Threat Modeling For Engineers

A focused course

For technology professionals looking to deliver secure systems, threat modeling is an essential skillset. Learn from Adam Shostack, who wrote the most popular book on the topic. This class, offers participants the knowledge and skills to consistently and efficiently utilize the  Four  Question  Framework, data flow diagrams, and the STRIDE mnemonic to identify threats and mitigation techniques, document results, and advance threat modeling results for action.   Equivalent to a 1 day in-person course, 10 hours including classes and homework.
Sign up now!

What to Expect

Threat Modeling for Engineers (201) is a popular choice for busy technology professionals, and this is the self-paced version.

 

Participants will complete 7 chapters; 1 preparation, 5 knowledge and skills, and a bonus chapter. The six core chapters each include a set of video lectures (about 5 minutes each) and exercises to build the skills covered in the lectures. The bonus chapter has one additional reading and two videos of 45 minutes each.

 

After taking this class, participants will have  the knowledge and skills to consistently and efficiently utilize the  Four  Question  Framework, data flow diagrams, and the STRIDE mnemonic to identify threats and mitigation techniques, document results, and advance threat modeling results for action.   

 

Enrollment in this course is active for 30 days. 

Estimated time to complete is 6-12 hours.

Get More From Your Self-paced Study

  • Physical Materials

    Slidebook (spiral bound), Elevation of Privilege game, Exercises booklet, Threat modeling stencil, Whiteboard sketchbook

  • 1-on-1 with Adam Shostack

    A 1-on-1 with Adam Shostack affords students the ability to ask questions, get feedback, and explore the concepts learned during self-paced study.

Pricing Options

We've found that not everyone needs physical copies or a 1-on-1 discussion with Adam Shostack to learn Threat Modeling and are happy to offer a learning package that includes only what you feel you need.  

Course curriculum

  • 1

    Preparation

    • Welcome and Introduction

    • Learning Online

    • Welcome to Threat Modeling

    • Join our Slack

    • Syllabus

    • Slide Book (downloadable)

    • Exercise Book (downloadable)

    • Exercises: Propose a System for Analysis + Drawing Tools
  • 2

    What Are We Working On?

    • The Question: What Are We Working On?

    • DFDs: Diagrams and Models

    • Trust Boundaries (Introduction)

    • Exercises: Data Flow Diagram Essay + Data Flow Diagram Creation

    • Models (answer key)

    • Exercises: Trust Boundaries Essay + Draw Trust Boundaries

    • Stop and reflect
  • 3

    What Can Go Wrong?

    • What Can Go Wrong? Brainstorming

    • STRIDE (Introduction)

    • Applying STRIDE

    • Tracking Threats & Assumptions

    • Exercises: STRIDE Essay + Apply STRIDE

    • Final Tips & Recap: What Can Go Wrong

    • Stop and reflect
  • 4

    What Are We Going To Do About It?

    • Mitigations

    • Addressing Threats

    • Exercises: Design Many Controls + Design Controls in Depth

    • Stop and reflect
  • 5

    Did We Do A Good Job?

    • Did we do a good job?

    • Retrospectives

    • Stop and reflect
  • 6

    Make It So!

    • End-to-End Threat Model

    • Make threat modeling part of your work
  • 7

    Next Steps

    • How Did We Do?

    • Let's stay in touch!
  • 8

    Bonus Content

    • Threat Modeling Lessons From Star Wars

    • The Threat Modeling Manifesto