Why we threat model

We threat model because it’s essential to security by design and building security in.

Threat modeling is the "measure twice, cut once" of cybersecurity. It’s structured processes that help you see the big picture, so you can create effective defenses. By methodically analyzing components, data flows, trust boundaries, and more, threat modeling reveals security design flaws and high-risk areas.

The key benefits of threat modeling include:

  • Find bugs early: Fixing flaws late in development is costly. Find them upfront through threat modeling.
  • Understand security needs: Threat modeling highlights where defenses should focus, saving time and resources.
  • Build better systems: Design secure architecture by identifying risks before implementation.
  • Meet deadlines: Prioritize risks and guide security efforts where they matter most.
  • Reduce conflict: Discovering flaws with penetration tests leads to conflict. Reduce those conflicts by finding the problems early.

Upcoming open enrollment courses

At this time, we do not have any upcoming open enrollment course dates scheduled. However, with a minimum enrollment, we can deliver any of our courses to your organization as a closed course.

Interested in threat modeling training for your organization? We offer corporate and closed courses tailored to your team's needs. These private courses allow us to dive deep on industry-specific topics or focus on your organization's unique challenges.

Learn more about how we can provide impactful threat modeling training for your company by visiting https://shostack.org/training. There you'll find details on our flexible format options, ability to cover specialized subject matter, and how we ensure sessions target your team's skill levels and knowledge gaps.

Contact us to schedule a closed course for your team!

Why us?

We offer the best threat modeling training available.

Our founder Adam Shostack is one of the leading experts in threat modeling and security engineering. Almost everyone else trains using Adam’s books. Why not go to the source?

Our training is laser-focused on threat modeling as the heart of security engineering work. We've trained thousands of people with methods that deliver results.

We know training works best when people have a chance to develop specific technical skills, to apply them, and to reflect on how they and others have applied them. We design our training on specific learning goals, including skills (technical and soft), values (the importance of security) and understanding (shifting left reduces rework). To meet your needs, we have instruction and logistics options, including a choice between live instruction or self-paced/computer-based training.

Be the first to hear about new courses!

Hear about our upcoming courses

We offer threat modeling trainings. We're really proud of them. We want to be able to let people know about them. And ... Adam hates spam. He set up "Adam's New Thing" to be about the new things he's doing, and new course announcements seem like something different.

So we set up a new list: "upcoming courses." You'll be shocked, shocked to hear that it's more commercial. We're going to use it to announce new training offerings such as:

  • New instructor-led distributed courses like "threat modeling intensive" and "threat modeling for security champions"
  • New self-paced versions of those or other courses
  • New Linkedin Learning courses
  • Play Elevation of Privilege with Adam


Subscribe

* indicates required
 
 
 
Email Format 

Instructors

Adam Shostack

Adam Shostack is a leading expert in threat modeling, a consultant, entrepreneur, technologist, author and game designer. He helped found the CVE and a variety of startups. During his years at Microsoft, he was the threat modeling Program Manager for Microsoft’s SDL team from 2006-2009, created the Microsoft SDL Threat Modeling Tool (v3), the Elevation of Privilege threat modeling game, and fixed autorun. He has taught threat modeling at a wide range of commercial, non- profit and government organizations. He's a member of the BlackHat Review Board, is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.