Name: Threat Modeling: Lessons from Star Wars - Adam Shostack
Start: 2015-10-13T20:40:00Z
End: 2015-10-13T20:40:42.000Z
Location: BrightTALK
Rating: 4.1

ISC2 hosts regular panel discussions on hot button infosecurity topics featuring thought leaders and visionaries from the industry who answer questions from the audience.

AI is reshaping how organizations create, analyze, and interact with data—but with great power comes great responsibility. As new technologies rapidly evolve, they introduce transformative capabilities across industries—while also raising complex data security challenges. 
Join sponsor, Proofpoint and host, ISC2 on November 6, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific for an interactive, live panel discussion.  We’ll examine how GenAI systems interact with sensitive data, the risks of inadvertent memorization, and the implications for regulatory compliance and ethical governance.

Safeguarding Data in an AI-Powered World

Join us for a deep dive into Systems Security Certified Practitioner (SSCP), the security operations and network security credential from ISC2, creator of the CISSP.  

As organizations continue to pursue digital transformation initiatives, the threat landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s where SSCP from ISC2 comes in — to help fill the gap. Once certified, the opportunities for certified professionals are near limitless. 

The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets. It shows you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures. 
 
In this 60-minute live virtual session, you’ll learn: 
- If SSCP is right for you 
- How Official ISC2 Training flexes with your learning style 
- What to expect on exam day
- How to become endorsed and maintain your certification 

Plus! Get answers to your SSCP questions during the Q&A section. 

Register now and begin your SSCP certification journey today!

Systems Security Certified Practitioner (SSCP) Info Session

Join us for a live Q&A where our panel of experts will answer your questions about CISSP before you sit for the exam. We’ll go over certification requirements, the domains, self-study resources, training strategies, career paths and more to help you build confidence so you’re ready on exam day. 

You’ll learn:
• How CISSP builds your end-to-end foundational understanding of cybersecurity
• Why vendor-neutral certification is in demand
• What training tools are available
• And much more

Save your spot now.

CISSP EXAM READY: Ask the Experts Before You Sit

The neurodivergent community contributes unique perspectives that enhance organizations' ability to tackle cybersecurity challenges. Many strengths, such as exceptional attention to detail, innovative problem-solving abilities, and keen pattern recognition, are invaluable assets in the industry. 

This webinar on September 4th, 2025 at 1:00 p.m. Eastern /10:00 a.m. Pacific will explore how embracing neurodiversity can drive success and foster an inclusive environment for everyone in cybersecurity.

Join us to learn more about the benefits of inclusive thinking in solving complex problems.

Embracing Neurodiversity in Your Cyber Workforce

Join us for a deep dive into Certified Secure Software Lifecycle Professional (CSSLP), the software security credential from ISC2, creator of the CISSP.  

As organizations continue to pursue digital transformation initiatives, the threat landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s where CSSLP from ISC2 comes in — to help fill the gap. Once certified, the opportunities for certified professionals are near limitless.  

The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the Software Development Lifecycle (SDLC). It shows your expertise and ability to incorporate security practices - authentication, authorization and auditing - into each phase of Software Development Lifecycle. 

In this 60-minute live virtual session, you’ll learn: 
- If CSSLP is right for you 
- How Official ISC2 Training flexes with your learning style 
- What to expect on exam day 
- How to become endorsed and maintain your certification 

Plus! Get answers to your CSSLP questions during the Q&A section. 

Register now and begin your CSSLP certification journey today!

Certified Secure Software Lifecycle Professional (CSSLP) Info Session

Join us for a deep dive into Certified Cloud Security Professional (CCSP), the cloud security credential from ISC2, creator of the CISSP. 

As cyber threats make daily headlines, the need for cloud security experts is at an all-time high. Yet talent is scarce. The cyber workforce needs an influx of 3.4 million more professionals to meet global demand. As a result, the career opportunities for CCSP-certified professionals are near limitless.

In this 60-minute live virtual session, you’ll learn: 
- If CCSP is right for you 
- How Official ISC2 Training flexes with your learning style 
- What to expect on exam day 
- How to become endorsed and maintain your certification 

Plus! Get answers to your CCSP questions during the Q&A section. 

Register now and begin your CCSP certification journey today!

Certified Cloud Security Professional (CCSP) Info Session

Join us for a deep dive into Certified in Cybersecurity (CC), the  entry-level cybersecurity credential from ISC2, creator of the CISSP.  
 
Cyberthreats continue to escalate worldwide, and the need for cybersecurity experts is critical. But talent is scarce. Research shows the workforce needs an influx of 3.4 million cybersecurity professionals to meet global demand.  
 
ISC2 seeks to help close the skills gap with CC by opening opportunities in the industry to a new pool of professionals. With no experience required, it creates a clear pathway and breaks down traditional barriers to entry, enabling candidates to build confidence and enter their first cybersecurity role ready for what’s next. 

 In this 60-minute live virtual session, you’ll learn: 
- If CC is right for you 
- How Official ISC2 Training flexes with your learning style 
- What to expect on exam day 
- How to maintain your certification 

Plus! Get answers to your CC questions during the Q&A section.  

Register now and begin your CC certification journey today!

Certified in Cybersecurity (CC) Info Session

Join us for a live Q&A where our panel of experts will answer your questions about CCSP before you sit for the exam. We’ll go over certification requirements, the domains, self-study resources, training strategies, career paths and more to help you build confidence so you’re ready on exam day.

You’ll learn:
• Why vendor-neutral certification is in demand
• How CCSP complements vendor certifications
• What training tools are available
• And much more

Save your spot now.

CCSP EXAM READY: Ask the Experts Before You Sit

Jason Garbis, Founder & CEO of Numberline Security and Co-Chair of the Zero Trust Working Group at the Cloud Security Alliance, recently presented during the ISC2 Spotlight on Cloud Security, offering an in-depth exploration of Zero Trust as a modern cloud security strategy. The session examined where organizations currently stand on the Zero Trust maturity curve and how closely real-world implementations align with the Zero Trust Maturity Model.
Following this highly rated presentation, Jason returns for a special fireside chat with moderator Brandon Dunlap to address top questions raised during the session. Among the topics: Which Zero Trust mechanisms are most effective in mitigating lateral movement across hybrid and multi-cloud environments? How should Zero Trust strategies adapt in response to the rise of generative AI and AI-driven attacks? And how are organizations aligning Zero Trust efforts with established governance, risk, and compliance (GRC) frameworks?
Don’t miss this opportunity to be part of the conversation. Join us on May 29, 2025, at 1:00 p.m. Eastern / 10:00 a.m. Pacific.

Using Zero Trust as a Cloud Security Strategy: Your Questions Answered

In January 2025, the Chinese open-source artificial intelligence tool DeepSeek caused huge ripples in the AI market, granting user organizations affordable access to powerful LLMs. While this industry-disrupting innovation is indicative of the myriad opportunities that open-source AI technology provides, DeepSeek also carries with it certain risks, including the possibilities of cyberespionage, data privacy violations, draconian censorship and exploitation by cybercriminal groups. This special webinar panel will catch you up on the latest developments around DeepSeek and the startup’s positive and negative implications.

DeepSeek Deep Dive: Uncovering the Opportunities and Risks

A staggering 74% of all breaches involve the human element, proving that cybercriminals are relentlessly exploiting users through sophisticated email-based social engineering attacks. While organizations have invested in email authentication, advanced threat detection, and security awareness training, attackers continue to adapt – leveraging techniques like Business Email Compromise (BEC), Telephone-Oriented Attack Delivery (TOAD), and benign conversation hijacking to infiltrate businesses.  

On April 24, 2025 at 1:00 p.m. Eastern/ 10:00 a.m. Pacific, join Proofpoint and ISC2 when we will explore: 

• How attackers manipulate human trust – why social engineering tactics like BEC, TOAD and email conversation hijacking continue to be effective.  
• The gaps in traditional email defenses – how attackers evade MFA, exploit supplier relationships, and impersonate trusted senders.  
• Best practices to reduce human-targeted risk – suggested tips and recommendations to integrate a holistic email security strategy.  

Don’t miss this exclusive discussion with industry experts to gain actionable insights into protecting your organization from today’s most advanced email-based threats.

The Evolution of Email Threats: How Social Engineering is Outsmarting Traditional Defenses

April marks Stress Awareness month, a time when we can all take stock of the factors that cause us unneeded stress and consciously decide how to tackle these factors head-on to seek balance.  Unwanted change often causes us stress, and there’s no lack of change in the cybersecurity industry.  Whether your stress stems from changes in your organization, in your industry as a whole or across the threat landscape, change is a constant with which we must cope.
On April 10, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific join ISC2 as we host a panel where we will discuss recommended steps and strategies to best manage stress and cope with change.  
The discussion will cover:
-What to do to help embrace change, and reduce stress associated with it
-How best to avoid burning out at work
-How to respond when your cyber skills are being challenged
-Strategies to help achieve a good work-life balance.

Managing Stress and Coping with Change in an Ever-Evolving Cyber World

While women such as Grace Hopper helped to lay the foundation for the cybersecurity field, today women represent only about 20 – 25% of the profession. Why is that and what can we do to encourage and support more women in cyber?  
 
Hear from leaders around the world who are implementing unique partnerships and grassroots programming to answer these questions and more. Find out why increasing representation matters and how individuals and organizations can play a role in making change. We hope you will join us as we honor the past and future this Women’s History Month.  

Moderator: Sharon Pole, CISSP

From the Inside Out: Increasing Representation and Inclusion of Women in Cybersecurity

The Center for Cyber Safety and Education is one of the world’s leading providers of cybersecurity scholarships, and in 2025, we will be hitting a new milestone: 1,000 scholarships awarded since inception! Watch the Center’s Q1 stakeholders meeting to learn more about the program, how you can apply for scholarships, and what we have in store for the new year!

Q1 2025 Center Stakeholders Meeting

As phishing attacks grow more advanced, even major tech companies have suffered losses exceeding $100 million from sophisticated email scams. With these threats evolving, messaging and collaboration tools are becoming particularly vulnerable, demanding enhanced, AI-driven protection to stay secure. In this webinar, we’ll dive into the latest multi-pronged phishing tactics, from impersonation scams to emerging threats like QR code phishing and MFA bypass. We’ll also explore how the exploitation of GenAI has resulted in more effective phishing campaigns, due to more convincing lures, deepfake videos and images, and malicious prompt engineering. 
Join Proofpoint and ISC2 December 10, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific to explore real-world examples of costly phishing scams, identify common vulnerabilities, and learn proactive strategies to strengthen your organization’s defenses against today’s most sophisticated threats.

From Impersonation to MFA Bypass: Tackling Today's Most Sophisticated, Novel Phishing Threats

Join us November 19, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific for an insightful webinar as our esteemed panelists explore the latest trends, emerging hotbeds, and the evolving job market within the Canadian cybersecurity landscape. You’ll gain valuable insights into the current and future job market, uncover the latest trends – from advancements in technology to evolving threats – and obtain take aways on how to position yourself for success. 
Whether you are just starting your career journey, or are a seasoned professional just looking to understand the cyber landscape in Canada, you will walk away with valuable information straight from regional professionals.

The Canadian Cyber Frontier: Opportunities and Threats on the Horizon

Migrating your data loss prevention solution may feel overwhelming, but it doesn’t have to be. With the ever-changing business landscape, relying on outdated DLP solutions can be risky.  

On October 22, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific join Proofpoint and ISC2 for this discussion and learn how to streamline your policies, augment your skillsets, and build a DLP program that is suitable for the future.  

Don't let the idea of a DLP migration overwhelm you. Learn how to prepare your program for the future!

Future-Proofing Your Data Loss Program: How to Streamline Policies and Augment Skillsets

ISC2 Security Congress 2024 is right around the corner, and we’re so excited about this year’s speaker line-up that we are bringing a new sample of the fantastic content to you each month!   

Join three of our esteemed conference speakers as they provide highlights into their session content – all focused around cloud security.  By joining this session you’ll get a snapshot of session content around Managing IT/OT Cyber Risk in a Large Multinational Firm Using NIST, IEC62443, ISO2700 & More, plus The NIST AI Risk Management Framework vs. ISO 23894: Which One is Right for You? and Navigating the NIST Cybersecurity Framework 2.0.

Join us live to be among the first to gain valuable insights into these sessions, plus have an opportunity to as your questions. Like what you see? <a href=https://web.cvent.com/event/a5c15481-492d-4efa-bd79-a521ab73b699/websitePage:26a84091-6c86-411e-9e16-6613ec20a219> Register for ISC2 Security Congress 2024</a> to unlock access to even more great content this October.

Your Sneak Peek into NIST at ISC2 Security Congress 2024

It’s probably not too often that you’ll get this perspective. Star Wars was really all about information disclosure threats! You’ll want to find out more as noted presenter and author Adam Shostack, references one of George Lucas’ epic sagas to deliver lessons on threat modeling. Not only was the Death Star badly threat modeled, the politics between Darth Vader and Gran Moff Tarkin distracted incidence response after the plans were stolen. This session will provide you with proven foundations for effective threat modeling as you develop and deploy systems. Adam will help you understand what works for threat modeling and how various approaches conflict or align. The force is strong with this session.

Threat Modeling: Lessons from Star Wars - Adam Shostack

(ISC)2;

Threats;

Threat

Modeling;

Infosecurity

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Threat Modeling: Lessons from Star Wars - Adam Shostack

Presented by

About this talk

ISC2 Think Tank