Adam Shostack: Near Misses in Cybersecurity

Adam Shostack is a cybersecurity expert with decades of experience who has advocated for the reporting and analysis of cybersecurity’s “near misses” – incidents that organizations could report on to give the industry some crucial clues on hacks and breaches with the aim of learning what works and where the weak spots are.

It’s quite common to treat events as black or white, with an event either treated as a success or a failure. A near miss may have come close to bringing an adverse outcome, but even if the miss were out of sheer luck, by this thinking, it would be considered a success. However, there are plenty of things to learn from near misses – lessons that can save a lot of time and resources down the road.

When the near miss is an attempted cyber attack, the outcome for a large organization, for example, would potentially be a significant and costly data breach. However, since it’s a near miss, it costs the organization nothing at the time but could cost a lot more if the organization fails to learn from the failed attack. And that’s what Adam Shostack advocates for, organizations pre-empting future assaults by learning from near misses.


Adam Shostack: Secure Systems Lead to Success

Adam Shostack is an experienced security professional who’s worked for more than two decades with some of the leading firms in the industry. Perhaps better than many organizations know, Mr. Adam Shostack recognizes the importance of having systems operate in a secure network. He’s seen the security industry evolve with the growth of technology, and appreciates the role it plays in a firm’s success.

As more and more company assets continue to be recorded, processed and stored in electronic form, the value of this data grows. The Internet has also made it possible to have new business models that incorporate security as a vital factor in their growth and success.

According to Adam Shostack, Experts in the security industry agree on the importance of having it included in the development and operation process because it can’t be added at a later stage. The decisions made early in the security design process by professionals tasked with building it are crucial to reducing system vulnerabilities and other potential areas of attacks. Taking a measured approach to security ensures that later costs are better anticipated and managed.

Adam Shostack: What is a Privacy Impact Assessment (PIA)?

Adam Shostack is the founder and President of Shostack & Associates and focuses on providing clients with expert security analysis and solutions that work to improve their organizational security. As an information security expert, Adam Shostack has extensive experience with threat modeling and analysing security processes.

According to the Federal Trade Commission (FTC), “A Privacy Impact Assessment, or PIA, is an analysis of how personally identifiable information is collected, used, shared, and maintained.”

What is the purpose of a PIA?

The purpose of a privacy impact assessment is to demonstrate that program managers and system owners have incorporated robust and effective privacy protections throughout the development life cycle of a system or program. This analysis allow organizations to communicate how personally identifiable information is handled, as well as how the organization addresses privacy concerns and safeguards information.

Adam Shostack believes the best way to protect your personally identifying information is by respectfully refusing to hand it out. Individuals must carefully consider the information they share about themselves. Organizations should threat model to only collect what they need and to protect your sensitive personal data. Your personally identifiable information must be handled and maintained with care and accessed only a strict need-to-know basis.

Adam Shostack: Security Engineering Solutions that Deliver Results

Adam Shostack has focused on the needs of each unique client; an effort to design and deliver those cybersecurity services and solutions that best address the organization’s unique problems while preparing them for a stronger, more secure and more confident future.

A cybersecurity specialist and Founder of Shostack & Associates, Adam Shostack offers the tailored security engineering, risk management and threat modeling services clients need to find effective answers as quickly as possible.

Under the direction and information security expertise of its leader, Shostack & Associates offer clients across industries and fields a unique value proposition; one that offers that advantages of:

  • Security engineering solutions and services that are far more secure than the competition.
  • More effective security crisis avoidance and management through threat modeling and early threat identification.
  • Detailed, thorough and professional analysis of potential risks and steps for prevention and remediation.
  • Experienced, credible professionals with years of insight and expertise in the field of cybersecurity.
  • A strategic, effective approach for engaging regulators.

Adam Shostack and his team understand the challenges organizations face when it comes to the design, implementation, and management of secure information systems, and have the knowledge, experience, and expertise to provide a more confident and secure future for every client.

For more info click here Adam Shostack | RSA Conference

Adam Shostack: Success with Zero-Knowledge Systems

Long before founding Shostack & Associates, Adam Shostack had established himself a leader in systems security and analysis. An experienced program manager Adam Shostack, entrepreneur and influential professional technologist with expertise in the development of privacy and security solutions, Adam Shostack has been an asset to numerous technology-based firms, including multiple start-up companies and the well-known Microsoft corporation.


Adam Shostack has added value to many firms over his career, not the least of which was the mass-market privacy technology company known as Zero-Knowledge Systems.  As Director of Technology with Zero-Knowledge Systems from 1999 to 2002, Shostack proved himself an adept team leader throughout his company tenure, particularly as creator and manager of the company’s ‘Evil Genius’ team.

As Zero-Knowledge professional, Shostack was largely responsible for positioning the company into a technical leader. Under his leadership, the eight-member Evil Genius team created a variety of new products, including numerous prototypes and the P3P Analyzer. Adam Shostack accepted ownership of the technical decisions for multi-million-dollar IP acquisitions, and was responsible for creating a companywide patent process.