Course Overview

Threat Modeling for Security Champs enables security champs to support threat modeling work by their teams. The outcome is champs supporting threat modeling execution by product teams, not champs ready to train and leave.

Participants will be led through how to introduce threat modeling to teams, with or without Elevation of Privilege, learn about leading threat modeling work, and how to evaluate such work in depth.


Instruction Options

Live Instruction

  • In-person or Distributed
  • Fixed meetings times, pace
  • Instructor + peer learning
  • Open or Closed


Computer-Based Training

Computer-based training is not available for this course.


Who is Threat Modeling for Security Champs For?

Threat Modeling for Security Champs is for those skilled in threat modeling looking to help support others. This specifically includes champs within a business unit or a security advisor within a center of excellence. It also includes:

  •   Security-focused developers
  •   Security-focused architects of all levels
  •   Security-focused testers
  •   Scrum masters
  •   Security-focused business analysts
  •   SOC analysts

 

Pre-requisites

Before you begin Threat Modeling for Security Champs you should already be skilled in threat modeling, have the ability to draw a DFD from either a specification or by interview, be able to use STRIDE and the Kill Chain to address what can go wrong, and discuss when each might be appropriate.

Course Content

Threat Modeling for Security Champs is 10 learning hours, roughly equivalent to a one day in person class. The time is split between short video 'lectures,' like the one below, homework assignments and group discussion via Zoom.

Skills covered in this course

  •   Threat Modeling
  •   Network Security
  •   Threat & Vulnerability Management


Topics covered

  •   Introducing TM to teams
  •   Using the Elevation of Privilege deck
  •   Leading TM work
  •   Reviewing TM — evaluating models of systems
  •   Reviewing TM — evaluating threat records
  •   Reviewing TM — evaluating bugs (and reports)
  •   Effective retrospectives (Did we do a good job?)
  •   Soft skills in threat modeling

Logistics Options

In-Person Delivery

  • Learn over 1-3 days
  • Different attention levels
  • Travel requirements


Distributed Delivery

  • Learn over a week
  • Flexible homework time
  • No travel


Open Courses

  • Open to anyone
  • No NDA
  • Committed calendar
  • Individual seats (no minimum)


Closed Courses

  • One customer
  • NDA
  • Negotiated calendar
  • Minimum seats

Upcoming Threat Modeling for Security Champs courses. 

Threat Modeling for Security Champs is only offered as a live instruction course. 

At this time, we do not have any upcoming open enrollment course dates scheduled. However, with a minimum enrollment, Threat Modeling for Security Champs, can be delivered to your organization as a closed course.