Izar Tarandach

🚨 Register now for OWASP Global AppSec US 2025, coming up next month!

owasp.glueup.com/eve...

Kick off your cybersecurity journey before the main conference with 3 days of hands-on training.

#OWASP #AppSec #Pentesting #Infosec #WashingtonDC #Cybersec

A Dragon and a Python walk into an OWASP card game... | Izar Tarandach 🎗️ A short post celebrating some of the Threat Modeling tools that OWASP makes available to the community. Give them a spin - no AI (yet!) but that shouldn't keep you away...

A little appreciation post to the OWASP threat modeling tools.

www.linkedin.com/posts/izarta...

Exciting opportunity alert! 🚀 Become a mentor at the Meet the Mentor event at #OWASP Global #AppSec USA this November. Share your knowledge, empower future AppSec leaders, and connect with an incredible community.

Claim your spot now: owasp.wufoo.com/form...

Join us in Washington, D.C., Nov 3–5, 2025 for immersive, hands-on 3-day sessions at OWASP Global AppSec USA!

Register: owasp.glueup.com/eve...

#AppSec #Cybersec #AISecurity #CloudSecurity #Pentesting #DevSecOps #WashingtonDC

I'm giving a 1-Day paid, live Training at OWASP Global AppSec in Washington DC, November 5th, 2025: API Security: Hands-On Secure API Design & Hardening

Learn more here! https://twp.ai/9PTEfL

#OWASP #OWASPGLOBALAPPSEC

Threat Modeling: A Practical Guide for Development Teams Amazon.com: Threat Modeling: A Practical Guide for Development Teams: 9781492056553: Tarandach, Izar, Coles, Matthew J.: Books

And if you are serious about doing continuous threat modeling, I recommend @threatmodeling.dev's and Matthew Coles's book "Threat Modeling: A Practical Guide for Development Teams": www.amazon.com/Threat-Model...

Privacy time at Threat Modeling Con with @sec_tigger and @Wuytski ! (Check out that definition - ever wondered what a good, modern definition of privacy might be?)

It took us a long time but it is still a sweet achievement. Just up for ThreatMod Con 25-a, OWASP pytm has reached the milestone of 1k stars on Github!

We're niche, we don't move very fast, but we shine bright. Thanks everyone who has taken a minute to star us up!

The Security Table S3E06: "Threat Modeling or Threat Intelligence, Are they the Same".

No. Connected, yes. The same, no.

Now how do they connect ...

Shostack + Associates updates

We’re sponsoring the Threat Modeling Connect #hackathon, going on now.
Adam will be keynoting BSides Seattle (April 18/19, Seattle).
Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But […]

[Original post on infosec.exchange]

Hey, "Vibe Threat Modeling" demands a mention or there will be no more vibing!

Presenters PLEASE read the CfP before submitting to avoid any issues!

Threat modeling sessions. If they feel like falling asleep during the afterparty, you're doing it wrong.

Are your people falling asleep during your sessions?
Mine were, Play OWASP Cornucopia!

OWASP Cornucopia Website App 2.1 & Mobile App 1.1 have been released! See: dev.to/owasp/owaspr...
Thanks to all contributors: cornucopia.owasp.org/about#Acknowledgements

#appsec #threatmodeling #cybersec #owasp

Is it a faux pas to wish people a happy Data Privacy Day (Jan/28) on social media ?

Also can we call it DPD, create a convoluted process around it and sell training for its proper enjoyment ?

The Cyber Trust Mark Debate Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Today at The Security Table Podcast we dive into the complexities of the Cyber Trust Mark and its implications for IoT security. Are you ready to question everything you thought you knew about regulation and innovation? Check it out here: buff.ly/4anEpKR
#CyberSecurity #IoT #Innovation

Uncle Joe's cybersec book author's starter pack

A must have for all new bee cybersec reading horses starting out in Bluesky town.

Perfect for those cold and dark winter nights after the security audits finally are over.

Mention @sydseter.com to be added.

go.bsky.app/2EtvRPP

1!

Working Groups | CycloneDX OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports Software Bill of Materials (SBOM), Software-as-a-Service Bill of Materials (SaaSBOM), Hardware Bill of Materials (HBOM), Operations Bill of Materials (OBOM), Vulnerability Disclosure Reports (VDR), and Vulnerability Exploitability eXchange (VEX).

We even have a very nice, very small, very interested working group around...Threat Modeling BOM. Come join us. There's plenty of work to be done, and you get to help build some potentially very cool stuff. cyclonedx.org/partic...
2/2

CycloneDX Bill of Materials Standard | CycloneDX OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports Software Bill of Materials (SBOM), Software-as-a-Service Bill of Materials (SaaSBOM), Hardware Bill of Materials (HBOM), Operations Bill of Materials (OBOM), Vulnerability Disclosure Reports (VDR), and Vulnerability Exploitability eXchange (VEX).

Do you, like me, scratch your head and think "SBOMs, what are they good for?" ? If you do, why not join one of the working groups on CycloneDX - now even easier to do by checking out the new site at https://cyclonedx.org !
1/2

2025 is going to be the Year Of The Agent. If it is going to be 007 or 86 remains to be seen.

We may not be the most tech-y, not the funniest, but we definitely are the fun-nest. We have fun doing it and it shows. Pull a chair and sit with us at The Security Table as we go on a break before we start Season 3!

Hey @swiftonsecurity.com Here is a good joke:

If you receive email from owaspfoundation.org it's not spam.
A faulty Microsoft AI is blocking @owasp.org .
Read: owasp.org/blog/2024/10...

Perhaps they have gone tired of following best security practices?

#appsec #microsoft #ai #owasp

Calling all Speakers! 🚀 Big news alert! Ready to make a mark? Submit your paper for the 2025 #OWASP Global #AppSec EU Call for Presentations. Join the #cybersecurity community, flaunt your expertise, and show off your skills. Don't let this chance slip away! Take action now!
sessionize.com/owasp...

🚀 Don't miss out on this thrilling update! Grab your SUPER Early Bird Tickets for the 2025 #OWASP Global #AppSec EU happening in Barcelona. Seize your spot at a special rate for the May conference. Hurry, these fantastic prices are limited! Register now to secure your spot: owasp.glueup.com/eve...

Hey folks! A friend of mine is looking for a tutor for a cyber security university program. Does anyone do that or know someone they can recommend?

Definitely check this out if you haven't already. Besides Tanya's chapter you'll find one from @adamshostack.bsky.social and @izart.bsky.social too.

Just going to leave here a cool thing Matt Coles made - the Threat Modeling Starter Pack: blueskystarterpack.c...

Threat Modeling Whitepapers from Shostack + Associates

For Cyber Monday, Shostack + Associates has released a free white paper on my Four Question Framework on Threat Modeling. shostack.org/whitepapers

🚀 Calling all Speakers! 🚀 Don't miss out on this thrilling opportunity to submit your paper for the 2025 #OWASP Global #AppSec EU Call for Presentations. Share your knowledge with the #cybersecurity community and shine a light on your skills. Take action now!
sessionize.com/owasp...

OWASP has a social media presence wherever our community is. We regularly monitor our social media posts for engagement and trends. We have no plans to withdraw from any social media platform. If you have any suggestions on how we can improve our posts, please let us know!