Why we threat model

The threat landscape is continuously evolving. New attacks and vulnerabilities emerge nearly everyday, making it challenging to build secure systems. This is why we threat model.

Threat modeling is the "measure twice, cut once" of cybersecurity. It's a structured process that helps you see the big picture, so you can create targeted defense strategies. By methodically analyzing components, data flows, trust boundaries and more, threat modeling reveals security design flaws and high-risk areas.

The key benefits of threat modeling include:

  • Find bugs early: Fixing flaws late in development is costly. Find them upfront through threat modeling.
  • Understand security needs: Threat modeling highlights where defenses should focus, saving time and resources.
  • Build better systems: Design secure architecture by identifying risks before implementation.
  • Meet deadlines: Prioritize risks and guide security efforts where they matter most.

Who is this course for

Threat Modeling Intensive (222) Self-Paced is designed for software developers, architects, product managers, and security professionals who want to gain a deeper understanding of threat modeling concepts and methodologies. 

Relative to our Threat Modeling Essentials Course

Threat Modeling Essentials focuses on teaching a single method to address Four Questions. In our Threat Modeling Intensive, we add more methods to address each, and learn to assess which to apply. That includes state machines and message diagrams to express what we're working on, kill chains and attack trees to address what can go wrong, and risk management approaches to bring more nuance to what we're going to do about each. Intensive also has a set of optional videos and exercises to allow students to go further.

Threat Modeling Intensive (222) Self-Paced is ideal for those who:

  • Want to consistently apply threat modeling on projects to build more secure products
  • Need a comprehensive understanding of threat modeling frameworks like STRIDE and attack trees 
  • Are looking for more advanced threat modeling techniques like kill chains and risk analysis

Course overview

Threat Modeling Intensive is our most popular course. Its designed to provide attendees the ability to more consistently and efficiently apply threat modeling using the Four Question Framework:

  • What are we working on?
  • What can go wrong?
  • What are we going to do about it?
  • Did we do a good job?

Course content

  • Threat Modeling Lessons from Star Wars (Traps people fall into)
  • Answering the Question: what are we working on with DFDs and other tools
  • Figuring out what can go wrong using STRIDE and Kill Chains
  • Deciding what we’re going to do about it (Appropriate controls and risk management)
  • Determining if we did a good job through measurement and retrospectives
  • Threat modeling in 2021

What to expect 

Participants will complete 7 chapters including: 1 preparation, 5 knowledge and skills, and an optional chapter. The 6 core chapters each include a set of video lectures (about 5 minutes each) and exercises to build the skills covered in the lectures. There is also 1 chapter with 1 additional reading and 2 videos of 45 minutes each.

Learning outcomes

A transparent cube with a lockDescription automatically generatedAfter taking Threat Modeling Intensive, participants will, like those who take our Threat Modeling Essentials, have the knowledge and skills to consistently and efficiently use the Four Question Framework. That includes data flow diagrams, STRIDE and mitigation techniques, and the ability to choose between them for specific situations. They will also understand how to document results, and drive threat modeling results for action.

Participants in this Threat Modeling Intensive course not only learn specific skills, they learn more skills, including kill chains and risk management. They go deeper into each, and evaluate why those skills make sense, and learn about some of the challenges that they may encounter in their day-to-day application of those skills.

After taking this class, participants will have a depth of knowledge and skills to consistently and efficiently use:

  • The Four Question Framework
  • Data Flow Diagrams
  • The STRIDE mnemonic
  • Kill Chains

These techniques will enable participants to identify threats and mitigation techniques (such as controls and risk management), accurately document results, and turn threat analysis consistently and efficiently into more secure products. As a result, participants will eventually champion threat modeling within their organization.


Enrollment in this course is active for 30 days.  

Estimated time to complete is 8-19 hours.

The estimated time range is based on the minimum and maximum time recommendations for completing exercises and engagement with optional materials. The average time to complete is closer to 14 hours. 


    1. Welcome to Threat Modeling

    2. Syllabus

    3. Slide Book (downloadable)

    4. Exercises File

    5. Learning Online

    6. Exercise: Drawing tools

    1. The Question: What Are We Working On?

    2. DFDs: Diagrams and Models

    3. Trust Boundaries Slide Supplement

    4. Trust Boundaries (Introduction)

    5. Understanding Boundaries

    6. Exercise: Data Flow Diagram Essay

    7. Exercise: Data Flow Diagram Creation

    8. Models answer key

    9. Sketching

    10. Exercises: Trust Boundaries Essay

    11. Exercise: Draw Trust Boundaries

    12. DFDs in Depth

    13. Boundaries Technical

    14. Boundary Complexity

    15. Exercise: Stop and Reflect

    1. What Can Go Wrong? Brainstorming

    2. STRIDE (Introduction)

    3. Applying STRIDE

    4. Tracking Threats + Assumptions

    5. Exercise: STRIDE Essay

    6. Exercise: Apply STRIDE

    7. Tools in Context

    8. Elevation of Privilege

    9. Attack Trees

    10. Final Tips + Recap: What Can Go Wrong

    11. Exercise: Stop and Reflect

    1. Mitigations

    2. Strategies for Addressing Threats

    3. Addressing Threats

    4. Exercise: Design Control - Broadly

    5. Exercise: Design Controls in Depth

    6. Exercise: Risk Mitigation

    7. (Optional) Prioritization

    8. (Optional) Managing "What We're Going to Do About it"

    9. (Optional) Chess and Arms Races

    10. Exercise: Stop and Reflect

    11. Managing Risk

    1. Did we do a good job?

    2. Retrospectives

    3. Answer key: threats and mitigations

    4. Exercise: Stop and Reflect

    1. Introduction to Kill Chains

    2. Applying the Kill Chain

    3. Exercise: Kill Chain Essay

    4. Exercise: Apply a Kill Chain

    5. (optional) Kill Chain Cheat Sheet

    6. MITRE'S ATT&CK Kill Chain

    7. "Act On Objectives" Stage of the Kill Chain

    8. Exercise: Stop and Reflect

About this course

  • $1,270.00
  • 62 lessons
  • 4 hours of video content

Get more from your self-paced study

Add the physical threat modeling engagement pack

Everything you need to complete the course is included, but some people want or need more.  That's why we have put together a physical engagement pack the includes:  

  • An acrylic DFD stencil

  • Reusable whiteboard sketch book

  • Threat Modeling wallet card

  • Adam's Elevation of Privilege card game

Add a course wrap up with Adam Shostack

Take your threat modeling knowledge to the next level with a 60-minute, 1-on-1 video consultation with threat modeling expert Adam Shostack.

In your course wrap up session Adam will answer your questions and provide tailored guidance to address your specific goals. You can pick Adam's brain on topics like:

  • Core threat modeling principles and processes: Review foundational concepts like assets, threats, vulnerabilities, and mitigations. Walk through threat modeling methodologies step-by-step to solidify understanding.
  • Customized advice for improving your threat models: Bring your own threat model diagrams and data flows. Adam will provide concrete feedback on how to strengthen your models to better illuminate risks and priorities.
  • Threat modeling practices: Learn Adam's tips for executing effective threat modeling across your organization - from getting stakeholder buy-in to threat modeling integrated into your SDLC.
  • Tailored guidance for your industry or use case: Adam has applied threat modeling across a vast array of industries, from tech to healthcare to auto. 
  • Latest threat modeling trends and innovations: Adam closely tracks cutting-edge advancements in the field. Discuss where threat modeling shows the most promise going forward for security teams.

During your course wrap up, Adam Shostack will draw from his deep expertise in threat modeling and security design to focus wholly on your needs. As an industry pioneer, Adam authored the popular book Threat Modeling: Designing for Security as well as the recent Threats: What Every Engineer Should Learn from Star Wars. He also led the creation of the widely-used SDL Threat Modeling Tool and helped establish global security standards like CVE. With decades of experience in the field, including pioneering the Elevation of Privilege threat modeling game, Adam will work to strengthen your own skills and understanding of this critical discipline. Let his substantial background in establishing threat modeling practices, authoring key texts, and pushing the industry forward guide the session and empower you in your own security journey.


You can add your course wrap up with Adam for just $295 during checkout.

  • What if I decide later that I want a course wrap up with Adam?

    No worries. You can still purchase a course wrap up with Adam Shostack at the regular price of $450. https://courses.shostack.org/courses/threat-modeling-intensive-course-wrap-up-with-adam

  • Can I purchase the Physical threat Modeling Engagement Pack Later?

    Yes. you can buy the Physical Threat Modeling Engagement Pack here. https://courses.shostack.org/bundles/Self-paced-Threat-Modeling-Essentials-with-Engagement-Pack