Shostack & Associates

Security Engineering where you need it

Shostack & Associates is a specialized security consultancy, focused on meeting the unique needs of each client through a variety of services including threat modeling, security engineering and risk management.

Projects we've delivered have spanned from solving hard technical security problems through business strategy. Our experience includes both building and securing products, services and businesses. That gives us a unique perspective, focused on solving your problems in the most effective ways.

Sample Offerings

We have delivered value to organizations of all sizes around the world.

Value Propositions

Shostack and Associates clients get:

Get in touch

Call us: +1 917-391-2168, email us, or reach out on Linkedin.

About Adam Shostack

Adam Shostack is a leading expert on threat modeling, and our managing consultant, responsible for delivering on projects. Shostack is a technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He could claim to be a visionary or a thought-leader, but those are just tools to an end: improving security.

Shostack has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.

While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of "Threat Modeling: Designing for Security," and the co-author of "The New School of Information Security." While not consulting, Shostack advises and mentors startups, as a Mach37 Star Mentor and independently, along with a number of board and advisory board roles at non-profits and academic institutions.

Our capabilities statement is here.

Photo by Simon Veilleux