Adam Shostack
Adam is the author Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars. He’s a leading expert on threat modeling, a consultant, expert witness, and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.
His accomplishments include:
Helped create the CVE. Now an Emeritus member of the Advisory Board.
Fixed Autorun for hundreds of millions of systems
Led the design and delivery of the Microsoft SDL Threat Modeling Tool (v3)
Created the Elevation of Privilege threat modeling game
Co-authored The New School of Information Security
Beyond consulting and training, Shostack serves as a member of the Blackhat Review Board, an advisor to a variety of companies and academic institutions, and as an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.
2023 Keynote
Talk Title: From Tacoma Narrows to West Seattle: Lessons from 100 years of Pacific Northwest Bridge Failures
Talk Abstract:
The Pacific Northwest has an abundance of bridges, and most of them seem to stand up well over the years, with notable exceptions and problems. What can software learn from them? More importantly, the software world is shifting to more transparency and liability. Transparency is coming not only from the normalization of breach notification and learning from incidents, but also with the newly introduced CSRB. Liability is coming not only as part of the US National Strategy, but from a plethora of more local regulation. What does it mean for appsec practitioners, our employers and the open source projects we work on?