Securing software from attacks can feel overwhelming

But software engineers are our only hope.

placeholder for open book graphic

The Force will guide you...

with a little help from your favorite droids and Jedi Knights.

Subscribe for updates     Pre-order Threats now

How does R2-D2 know who obi-Wan Kenobi is?

How does he decide to play the recording of Princess Leia for obi-Wan, but not Luke?

Threats: What Every Engineer Should Learn From Star Wars provides a fun and jargon-free introduction to crucial cybersecurity knowledge for everyone involved in the development of software and systems. The Star Wars franchise offers an accessible set of examples of real world cyber threats.

For over a decade, Adam Shostack, author of the highly regarded and successful Threat Modeling: Designing for Security, has been using lessons from Star Wars to teach about security. Threats serves everyone involved in building complex technology, even if it’s not their most desperate hour.

The Cover!

Hover/Tap
to reveal

Timeless Threats

The brain is an amazing machine for analogizing, which is why fictional examples help us learn complex or abstract concepts. Just like there are timeless tropes in fiction, there are broad, timeless sets of threats.

Using examples from both Star Wars and real life, Adam teaches readers how to find security problems as they build systems. Readers will learn to organize vast amounts of security information into smaller, more manageable pieces.

What You Will Learn

We are so excited about this book that we couldn’t let another Star Wars Day go by without sharing the news that Wiley will be publishing the book this fall. Wiley not only published Threat Modeling, but Wiley-Blackwell has a line of books like The Ultimate Star Wars and Philosophy.

Because the book isn’t quite ready, we wanted to share a mini course, “Threats: Learn Cybersecurity With R2-D2.”

Enroll for free at courses.shostack.org

The pre-order link is here, or you can sign up for updates and we’ll email you as soon as it’s actually available. You can sign up for just announcements, to be a beta reader, or to hear about other educational content from Adam including courses.

Meet Adam Shostack
Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's an Affiliate Professor at the University of Washington, a member of the BlackHat Review Board, a Linkedin Learning Author and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack + Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

Photo of Adam Shostack

Get Involved!

For Early Access, Signup as a Beta Reader

If you’d like to help, Adam is looking for technologists including developers, SRE, and other IT professionals who’d like a chance to read the book early and provide feedback - “beta readers.” If you’re interested just check “Beta Reader” on the form.

You can also subscribe to the Adam & Friends blog via RSS or Substack - these are higher volume, and talk about more than the book. And if you’re looking for training sooner, let us mention our awesome training.

Extra Credit Questions

We’ve posted the video to courses.shostack.org and Youtube. You can answer the extra credit questions on any of those platforms, or by emailing your answers to threatmodeling [at] gmail.com.

Subscribe for Updates

Click “subscribe” and complete the form (opens in a new tab) to get Adam’s latest updates about his book, blogs, and new training opportunities.

Subscribe