Archive for the “product management” category

The White Box Essays (Book Review)

by nsadmin on April 10, 2019

The White Box, and its accompanying book, “The White Box Essays” are a FANTASTIC resource, and I wish I’d had them available to me as I designed Elevation of Privilege and helped with Control-Alt-Hack. The book is for people who (…)

Read the rest of this entry »

Threat Model Thursday: Architectural Review and Threat Modeling

by nsadmin on June 21, 2018

For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. If you want to take this as an excuse to civilly discuss the political side (…)

Read the rest of this entry »

2017 and Tidal Forces

by adam on January 13, 2017

There are two great blog posts at Securosis to kick off the new year: Tidal Forces: The Trends Tearing Apart Security As We Know It (Rich Mogull) Network Security in the Cloud Age: Everything Changes (Mike Rothman) Both are deep (…)

Read the rest of this entry »

There’s more than one way to threat model

by adam on April 23, 2014

Today, most presentations on threat modeling talk about each phase of the process. They talk about how to model what you’re building, what can go wrong, and what to do about it. Those tightly coupled processes can be great if (…)

Read the rest of this entry »

Threat Modeling and Operations

by adam on February 21, 2014

One very important question that’s frequently asked is “what about threat modeling for operations?” I wanted to ensure that Threat Modeling: Designing for Security focused on both development and operations. To do that, I got help from Russ McRee. For (…)

Read the rest of this entry »