What to Expect

Threat Modeling Intensive (222) is the most popular course at Shostack + Associates, and this is the self-paced version.


Participants will complete 7 chapters including: 1 preparation, 5 knowledge and skills, and an optional chapter. The six core chapters each include a set of video lectures (about 5 minutes each) and exercises to build the skills covered in the lectures. There is also one chapter with and additional reading and two videos of 45 minutes each.

After taking this class, participants will have a depth of knowledge and skills to consistently and efficiently utilize:

  • The Four Question Framework, 
  • Data Flow Diagrams,
  • STRIDE and Kill Chains

These techniques will help participants to identify threats and mitigation techniques (such as controls and risk management), accurately document results, and turn threat analysis consistently and efficiently into more secure products. As a result participants  will eventually champion threat modeling within their organization.

Enrollment in this course is active for 30 days. 

Estimated time to complete is 14-16 hours.

Get More From Your Self-Paced Study

Everything you need to complete the course is included, but some people want or need more.  

Optional add-ons:

Threat Modeling Engagement Pack

  • A DFD stencil
  • Reusable sketch book
  • STRIDE wallet card
  • Adam's Elevation of Privilege card game


1-on-1 With Adam

A 1-on-1 session with Adam where you can ask questions and get feedback on what you learned in the self-paced course.  Along with the 1-on-1 you will also receive a Threat Modeling Engagement Pack.

Pricing Options

We've found that not everyone needs physical copies or a 1-on-1 discussion with Adam Shostack to learn Threat Modeling and are happy to offer a learning package that includes only what you feel you need.  

Course curriculum

    1. Welcome and Introduction

    2. Syllabus

    3. Learning Online

    4. Welcome to Threat Modeling

    5. Slide Book (downloadable)

    6. Exercises File

    7. Exercise: Drawing tools

    1. The Question: What Are We Working On?

    2. DFDs: Diagrams and Models

    3. Trust Boundaries Slide Supplement

    4. Trust Boundaries (Introduction)

    5. Understanding Boundaries

    6. Exercise: Data Flow Diagram Essay

    7. Exercise: Data Flow Diagram Creation

    8. Models answer key

    9. Sketching

    10. Exercises: Trust Boundaries Essay

    11. Exercise: Draw Trust Boundaries

    12. DFDs in Depth

    13. Boundaries Technical

    14. Boundary Complexity

    15. Exercise: Stop and Reflect

    1. What Can Go Wrong? Brainstorming

    2. STRIDE (Introduction)

    3. Applying STRIDE

    4. Tracking Threats + Assumptions

    5. Exercise: STRIDE Essay

    6. Exercise: Apply STRIDE

    7. Tools in Context

    8. Elevation of Privilege

    9. Attack Trees

    10. Final Tips + Recap: What Can Go Wrong

    11. Exercise: Stop and Reflect

    1. Mitigations

    2. Strategies for Addressing Threats

    3. Addressing Threats

    4. Exercise: Design Control - Broadly

    5. Exercise: Design Controls in Depth

    6. Exercise: Risk Mitigation

    7. (Optional) Prioritization

    8. (Optional) Managing "What We're Going to Do About it"

    9. (Optional) Chess and Arms Races

    10. Exercise: Stop and Reflect

    11. Managing Risk

    1. Did we do a good job?

    2. Retrospectives

    3. Answer key: threats and mitigations

    4. Exercise: Stop and Reflect

    1. Introduction to Kill Chains

    2. Applying the Kill Chain

    3. Exercise: Kill Chain Essay

    4. Exercise: Apply a Kill Chain

    5. (optional) Kill Chain Cheat Sheet

    6. MITRE'S ATT&CK Kill Chain

    7. "Act On Objectives" Stage of the Kill Chain

    8. Exercise: Stop and Reflect

About this course

  • $1,350.00
  • 63 lessons
  • 4 hours of video content