What to Expect

Threat Modeling Intensive (222) is the most popular course at Shostack + Associates, and this is the self-paced version.

 

Participants will complete 7 chapters including: 1 preparation, 5 knowledge and skills, and an optional chapter. The six core chapters each include a set of video lectures (about 5 minutes each) and exercises to build the skills covered in the lectures. There is also one chapter with and additional reading and two videos of 45 minutes each.


After taking this class, participants will have a depth of knowledge and skills to consistently and efficiently utilize:

  • The Four Question Framework, 
  • Data Flow Diagrams,
  • STRIDE and Kill Chains


These techniques will help participants to identify threats and mitigation techniques (such as controls and risk management), accurately document results, and turn threat analysis consistently and efficiently into more secure products. As a result participants  will eventually champion threat modeling within their organization.

Enrollment in this course is active for 30 days. 


Estimated time to complete is 14-16 hours.

Get More From Your Self-paced Study

  • Physical Materials

    Slidebook (125 pages, spiral bound), Elevation of Privilege game, Exercises booklet, Threat modeling stencil, Whiteboard sketchbook

  • 1-on-1 with Adam Shostack

    A 1-on-1 with Adam Shostack affords students the ability to ask questions, get feedback, and explore the concepts learned during self-paced study.

Pricing Options

We've found that not everyone needs physical copies or a 1-on-1 discussion with Adam Shostack to learn Threat Modeling and are happy to offer a learning package that includes only what you feel you need.  

Course curriculum

    1. Welcome and Introduction

    2. Order Physical Materials

    3. Syllabus

    4. Learning Online

    5. Welcome to Threat Modeling

    6. Slide Book (downloadable)

    7. Exercises File

    8. Exercise: Drawing tools

    1. The Question: What Are We Working On?

    2. DFDs: Diagrams and Models

    3. Trust Boundaries (Introduction)

    4. Exercise: Data Flow Diagram Essay

    5. Exercise: Data Flow Diagram Creation

    6. Models answer key

    7. Sketching

    8. Exercises: Trust Boundaries Essay

    9. Exercise: Draw Trust Boundaries

    10. DFDs in Depth

    11. Boundaries In Depth

    12. Exercise: Stop and Reflect

    1. What Can Go Wrong? Brainstorming

    2. STRIDE (Introduction)

    3. Applying STRIDE

    4. Tracking Threats + Assumptions

    5. Exercise: STRIDE Essay

    6. Exercise: Apply STRIDE

    7. Tools in Context

    8. Elevation of Privilege

    9. Attack Trees

    10. Final Tips + Recap: What Can Go Wrong

    11. Exercise: Stop and Reflect

    1. Mitigations

    2. Strategies for Addressing Threats

    3. Addressing Threats

    4. Exercise: Design Control - Broadly

    5. Exercise: Design Controls in Depth

    6. Exercise: Risk Mitigation

    7. (Optional) Prioritization

    8. (Optional) Managing "What We're Going to Do About it"

    9. (Optional) Chess and Arms Races

    10. Exercise: Stop and Reflect

    1. Did we do a good job?

    2. Retrospectives

    3. Answer key: threats and mitigations

    4. Exercise: Stop and Reflect

    1. Introduction to Kill Chains

    2. Applying the Kill Chain

    3. Exercise: Kill Chain Essay

    4. Exercise: Apply a Kill Chain

    5. (optional) Kill Chain Cheat Sheet

    6. MITRE'S ATT&CK Kill Chain

    7. "Act On Objectives" Stage of the Kill Chain

    8. Exercise: Stop and Reflect

About this course

  • $1,350.00
  • 59 lessons
  • 4 hours of video content