Bootcamp Begins In 

  • 00 Days
  • 00 Hours
  • 00 Minutes
  • 00 Seconds

Threat Modeling for Technical and Regulatory Professionals

MDIC and Shostack + Associates have come together to offer the Medical Device Threat Modeling Bootcamp.  This learning opportunity is a five-day intensive workshop on managing cybersecurity risks in medical devices and diagnostics. 

The Bootcamp will be held the week of  March 13th 2023.

During the Bootcamp you will:

  • Participate in 2-hour Instructor-led virtual discussions daily (9-11am Pacific)
  • Participate in 1-hour group work daily (11-12am Pacific)
  • Complete  approximately 1-hour of individual assignments and video lessons daily



  • Welcome and intros
  • Hands on Threat Modeling
  • Structures we use in threat modeling
  • System models


  • System models
  • Brainstorming
  • STRIDE threats


  • STRIDE Threats
  • Mitigations


  • Mitigations
  • Assessing work
  • Kill chains


  • Kill chains
  • bringing to our work

Why is Medical Device Cybersecurity Threat Modeling Important?

A key piece of managing medical device and diagnostic cybersecurity risks is the integration of threat modelling (TM). TM provides a blueprint to strengthen security through the total product lifecycle of the devices, thereby ensuring improved safety and effectiveness of medical products. 

Objectives & discussed topics of the MDIC threat modeling bootcamps:

  • Intensive, hands-on sessions on threat modeling.
  • Learning about structured, systematic and comprehensive approach to threat modeling for engineering more secure systems.

To learn more about the bootcamp along with various other MDIC cybersecurity initiatives, email us at

Every participant receives

printed and electronic copies of:

  • Slidebook (125 pages, spiral bound)

  • Elevation of Privilege game

  • Exercises booklet

  • Threat modeling stencil

  • Whiteboard sketchbook

Why The Medical Device Threat Modeling Bootcamp is The Learning Opportunity for You

In September 2019, FDA awarded funding to MDIC to increase awareness on systematic approaches to TM that can enable manufacturers to effectively address system level risks. Through an FDA funded cybersecurity initiative, MDIC delivered two bootcamps on TM for medical device stakeholders which were held August 17-21, 2020 and February 22-26, 2021. MDIC collaborated with over two dozen SMEs on threat modeling – both from MedTech and non-MedTech sector, led by Shostack & Associates, in developing the modules for bootcamps.

After receiving a tremendous response for the limited number of spaces, MDIC limited participation to no more than two individuals from the same organization. To ensure diversity, the selected participants included both technical professionals working in the product development sector as well as regulatory professionals in the medical device public and private sectors. In parallel to the bootcamps, MDIC worked closely with MITRE to develop a Medical Device Threat Modeling Playbook released in October 2021.

This Bootcamp is an opportunity to learn from the team that produced the first Medical Device Threat Modeling Bootcamps and the Medical Device Threat Modeling Playbook.


"One of the top professional development courses in my 35+ year career. - Charles F."


  • Which virtual meeting platform is used for the Instructor-led discussions?

    Instructor-led discussions are conducted via Zoom. The best way to utilize Zoom is with the installed desktop client. Zoom can be used in your browser without losing access to any of the features used in class.

  • Where do I go to access the video lessons?

    Video lessons are hosted here in our Learning Management System. Once you enroll you will find the course in your Student Dashboard. We have structured the course so that each video and assignment you need to complete is found in the chapter for the day in which it is due.

  • When will I be able to access the video lessons?

    We make all digital course materials available the week prior to the Bootcamp, and they remain available to learners for 30 days after the course.

  • What else do I need in order to participate in the bootcamp?

    1) We use Slack for course communications. You will be able to Join Slack using a link found in the First Actions chapter. 2) We use Miro as a collaborative tool. You can create a free Miro account here: The free (3 drawing) version is fine for the class, as is the web version. That is, you don’t need to install their software as a local app. 3) We use Google Docs as a collaborative tool to record group session notes. 4) You should have a good microphone and camera so that you can fully participate in the instructor-led and group work. Headphones may be useful if you are in an environment with background noise.

  • Who is providing the training?

    1) MDIC is the promoting agency who is hosting the Bootcamp. 2) Our lead Instructor is Adam Shostack, a leading expert on threat modeling. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft. His accomplishments include: Helped create the CVE. Now an Emeritus member of the Advisory Board; Fixing Autorun for hundreds of millions of systems; Lead the design and delivery of the Microsoft SDL Threat Modeling Tool (v3); Created the Elevation of Privilege threat modeling game; Wrote Threat Modeling: Designing for Security; Co-authored The New School of Information Security. 3) Adam will be supported by Threat Modeling Professionals with Medical Device experience and knowledge.

  • What if the physical materials do not arrive before the bootcamp?

    The physical materials are “nice-to-haves” and not required for the training itself. The materials necessary for the class (Course Slide Book and Exercise Book) are also found in the learning management system (LMS). They can be downloaded in their entirety as PDFs. The slides will appear on screen in the video lessons and during live discussion. Exercises are also individually placed as lesson modules in the LMS at the appropriate places for a streamlined independent-study learning journey. The primary purpose of the physical materials is to provide a resource for continued study and reference as participants integrate threat modeling into their daily activities.

  • Who do I reach out to with questions?

    You can reach out with questions and issues at

Pricing options

Explain how different pricing options might be valuable to different segments of your audience.