In this episode, Katie Norton (Research Manager at IDC) gives a primer on tech industry analysts. The conversation provides insights on how to find the right analyst firm based on company needs and the importance of asking good questions during consultations. Additionally, they address common myths about analysts being 'pay to play' and examine the impact of recent npm supply chain attacks on the industry.
00:00 Introduction: Analyst vs. Consultant
02:12 Finding the Right Analyst Firm
04:27 The Importance of Asking Good Questions
07:30 Debunking the 'Pay to Play' Myth
10:55 Current Trends in Malware and Supply Chain Security
16:17 Understanding Application Security Posture Management (ASPM)
22:32 Conclusion: Navigating the Analyst Landscape
Join us for an insightful discussion with Adam Shostack (President of Shostack & Associates, author of many threat modeling books), a renowned expert in threat modeling, as he explains the basics and importance of threat modeling in security. Learn about the four fundamental questions of threat modeling, its application in agile and lean environments, and tips for keeping it lightweight and effective. Adam also shares his journey into the field, his teaching experiences, and how to start a threat modeling program.
