Preview Mode Links will not work in preview mode


Mar 17, 2023

Adam Shostack is widely known in the cybersecurity world for his pioneering work on disclosing and discussing computer vulnerabilities (the CVE  (common vulnerabilities and exposures) list). He also helped formalize and train leading approaches to threat modeling and wrote the foundational book on the subject (Threat Modeling: Designing for Security).

In this OODAcast we seek lessons from Adam’s career and experiences (which range from startups to nearly a decade at Microsoft, as well as the Blackhat review board, as well as being an Affiliate Professor at University of Washington).  We then dive deep into Adam’s most recent book, Threats: What Every Engineer Should Learn from Star Wars

Just what does Star Wars have to do with security engineering? Turns out the movies are full of analogies that can really underscore the importance of good design and operational security.

The very beginning of A New Hope shows a space fight where the empire is seeking to recover data from a breach. The carrier of that breached data, R2-D2, makes it to the planet below. But somehow knows not to show a special recording to Luke, only to Obi-Wan. That is some high end identity management and authorization there.

From this lens Star Wars is not just a space western, it is a cyber espionage thriller. Adam uses the many analogies from Star Wars to make good engineering concepts more memorable and in doing so is doing us all a service.

For more see:

Adam Shostack on LinkedIn

Threats: What Every Engineer Should Learn from Star Wars

Threat Modeling: Designing for Security