Izar Tarandach
@threatmodeling.dev
📤 527
📥 62
📝 16
Threat model and prosper! 🖖 OWASP pytm Leader | OWASP Events Committee Chair (2024)
OWASP pytm 1.4.0 release on Github and PyPI - now with moar AI! Create infinite threat models of infinite threats - as code! Deterministically determine the determination of determined threats, it's easy!
github.com/OWASP/pytm
- with so many thanks to our awesome contributors!
loading . . .
GitHub - OWASP/pytm: A Pythonic framework for threat modeling
A Pythonic framework for threat modeling. Contribute to OWASP/pytm development by creating an account on GitHub.
https://github.com/OWASP/pytm
2 days ago
0
1
0
The old board and the current board discussing hair growth techniques.
#owaspvienna26
#globalappsec
14 days ago
0
1
0
reposted by
Izar Tarandach
OWASP® Foundation
9 months ago
🚨 Register now for OWASP Global AppSec US 2025, coming up next month!
owasp.glueup.com/eve...
Kick off your cybersecurity journey before the main conference with 3 days of hands-on training.
#OWASP
#AppSec
#Pentesting
#Infosec
#WashingtonDC
#Cybersec
0
2
2
A little appreciation post to the OWASP threat modeling tools.
www.linkedin.com/posts/izarta...
loading . . .
A Dragon and a Python walk into an OWASP card game... | Izar Tarandach 🎗️
A short post celebrating some of the Threat Modeling tools that OWASP makes available to the community. Give them a spin - no AI (yet!) but that shouldn't keep you away...
https://www.linkedin.com/posts/izartarandach_a-short-post-celebrating-some-of-the-threat-activity-7374125855817494528-kIGz?utm_source=share&utm_medium=member_android&rcm=ACoAAABlXXsBWi9iYf_4x-1xgVPrg807LZmiCZg
10 months ago
0
2
2
reposted by
Izar Tarandach
OWASP® Foundation
10 months ago
Exciting opportunity alert! 🚀 Become a mentor at the Meet the Mentor event at #OWASP Global #AppSec USA this November. Share your knowledge, empower future AppSec leaders, and connect with an incredible community. Claim your spot now:
owasp.wufoo.com/form...
0
1
2
reposted by
Izar Tarandach
OWASP® Foundation
11 months ago
Join us in Washington, D.C., Nov 3–5, 2025 for immersive, hands-on 3-day sessions at OWASP Global AppSec USA! Register:
owasp.glueup.com/eve...
#AppSec
#Cybersec
#AISecurity
#CloudSecurity
#Pentesting
#DevSecOps
#WashingtonDC
0
3
3
reposted by
Izar Tarandach
Tanya Janca | SheHacksPurple
12 months ago
I'm giving a 1-Day paid, live Training at OWASP Global AppSec in Washington DC, November 5th, 2025: API Security: Hands-On Secure API Design & Hardening Learn more here!
https://twp.ai/9PTEfL
#OWASP
#OWASPGLOBALAPPSEC
0
4
2
reposted by
Izar Tarandach
Uncle Joe
about 1 year ago
And if you are serious about doing continuous threat modeling, I recommend
@threatmodeling.dev
's and Matthew Coles's book "Threat Modeling: A Practical Guide for Development Teams":
www.amazon.com/Threat-Model...
loading . . .
Threat Modeling: A Practical Guide for Development Teams
Amazon.com: Threat Modeling: A Practical Guide for Development Teams: 9781492056553: Tarandach, Izar, Coles, Matthew J.: Books
https://www.amazon.com/Threat-Modeling-Identification-Avoidance-Secure/dp/1492056553
0
1
1
Privacy time at Threat Modeling Con with @sec_tigger and @Wuytski ! (Check out that definition - ever wondered what a good, modern definition of privacy might be?)
about 1 year ago
0
0
0
It took us a long time but it is still a sweet achievement. Just up for ThreatMod Con 25-a, OWASP pytm has reached the milestone of 1k stars on Github! We're niche, we don't move very fast, but we shine bright. Thanks everyone who has taken a minute to star us up!
about 1 year ago
0
0
0
The Security Table S3E06: "Threat Modeling or Threat Intelligence, Are they the Same". No. Connected, yes. The same, no. Now how do they connect ...
about 1 year ago
0
0
0
reposted by
Izar Tarandach
Adam Shostack :donor: :rebelverified:
over 1 year ago
Shostack + Associates updates We’re sponsoring the Threat Modeling Connect #hackathon, going on now. Adam will be keynoting BSides Seattle (April 18/19, Seattle). Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But […]
[Original post on infosec.exchange]
0
1
1
Presenters PLEASE read the CfP before submitting to avoid any issues!
add a skeleton here at some point
over 1 year ago
0
0
0
reposted by
Izar Tarandach
Uncle Joe
over 1 year ago
Are your people falling asleep during your sessions? Mine were, Play OWASP Cornucopia! OWASP Cornucopia Website App 2.1 & Mobile App 1.1 have been released! See:
dev.to/owasp/owaspr...
Thanks to all contributors:
cornucopia.owasp.org/about#Acknowledgements
#appsec
#threatmodeling
#cybersec
#owasp
0
13
7
Is it a faux pas to wish people a happy Data Privacy Day (Jan/28) on social media ? Also can we call it DPD, create a convoluted process around it and sell training for its proper enjoyment ?
over 1 year ago
0
1
0
Today at The Security Table Podcast we dive into the complexities of the Cyber Trust Mark and its implications for IoT security. Are you ready to question everything you thought you knew about regulation and innovation? Check it out here:
buff.ly/4anEpKR
#CyberSecurity
#IoT
#Innovation
loading . . .
The Cyber Trust Mark Debate
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
https://buff.ly/4anEpKR
over 1 year ago
0
3
1
reposted by
Izar Tarandach
Uncle Joe
over 1 year ago
Uncle Joe's cybersec book author's starter pack A must have for all new bee cybersec reading horses starting out in Bluesky town. Perfect for those cold and dark winter nights after the security audits finally are over. Mention
@sydseter.com
to be added.
go.bsky.app/2EtvRPP
add a skeleton here at some point
1
11
3
Do you, like me, scratch your head and think "SBOMs, what are they good for?" ? If you do, why not join one of the working groups on CycloneDX - now even easier to do by checking out the new site at
https://cyclonedx.org
! 1/2
loading . . .
CycloneDX Bill of Materials Standard | CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports Software Bill of Materials (SBOM), Software-as-a-Service Bill of Materials (SaaSBOM), Hardware Bill of Materials (HBOM), Operations Bill of Materials (OBOM), Vulnerability Disclosure Reports (VDR), and Vulnerability Exploitability eXchange (VEX).
https://cyclonedx.org
over 1 year ago
1
5
2
2025 is going to be the Year Of The Agent. If it is going to be 007 or 86 remains to be seen.
over 1 year ago
0
7
1
We may not be the most tech-y, not the funniest, but we definitely are the fun-nest. We have fun doing it and it shows. Pull a chair and sit with us at The Security Table as we go on a break before we start Season 3!
add a skeleton here at some point
over 1 year ago
0
2
0
reposted by
Izar Tarandach
Uncle Joe
over 1 year ago
Hey
@swiftonsecurity.com
Here is a good joke: If you receive email from
owaspfoundation.org
it's not spam. A faulty Microsoft AI is blocking
@owasp.org
. Read:
owasp.org/blog/2024/10...
Perhaps they have gone tired of following best security practices?
#appsec
#microsoft
#ai
#owasp
2
59
11
reposted by
Izar Tarandach
OWASP® Foundation
over 1 year ago
Calling all Speakers! 🚀 Big news alert! Ready to make a mark? Submit your paper for the 2025 #OWASP Global #AppSec EU Call for Presentations. Join the #cybersecurity community, flaunt your expertise, and show off your skills. Don't let this chance slip away! Take action now!
sessionize.com/owasp...
0
8
3
reposted by
Izar Tarandach
OWASP® Foundation
over 1 year ago
🚀 Don't miss out on this thrilling update! Grab your SUPER Early Bird Tickets for the 2025 #OWASP Global #AppSec EU happening in Barcelona. Seize your spot at a special rate for the May conference. Hurry, these fantastic prices are limited! Register now to secure your spot:
owasp.glueup.com/eve...
0
7
3
reposted by
Izar Tarandach
Tanya Janca | SheHacksPurple
over 1 year ago
Hey folks! A friend of mine is looking for a tutor for a cyber security university program. Does anyone do that or know someone they can recommend?
1
11
3
reposted by
Izar Tarandach
Matthew Coles
over 1 year ago
Definitely check this out if you haven't already. Besides Tanya's chapter you'll find one from
@adamshostack.bsky.social
and
@izart.bsky.social
too.
add a skeleton here at some point
0
11
6
Just going to leave here a cool thing Matt Coles made - the Threat Modeling Starter Pack:
blueskystarterpack.c...
loading . . .
Threat Modeling - Bluesky Starter Pack
Threat modeling members of the community, including folks who worked on the Threat Modeling Manifesto and Capabilities. There are more to add but a bug in selecting users persists. Seeking recommendations for additional threat modeling folks to add.
https://blueskystarterpack.com/starter-packs/lhurydi6gbhufmduyfjzu5wl/3lc7t5okx6n2d
over 1 year ago
0
5
1
reposted by
Izar Tarandach
Adam Shostack
over 1 year ago
For Cyber Monday, Shostack + Associates has released a free white paper on my Four Question Framework on Threat Modeling.
shostack.org/whitepapers
loading . . .
Threat Modeling Whitepapers from Shostack + Associates
https://shostack.org/whitepapers
0
4
3
reposted by
Izar Tarandach
OWASP® Foundation
over 1 year ago
🚀 Calling all Speakers! 🚀 Don't miss out on this thrilling opportunity to submit your paper for the 2025 #OWASP Global #AppSec EU Call for Presentations. Share your knowledge with the #cybersecurity community and shine a light on your skills. Take action now!
sessionize.com/owasp...
0
11
3
reposted by
Izar Tarandach
OWASP® Foundation
over 1 year ago
OWASP has a social media presence wherever our community is. We regularly monitor our social media posts for engagement and trends. We have no plans to withdraw from any social media platform. If you have any suggestions on how we can improve our posts, please let us know!
1
12
3
reposted by
Izar Tarandach
Adam Shostack
over 1 year ago
I'm pleased to announce Shostack + Associates biggest black Friday sale of the year! You can use BLKFRI15 for 15% off all our self-pace courses at
courses.shostack.org
#sale
#blackfriday
😇
loading . . .
Shostack + Associates
The world's best threat modeling courses
https://courses.shostack.org
0
8
7
you reached the end!!
feeds!
log in