Open in app

Sign In

Write

Sign In

Adam Shostack
Adam Shostack

26 Followers

Home

About

Aug 10, 2021

25 Years In AppSec: Looking Back

Twenty-five years ago I published a set of code review guidelines that I had crafted while working for a bank. I released them (thanks, SteveMac!) to get feedback and advice, because back then, there was exceptionally little in terms of practical advice on what we now call AppSec. Looking back…

2 min read

25 Years In AppSec: Looking Back
25 Years In AppSec: Looking Back

2 min read


Jun 9, 2021

Ransomware is not the problem

There’s an infinite number of studies of ransomware lately, all breathlessly talking about how to fight this dangerous threat. They’re all dangerously wrong. Ransomware is not the problem. Read the full article over at Dark Reading.

1 min read

1 min read


Jun 1, 2021

Recording Lectures

People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. The most important thing I’ve learned is the importance of conceptualizing what you want it to look like. The other thing I’ve learned is that the more expensive gear is…

6 min read

Recording Lectures
Recording Lectures

6 min read


May 26, 2021

Practical Cybersecurity Architecture

There’s an insightful comment, “Everybody has a testing environment. Some people are lucky enough enough to have a totally separate environment to run production in.” Similarly, everybody has both enterprise and product architecture. Some people are lucky enough to be able to design them. I have to say that because…

2 min read

2 min read


Feb 18, 2021

My Year Without Flying

It was just over a year ago that I last walked out of the Seattle airport. Before the pandemic, I was a very frequent flyer. As the pandemic was starting, I was under the weather and chose to skip RSA, having little idea what was coming. That trip, in early…

4 min read

nack My Year Without Flying
nack My Year Without Flying

4 min read


Feb 15, 2021

“Better OKRs Through Threat Modeling”

Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Key quote: “Effective Threat Modeling by itself can ensure that your…

2 min read

“Better OKRs Through Threat Modeling”
“Better OKRs Through Threat Modeling”

2 min read


Dec 28, 2020

Vaccines

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines. First, the FDA has authorized two vaccines for emergency use. The review memoranda (Pfizer, Moderna) are all sorts of fascinating. …

1 min read

Vaccines
Vaccines

1 min read


Dec 24, 2020

Dinosaur Feathers

Scientists have discovered a chunk of amber with a dinosaur tail in it. (Poor dinosaur!) National Geographic has the story, which is not brand-new, but is a nice bit of scientific joy for the day.

1 min read

Dinosaur Feathers
Dinosaur Feathers

1 min read


Dec 16, 2020

The Asset Trap

As we look at what’s happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling. An example of asset-driven thinking leads the article Hack may have exposed deep US secrets; damage yet…

Cybersecurity

3 min read

The Asset Trap
The Asset Trap
Cybersecurity

3 min read


Dec 9, 2020

Fireeye Hack and Culture

Fireeye’s announcement of their discovery of a breach is all over the news. The Reuters article quotes a ‘Western security official’ as saying “Plenty of similar companies have also been popped like this.” I have two comments. First, it’s easy for anyone to label attackers “sophisticated.” Fireeye certainly has more…

2 min read

2 min read

Adam Shostack

Adam Shostack

26 Followers

Generally blogging at adam.shostack.org/blog, but shared posts here before Medium asked me to jump through more and more hoops..

Following
  • freshman

    freshman

  • James Imanian

    James Imanian

  • Nick Deshpande

    Nick Deshpande

  • Zoe Braiterman

    Zoe Braiterman

  • Tash Norris

    Tash Norris

See all (13)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams