Adam Shostack

Adam Shostack

President at Shostack & Associates

Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He’s a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and helps startups become great businesses as an advisor and mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

Presentation Abstract

Don’t B-MAD: Making Threat Modeling Less Painful

The phrase “Bring me a diagram” is how a lot of threat modeling projects kick off. Unfortunately, it’s going to go downhill from there. Learn why I can confidently make that prediction, and how to avoid the problem. Attendees will be positioned to change the way they threat model, and spend more time on finding and addressing security problems, and less time arguing and escalating.