OwlTail

Cover image of Adam Shostack

Adam Shostack

18 Podcast Episodes

Latest 6 Nov 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

Volko Ruhnke, Adam Shostack and Hadas Cassorla - Building Games to Teach Real-World Security

Open Web Application Security Project (OWASP) - Portland, Oregon Chapter

We have three very special guests today. All come from different backgrounds but share a common interest in gaming - the kind that can be used to teach you things, like how to become better at handling security incidents or winning a historical insurrection. This podcast is sponsored by the We Hack Purple Academy.Volko Ruhnke is a renowned wargame designer and educator. He retired as a career analyst with the CIA and as an instructor for the Sherman Kent School for Intelligence Analysis which is responsible for training people in the intelligence community. While working there he became an acclaimed designer of commercial board games - best known for the COIN Series published by GMT Games.  Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and helps startups become great businesses as an advisor and mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security. Hadas Cassorla is a security leader in the Portland area. She is the manager of security engineering and platform engineering at Simple Finance in Portland. She also does work with Hackback Gaming as an Incident Master (IM) running teams through dynamic role playing in tabletop incident response scenarios. Hadas is a recovering attorney too who took up improv after finishing law school. Volko Ruhnke, Adam Shostack and Hadas Cassorla are interviewed by David Quisenberry and John L. WhitemanLinks from the Show:Zenobia Award (Board Game Design Contest for Underrepresented Groups)HackBack GamingAdam Shostack's Home PageElevation of PrivilegePhilip Sabin - Simulating War: Studying Conflict through Simulation GamesJeremy Holcomb - The White BoxFollow us:HomepageTwitterMeetupLinkedInYouTube- Become an OWASP member- Donate to our Support the show (https://owasp.org/supporters/)

1hr 8mins

23 Jan 2021

Episode artwork

CSCP S02E24 - Adam Shostack - Threat Modelling past and future_mixdown

Cyber Security & Cloud Podcast

In this episode, Francesco and Adam Shostack discuss application security and threat modelling.Adam is the author of Threat Modeling: Designing for Security. He helped create CVE(Common Vulnerabilities and Exposure) and is on the review board for Black Hat. Heencourages coders and computer engineers to work smarter, not harder. The podcast is brought to you by the generosity of NSC42 Ltd, your cybersecurity partner. Cybersecurity is a complex and different for every organization, and you need the best-tailored service to make sure your customer's data is safe and sound so that you can focus on what's important, focusing on your clients and bringing the best and safest experience.  1:00 Introducing Adam Shostack6:00 CVE (Common Vulnerabilities and Exposure)9:46 Finding satisfaction in a job in security15:00 Frameworks and static analysis21:22 Threat Modeling24:50 Work smarter, not harder29:12 Documentation in DevOps34:08 4 questions in Threat Modeling41:32 Positive Message LinksAdam Shostackhttps://adam.shostack.org Twitter @adamshostack https://threatmodelingbook.com https://www.blackhat.com Cyber Security and Cloud Podcast#CSCPhttp://cybercloudpodcast.com #cybermentoringmonday

41mins

15 Nov 2020

Similar People

Episode artwork

Cybersecurity, Threat Modeling & in an Up & Down World: Conversation with Adam Shostack

The Multi-Hazards Podcast

Threat modeling is a key to securing businesses, governments and individuals in a hacker-happy world. Its principles can be applied to disaster risk reduction (DRR), climate change adaptation (CCA) & other fields. Listen to Cybersecurity expert Adam Shostack in "Cybersecurity, Threat Modeling & in an Up & Down World" (Multi-Hazards Podcast S02 E19). Check out the Study Guide, click on the top left "PDF": https://multi-hazards.libsyn.com/cybersecurity-threat-modeling-in-an-up-down-world-conversation-with-adam-shostack Adam Shostack Bio Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the Common Vulnerabilities and Exposures (CVE) system and many other things. He currently helps many organisations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the Security Development Lifecycle (SDL) Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security. If you'd like help threat modeling, or engineering more secure systems in general, take a look at his consulting pages at https://adam.shostack.org.

1hr 24mins

21 Sep 2020

Episode artwork

Threat Modeling Technology, Business, Humans, and Society | With Diana Kelley and Adam Shostack

ITSPmagazine

Threats? What? When? Why?I'll worry when and if the time comes.And life goes on smoothly as usual — until it doesn't.We invited our friend Diana Kelley to join us once more on our talk show, Unusual Gatherings, but instead of being the guest, she would be our co-host bringing a guest of her choosing.She knows we like to talk about technology and humanity, and that we love time traveling through the past, present, and future of this weird relationship -- and to get philosophical about it too.So she invited Adam Shostack to be her guest on the show. What a perfect choice.He wrote THE BOOK on Threat Modeling and can apply that way of thinking to software, technological systems, business, organizations, complex systems, social media, news manipulations, CyberSecurity, social engineering, group sociology, animal behaviors, everything that makes us humans, our relationships, and our society as a whole — pretty much, life.What are we working on?What can go wrong?What are we going to do about it?And did we do a good job?If you think about it for a second, these actually have nothing to do with technology. You can apply them anywhere.Truth?We're all faced with different threats every day, and probably most of us don't even realize it.Bigger truth?"If you want to avoid problems and don't have donuts, you have a problem."Listen up, and it will all make sense.Well, most of it.Guest(s)Adam ShostackCo-Host(s)Diana KelleyResources:The Book: https://threatmodelingbook.com/The Games: Adam.Shostack.org/games.htmlThis Episode’s Sponsors:If you’d like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here:https://www.itspmagazine.com/podcast-series-sponsorshipsFor more podcast stories from Unusual Gatherings:https://www.itspmagazine.com/unusual-gatheringsAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships

54mins

19 Aug 2020

Most Popular

Episode artwork

416: Adam Shostack on Threat Modeling

Software Engineering Radio - the podcast for professional software developers

Adam Shostack of Shostack & Associates and author of Threat Modeling: Designing for Security discussed different approaches to threat modeling, the multiple benefits it can provide, and how it can be added to an organization’s existing software proc

1hr 18mins

9 Jul 2020

Episode artwork

Ep. 037: Shifting the cyber security conversation (w/ Adam Shostack)

Cyber Security Matters, hosted by Dominic Vogel and Christian Redshaw

Today's guest on Cyber Security Matters is Adam Shostack. After working at Microsoft for close to 10 years, solving important security problems and influencing the design of products such as Microsoft Windows, Office & Xbox, Adam became a cyber security advisor for startups and SMBs. Adam speaks in plain language about his simple approach to cyber security, using models to help non-technical business decision makers think about cyber security. He leads organizations to ask: What are we working on?What can go wrong?What can we do about it?Did we do a good job? Using Zoom as a recent example, Adam explains that the lesson to learn is to shift the cyber security conversation to the beginning of building and securing products, services and business processes. Pay the cyber security debt early on (do security by design vs. bolting it on after the fact) so that you don't have to be paying it over and over again down the road and end up paying so much more than what was necessary. --- Cyber Security Matters is a partnered program of Conversations That Matter. This show is produced by Oh Boy Productions, video production, podcast and vidcast specialists located in Vancouver. To find out more, go to http://www.ohboy.ca #cybersecurity #computers #cybersec

22mins

20 May 2020

Episode artwork

Adam Shostack — Remote Threat Modeling

Application Security PodCast

Adam joins us to discuss remote threat modeling, and we do a live threat modeling exercise to figure out how remote threat modeling actually works. If you want to see the screen share as we figure out remote threat modeling, check out the Youtube version of the episode. Bio: Adam Shostack is a leading expert on threat modeling, and consultant, entrepreneur, technologist, author and game designer. He has taught threat modeling at a wide range of commercial, non-profit and government organizations. He’s a member of the Black Hat Review Board, is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

31mins

28 Mar 2020

Episode artwork

Episode 35 Adam Shostack: The Human Element of Threat Modeling

humans-of-infosec

Adam Shostack’s reputation speaks for itself. A renowned threat modelist, Adam is a consultant, entrepreneur, technologist, game designer, and educator. Among his many achievements, he helped launch the CVE, drove the Autorun fix into Windows Update, and authored the foundational text on threat modeling. He joined our podcast to discuss the history of information security, his triumphs and challenges in computer science, how he sees technology changing, and where interpersonal skills play a critical role in the field.

25mins

7 Jan 2020

Episode artwork

Adam Shostack - Threat Modeling

Open Web Application Security Project (OWASP) - Portland, Oregon Chapter

Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things.He currently helps many organizations improve their security via Shostack & Associates, and advises startups, including as a Mach37 Star Mentor.While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.Adam is interviewed by David Quisenberry, Ben Pirkl and John L. WhitemanSupport the show (https://owasp.org/supporters/)

22mins

19 Dec 2019

Episode artwork

S2:E5 Adam Shostack – Consultant and advisor delivering strategic security and privacy innovation

Security All In

Sam spoke with Adam Shostack about being an entrepreneur, technologist, author and game designer, focused on improving security outcomes for customers and the industry as a whole. Adam has created a wide variety of companies and organizations, software, new analytic frameworks, as well as books, games and other forms of communication at startups and at Microsoft.

32mins

25 Nov 2019

Loading