Threat Modeling For Engineers

A focused course

For technology professionals looking to deliver secure systems, threat modeling is an essential skillset. Learn from Adam Shostack, who wrote the most popular book on the topic. This class, offers participants the knowledge and skills to consistently and efficiently utilize the  Four  Question  Framework, data flow diagrams, and the STRIDE mnemonic to identify threats and mitigation techniques, document results, and advance threat modeling results for action.   {DATE}, 10AM-12 PM Pacific. Equivalent to a 1 day in-person course, 10 hours including classes and homework. Limited to 25 participants. Course enrollment is $1700.00.

Course curriculum

  • 1

    Getting Ready (Work that's due by the first class)

    • Preparing for Distributed Learning

    • Welcome and Introduction

    • Learning Online

    • Welcome to Threat Modeling

    • Join our Slack

    • Syllabus

    • Slide Book (downloadable)

    • Exercise Book (downloadable)

    • Exercises: Propose a System for Analysis + Drawing Tools

  • 2

    Live class zoom

    • Zoom meeting information

  • 3

    What Are We Working On?

    • The Question: What Are We Working On?

    • DFDs: Diagrams and Models

    • Trust Boundaries (Introduction)

    • Exercises: Data Flow Diagram Essay + Data Flow Diagram Creation

    • Models (answer key)

    • Exercises: Trust Boundaries Essay + Draw Trust Boundaries

  • 4

    What Can Go Wrong?

    • What Can Go Wrong? Brainstorming

    • STRIDE (Introduction)

    • Applying STRIDE

    • Tracking Threats & Assumptions

    • Exercises: STRIDE Essay + Apply STRIDE

  • 5

    What Are We Going To Do About It?

    • Final Tips & Recap: What Can Go Wrong

    • Mitigations

    • Addressing Threats

    • Exercises: Design Many Controls + Design Controls in Depth

  • 6

    Did We Do A Good Job?

    • Did we do a good job?

    • Retrospectives

  • 7

    Next Steps

    • How Did We Do?

    • Let's stay in touch?

  • 8

    Bonus Content

    • Threat Modeling Lessons From Star Wars

    • The Threat Modeling Manifesto