Why we threat model

The threat landscape is continuously evolving. New attacks and vulnerabilities emerge nearly everyday, making it challenging to build secure systems. This is why we threat model.

Threat modeling is the "measure twice, cut once" of cybersecurity. It's a structured process that helps you see the big picture, so you can create targeted defense strategies. By methodically analyzing components, data flows, trust boundaries and more, threat modeling reveals security design flaws and high-risk areas.

The key benefits of threat modeling include:

  • Find bugs early: Fixing flaws late in development is costly. Find them upfront through threat modeling.
  • Understand security needs: Threat modeling highlights where defenses should focus, saving time and resources.
  • Build better systems: Design secure architecture by identifying risks before implementation.
  • Meet deadlines: Prioritize risks and guide security efforts where they matter most.

Who is this course for

This self-paced version of 'Threat Modeling Essentials' is a focused course perfect for busy security architects, software developers, product managers, and more, looking to develop fundamental skills to find and mitigate threats systematically. You will learn to visualize systems, map data flows, understand vulnerabilities and recommend mitigations.

Course overview

The Threat Modeling Essentials course is designed to provide attendees the ability to more consistently and efficiently apply threat modeling usinA diagram of a network of colorful spheresDescription automatically generated with medium confidenceg the Four Question Framework:

  • What are we working on?
  • What can go wrong?
  • What are we going to do about it?
  • Did we do a good job?

Course content

  • Answering the Question: what are we working on with DFDs.
  • Figuring out what can go wrong using STRIDE.
  • Deciding what we’re going to do about it. (Appropriate controls)
  • Threat Modeling Lessons from Star Wars (Traps people fall into)
  • Determining if we did a good job through measurement.

What to expect 

Participants will complete 7 chapters; 1 preparation, 5 knowledge and skills, and a bonus chapter. The 6 core chapters each include a set of video lectures (about 5 minutes each) and exercises to build the skills covered in the lectures. The bonus chapter has 1 additional reading and 2 videos of 45 minutes each.

Learning outcomes

After taking Threat Modeling Essentials, participants will have the knowledge and skills to consistently and efficiently use the Four Question Framework, data flow diagrams, STRIDE to identify threats, mitigation techniques, document results, and advance threat modeling results for action.

These techniques will enable participants to identify threats and mitigation techniques, document results, and advance threat modeling results for action.   


Enrollment in this course is active for 30 days. 

Estimated time to complete is 6-13 hours.

The estimated time range is based on the minimum and maximum time recommendations for completing exercises and engagement with optional materials. The average time to complete is closer to 10 hours. 


    1. Welcome to Threat Modeling

    2. Syllabus

    3. Slide Book (downloadable)

    4. Exercise Book (downloadable)

    5. Learning Online

    6. Exercise: Drawing tools

    1. The Question: What Are We Working On?

    2. DFDs: Diagrams and Models

    3. Trust Boundaries (Introduction)

    4. Exercise: Data Flow Diagram Essay

    5. Exercise: Data Flow Diagram Creation

    6. Models (answer key)

    7. Exercises: Trust Boundaries Essay

    8. Exercise: Draw Trust Boundaries

    9. Exercise: Stop and Reflect

    1. What Can Go Wrong? Brainstorming

    2. STRIDE (Introduction)

    3. Applying STRIDE

    4. Tracking Threats & Assumptions

    5. Exercise: STRIDE Essay

    6. Exercise: Apply STRIDE

    7. Final Tips & Recap: What Can Go Wrong

    8. Exercise: Stop and Reflect

    1. Mitigations

    2. Addressing Threats

    3. Exercise: Design Control - Broadly

    4. Exercise: Design Controls in Depth

    5. Exercise: Stop and Reflect

    1. Did we do a good job?

    2. Retrospectives

    3. Exercise: Stop and Reflect

    1. Make Threat Modeling Part of Your Work

    2. Exercise: End-to-End Threat Model

About this course

  • $1,019.00
  • 37 lessons
  • 2 hours of video content

Get more from your self-paced study

Add the physical threat modeling engagement pack

Everything you need to complete the course is included, but some people want or need more.  That's why we have put together a physical engagement pack the includes:  

  • An acrylic DFD stencil

  • Reusable whiteboard sketch book

  • Threat Modeling wallet card

  • Adam's Elevation of Privilege card game

Add a course wrap up with Adam Shostack

Take your threat modeling knowledge to the next level with a 60-minute, 1-on-1 video consultation with threat modeling expert Adam Shostack.

In your course wrap up session Adam will answer your questions and provide tailored guidance to address your specific goals. You can pick Adam's brain on topics like:

  • Core threat modeling principles and processes: Review foundational concepts like assets, threats, vulnerabilities, and mitigations. Walk through threat modeling methodologies step-by-step to solidify understanding.
  • Customized advice for improving your threat models: Bring your own threat model diagrams and data flows. Adam will provide concrete feedback on how to strengthen your models to better illuminate risks and priorities.
  • Threat modeling practices: Learn Adam's tips for executing effective threat modeling across your organization - from getting stakeholder buy-in to threat modeling integrated into your SDLC.
  • Tailored guidance for your industry or use case: Adam has applied threat modeling across a vast array of industries, from tech to healthcare to auto. 
  • Latest threat modeling trends and innovations: Adam closely tracks cutting-edge advancements in the field. Discuss where threat modeling shows the most promise going forward for security teams.

During your course wrap up, Adam Shostack will draw from his deep expertise in threat modeling and security design to focus wholly on your needs. As an industry pioneer, Adam authored the popular book Threat Modeling: Designing for Security as well as the recent Threats: What Every Engineer Should Learn from Star Wars. He also led the creation of the widely-used SDL Threat Modeling Tool and helped establish global security standards like CVE. With decades of experience in the field, including pioneering the Elevation of Privilege threat modeling game, Adam will work to strengthen your own skills and understanding of this critical discipline. Let his substantial background in establishing threat modeling practices, authoring key texts, and pushing the industry forward guide the session and empower you in your own security journey.

You can add your course wrap up with Adam for just $295 during checkout.


  • What if I decide later that I want a course wrap up with Adam?

    No worries. You can still purchase a course wrap up with Adam Shostack at the regular price of $450. https://courses.shostack.org/courses/threat-modeling-essentials-course-wrap-up-with-adam

  • Can I purchase the Physical Threat Modeling Engagement Pack later?

    Yes. You can purchase the Physical Threat Modeling Engagement Pack here. https://courses.shostack.org/courses/physical-engagement-pack