Stevensville, Montana, United States
Contact Info
4K followers
500+ connections
Articles by Brook
Contributions
Activity
-
I've known Richard Greenberg, CISSP for many years now. And his passion for and commitment to ISSA and helping make the world a safe cyberplace is…
I've known Richard Greenberg, CISSP for many years now. And his passion for and commitment to ISSA and helping make the world a safe cyberplace is…
Liked by Brook Schoenfield
-
So I saw a post with #appsec history that isn’t quite correct. “Web apps for 20 years. Security tools for 10.” A bit longer. Unfortunately, I’m a…
So I saw a post with #appsec history that isn’t quite correct. “Web apps for 20 years. Security tools for 10.” A bit longer. Unfortunately, I’m a…
Posted by Brook Schoenfield
-
👏 A huge shoutout to our phenomenal speakers at #ThreatModCon 2024 Lisbon last month! From advanced threat modeling techniques to integrating…
👏 A huge shoutout to our phenomenal speakers at #ThreatModCon 2024 Lisbon last month! From advanced threat modeling techniques to integrating…
Liked by Brook Schoenfield
Licenses & Certifications
Volunteer Experience
-
What Works In Security Architecture Summits
SANS Institute
- 4 years 7 months
Science and Technology
Presenting on leading edge security architecture practices and planning summits with the security architecture steering committee
Publications
-
Securing Systems: Applied Security Architecture and Threat Modeling
CRC Press
It is the information security architect’s job to prevent attacks by securing computer systems. This book describes both the process and the practice of assessing a computer system’s existing information security posture, often called, "threat modeling". Detailing the time-tested practices of experienced security architects, it explains how to deliver the right security at the right time in the implementation lifecycle.
Securing Systems: Applied Security Architecture and Threat Models…It is the information security architect’s job to prevent attacks by securing computer systems. This book describes both the process and the practice of assessing a computer system’s existing information security posture, often called, "threat modeling". Detailing the time-tested practices of experienced security architects, it explains how to deliver the right security at the right time in the implementation lifecycle.
Securing Systems: Applied Security Architecture and Threat Models covers all types of systems, from the simplest applications to complex, enterprise-grade, hybrid cloud architectures. It describes the many factors and prerequisite information that can influence an assessment. The book covers the following key aspects of security analysis:
When should the security architect begin the analysis?
At what points can a security architect add the most value?
What are the activities the architect must execute?
How are these activities delivered?
What is the set of knowledge domains applied to the analysis?
What are the outputs?
What are the tips and tricks that make security architecture risk assessment easier? -
Avoiding the Top 10 Software Security Design Flaws
The IEEE Computer Society Center for Secure Design
I ran out of co-authors: Diomidis Spinellis, Jacob West.
The IEEE Computer Society Center for Secure Design intends to shift some of the focus in security from finding bugs to identifying common design flaws — all in the hope that software architects can learn from others' mistakes.
Most software that has been built and released typically comes with a set of defects — implementation bugs and design flaws. To date, there has been a larger focus on finding implementation bugs…I ran out of co-authors: Diomidis Spinellis, Jacob West.
The IEEE Computer Society Center for Secure Design intends to shift some of the focus in security from finding bugs to identifying common design flaws — all in the hope that software architects can learn from others' mistakes.
Most software that has been built and released typically comes with a set of defects — implementation bugs and design flaws. To date, there has been a larger focus on finding implementation bugs rather than on identifying flaws.Other authors -
-
Chapter 9: The SDL In The Real World, Core Software Security
CRC Press
Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. Developer-centric security (a term coined by Brook Schoenfield) is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s…
Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. Developer-centric security (a term coined by Brook Schoenfield) is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework
Other authorsSee publication -
Evaluating External Application Service Providers
SANS Institute Smart Guide Series
-
Processing External HTTP
SANS Institute Smart Guide Series
A proven method for allowing external HTTP/S traffic to be processed securely by internal applications that may not be prepared for the level of attack typically experienced on the Public Internet
-
Evaluating Application Service Provider Security for Enterprises
Cisco Systems
A proven set of criteria against which to measure the security of 3rd parties for the purpose of data interchange and business partnerships.
-
Just Good Enough Risk Rating
SANS Institute Smart Guide Series, expected 2014
Just Good Enough Risk Rating is a lightweight risk rating methodology used by Cisco Systems Web Security Architecture. Co-authored with Vinay Bansal
Other authors -
Projects
-
Contributions to Security Practice
- Present
Languages
-
English
-
Recommendations received
15 people have recommended Brook
Join now to viewMore activity by Brook
-
🚀 Imagine software that writes itself, tests itself, and even helps mitigate potential security flaws. The software industry is on the brink of a…
🚀 Imagine software that writes itself, tests itself, and even helps mitigate potential security flaws. The software industry is on the brink of a…
Liked by Brook Schoenfield
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Brook Schoenfield
2 others named Brook Schoenfield are on LinkedIn
See others named Brook Schoenfield