Adam Shostack :donor: :rebelverified:@adamshostack@infosec.exchange
Heck, maybe it's time for an #introduction.
I'm Adam Shostack, a leading expert in threat modeling and secure design. I wrote Threat Modeling: Designing for Security, Threats: What Every Engineer Should Learn from Star Wars and co-authored The New School of Information Security.
I've been doing appsec for over 25 years from startups to Microsoft. These days I spend most of my time helping organizations develop effective threat modeling programs through coaching and training.
Early in my career, I helped create vuln scanning as a product category (sorry) and the CVE (not sorry). My second startup, Zero-Knowledge created awesome privacy systems. While at Microsoft, I created the SDL Threat Modeling Tool and the Elevation of Privilege card game. I also pushed the autorun fix to Windows XP and Vista, preventing tens of millions of infections.
I'm on the Review Board for Blackhat, the Steering Committee for the Privacy Enhancing Technologies Symposium/PoPETS and the advisory boards for IriusRisk and KeyCaliber. I'm a proud OWASP and ACM member.
I'm also an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington, and was a Co-Director of the Cyber Lessons Learned project at the Belfer Center.
In my spare time, I like to ███ and ███████████, and also protect my privacy.