Volko Ruhnke, Adam Shostack and Hadas Cassorla - Building Games to Teach Real-World Security
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter
We have three very special guests today. All come from different backgrounds but share a common interest in gaming - the kind that can be used to teach you things, like how to become better at handling security incidents or winning a historical insurrection. This podcast is sponsored by the We Hack Purple Academy.Volko Ruhnke is a renowned wargame designer and educator. He retired as a career analyst with the CIA and as an instructor for the Sherman Kent School for Intelligence Analysis which is responsible for training people in the intelligence community. While working there he became an acclaimed designer of commercial board games - best known for the COIN Series published by GMT Games. Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and helps startups become great businesses as an advisor and mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security. Hadas Cassorla is a security leader in the Portland area. She is the manager of security engineering and platform engineering at Simple Finance in Portland. She also does work with Hackback Gaming as an Incident Master (IM) running teams through dynamic role playing in tabletop incident response scenarios. Hadas is a recovering attorney too who took up improv after finishing law school. Volko Ruhnke, Adam Shostack and Hadas Cassorla are interviewed by David Quisenberry and John L. WhitemanLinks from the Show:Zenobia Award (Board Game Design Contest for Underrepresented Groups)HackBack GamingAdam Shostack's Home PageElevation of PrivilegePhilip Sabin - Simulating War: Studying Conflict through Simulation GamesJeremy Holcomb - The White BoxFollow us:HomepageTwitterMeetupLinkedInYouTube- Become an OWASP member- Donate to our Support the show (https://owasp.org/supporters/)
CSCP S02E24 - Adam Shostack - Threat Modelling past and future_mixdown
Cyber Security & Cloud Podcast
In this episode, Francesco and Adam Shostack discuss application security and threat modelling.Adam is the author of Threat Modeling: Designing for Security. He helped create CVE(Common Vulnerabilities and Exposure) and is on the review board for Black Hat. Heencourages coders and computer engineers to work smarter, not harder. The podcast is brought to you by the generosity of NSC42 Ltd, your cybersecurity partner. Cybersecurity is a complex and different for every organization, and you need the best-tailored service to make sure your customer's data is safe and sound so that you can focus on what's important, focusing on your clients and bringing the best and safest experience. 1:00 Introducing Adam Shostack6:00 CVE (Common Vulnerabilities and Exposure)9:46 Finding satisfaction in a job in security15:00 Frameworks and static analysis21:22 Threat Modeling24:50 Work smarter, not harder29:12 Documentation in DevOps34:08 4 questions in Threat Modeling41:32 Positive Message LinksAdam Shostackhttps://adam.shostack.org Twitter @adamshostack https://threatmodelingbook.com https://www.blackhat.com Cyber Security and Cloud Podcast#CSCPhttp://cybercloudpodcast.com #cybermentoringmonday
Cybersecurity, Threat Modeling & in an Up & Down World: Conversation with Adam Shostack
The Multi-Hazards Podcast
Threat modeling is a key to securing businesses, governments and individuals in a hacker-happy world. Its principles can be applied to disaster risk reduction (DRR), climate change adaptation (CCA) & other fields. Listen to Cybersecurity expert Adam Shostack in "Cybersecurity, Threat Modeling & in an Up & Down World" (Multi-Hazards Podcast S02 E19). Check out the Study Guide, click on the top left "PDF": https://multi-hazards.libsyn.com/cybersecurity-threat-modeling-in-an-up-down-world-conversation-with-adam-shostack Adam Shostack Bio Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the Common Vulnerabilities and Exposures (CVE) system and many other things. He currently helps many organisations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the Security Development Lifecycle (SDL) Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security. If you'd like help threat modeling, or engineering more secure systems in general, take a look at his consulting pages at https://adam.shostack.org.
Threat Modeling Technology, Business, Humans, and Society | With Diana Kelley and Adam Shostack
Threats? What? When? Why?I'll worry when and if the time comes.And life goes on smoothly as usual — until it doesn't.We invited our friend Diana Kelley to join us once more on our talk show, Unusual Gatherings, but instead of being the guest, she would be our co-host bringing a guest of her choosing.She knows we like to talk about technology and humanity, and that we love time traveling through the past, present, and future of this weird relationship -- and to get philosophical about it too.So she invited Adam Shostack to be her guest on the show. What a perfect choice.He wrote THE BOOK on Threat Modeling and can apply that way of thinking to software, technological systems, business, organizations, complex systems, social media, news manipulations, CyberSecurity, social engineering, group sociology, animal behaviors, everything that makes us humans, our relationships, and our society as a whole — pretty much, life.What are we working on?What can go wrong?What are we going to do about it?And did we do a good job?If you think about it for a second, these actually have nothing to do with technology. You can apply them anywhere.Truth?We're all faced with different threats every day, and probably most of us don't even realize it.Bigger truth?"If you want to avoid problems and don't have donuts, you have a problem."Listen up, and it will all make sense.Well, most of it.Guest(s)Adam ShostackCo-Host(s)Diana KelleyResources:The Book: https://threatmodelingbook.com/The Games: Adam.Shostack.org/games.htmlThis Episode’s Sponsors:If you’d like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here:https://www.itspmagazine.com/podcast-series-sponsorshipsFor more podcast stories from Unusual Gatherings:https://www.itspmagazine.com/unusual-gatheringsAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships
Software Engineering Radio - the podcast for professional software developers
Adam Shostack of Shostack & Associates and author of Threat Modeling: Designing for Security discussed different approaches to threat modeling, the multiple benefits it can provide, and how it can be added to an organization’s existing software proc
Ep. 037: Shifting the cyber security conversation (w/ Adam Shostack)
Cyber Security Matters, hosted by Dominic Vogel and Christian Redshaw
Today's guest on Cyber Security Matters is Adam Shostack. After working at Microsoft for close to 10 years, solving important security problems and influencing the design of products such as Microsoft Windows, Office & Xbox, Adam became a cyber security advisor for startups and SMBs. Adam speaks in plain language about his simple approach to cyber security, using models to help non-technical business decision makers think about cyber security. He leads organizations to ask: What are we working on?What can go wrong?What can we do about it?Did we do a good job? Using Zoom as a recent example, Adam explains that the lesson to learn is to shift the cyber security conversation to the beginning of building and securing products, services and business processes. Pay the cyber security debt early on (do security by design vs. bolting it on after the fact) so that you don't have to be paying it over and over again down the road and end up paying so much more than what was necessary. --- Cyber Security Matters is a partnered program of Conversations That Matter. This show is produced by Oh Boy Productions, video production, podcast and vidcast specialists located in Vancouver. To find out more, go to http://www.ohboy.ca #cybersecurity #computers #cybersec
Adam joins us to discuss remote threat modeling, and we do a live threat modeling exercise to figure out how remote threat modeling actually works. If you want to see the screen share as we figure out remote threat modeling, check out the Youtube version of the episode. Bio: Adam Shostack is a leading expert on threat modeling, and consultant, entrepreneur, technologist, author and game designer. He has taught threat modeling at a wide range of commercial, non-profit and government organizations. He’s a member of the Black Hat Review Board, is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Episode 35 Adam Shostack: The Human Element of Threat Modeling
Adam Shostack’s reputation speaks for itself. A renowned threat modelist, Adam is a consultant, entrepreneur, technologist, game designer, and educator. Among his many achievements, he helped launch the CVE, drove the Autorun fix into Windows Update, and authored the foundational text on threat modeling. He joined our podcast to discuss the history of information security, his triumphs and challenges in computer science, how he sees technology changing, and where interpersonal skills play a critical role in the field.
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter
Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things.He currently helps many organizations improve their security via Shostack & Associates, and advises startups, including as a Mach37 Star Mentor.While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.Adam is interviewed by David Quisenberry, Ben Pirkl and John L. WhitemanSupport the show (https://owasp.org/supporters/)
S2:E5 Adam Shostack – Consultant and advisor delivering strategic security and privacy innovation
Security All In
Sam spoke with Adam Shostack about being an entrepreneur, technologist, author and game designer, focused on improving security outcomes for customers and the industry as a whole. Adam has created a wide variety of companies and organizations, software, new analytic frameworks, as well as books, games and other forms of communication at startups and at Microsoft.