Threat modeling intensive

Our most popular course

For technology professionals looking to deliver secure systems, threat modeling is an essential skillset. Learn from Adam Shostack, who wrote the most popular book on the topic. February 28 - March 4th, 8AM-10AM Pacific. Equivalent to a 2 day in-person course, 20 hours including classes and homework.

Every participant receives

printed and electronic copies of:

  • Slidebook (125 pages, spiral bound)

  • Elevation of Privilege game

  • Exercises booklet

  • Threat modeling stencil

  • Whiteboard sketchbook

Course curriculum

  • 1

    Getting Ready (Due: Monday, February 28)

    • Preparing for Distributed Learning

    • Welcome + Introduction

    • Learning Online

    • Welcome to Threat Modeling

    • Join Slack

    • Preparing For Threat Modeling Intensive: Time Block

    • Syllabus

    • Slide Book (downloadable)

    • Exercises File (downloadable)

    • Exercises: Propose a System for Analysis + Drawing Tools

    • Course Retrospective Timeblocks

  • 2

    Monday Live Class

    • Monday Calendar Hold with Zoom Link

  • 3

    What Are We Working On? (Due: Tuesday)

    • The Question: What Are We Working On?

    • DFDs: Diagrams + Models

    • Trust Boundaries (Introduction)

    • Exercises: Data Flow Diagram Essay + Data Flow Diagram Creation

    • Models (answer key)

    • Exercises: Trust Boundaries Essay + Draw Trust Boundaries

  • 4

    Tuesday Live Class

    • Tuesday Calendar Hold with Zoom Link

  • 5

    What Can Go Wrong? (Due: Wednesday)

    • Sketching

    • DFDs in Depth

    • Boundaries In Depth

    • What Can Go Wrong? Brainstorming

    • STRIDE (Introduction)

    • Applying STRIDE

    • Tracking Threats + Assumptions

    • Exercises: STRIDE Essay + Apply STRIDE

  • 6

    Wednesday Live Class

    • Wednesday Calendar Hold with Zoom Link

  • 7

    What Are We Going To Do About It? (Due: Thursday)

    • Tools in Context

    • Elevation of Privilege

    • Attack Trees

    • Final Tips + Recap: What Can Go Wrong

    • Mitigations

    • Strategies for Addressing Threats

    • Addressing Threats

    • Exercises: Design Controls - Broadly + Design Controls in Depth + Risk Mitigation

    • Did we do a good job?

    • Retrospectives

  • 8

    Thursday Live Class

    • Thursday Calendar Hold with Zoom Link

  • 9

    Did We Do A Good Job? (Due: Friday)

    • Introduction to Kill Chains

    • Applying the Kill Chain

    • "Act On Objectives" Stage of the Kill Chain

    • MITRE'S ATT&CK Kill Chain

    • Exercises: Kill Chain Essay + Apply a Kill Chain + End-to-End Threat Model

    • (optional) Kill Chain Cheat Sheet

    • (Optional) A Sense of Urgency

    • (Optional) Models of Change

    • (Optional) Managing "What We're Going to Do About it"

    • (Optional) Chess and Arms Races

    • Optional (Prioritization)

    • Final Exercise: End-to-End Threat Model

  • 10

    Friday Live Class

    • Friday Calendar Hold with Zoom Link

  • 11

    Bonus Content

    • Answer Key

    • Threat Modeling Lessons From Star Wars

    • Threat Modeling in 2020

    • The Threat Modeling Manifesto

  • 12

    How Did We Do?

    • Sign up for our mailing lists.

    • How Did We Do? Give us survey feedback

    • Participate in a Retrospective of Threat Modeling Intensive

Reviews

"One of the top professional development courses in my 35+ year career. - Charles F."

Countdown timer

  • 00 Days
  • 00 Hours
  • 00 Minutes
  • 00 Seconds