Threat Modeling Practitioner

This training is based on Toreon’s internationally acclaimed ‘Whiteboard Hacking Training’, which is exclusively given at conferences around the world (Blackhat, OWASP). It is now also available in an in-company or online format.

Cybersec authorities OWASP and NIST widely agree that Threat Modeling is one of the most effective methods to reduce cybersecurity risk and ensure secure software architecture from the start.

Training your team in Threat Modeling ensures they have the skills to identify threats and continuously iterate on existing threat models. This way, security becomes part of the development lifecycle of your software or hardware, lowering total costs and increasing security.

“This training takes a very practical approach. It is rooted in Seba’s extensive field experience with Threat Modeling.” 

“The hands-on, real-life exercises truly helped.” 

Our partner for this training is Toreon, a firm with a long-standing reputation for all-things-cybersecurity. They have delivered in-company certified Threat Modeling training since 2016 and created the ‘Threat Modeling Playbook’ for the OWASP foundation.

Main benefits 

• Protect your reputation & prevent expensive hacks and exploits
• Lower your total cost of security by implementing best practices from the get-go
• Deploy Security & Privacy by Design 
• Gain a competitive advantage with secure, future-proof products

Book A Call

Get on a short call with the trainer to discuss in-company course content, pricing, and specific needs. 

Schedule Now 

Reserve your seat for the upcoming online course.

What to expect 

Learning goals

• The what, when, and how of Threat Modeling
• Discover and mitigate critical design flaws in your software
• Learn how to create an actionable threat model with your stakeholders
• Learn how to carry out technical risk rating using the OWASP methodology
• Identify non-trivial threats using STRIDE and attack trees
• Understand how industry leaders mitigate security and privacy threats
• Learn to give highly effective threat modeling workshops to small groups
• Explain the methodology and need for threat modeling to colleagues

Deliverables

• One year of access to the e-learning platform
• Incl. live lab recordings
• A fully worked-through example that covers multiple aspects of a threat model in depth
• A framework to help apply threat modeling to your development lifecycle
• STRIDE mapped on compliance standards
• All presentation hand-outs
• Various templates & worksheets:
• Rating risk severity with several risk calculation methods
• Threat Model documentation template
• Detailed use-case worksheets
• Detailed use-case solution descriptions

Teachers 

Toreon’s DPI is globally recognized for its Threat Modeling training and has years of experience delivering cybersecurity to different industries.

All teachers for this course have years of experience in the field and in front of the classroom.

Together, we created the most comprehensive Threat Modelling training curriculum.

Target Group 

If you are involved in any aspect of ensuring security for a product (software or hardware), this course is for you! You do not need to have a background in security.

We believe that anyone can threat model and that there’s a need for threat modeling to be understood by all those involved in the development lifecycle.

Typical profiles for this course include:

• Software developers/engineers/architects
• Product managers/Product Security
• Incident Responders
• Cyber-security analysts/managers

What will the course look like? 

In-company

We recommend the in-company formula for organizations with 10+ full-time security or software engineers. Companies that regularly process high-risk data or consider their software to be ‘core’ to the organization should opt for the in-company formula.

The training consists of 32 hours and 4 days of interactive learning, with a mixture of theory and real-world examples. A significant part of the course consists of creating your own threat model and discussing this with the trainers.

Book A Call

Get on a short call with the trainer to discuss in-company course content, pricing, and specific needs. 

Live online

For organizations with <10 security or software engineers or those that don’t consider their software ‘core’ to the business, we recommend our live online formula: This hybrid format combines self-paced learning with three live labs.

It consists of 20 hours of blended learning:

• Self-paced preparatory material (8 h)

• Live lab sessions & review with the trainers (12h)

Live virtual labs run on three dates (see schedule) from 12:00-15:00 CEST

During the live sessions, you’ll get the chance to interact with other participants and ask all the questions you like. After this, you will create your own threat model over the next month. Finally, you’ll review your model for 2 hours with our trainers.

Partners

UK training delivered through partner QA.

Schedule Now 

Reserve your seat for the upcoming online course.

Do you wish to receive the monthly newsletter Threat Modeling Insider?

Sign up for the newsletter via this link: https://ap.lc/D3cYM.