Speaking Requests
Sharp, practical talks from people who actually build security in — not just talk about it.
Our standard 1-hour session (remote, internal event, technical session) are outlined below.
Check AvailabilityWhy Shostack + Associates
- Industry leading security practitioners, not "influencers” or “thought leaders” who spend their days making Youtube content; every talk is built from decades of real work with real companies.
- Regularly updated and customized content tailored to your audience, not a canned deck reused everywhere.
- Reliable delivery: slides and bios sent in advance, no surprises day-of.
What's included:
- A 45–50 minute talk plus live Q&A, from the topic list below.
- One 30-minute pre-event call to align the talk to your audience and goals.
- Speaker bio, headshot, and any A/V requirements delivered within one week of contract signing.
- Remote delivery within Pacific time zone business day.
- Slides provided for internal use.
Good for: conferences, corporate all-hands, leadership offsites, customer events, and closed-door briefings.
Non-profits, universities, and community events: ask about reduced rates — we set aside time for these every year.
Available speakers and talks

Adam Shostack
Threat modeling, security engineering, and how organizations actually get more secure.
- Threat Modeling in the Age of AI
- How do we use LLMs to help us threat model — and where do they help, and where do they mislead? A practical look at LLMs as both attack surface and defensive tool.
- Threat Modeling in 2026
- Attacks always get better, so your threat modeling needs to evolve. Learn what’s new and important in threat modeling in 2026. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats “at the human layer.” Take home actionable ways to ensure your security engineering is up to date.
This is the most technical talk that Adam generally gives. - A Seat at the Table
- Why security is so often left out of major technical decisions — and what it actually takes to change that. A leadership-track talk on engineering, soft skills, and shifting left.
- Threat Modeling Lessons from Star Wars
- A hook-driven, semi-technical talk that takes an audience from "we should threat model" to actually knowing how — and avoiding the traps that stall most attempts.

Kymberlee Price
DevSecOps, software supply chain risk, and the human side of getting security and engineering to actually work together.
- DevSecOps is Dead, Long Live DevSecOps
- Vulnerability counts and breach notifications keep climbing despite record security spend, and engineers and security teams are still frustrated with each other. An airing of grievances on how "shift left" is failing engineering teams, and a pragmatic, step-by-step look at how to change AppSec practices to work better together.
- Let Them Eat Cake: “Secure by Upgrade”
- Software is a National Security Threat Ransomware is rapidly reshaping the security landscape more than two decades of SDL, DevSecOps, and breach response combined. Add vendors selling security as a premium-tier add-on, and small and medium businesses take the hardest hit. Learn why this is a national security issue, and what technology executives and policy makers should do about it.
- Achievement Unlocked: Changing Security Outcomes with Gamification & Behavior Modification
- Positive and negative reinforcement can shift how employees and customers behave... if you use them well. A look at the two core gamification strategies, when to reinforce versus punish, and how organizations accidentally incentivize the bad behavior they're trying to stop.
- Down the Open Source Software Rabbit Hole: Developers and the Software Supply Chain
- From Equifax to Log4j, a single OSS vulnerability can spread across dozens of products through nested dependencies. A deep dive into where OSS vulnerabilities come from, how they spread through the supply chain, and what organizations must do to get ahead of the problem.
How booking works
- Tell us your time, date and audience. Use the form below or email us — event date, audience size, and what you're hoping the talk accomplishes.
- We confirm fit and availability. If it's a good match, we'll send a short agreement and lock the date.
- Pre-event call. 30 minutes, no less than two weeks out, to tailor emphasis and Q&A to your group.
- Show day. Speaker arrives ready to deliver an engaging and seamless presentation.
FAQ
- Is bundled pricing available for multi-day events or multiple sessions?
- Yes — bundled sessions (e.g., a talk plus a workshop, or multiple talks across a conference) are quoted separately. Ask us.
- Can we get a custom talk instead of one from the list?
- Yes. Tell us the topic and audience and we'll scope it.
- What about an interactive podcast or webinar instead of a live talk?
- We're usually happy to join podcasts, and webinars can often be arranged at a reduced rate compared to the standard speaker fee, depending on format and length. Reach out with details and we'll let you know what's possible.
- Do you speak at live, in person events?
- Yes, travel costs for all in-person events are billed separately, contact us for more information.
- What if we need to reschedule?
- Standard reschedule terms apply within 5 days of a virtual event or 21 days of the an in-person event. Details are in the booking agreement.
Not sure which speaker or topic fits your event? Send us your event details and we'll work with you to identify a great talk for your audience.