Shostack + Associates

@[email protected]
9 Followers
4 Following
12 Posts
Shostack + Associates helps customers deliver better products, faster and with less churn or internal conflict. Our approach focuses on threat modeling as a way to “measure twice, cut once.”
Shostack + Associates17h ago
First Contact Day falls on a Sunday this year. We did not plan that. What we did plan is the second post in our Star Trek series. Picard. Worf. Troi. Data. It turns out the Enterprise senior staff has a lot to teach security engineers about diplomacy, risk communication, empathy, and the quiet power of consistency.
Join us back at https://shostack.org/blog on Sunday!
Shostack + Friends Blog

Security, privacy, economics & unrelated topics, since 2005.

Shostack + Associates2d ago
If you've ever thought that Star Wars has something to teach security engineers (and we know you have, because Adam literally wrote that book), you might want to see what Star Trek has to add to that conversation. Kymberlee Price sets a course in today's Shostack + Friends blog post. Live long and threat model.
https://shostack.org/blog/devsecops-learn-from-star-trek/
Shostack + Friends Blog > DevSecOps: What Every Security Engineer Should Learn from Star Trek

Security engineers in a DevSecOps world can learn a few things from Star Trek.

Shostack + Associates4d ago
Shields up. Something's coming to the Shostack + Associates website on Wednesday and we're not sure the internet is ready. Make it so.
Shostack + AssociatesMar 23

Adrian Sanabria of The Defenders Initiative and Adam Shostack take the stage at RSAC this morning at 9:40 to discuss the case for breach transparency. Find the slides on the Shostack + Friends blog.

https://shostack.org/blog/wasting-failures-rsac-2026/

Shostack + Friends Blog > Wasting Failures at RSAC™ 2026 Conference

Cybersecurity should learn lessons from industries that are transparent about failure.

Shostack + AssociatesMar 17

Registration with early bird pricing is now open for our newest course, Threat Modeling AI Systems. This in-depth technical course focuses on how to effectively identify threats and design controls in LLMs and other non-deterministic software. Join Shostack + Associates, Shoshana Cox, and Michael Novack in-person on May 19-20 in Washington DC.

Early bird pricing is available until April 15. Find Adam or Kymberlee at BSides SF or RSA to learn more about the course!

https://courses.shostack.org/courses/Threat-Modeling-AI-Systems-225

Threat Modeling AI Systems Training: 2‑Day Intensive Course

Learn to identify, evaluate, and mitigate AI‑specific threats in this 2‑day, in‑person intensive training. Build skills in threat modeling for ML, generative AI, RAG systems, and AI agents using a principles‑based approach designed for real‑world security teams.

Shostack + Associates
Shostack + AssociatesMar 13

Are you subscribed to our course announcements? We have a new Threat Modeling AI Systems course debuting next week, so sign up to find out all the details as soon as they’re public.

Visit our Contact page and sign up under Stay Informed. https://shostack.org/contact

Contact Shostack + Associates

Contact information for Shostack + Associates