Adam Shostack - Shostack + Associates

Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.

Risk is Not Axiomatic

Feb 12, 2025

PDF
Download:

MP4 Video Size: 290.6MB

Watch on YouTube

Abstract

This talk will look at how systems are secured at a practical engineering level and the science of risk. As we try to engineer secure systems, what are we trying to achieve and how can we do that?

Modern threat modeling offers some practical approaches we can apply today. The limits of those approaches are important, and we'll look at how risk management seems to be treated as an axiom, some history of risk as a discipline, and how we might use that history to build better risk management processes.

About the Speaker

Adam is the author of Threat Modeling: Designing for Security and >Threats: What Every Engineer Should Learn from Star Wars. He's a leading expert on threat modeling, a consultant, expert witness, and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.

His accomplishments include:

Helped create the CVE. Now an Emeritus member of the Advisory Board.
Fixed Autorun for hundreds of millions of systems
Led the design and delivery of the Microsoft SDL Threat Modeling Tool (v3)
Created the Elevation of Privilege threat modeling game
Co-authored The New School of Information Security

Beyond consulting and training, Shostack serves as a member of the Blackhat Review Board, an advisor to a variety of companies and academic institutions, and an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.

Ways to Watch

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!