Izar Tarandach
@threatmodeling.dev
Threat model and prosper! 🖖
OWASP pytm Leader | OWASP Events Committee Chair (2024)
OWASP pytm Leader | OWASP Events Committee Chair (2024)
Reposted by Izar Tarandach
🚨 Register now for OWASP Global AppSec US 2025, coming up next month!
owasp.glueup.com/eve...
Kick off your cybersecurity journey before the main conference with 3 days of hands-on training.
#OWASP #AppSec #Pentesting #Infosec #WashingtonDC #Cybersec
owasp.glueup.com/eve...
Kick off your cybersecurity journey before the main conference with 3 days of hands-on training.
#OWASP #AppSec #Pentesting #Infosec #WashingtonDC #Cybersec
October 15, 2025 at 1:04 PM
🚨 Register now for OWASP Global AppSec US 2025, coming up next month!
owasp.glueup.com/eve...
Kick off your cybersecurity journey before the main conference with 3 days of hands-on training.
#OWASP #AppSec #Pentesting #Infosec #WashingtonDC #Cybersec
owasp.glueup.com/eve...
Kick off your cybersecurity journey before the main conference with 3 days of hands-on training.
#OWASP #AppSec #Pentesting #Infosec #WashingtonDC #Cybersec
Reposted by Izar Tarandach
Exciting opportunity alert! 🚀 Become a mentor at the Meet the Mentor event at #OWASP Global #AppSec USA this November. Share your knowledge, empower future AppSec leaders, and connect with an incredible community.
Claim your spot now: owasp.wufoo.com/form...
Claim your spot now: owasp.wufoo.com/form...
September 11, 2025 at 5:32 PM
Exciting opportunity alert! 🚀 Become a mentor at the Meet the Mentor event at #OWASP Global #AppSec USA this November. Share your knowledge, empower future AppSec leaders, and connect with an incredible community.
Claim your spot now: owasp.wufoo.com/form...
Claim your spot now: owasp.wufoo.com/form...
Reposted by Izar Tarandach
Join us in Washington, D.C., Nov 3–5, 2025 for immersive, hands-on 3-day sessions at OWASP Global AppSec USA!
Register: owasp.glueup.com/eve...
#AppSec #Cybersec #AISecurity #CloudSecurity #Pentesting #DevSecOps #WashingtonDC
Register: owasp.glueup.com/eve...
#AppSec #Cybersec #AISecurity #CloudSecurity #Pentesting #DevSecOps #WashingtonDC
August 6, 2025 at 3:02 PM
Join us in Washington, D.C., Nov 3–5, 2025 for immersive, hands-on 3-day sessions at OWASP Global AppSec USA!
Register: owasp.glueup.com/eve...
#AppSec #Cybersec #AISecurity #CloudSecurity #Pentesting #DevSecOps #WashingtonDC
Register: owasp.glueup.com/eve...
#AppSec #Cybersec #AISecurity #CloudSecurity #Pentesting #DevSecOps #WashingtonDC
Reposted by Izar Tarandach
I'm giving a 1-Day paid, live Training at OWASP Global AppSec in Washington DC, November 5th, 2025: API Security: Hands-On Secure API Design & Hardening
Learn more here! https://twp.ai/9PTEfL
#OWASP #OWASPGLOBALAPPSEC
Learn more here! https://twp.ai/9PTEfL
#OWASP #OWASPGLOBALAPPSEC
July 18, 2025 at 11:23 PM
I'm giving a 1-Day paid, live Training at OWASP Global AppSec in Washington DC, November 5th, 2025: API Security: Hands-On Secure API Design & Hardening
Learn more here! https://twp.ai/9PTEfL
#OWASP #OWASPGLOBALAPPSEC
Learn more here! https://twp.ai/9PTEfL
#OWASP #OWASPGLOBALAPPSEC
Reposted by Izar Tarandach
And if you are serious about doing continuous threat modeling, I recommend @threatmodeling.dev's and Matthew Coles's book "Threat Modeling: A Practical Guide for Development Teams": www.amazon.com/Threat-Model...
Threat Modeling: A Practical Guide for Development Teams
Amazon.com: Threat Modeling: A Practical Guide for Development Teams: 9781492056553: Tarandach, Izar, Coles, Matthew J.: Books
www.amazon.com
June 26, 2025 at 10:54 AM
And if you are serious about doing continuous threat modeling, I recommend @threatmodeling.dev's and Matthew Coles's book "Threat Modeling: A Practical Guide for Development Teams": www.amazon.com/Threat-Model...
Privacy time at Threat Modeling Con with @sec_tigger and @Wuytski ! (Check out that definition - ever wondered what a good, modern definition of privacy might be?)
May 31, 2025 at 10:01 AM
Privacy time at Threat Modeling Con with @sec_tigger and @Wuytski ! (Check out that definition - ever wondered what a good, modern definition of privacy might be?)
It took us a long time but it is still a sweet achievement. Just up for ThreatMod Con 25-a, OWASP pytm has reached the milestone of 1k stars on Github!
We're niche, we don't move very fast, but we shine bright. Thanks everyone who has taken a minute to star us up!
We're niche, we don't move very fast, but we shine bright. Thanks everyone who has taken a minute to star us up!
May 30, 2025 at 10:32 PM
It took us a long time but it is still a sweet achievement. Just up for ThreatMod Con 25-a, OWASP pytm has reached the milestone of 1k stars on Github!
We're niche, we don't move very fast, but we shine bright. Thanks everyone who has taken a minute to star us up!
We're niche, we don't move very fast, but we shine bright. Thanks everyone who has taken a minute to star us up!
The Security Table S3E06: "Threat Modeling or Threat Intelligence, Are they the Same".
No. Connected, yes. The same, no.
Now how do they connect ...
No. Connected, yes. The same, no.
Now how do they connect ...
May 21, 2025 at 12:47 PM
The Security Table S3E06: "Threat Modeling or Threat Intelligence, Are they the Same".
No. Connected, yes. The same, no.
Now how do they connect ...
No. Connected, yes. The same, no.
Now how do they connect ...
Reposted by Izar Tarandach
Shostack + Associates updates
We’re sponsoring the Threat Modeling Connect #hackathon, going on now.
Adam will be keynoting BSides Seattle (April 18/19, Seattle).
Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But […]
[Original post on infosec.exchange]
We’re sponsoring the Threat Modeling Connect #hackathon, going on now.
Adam will be keynoting BSides Seattle (April 18/19, Seattle).
Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But […]
[Original post on infosec.exchange]
April 3, 2025 at 2:56 PM
Shostack + Associates updates
We’re sponsoring the Threat Modeling Connect #hackathon, going on now.
Adam will be keynoting BSides Seattle (April 18/19, Seattle).
Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But […]
[Original post on infosec.exchange]
We’re sponsoring the Threat Modeling Connect #hackathon, going on now.
Adam will be keynoting BSides Seattle (April 18/19, Seattle).
Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But […]
[Original post on infosec.exchange]
Presenters PLEASE read the CfP before submitting to avoid any issues!
🌟 Calling all potential speakers! 🌟 Here's your chance to shine at #OWASP Global #AppSec USA in Washington, DC this November! Share your expertise by submitting presentation proposals now! Don't miss out - apply here: sessionize.com/owasp... #infosec #AI #devsecops #SBOMM #threatmodeling
March 20, 2025 at 7:21 PM
Presenters PLEASE read the CfP before submitting to avoid any issues!
Reposted by Izar Tarandach
Are your people falling asleep during your sessions?
Mine were, Play OWASP Cornucopia!
OWASP Cornucopia Website App 2.1 & Mobile App 1.1 have been released! See: dev.to/owasp/owaspr...
Thanks to all contributors: cornucopia.owasp.org/about#Acknowledgements
#appsec #threatmodeling #cybersec #owasp
Mine were, Play OWASP Cornucopia!
OWASP Cornucopia Website App 2.1 & Mobile App 1.1 have been released! See: dev.to/owasp/owaspr...
Thanks to all contributors: cornucopia.owasp.org/about#Acknowledgements
#appsec #threatmodeling #cybersec #owasp
February 17, 2025 at 1:23 PM
Are your people falling asleep during your sessions?
Mine were, Play OWASP Cornucopia!
OWASP Cornucopia Website App 2.1 & Mobile App 1.1 have been released! See: dev.to/owasp/owaspr...
Thanks to all contributors: cornucopia.owasp.org/about#Acknowledgements
#appsec #threatmodeling #cybersec #owasp
Mine were, Play OWASP Cornucopia!
OWASP Cornucopia Website App 2.1 & Mobile App 1.1 have been released! See: dev.to/owasp/owaspr...
Thanks to all contributors: cornucopia.owasp.org/about#Acknowledgements
#appsec #threatmodeling #cybersec #owasp
Is it a faux pas to wish people a happy Data Privacy Day (Jan/28) on social media ?
Also can we call it DPD, create a convoluted process around it and sell training for its proper enjoyment ?
Also can we call it DPD, create a convoluted process around it and sell training for its proper enjoyment ?
January 27, 2025 at 9:53 PM
Is it a faux pas to wish people a happy Data Privacy Day (Jan/28) on social media ?
Also can we call it DPD, create a convoluted process around it and sell training for its proper enjoyment ?
Also can we call it DPD, create a convoluted process around it and sell training for its proper enjoyment ?
Today at The Security Table Podcast we dive into the complexities of the Cyber Trust Mark and its implications for IoT security. Are you ready to question everything you thought you knew about regulation and innovation? Check it out here: buff.ly/4anEpKR
#CyberSecurity #IoT #Innovation
#CyberSecurity #IoT #Innovation
The Cyber Trust Mark Debate
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
buff.ly
January 22, 2025 at 6:32 PM
Today at The Security Table Podcast we dive into the complexities of the Cyber Trust Mark and its implications for IoT security. Are you ready to question everything you thought you knew about regulation and innovation? Check it out here: buff.ly/4anEpKR
#CyberSecurity #IoT #Innovation
#CyberSecurity #IoT #Innovation
Reposted by Izar Tarandach
Uncle Joe's cybersec book author's starter pack
A must have for all new bee cybersec reading horses starting out in Bluesky town.
Perfect for those cold and dark winter nights after the security audits finally are over.
Mention @sydseter.com to be added.
go.bsky.app/2EtvRPP
A must have for all new bee cybersec reading horses starting out in Bluesky town.
Perfect for those cold and dark winter nights after the security audits finally are over.
Mention @sydseter.com to be added.
go.bsky.app/2EtvRPP
January 22, 2025 at 12:10 PM
Uncle Joe's cybersec book author's starter pack
A must have for all new bee cybersec reading horses starting out in Bluesky town.
Perfect for those cold and dark winter nights after the security audits finally are over.
Mention @sydseter.com to be added.
go.bsky.app/2EtvRPP
A must have for all new bee cybersec reading horses starting out in Bluesky town.
Perfect for those cold and dark winter nights after the security audits finally are over.
Mention @sydseter.com to be added.
go.bsky.app/2EtvRPP
Do you, like me, scratch your head and think "SBOMs, what are they good for?" ? If you do, why not join one of the working groups on CycloneDX - now even easier to do by checking out the new site at https://cyclonedx.org !
1/2
1/2
CycloneDX Bill of Materials Standard | CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports Software Bill of Materials (SBOM), Software-as-a-Service Bill of Materials (SaaSBOM), Hardware Bill of Materials (HBOM), Operations Bill of Materials (OBOM), Vulnerability Disclosure Reports (VDR), and Vulnerability Exploitability eXchange (VEX).
cyclonedx.org
January 8, 2025 at 4:21 PM
Do you, like me, scratch your head and think "SBOMs, what are they good for?" ? If you do, why not join one of the working groups on CycloneDX - now even easier to do by checking out the new site at https://cyclonedx.org !
1/2
1/2
2025 is going to be the Year Of The Agent. If it is going to be 007 or 86 remains to be seen.
January 6, 2025 at 8:55 PM
2025 is going to be the Year Of The Agent. If it is going to be 007 or 86 remains to be seen.
We may not be the most tech-y, not the funniest, but we definitely are the fun-nest. We have fun doing it and it shows. Pull a chair and sit with us at The Security Table as we go on a break before we start Season 3!
Have you seen The Security Table podcast yet? If you haven't, and have some vacation time this holiday season, be sure to check out the series (available on both audio only and YouTube).
securitytable.buzzsprout.com
securitytable.buzzsprout.com
The Security Table
The Security Table is four cybersecurity industry veterans from diverse backgrounds discussing how to build secure software and all the issues that arise!
securitytable.buzzsprout.com
December 17, 2024 at 2:46 PM
We may not be the most tech-y, not the funniest, but we definitely are the fun-nest. We have fun doing it and it shows. Pull a chair and sit with us at The Security Table as we go on a break before we start Season 3!
Reposted by Izar Tarandach
Hey @swiftonsecurity.com Here is a good joke:
If you receive email from owaspfoundation.org it's not spam.
A faulty Microsoft AI is blocking @owasp.org .
Read: owasp.org/blog/2024/10...
Perhaps they have gone tired of following best security practices?
#appsec #microsoft #ai #owasp
If you receive email from owaspfoundation.org it's not spam.
A faulty Microsoft AI is blocking @owasp.org .
Read: owasp.org/blog/2024/10...
Perhaps they have gone tired of following best security practices?
#appsec #microsoft #ai #owasp
December 11, 2024 at 10:04 AM
Hey @swiftonsecurity.com Here is a good joke:
If you receive email from owaspfoundation.org it's not spam.
A faulty Microsoft AI is blocking @owasp.org .
Read: owasp.org/blog/2024/10...
Perhaps they have gone tired of following best security practices?
#appsec #microsoft #ai #owasp
If you receive email from owaspfoundation.org it's not spam.
A faulty Microsoft AI is blocking @owasp.org .
Read: owasp.org/blog/2024/10...
Perhaps they have gone tired of following best security practices?
#appsec #microsoft #ai #owasp
Reposted by Izar Tarandach
Calling all Speakers! 🚀 Big news alert! Ready to make a mark? Submit your paper for the 2025 #OWASP Global #AppSec EU Call for Presentations. Join the #cybersecurity community, flaunt your expertise, and show off your skills. Don't let this chance slip away! Take action now!
sessionize.com/owasp...
sessionize.com/owasp...
December 9, 2024 at 9:55 PM
Calling all Speakers! 🚀 Big news alert! Ready to make a mark? Submit your paper for the 2025 #OWASP Global #AppSec EU Call for Presentations. Join the #cybersecurity community, flaunt your expertise, and show off your skills. Don't let this chance slip away! Take action now!
sessionize.com/owasp...
sessionize.com/owasp...
Reposted by Izar Tarandach
🚀 Don't miss out on this thrilling update! Grab your SUPER Early Bird Tickets for the 2025 #OWASP Global #AppSec EU happening in Barcelona. Seize your spot at a special rate for the May conference. Hurry, these fantastic prices are limited! Register now to secure your spot: owasp.glueup.com/eve...
December 6, 2024 at 6:31 PM
🚀 Don't miss out on this thrilling update! Grab your SUPER Early Bird Tickets for the 2025 #OWASP Global #AppSec EU happening in Barcelona. Seize your spot at a special rate for the May conference. Hurry, these fantastic prices are limited! Register now to secure your spot: owasp.glueup.com/eve...
Reposted by Izar Tarandach
Hey folks! A friend of mine is looking for a tutor for a cyber security university program. Does anyone do that or know someone they can recommend?
December 6, 2024 at 8:45 PM
Hey folks! A friend of mine is looking for a tutor for a cyber security university program. Does anyone do that or know someone they can recommend?
Reposted by Izar Tarandach
Definitely check this out if you haven't already. Besides Tanya's chapter you'll find one from @adamshostack.bsky.social and @izart.bsky.social too.
A book that I wrote a chapter for, '97 Things Every Application Security Professional Should Know: Collective Wisdom from the Experts', is available on Kindle now! Woohoo!
www.amazon.com/Thing...
www.amazon.com/Thing...
December 3, 2024 at 5:11 AM
Definitely check this out if you haven't already. Besides Tanya's chapter you'll find one from @adamshostack.bsky.social and @izart.bsky.social too.
Just going to leave here a cool thing Matt Coles made - the Threat Modeling Starter Pack: blueskystarterpack.c...
Threat Modeling - Bluesky Starter Pack
Threat modeling members of the community, including folks who worked on the Threat Modeling Manifesto and Capabilities. There are more to add but a bug in selecting users persists. Seeking recommendations for additional threat modeling folks to add.
blueskystarterpack.com
December 3, 2024 at 2:28 AM
Just going to leave here a cool thing Matt Coles made - the Threat Modeling Starter Pack: blueskystarterpack.c...
Reposted by Izar Tarandach
For Cyber Monday, Shostack + Associates has released a free white paper on my Four Question Framework on Threat Modeling. shostack.org/whitepapers
Threat Modeling Whitepapers from Shostack + Associates
shostack.org
December 2, 2024 at 4:31 PM
For Cyber Monday, Shostack + Associates has released a free white paper on my Four Question Framework on Threat Modeling. shostack.org/whitepapers