cost.