Course Overview

Threat Modeling Intensive is our most popular course. Its designed to provide attendees the ability to more consistently and efficiently apply threat modeling using the Four Question Framework:

  • What are we working on?
  • What can go wrong?
  • What are we going to do about it?
  • Did we do a good job?



Learning outcomes

After taking Threat Modeling Intensive, participants will, like those who take our Threat Modeling Essentials, have the knowledge and skills to consistently and efficiently use the Four Question Framework. That includes data flow diagrams, STRIDE and mitigation techniques, and the ability to choose between them for specific situations. They will also understand how to document results, and drive threat modeling results for action.

Participants in this Threat Modeling Intensive course not only learn specific skills, they learn more skills, including kill chains and risk management. They go deeper into each, and evaluate why those skills make sense, and learn about some of the challenges that they may encounter in their day-to-day application of those skills.

Course Content

  • Threat Modeling Lessons from Star Wars (Traps people fall into)
  • Answering the Question: what are we working on with DFDs and other tools
  • Figuring out what can go wrong using STRIDE and Kill Chains
  • Deciding what we’re going to do about it (Appropriate controls and risk management)
  • Determining if we did a good job through measurement and retrospectives
  • Threat modeling in 2021


Instruction Options

Threat Modeling Intensive is our most popular course, and we now proudly offer it in two modes: instructor-led and self-pace. Each is designed to serve different types of learning needs. Currently, Adam Shostack leads all the instructor-led courses, and a capstone discussion with Adam in available as an add-on to the self-pace version.

Live Instruction

  • In-person or Distributed
  • Fixed meetings times, pace
  • Instructor + peer learning
  • Open or Closed


Either 16 hours over 2 days, or 20 hours over 5 days. (The content is about the same, and the 5 day schedule is designed to reduce zoom fatigue, better integrate with people’s days, and offer the chance to both go deeper into exercises and “sleep on” the material.)

Computer-Based Training

  • Distributed only
  • Learn at your own time, pace
  • Peer, Instructor interaction on Slack
  • Price advantage


16 hours over as many as 30 days. Get started now!

Additional products

Logistics Options

In-Person Delivery

  • Learn over 1-3 days
  • Different attention levels
  • Travel requirements


Distributed Delivery

  • Learn over a week
  • Flexible homework time
  • No travel


Open Courses

  • Open to anyone
  • No NDA
  • Committed calendar
  • Individual seats (no minimum)


Closed Courses

  • One customer
  • NDA
  • Negotiated calendar
  • Minimum seats

Relative to our Threat Modeling Essentials Course

Threat Modeling Essentials focuses on teaching a single method to address Four Questions. In our Threat Modeling Intensive, we add more methods to address each, and learn to assess which to apply. That includes state machines and message diagrams to express what we're working on, kill chains and attack trees to address what can go wrong, and risk management approaches to bring more nuance to what we're going to do about each. Intensive also has a set of optional videos and exercises to allow students to go further.