Speaking Requests

 

Sharp, practical talks from people who actually build security in — not just talk about it.

Our standard 1-hour session (remote, internal event, technical session) are outlined below.

Check Availability

Why Shostack + Associates

What's included:

Good for: conferences, corporate all-hands, leadership offsites, customer events, and closed-door briefings.

Non-profits, universities, and community events: ask about reduced rates — we set aside time for these every year.

 

Available speakers and talks

Adam Shostack

Adam Shostack

Threat modeling, security engineering, and how organizations actually get more secure.

About Adam

Threat Modeling in the Age of AI
How do we use LLMs to help us threat model — and where do they help, and where do they mislead? A practical look at LLMs as both attack surface and defensive tool.
Threat Modeling in 2026
Attacks always get better, so your threat modeling needs to evolve. Learn what’s new and important in threat modeling in 2026. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats “at the human layer.” Take home actionable ways to ensure your security engineering is up to date.
This is the most technical talk that Adam generally gives.
A Seat at the Table
Why security is so often left out of major technical decisions — and what it actually takes to change that. A leadership-track talk on engineering, soft skills, and shifting left.
Threat Modeling Lessons from Star Wars
A hook-driven, semi-technical talk that takes an audience from "we should threat model" to actually knowing how — and avoiding the traps that stall most attempts.
 
Kymberlee Price headshot

Kymberlee Price

DevSecOps, software supply chain risk, and the human side of getting security and engineering to actually work together.

About Kymberlee

DevSecOps is Dead, Long Live DevSecOps
Vulnerability counts and breach notifications keep climbing despite record security spend, and engineers and security teams are still frustrated with each other. An airing of grievances on how "shift left" is failing engineering teams, and a pragmatic, step-by-step look at how to change AppSec practices to work better together.
Let Them Eat Cake: “Secure by Upgrade”
Software is a National Security Threat Ransomware is rapidly reshaping the security landscape more than two decades of SDL, DevSecOps, and breach response combined. Add vendors selling security as a premium-tier add-on, and small and medium businesses take the hardest hit. Learn why this is a national security issue, and what technology executives and policy makers should do about it.
Achievement Unlocked: Changing Security Outcomes with Gamification & Behavior Modification
Positive and negative reinforcement can shift how employees and customers behave... if you use them well. A look at the two core gamification strategies, when to reinforce versus punish, and how organizations accidentally incentivize the bad behavior they're trying to stop.
Down the Open Source Software Rabbit Hole: Developers and the Software Supply Chain
From Equifax to Log4j, a single OSS vulnerability can spread across dozens of products through nested dependencies. A deep dive into where OSS vulnerabilities come from, how they spread through the supply chain, and what organizations must do to get ahead of the problem.
 

How booking works

  1. Tell us your time, date and audience. Use the form below or email us — event date, audience size, and what you're hoping the talk accomplishes.
  2. We confirm fit and availability. If it's a good match, we'll send a short agreement and lock the date.
  3. Pre-event call. 30 minutes, no less than two weeks out, to tailor emphasis and Q&A to your group.
  4. Show day. Speaker arrives ready to deliver an engaging and seamless presentation.
Start a Request

FAQ

Is bundled pricing available for multi-day events or multiple sessions?
Yes — bundled sessions (e.g., a talk plus a workshop, or multiple talks across a conference) are quoted separately. Ask us.
Can we get a custom talk instead of one from the list?
Yes. Tell us the topic and audience and we'll scope it.
What about an interactive podcast or webinar instead of a live talk?
We're usually happy to join podcasts, and webinars can often be arranged at a reduced rate compared to the standard speaker fee, depending on format and length. Reach out with details and we'll let you know what's possible.
Do you speak at live, in person events?
Yes, travel costs for all in-person events are billed separately, contact us for more information.
What if we need to reschedule?
Standard reschedule terms apply within 5 days of a virtual event or 21 days of the an in-person event. Details are in the booking agreement.
 

Not sure which speaker or topic fits your event? Send us your event details and we'll work with you to identify a great talk for your audience.

Talk to us