Kymberlee Price uses her experience with secure design engineering practices to suggest ways to measure the ROI of threat modeling that track impact, not just activity, in our latest blog post .
shostack.org/blog/roi-of-...
Early bird price extended on our exciting new course, Threat Modeling AI Systems, delivered by Shoshana Cox and Michael Novack on May 19 + 20 in Washington, D.C. The price is active until the end of the day today, April 16, anywhere on Earth.
Claim your spot: courses.shostack.org/courses/Thre...
Adam went to San Francisco for BSides SF and RSAC and immediately jumped into some projects after getting back (did you know we have upcoming open courses?).
He's finally had the chance to post his reflections on the conferences.
shostack.org/blog/adam-re...
There's one week left to take advantage of early bird pricing for our newest course, Threat Modeling AI Systems, taking place in-person on May 19-20 in Washington DC.
Register by April 15 at courses.shostack.org/courses/Thre...
First Contact Day falls on a Sunday this year. We did not plan that but we did plan the second post in our Star Trek series. Come meet the crew with us. Picard. Worf. Troi. Data. It turns out the Enterprise senior staff has a lot to teach security engineers. Check back Sunday at shostack.org/blog!
See what Star Trek can teach security engineers. Kymberlee Price sets a course in today's Shostack + Friends blog post. Live long and threat model.
We're very excited to transport into our new branding today. Let us know what you think of our new look!
shostack.org
Shields up. Something's coming to the Shostack + Associates website on Wednesday and we're not sure the internet is ready. Make it so.
Adrian Sanabria of The Defenders Initiative and Adam Shostack take the stage this morning at 9:40 to discuss the case for breach transparency. Find the slides on the Shostack + Friends blog.
shostack.org/blog/wasting...
Our newest course is now available and there’s an open session this May in Washington DC. We’re thrilled to have Shoshana and Michael join us to deliver this timely but durable course. More details and early bird registration at
Are you subscribed to our course announcements? We have a new Threat Modeling AI Systems course debuting next week, so sign up to find out all the details as soon as they’re public.
Visit our Contact page and sign up under Stay Informed.
Aviation and medicine improve by studying failures openly. Cybersecurity practitioners’ tendency to hide these failures opens the field up to preventable breaches. Adam and Adrian Sanabria sat down with Dark Reading ahead of their talk at RSAC 2026.
A small defensive toolbox limits the choices defenders make, so what models can expand those choices? That’s the subject of Adam’s talk at BSides Seattle, starting now.
Hello world! Shostack + Associates will be at BSides Seattle this weekend. Adam’s Track 4 talk, Layering Defenses: A New Hope, starts at 3pm today.