About Shostack + Associates

Kymberlee Price (COO, Instructor, Principal Consultant)

Kymberlee Price has spent more than two decades in Application Security and community stewardship, helping product engineering teams think more clearly about the systems they build. Her work centers on contextualizing security as a facet of overall quality, clarifying system behavior, setting explicit expectations, and building trust across functions so that security becomes part of how design and implementation decisions are made instead of a gate applied after the fact. A recognized innovator and expert in the information security industry, Kymberlee not only speaks regularly at security conferences around the world, but has also contributed meaningfully to the broader security community through her service on multiple conference review boards and program committees, helping to shape technical dialogue, mentor practitioners, and elevate emerging voices.

Erik Service (Instructor, Senior Consultant, Sales)

Erik Service is a senior cybersecurity architect and AI threat modeling specialist with over 18 years of experience securing complex, cloud-native and ML-enabled systems. His work enhances security for organizations operating in highly regulated and mission-critical environments such as sensitive industry verticals such as healthcare and medical technology, financial services, and government.

Erik specializes in threat modeling everything from web applications to large language models, medical devices, cloud platforms and payments infrastructure, helping teams identify architectural, privacy, and adversarial AI threats early in the design process. Beyond technical analysis, he is known for his collaborative, people-first approach, influencing stakeholders to adopt secure-by-design practices that scale. He is a frequent threat modeling instructor at industry forums including OWASP and Black Hat and holds an MSc from McGill University along with multiple security and privacy certifications.

Jamie Dicken (Instructor, Principal Consultant)

Jamie Dicken has worked across much of cybersecurity domain, including product security, DevSecOps, security tooling and automation, and GRC. Prior to her transition into cybersecurity, she spent the first half of her career as a software engineer and technical manager at two Fortune 15 healthcare companies, where she focused on designing, building, and delivering new features to the market. Now Jamie focuses on protecting systems like the ones she used to build and transforming the ways that engineering teams and security professionals work together. Jamie is currently a Director of Security Platforms & Architecture and freelances as a threat modeling instructor and consultant at Shostack + Associates.

Valery Berestetsky (Instructor)

Valery Berestetsky is a seasoned information security professional with over 25 years of demonstrated industrial experience that covers a wide range of technologies and customer exposure. Valery is experienced in application security, security risk assessments and compliance evaluations, as well as the complete project security life cycle, particularly in the requirements gathering, design, development and deployment phases and building security into all these phases. Valery’s career includes years of information security experience with industrial leaders such as Microsoft, GE Healthcare and Nortel Networks. Currently Valery is contributing his knowledge as a threat modeling instructor with Shostack + Associates.

Kent Sullivan (Accelerator Program Principal Consultant)

Kent has spent years fostering deep collaboration among team members and recognizes how hard it is to achieve this in a high-pressure corporate environment. He has coached teams through difficult changes and taught them survival skills for managing the change and thriving in the resulting new situations. Kent also has taught and coached teams on how to integrate lean, customer-centered mindsets and practices into their daily work, so that they greatly reduce the risk of producing something customers don’t need or want. Kent believes strongly that integrating insights extracted from diverse data sources (design research, market research, telemetry, social networking, etc.) greatly increases the chances of those insights being breakthrough in nature. During his long tenure at Microsoft, it was Kent’s pleasure to work on a wide variety of products, especially Windows 95, where he led the exploratory user research that produced the taskbar and Start menu, as well as the iterative research that helped nail down the details.

Jessica Purdy (Accelerator Program Senior Consultant, Business Operations)

Jessica Purdy is an expert in organizational management and strategic transformation. As a member of the Shostack + Associates Accelerator Program delivery team, her experience guiding business leaders to objectively measure their organizational culture’s key health indicators, identify gaps, and plan targeted improvement initiatives is instrumental in the success of security engineering programs. Jessica is also the founder of FIC Human Resources Partners.

Mark Ramsdell (Lead Technical Producer)

Mark is a seasoned virtual assistant and "technology therapist" dedicated to creating high-impact learning environments through intentional design. With over 35 years of experience in higher education, he bridges the gap between complex technology and learner success. Mark has expertly moderated live sessions across diverse sectors—from academic classrooms to specialized training for threat modeling, automotive management, and restoration technicians. Now semi-retired in Central New York, Mark continues to apply his deep instructional technology expertise to improve educational outcomes. Outside of his professional work, he is a devoted husband, father, and grandfather who remains active in his community as a volunteer with the local fire company and ScoutsBSA.

Heidi Rosemont (Technical Producer)

Heidi is an online program operations specialist who designs engaging, human-centered virtual experiences. With expertise in education, non-verbal communication, and group dynamics, she creates spaces where participants and facilitators feel seen, supported, and motivated to engage. She partners with organizations in leadership development, medical education, team building, and mission-driven industries to facilitate impactful online programs with clarity, warmth, and technical ease. Off-screen, she enjoys baking for her husband and caring for her sheep — still happiest in a pair of coveralls with dirt on her hands.

Adrienne Dandy (Senior Program Manager, Technical Writer)

Adrienne Dandy is an operations practitioner whose work is shaped by a foundation in technical writing and years spent in security operations and PSIRT programs. With a strong background in product security, program management, and crossfunctional collaboration, she has supported teams at organizations of many sizes and structures. Her user-centric and data driven approach values clarity, steady scalable processes, and careful coordination.