Threat modeling for security champs (301)

Support threat modeling work by your teams

For technology professionals looking to deliver secure systems, threat modeling is an essential skillset. Learn from Adam Shostack, who wrote the most popular book on the topic. The course begins with Live Preparation Session the Wednesday before class begins. October 3 - October 7, 8 AM- 9 AM Pacific. Equivalent to a 1 day in-person course, 10 hours including classes and homework.

Prerequisites

This course builds on the skills developed in either our 200 Series Threat Modeling Courses. Students should be familiar with more than one way to answer “what are we working on” and “what can go wrong.”

Every participant receives

printed and electronic copies of:

  • Slidebook (spiral bound)

  • Elevation of Privilege game

  • Exercises booklet

  • Threat modeling stencil

  • Whiteboard sketchbook

Reviews

"One of the top professional development courses in my 35+ year career. - Charles F."

Course curriculum

  • 1

    Getting Ready to Learn (Due: Monday, October 3)

    • Preparing for Online Learning (downloadable)

    • Welcome + Introduction to Distributed Class

    • Learning Online

    • Introduction to Threat Modeling for Security Champs

    • Syllabus (downloadable)

    • Exercises File (downloadable)

    • Course Book (downloadable)

    • Yoda

    • Jenga

    • Introducing Threat Modeling (Optional)

    • Introducing Elevation of Privilege (Optional)

    • Exercises: RACI + Jenga

  • 2

    Monday Live Class

    • Live Class (calendar invite)

  • 3

    What Are We Working On: Frameworks + System Models (Due: Tuesday)

    • Evaluation Frameworks

    • Leading Threat Modeling Work

    • System Model Evaluations

    • Exercise: Provide Feedback on System Models

  • 4

    Tuesday Live Class

    • Live Class (calendar invite)

  • 5

    What Can Go Wrong: Threats (Due: Wednesday)

    • Organizational Evaluation

    • Threat List Evaluations

    • Exercise: Threats Feedback

  • 6

    Wednesday Live Class

    • Live Class (calendar invite)

  • 7

    What Are We Going To Do About It: Mitigations (Due: Thursday)

    • Mitigation Evaluations

    • Exercise: Mitigation Feedback

    • Required External Readings on ADRs

    • Required External Readings on Escalations

    • Write a short essay on either ADRs or escalations

  • 8

    Thursday Live Class

    • Live Class (calendar invite)

  • 9

    Did We Do A Good Job: Retrospectives (Due: Friday)

    • Required External Reading on Debriefing Facilitation

  • 10

    Friday Live Class

    • Live Class (calendar invite)

  • 11

    How Did We Do?

    • How Did We Do? Give us survey feedback

    • Retrospective (optional)

  • 12

    Bonus Content

    • EoP Game (PowerPoint)

    • EoP Cheat Sheet (downloadable)

    • Threat Modeling in 2020

Time until kickoff

  • 00 Days
  • 00 Hours
  • 00 Minutes
  • 00 Seconds