Threat Modeling for Security Champs enables security champs to support threat modeling work by their teams. The outcome is champs supporting threat modeling execution by product teams, not champs ready to train and leave.
Participants will be led through how to introduce threat modeling to teams, with or without Elevation of Privilege, learn about leading threat modeling work, and how to evaluate such work in depth.
- In-person or Distributed
- Fixed meetings times, pace
- Instructor + peer learning
- Open or Closed
Computer-based training is not available for this course.
Threat Modeling for Security Champs is for those skilled in threat modeling looking to help support others. This specifically includes champs within a business unit or a security advisor within a center of excellence. It also includes:
- Security-focused developers
- Security-focused architects of all levels
- Security-focused testers
- Scrum masters
- Security-focused business analysts
- SOC analysts
Before you begin Threat Modeling for Security Champs you should already be skilled in threat modeling, have the ability to draw a DFD from either a specification or by interview, be able to use STRIDE and the Kill Chain to address what can go wrong, and discuss when each might be appropriate.
Threat Modeling for Security Champs is 10 learning hours, roughly equivalent to a one day in person class. The time is split between short video 'lectures,' like the one below, homework assignments and group discussion via Zoom.
Skills covered in this course
- Threat Modeling
- Network Security
- Threat & Vulnerability Management
- Introducing TM to teams
- Using the Elevation of Privilege deck
- Leading TM work
- Reviewing TM — evaluating models of systems
- Reviewing TM — evaluating threat records
- Reviewing TM — evaluating bugs (and reports)
- Effective retrospectives (Did we do a good job?)
- Soft skills in threat modeling
- Learn over 1-3 days
- Different attention levels
- Travel requirements
- Learn over a week
- Flexible homework time
- No travel
- Open to anyone
- No NDA
- Committed calendar
- Individual seats (no minimum)
- One customer
- Negotiated calendar
- Minimum seats
Upcoming Threat Modeling for Security Champs courses.
Threat Modeling for Security Champs is only offered as a live instruction course.
At this time, we do not have any upcoming open enrollment course dates scheduled. However, with a minimum enrollment, Threat Modeling for Security Champs, can be delivered to your organization as a closed course.