Threat modeling for security champs (301)

Support threat modeling work by your teams

For technology professionals looking to deliver secure systems, threat modeling is an essential skillset. Learn from Adam Shostack, who wrote the most popular book on the topic. The course begins with Live Preparation Session the Wednesday before class begins. July 19-23 9AM-10 AM Pacific. Equivalent to a 1 day in-person course, 10 hours including classes and homework.

Prerequisites

This course builds on the skills developed in either our 212 or 222 Threat Modeling Courses. Students should be familiar with more than one way to answer “what are we working on” and “what can go wrong.”

Every participant recieves

printed and electronic copies of:

  • Slidebook (42 pages, spiral bound)

  • Elevation of Privilege game

  • Exercises booklet

  • Threat modeling stencil

  • Whiteboard sketchbook

Reviews

"One of the top professional development courses in my 35+ year career. - Charles F."

Course curriculum

  • 1

    Preparing for Success

    • Shipping Information

    • 301 Course Readiness Survey

  • 2

    Getting Ready for the Live Introductory Session (14 July 2021)

    • Welcome & Introduction to Distributed Class

    • Preparing for Online Learning (downloadable)

    • Syllabus (downloadable)

  • 3

    Introductory Live Session

    • Live Preparation Session (calendar invite)

  • 4

    Getting Ready to Learn (Due: Monday 19 July)

    • Learning Online

    • Introduction to Threat Modeling for Security Champs

    • Exercises File (downloadable)

    • Course Book (downloadable)

    • Yoda

    • Jenga

    • Introducing Threat Modeling (Optional)

    • Introducing Elevation of Privilege (Optional)

    • Exercises: RACI & Jenga

  • 5

    Monday Live Class

    • Monday July 19th Live Class (calendar invite)

  • 6

    What Are We Working On: Frameworks & System Models (Due: Tuesday 20 July)

    • Evaluation Frameworks

    • Leading Threat Modeling Work

    • System Model Evaluations

    • Exercise: Provide Feedback on System Models

  • 7

    Tuesday Live Class

    • Tuesday July 20th Live Class (calendar invite)

  • 8

    What Can Go Wrong: Threats (Due: Wednesday 21 July)

    • Organizational Evaluation

    • Threat List Evaluations

    • Exercise: Threats Feedback

  • 9

    Wednesday Live Class

    • Wednesday July 21st Live Class (calendar invite)

  • 10

    What Are We Going To Do About It: Mitigations (Due: Thursday July 22)

    • Mitigation Evaluations

    • Exercise: Mitigation Feedback

    • Required External Readings on ADRs

    • Required External Readings on Escalations

    • Write a short essay on either ADRs or escalations

  • 11

    Thursday Live Class

    • Thursday July 22nd Live Class (calendar invite)

  • 12

    Did We Do A Good Job: Retrospectives (Due: Friday July 23)

    • Required External Reading on Debriefing Facilitation

  • 13

    Friday Live Class

    • Friday July 23rd Live Class (calendar invite)

  • 14

    How Did We Do?

    • How Did We Do? Give us survey feedback

    • Retrospective (optional)

  • 15

    Bonus Content

    • EoP Game (PowerPoint)

    • EoP Cheat Sheet (downloadable)

    • Threat Modeling in 2020

Time until kickoff

  • 00 Days
  • 00 Hours
  • 00 Minutes
  • 00 Seconds