Threat Modeling For Engineers

A focused course

For technology professionals looking to deliver secure systems, threat modeling is an essential skillset. Learn from Adam Shostack, who wrote the most popular book on the topic. This class, offers participants the knowledge and skills to consistently and efficiently utilize the  Four  Question  Framework, data flow diagrams, and the STRIDE mnemonic to identify threats and mitigation techniques, document results, and advance threat modeling results for action.   {DATE}, 10AM-12 PM Pacific. Equivalent to a 1 day in-person course, 10 hours including classes and homework. Limited to 25 participants. Course enrollment is $1700.00.

Course curriculum

    1. Preparing for Distributed Learning

    2. Welcome and Introduction

    3. Learning Online

    4. Welcome to Threat Modeling

    5. Join our Slack

    6. Syllabus

    7. Slide Book (downloadable)

    8. Exercise Book (downloadable)

    9. Exercises: Propose a System for Analysis + Drawing Tools

    1. Zoom meeting information

    1. The Question: What Are We Working On?

    2. DFDs: Diagrams and Models

    3. Trust Boundaries (Introduction)

    4. Exercises: Data Flow Diagram Essay + Data Flow Diagram Creation

    5. Models (answer key)

    6. Exercises: Trust Boundaries Essay + Draw Trust Boundaries

    1. What Can Go Wrong? Brainstorming

    2. STRIDE (Introduction)

    3. Applying STRIDE

    4. Tracking Threats & Assumptions

    5. Exercises: STRIDE Essay + Apply STRIDE

    1. Final Tips & Recap: What Can Go Wrong

    2. Mitigations

    3. Addressing Threats

    4. Exercises: Design Many Controls + Design Controls in Depth

    1. Did we do a good job?

    2. Retrospectives

About this course

  • 31 lessons
  • 2 hours of video content