Shostack + Associates
The world's best threat modeling courses
Why we threat model
We threat model because it’s essential to security by design and building security in.
Threat modeling is the "measure twice, cut once" of cybersecurity. It’s structured processes that help you see the big picture, so you can create effective defenses. By methodically analyzing components, data flows, trust boundaries, and more, threat modeling reveals security design flaws and high-risk areas.
The key benefits of threat modeling include:
- Find bugs early: Fixing flaws late in development is costly. Find them upfront through threat modeling.
- Understand security needs: Threat modeling highlights where defenses should focus, saving time and resources.
- Build better systems: Design secure architecture by identifying risks before implementation.
- Meet deadlines: Prioritize risks and guide security efforts where they matter most.
- Reduce conflict: Discovering flaws with penetration tests leads to conflict. Reduce those conflicts by finding the problems early.
Self-paced courses
-
Threat Modeling Essentials Self-Paced Course
Course • 43 lessonsParticipants will deepen knowledge + skills needed to consistently and efficiently utilize threat modeling to identify threats, mitigation techniques, document results, deliver more secure products, and champion threat modeling within organizations.
$899
-
Threat Modeling Intensive Self-Paced Course
Course • 67 lessonsTechnology professionals will develop the knowledge & skills needed to consistently and efficiently threat model: identify threats, mitigation techniques, document results, deliver more secure products.
$1,270
Upcoming open enrollment courses
At this time, we do not have any upcoming open enrollment course dates scheduled. However, with a minimum enrollment, we can deliver any of our courses to your organization as a closed course.
Interested in threat modeling training for your organization? We offer corporate and closed courses tailored to your team's needs. These private courses allow us to dive deep on industry-specific topics or focus on your organization's unique challenges.
Learn more about how we can provide impactful threat modeling training for your company by visiting https://shostack.org/training. There you'll find details on our flexible format options, ability to cover specialized subject matter, and how we ensure sessions target your team's skill levels and knowledge gaps.
Contact us to schedule a closed course for your team!
Why us?
We offer the best threat modeling training available.
Our founder Adam Shostack is one of the leading experts in threat modeling and security engineering. Almost everyone else trains using Adam’s books. Why not go to the source?
Our training is laser-focused on threat modeling as the heart of security engineering work. We've trained thousands of people with methods that deliver results.
We know training works best when people have a chance to develop specific technical skills, to apply them, and to reflect on how they and others have applied them. We design our training on specific learning goals, including skills (technical and soft), values (the importance of security) and understanding (shifting left reduces rework). To meet your needs, we have instruction and logistics options, including a choice between live instruction or self-paced/computer-based training.
Free courses
-
World's Shortest Threat Modeling
Course • 22 lessonsThis course is a great introduction to Threat Modeling and the Four Question framework that enables structured, comprehensive, and systematic way to bring security to projects from the very start. The mini-lessons are easy to fit into busy schedules.
Free
-
Learn Cyber Security With R2D2
Course • 5 lessonsThis mini-course uses Star Wars analogies including R2-D2's ownership transfer, managing his restraint bolts, and the access control rule for him to authenticate Obi-Wan as a way of teaching important cybersecurity concepts.
Free
-
Prioritization for Security Champs (302)
Course • 15 lessonsThis is a prioritization focused mini-course that supplements our Threat Modeling for Security Champs 301, It consists of 5 videos, a few exercises and a quiz.
Free
Be the first to hear about new courses!
Hear about our upcoming courses
We offer threat modeling trainings. We're really proud of them. We want to be able to let people know about them. And ... Adam hates spam. He set up "Adam's New Thing" to be about the new things he's doing, and new course announcements seem like something different.
So we set up a new list: "upcoming courses." You'll be shocked, shocked to hear that it's more commercial. We're going to use it to announce new training offerings such as:
- New instructor-led distributed courses like "threat modeling intensive" and "threat modeling for security champions"
- New self-paced versions of those or other courses
- New Linkedin Learning courses
- Play Elevation of Privilege with Adam
Instructors
Adam Shostack
Adam Shostack is a leading expert in threat modeling, a consultant, entrepreneur, technologist, author and game designer. He helped found the CVE and a variety of startups. During his years at Microsoft, he was the threat modeling Program Manager for Microsoft’s SDL team from 2006-2009, created the Microsoft SDL Threat Modeling Tool (v3), the Elevation of Privilege threat modeling game, and fixed autorun. He has taught threat modeling at a wide range of commercial, non- profit and government organizations. He's a member of the BlackHat Review Board, is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.