Saturday, February 18, 2023

Interview With Author Adam Shostack



1. What motivated you to write your book, to force you from taking an idea or experience and turning it into this book? This book is a response to seeing more and more non-specialists take my security courses. They want to build more secure systems, but don’t have a complete and clear understanding of what can go wrong in technical systems, and that limits their ability to do what they hope. The specific prompt was a request from a student: “Where do I go to get the fundamentals in an organized way?” I realized I didn’t have an answer and needed to write a book for him. 

2. What is it about and who is it for? Like it says on the cover, it’s about threats, and what every engineer should learn from Star Wars. Threats are promises of future violence. They’re things that we can expect will go wrong with a system, in this case, complex technical systems. Engineers need to know about those things so they can make tradeoffs. For example, if you have a thermal exhaust port, maybe you expect that it’s safe because hot exhaust gasses will slam a torpedo against the walls as it goes miles down the exhaust shaft. But if you know that the threat of Jedi Knights are still real, you might put some netting or a plate over the end of the exhaust shaft, or maybe some blow-out panels in case there’s a problem with the reactor.  Engineering is always about design tradeoffs, and so engineers need to know about the threats to their systems. The book is focused on cybersecurity threats, and making them accessible.  

3. What takeaways might the reader will be left with after reading it? They’ll learn about 8 types of threats, and a system called Kill Chains that combine them. They’ll have a framework for thinking about the crucial threats that their systems are facing, and those threats (like Star Wars) are enduring classics. Even though the details change, the stories remain and that’s knowledge that will serve them through their career.  

4. How did you decide on your book’s title and cover design? I’ve been using Star Wars to educate for nearly two decades, and I’ve seen people respond when we inject a little fun into these really serious subjects.  For this book, the title came out in a conversation...I said I’m thinking about something like “What Every Engineer Should Learn about Cybersecurity...from Star Wars.” It was an obvious hit, and it was obviously a bit unwieldy. Once we had the title, we wanted to do something fun for the cover. My inspiration was the teaser poster for Episode 1. If you’re not a Star Wars geek, it was a young Anakin Skywalker, standing outside the home on the desert planet of Tatooine, and you see his shadow in the shape of Darth Vader. It’s really a magnificent piece, with the shadow (ahem) foreshadowing the entire Skywalker saga. But we wanted something that’s both recognizable and also  

5. What advice or words of wisdom do you have for fellow writers? If you want to use a gimmick like this, read critically. I read a lot of “X and Y” books to see what I liked and didn’t. My publisher Wiley has a line of Philosophy and “X,” including Star Wars and Black Mirror, and I learned a lot about what I liked and didn’t from reading. I also had a reader who didn’t like Star Wars. She called me on a lot of the obscure references. In my previous answer, I said something like “the home on the desert planet,” because I don’t want to lose the reader in this interview or especially in the book.  

6. What trends in the book world do you see -- and where do you think the book publishing industry is heading? So obviously, self-publishing is transforming everything. There’s more books, there’s more competition for readers. I’m personally happy to be working with a great team who really helped make the book better than I could have done on my own and helped me work through many of the complexities of a book like this. I don’t want to know every nuance of layout and indexing and all the other bits, so personally, it works for me to work with a publisher, but I’m glad people have choices to get their ideas into books.  

7. What challenges did you overcome to write this book? I’ve talked about the fun parts of this book, but there’s a lot of complex technical details that I needed to make accessible and not scary. Some of those required me to re-think ideas I thought I understood. For example, one of the threats in the book is ‘Expansion of Authority,’ and we used to call that ‘Elevation of Privilege.’ The threat is the attacker takes powers not granted to them. I’d grown up with the Elevation framing, even created a game with that name, and when I tried to explain it as clearly as possible, I realized it was pretty squishy. So that chapter, and several others, were very hard to write and I went through a lot of drafts and I left a lot on the cutting room floor. Two of them, the expansion of authority chapter and the parsing chapter nearly killed the book, but I’m now happy with them. The other big challenge is how deep to go. When you promise it’s “for every engineer” on the cover, you need to go deep enough to cover what they need to know without going off into the weeds. A lot of security books will teach you how to write exploits in assembler code, and that’s a great skill, and it’s also, frankly, scary and off-putting. What do I, as an author, say about those? Where do I draw the inclusion line, keeping the book moving along while teaching enough? Those were both big challenges.  

8. How would you describe your writing style? I try for inviting and clear. Especially when the concepts are tricky, I want my words to be as simple as possible so the reader can learn. And when the concepts aren’t tricky, I want the reader to be entertained and delighted. This book has a lot of geeky Easter eggs and allusions, but doesn’t insist you know even as much as the names of the planets in the Star Wars universe. You’ll get a few extra laughs if you do.  

9. If people can buy or read one book this week or month, why should it be yours? As Darth Vader said, “I find your lack of faith disturbing.” This book is the most entertaining deeply technical book that any engineer will read this month, and the most technical entertaining book. It’s the perfect blend for every engineer.  

About The Author: Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, and game designer. He's an Affiliate Professor at the University of Washington, a member of the BlackHat Review Board, a LinkedIn Learning Author. He is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

For more information, please see:


Need Book Marketing Help?

Brian Feinblum, the founder of this award-winning blog, can be reached at  He is available to help authors promote their story, sell their book, and grow their brand. He has over 30 years of experience in successfully helping thousands of authors in all genres. Let him be your advocate, teacher, and motivator!


Read This!

15 Beliefs Authors Should Adopt When Marketing A Book


The Writer’s New Mantra?


Authors: Do This, Not That


Securing Many Book Sales Beyond Bookstores


Do Authors Have The Best Attitude?


Wise Fool Book Marketing Advice


Why Hire A Book Publicist?


17 Ways Authors Always Succeed   


About Brian Feinblum

Brian Feinblum should be followed on Twitter @theprexpert. This is copyrighted by BookMarketingBuzzBlog ©2023. Born and raised in Brooklyn, he now resides in Westchester with his wife, two kids, and Ferris, a black lab rescue dog. His writings are often featured in The Writer and IBPA’s The Independent.  This award-winning blog has generated over 3.3 million pageviews. With 4,400+ posts over the past dozen years, it was named one of the best book marketing blogs by BookBaby  and recognized by Feedspot in 2021 and 2018 as one of the top book marketing blogs. It was also named by as a "best resource.” For the past three decades, including 21 years as the head of marketing for the nation’s largest book publicity firm, and two jobs at two independent presses, Brian has worked with many first-time, self-published, authors of all genres, right along with best-selling authors and celebrities such as: Dr. Ruth, Mark Victor Hansen, Joseph Finder, Katherine Spurway, Neil Rackham, Harvey Mackay, Ken Blanchard, Stephen Covey, Warren Adler, Cindy Adams, Todd Duncan, Susan RoAne, John C. Maxwell, Jeff Foxworthy, Seth Godin, and Henry Winkler. He recently hosted a panel on book publicity for Book Expo America, and has spoken at ASJA, Independent Book Publishers Association Sarah Lawrence College, Nonfiction Writers Association, Cape Cod Writers Association, Willamette (Portland) Writers Association, APEX, and Connecticut Authors and Publishers Association. His letters-to-the-editor have been published in The Wall Street Journal, USA Today, New York Post, NY Daily News, Newsday, The Journal News (Westchester) and The Washington Post. He has been featured in The Sun Sentinel and Miami Herald. For more information, please consult:  



No comments:

Post a Comment

Note: Only a member of this blog may post a comment.