![]() — Gastón Hillar, reviewing for the Jolt Awards |
![]() — Richard Austin, reviewing for IEEE Cipher |
![]() — Michael Whitener, reviewing for the IAPP (Int'l Association of Privacy Professionals) |
Recent accolades include Cyber Defense Magazine's Top 100 Cybersecurity books of all time (2021), HashedOut's 11 Best Cybersecurity Books (2020), Kobalt.io's 10 books (2020), Digital Guardian's The Best Resources for InfoSec Skillbuilding (2018) and the 2018 Summer Reading List from Outsystems Engineering.
A more advanced course, for those with threat modeling skills who are looking to enhance their skills as champs. Includes how to introduce threat modeling to teams, leading work, and evaluating threat models. 10 hours over the course of the week of Oct 19. More details are here.
This course is focused on the core technical skills of threat modeling, and will be instructor-led and hands on. Adam will be delivering this with QA Nov 2-6
A short introduction to Elevation of Privilege, hands on. Worried about security but need to find a path to doing something about it? We are here to blaze a trail through the confusion. This is an affordable accessible means for developers to use their system knowledge to find how specific threats from the past might apply to your system today. As a consultant, you'll have the rich experience necessary to pass this technique on to your customers. https://agilestationery.co.uk/pages/play-elevation-of-privilege-with-adam-shostack
The FDA has awarded funding for Medical Device Cybersecurity Threat Modeling boot camps, which will be open to qualified participants. We had planned for May, and are now looking at our options. If you work in medical devices, please apply.
Organizations working to deliver more secure products and services are hiring Adam to deliver training in threat modeling and secure development lifecycles (SDL/SDLC). If you're interested please reach out via the contact us page.
If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning.
Threat Modeling: Designing for Security is full of actionable, tested advice for software developers, systems architects and managers, and security professionals. From the very first chapter, it teaches the reader how to threat model. That is, how to use models to predict and prevent problems, even before you've started coding.
Threat Modeling: Designing for Security is jargon-free, accessible, and provides proven frameworks that are designed to integrate into real projects that need to ship on tight schedules. You can get value from threat model all sorts of things, even as simple as a contact us page (and see that page for that threat model.)