Adam Shostack is a leading cybersecurity specialist and the author of Threat Modeling: Designing for Security (Wiley, 2014). He’s also the President of Shostack & Associates, which he founded in 2017.
Since publication, Mr. Shostack’s book has received rave reviews on popular platforms like Amazon and it is still in high demand.
“Adam’s Threat Modeling: Designing for Security is a must and required reading for security practitioners,” begins one such review. “Threat modeling should become standard practice within security programs and Adam’s approachable narrative on how to implement threat modeling resonates loud and clear.”
If you’d like to get in touch with Adam Shostack and his team at Shostack & Associates regarding help with threat modeling or engineering more secure systems, head to adam.shostack.org. You can also head to vpnMentor to check out an excerpt from his book here.
Course by: Adam Shostack
In the twenty-first century, no one doubts the importance of cybersecurity. Threat modeling is where it starts. Threat modeling is a framework for thinking about what can go wrong, and the foundation for everything a security professional does.
This training course provides an overview of the traditional four-question framework for (1) defining what you’re working on, (2) discovering what can go wrong, (3) deciding what to do about it, and (4) ensuring you’ve done the right things in the right ways for the systems you’re delivering.
Instructor Adam Shostack also reviews the STRIDE model for identifying six types of threats: spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.
Using a simple case study—a billing system for a media server that serves ads—Adam shows how to apply the principles and find security and privacy problems so the developer can include appropriate configurations and controls as part of the operational design and rollout.
Areas covered by Adam in this course:
- Develop secure products
- Why would you threat model?
- A simple approach to threat modeling
There are 2 main parts of the course in which Adam explained the things in details.
1. The Four Question Framework
- What are we working on?
- What can go Wrong?
- What are we going to do about it?
- Did we do a good job?
- Spoofing a specific server
- Tampering with a file
- Interlude: scope and timing
- Repudiating an order
- Information disclosure
- Denial of service
- Elevation of privilege
Visit https://www.linkedin.com/learning/learning-threat-modeling-for-security-professionals for complete information about the course and other technical details.
Adam Shostack is a consultant, entrepreneur, technologist, author and game designer with years of experience in his field, much of which he spent working with Microsoft. Today, he’s serving as the President of Shostack & Associates in the Greater Seattle Area, and he continues to build on his already positive reputation.
Below, for example, is one of many shining recommendations from Adam Shostack’s LinkedIn profile, written by a former colleague:
“Adam’s work was cutting edge. His technical implementations embody a particularly lucid view of privacy for individuals and organizations.”
For those who’d like more information about Adam Shostack and his company, Shostack & Associates, click through to his personal website, adam.shostack.org. There, you can access his firm’s website, sign up for his mailing list, check out his work as an author and explore his list of career accomplishments. You can also visit this link to watch an excerpt from Mr. Shostack’s recent interview on threat modeling.
Adam Shostack is an information security specialist with more than a decade of experience and several successful startups to his name. He’s also the founder and President of Shostack & Associates, which launched in 2017, and the author of Threat Modeling: Designing for Security (Wiley, 2014). Mr. Shostack’s peers and clients hold him in high regard and he has received numerous shining recommendations for his excellence.
For example, the following recommendation is from Adam Shostack’s LinkedIn profile:
“Adam holds a place in the evolution of privacy as a consumer, business and regulatory issue,”
wrote his colleague. “An exceptional mind and visionary.”
Looking for more information on Adam Shostack’s career as a cyber security specialist, author, and consultant? If so, head to his profile on DARK Reading here. There, you can find a list of content he has produced along with upcoming live events.
Noted threat modeling expert Adam Shostack is proud to serve on the Continuum Security Advisory Board – a role that was made official in May of 2018. As a member of the Board, Shostack looks to contribute his considerable knowledge of and expertise in threat modeling and information security toward the development of solutions that make security a key component of the development lifecycle.
As Adam Shostack knows, Continuum Security is focused on building the tools information security and development professionals need to test and manage software security. Continuum’s aim is to develop processes and tools that integrate seamlessly within the normal development process – rather than as an addition with the potential to slow down development. Continuum is responsible for the IriusRisk Threat Modeling Program – a solution for creating threat models and managing application risks throughout the process of development.
Continuum officially announced Shostack to the Advisory Board last May.
With the release of 2014’s Threat Modeling: Designing for Security, renowned threat modeling expert Adam Shostack looks not only to introduce software developers and security professionals to this now essential information security skill, but also to provide helpful lessons and tips for identifying, preparing for and preventing potential security threats well into the future.
Through Threat Modeling: Designing for Security, Adam Shostack aims to:
• Provide software and security developers an easy, accessible how-to guide for designing more secure systems and products.
• Show security professionals how to threat model – as well as to provide an exploration of various threat modeling approaches, such as software-centric, attacker-centric and asset-centric.
• Provide actionable advice that isn’t tethered to any specific programming language, operating system or software.
Threat Modeling: Design for Security is the only information security book to be selected as a finalist for the Dr. Dobbs Joly Award since Secrets and Lies and Applied Cryptography.
Adam Shostack and Andrew Stewart are the authors of 2008’s The New School of Information Security – a book that seeks not only to answer the tough questions about information security, but also to provide anyone from CIOs and IT managers to company security specialists a new way of thinking when it comes to identifying, addressing and resolving the most complex and urgent security problems facing the modern organization.
As experts in information security, Adam Shostack and Andrew Stewart offer unique insight into the challenges faced throughout the field of security – as well as:
• How to gather the evidence needed to make better decisions when it comes to information security.
• Why collaboration is so essential to improving cybersecurity in the current era, and how the industry can come together to take significant leaps forward.
• What security industry leaders can learn from other scientific fields when it comes to improving security.
Adam Shostack authored Threat Modeling: Designing for Security, which was one of the only information security-themed books to be selected as a finalist for the Jolt Award.
Check out the video & get to know about Threat Modeling in 2018 by Adam Shostack.
Visit https://dblp.uni-trier.de/pers/hd/s/Shostack:Adam for more information about him.
Adam Shostack offers clients the best in information security consulting – providing custom security solutions that include anything from complex, technical security problem-solving to comprehensive business strategy services.
The President of Shostack & Associates, Shostack aims to add and deliver value to clients and organizations of all sizes around the globe – and to ensure their unique security problems are addressed and resolved as thoroughly as possible.
To date, Adam Shostack and the Shostack & Associates team have delivered:
Go-to-market advice for a small security startup.
Complete qualification training and product analysis to a government organization.
Design and rollout of the security development lifecycle for a high-profile manufacturer.
A full review of the security process for a top banking institution.
One-on-one threat modeling training of 75 security engineers at a top technology firm.
Shostack & Associates offers clients the value and unique perspective that only comes from years of information security experience, training and expertise.
Visit https://www.rsaconference.com/speakers/adam_shostack to know more about him.
Adam Shostack has decades of experience as a cybersecurity expert, and his work has enabled him to research extensively into the issue of privacy in the digital world. Like many experts, Adam Shostack is aware of the importance of privacy with the advancement of technology and is continually looking at better ways of ensuring privacy is respected.
The modern digital world is perhaps witnessing a great technological revolution as the world transforms from a paper-based society to a digital one. As part of that transformation, technology is being pushed to the limit, with the new world consisting of common technologies such as dishwashers and televisions, to less familiar ones such as military weapons systems, emergency response systems and process control systems for power plants. As these technologies become vital and casual, so too does information, including personal and intellectual property.
Innovations in information technology will no doubt continue to make life more productive and help solve difficult problems. While these advancements are compelling, they also have the potential to put individuals at high risk of losing their security and privacy.
Adam Shostack is the co-author of The New School of Information Security.