Threat Modeling Help From Shostack & Associates

Delivering security where you need it

Shostack & Associates is a specialized security consultancy, focused on meeting the unique needs of each client through a variety of services including threat modeling, portfolio management, and security process analysis.

One of the most common requests we get is for help threat modeling. Often this is a request for training.

What is Threat Modeling?

Threat modeling is how to strategically and systematically discover what can go wrong in a system, even before you've built it. Threat modeling is engineering skills and practices, sometimes supported by tooling, sometimes just done at a whiteboard. It is one of the most important, and misunderstood, parts of a security development lifecycle.

Sometimes people conflate threat intelligence and threat modeling. Adam addressed the difference in Threat Modeling: What, Why, and How? for the MISTI Training Institute. You can also read Rolling Out a Threat Modeling Program there, and Security Engineering, the Who, What, Why and How at ISACA.

Training: Modular and Customized

We deliver instructor-led training to organizations of all sizes around the world. We find our customers usually prefer small class training with lots of hands-on work, but have a modular approach to training, with most modules available in lecture, discussion or hands-on versions. Training classes are usually between 1 and 3 days, depending on your selection of modules and delivery mechanisms.

We work with each customer to understand your business goals and customize training to meet those goals.

Ongoing Coaching

As organizations start to build muscle in threat modeling, Shostack and Associates can act as your personal trainer, understanding your goals and helping you achieve them. With monthly, bi-weekly or even weekly sessions, we stay on top of your goals and progress, identify and overcome obstacles together, and get you where you're going faster and with fewer "injuries."

Value Propositions

You get the person who wrote "the book" on threat modeling. We're very focused on delivering a great learning experience, and each student gets a book, slides, wallet cards and plenty of time to apply the skills they're learning.

Get in touch!

Call anytime: +1 917-391-2168, email sales - shostack - org, or drop a line via linkedin.

Photo by Simon Veilleux