Shostack + Friends Blog

The Updates Must Go Through

The timing of updates is not coincidental. (14 Apr 2021)

groups of children sitting at tables, coloring, in a classroom setting

I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there's a strong expectation that training involves whiteboards... (13 Apr 2021)

Behind the Scenes: Training Development

Developing a training program is hard, especially when it will be delivered remotely. (06 Apr 2021)

a pizza topped with lamb and bitter greens

Passover Pie

For Passover, we made a lamb and bitter greens pizza. Now, you may be saying to yourself that that’s wrong, but allow me to explain. (01 Apr 2021)

group of professionals reviewing threat model diagrams on window-cling whiteboards in a city office

Threat Modeling Classes

Through the pandemic, I’ve rebuilt the way I teach threat modeling. The new structure and the platforms I needed to adapt for my corporate clients also allows me to offer the courses to the public. (30 Mar 2021)

Microsoft Autoupdate hangs Excel 16.47.21032301

Microsoft AutoUpdate for Mac has gotten exceptionally aggressive about running. Even if you use launchctl to disable it, you get a pop up roughly every 15 minutes of using an Office program. (26 Mar 2021)

Excavator digging out sand around the box of the Ever Given in the Suez Canal, March 2021

Ever Given & Suez

Thoughts on the issues with the Ever Given blocking the Suez Canal. (26 Mar 2021)

Mmmm, Pandemic Puppies

(24 Mar 2021)

Happy (Belated) Pi Day!

For pi day, we celebrated with a set of pies (15 Mar 2021)

headphones, Threat Modeling book, and mug on a desk with a screen snippet overlay of the Denial of Service and Elevation of Privilege course on LinkedIn

Linkedin Learning

Bringing threat modeling to more and more people, now through a series of courses on LinkedIn. (23 Feb 2021)

My Year Without Flying

It was just over a year ago that I last walked out of the Seattle airport. Some thoughts from a very frequent flyer on the pandemic so far. (18 Feb 2021)

Better OKRs Through Threat Modeling

Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program. (15 Feb 2021)

Threat Modeling and Social Issues

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now. (28 Jan 2021)

Irius Risk & Gary McGraw

Dr. Gary McGraw joins the IriusRisk Technical Advisory Board (26 Jan 2021)

Podcast on Using Games

It would be trite writing to say it was fun to be on a podcast with Volko Ruhnke and Hadas Cassorla to talk about using games to teach. And while it was, it was really educational and inspirational. I learned from both of them, and I hope you enjoy the podcast as well! (25 Jan 2021)