Threat modeling intensive

Our most popular course

For technology professionals looking to deliver secure systems, threat modeling is an essential skillset. Learn from Adam Shostack, who wrote the most popular book on the topic. October 11-15, 10AM-12 PM Pacific. Equivalent to a 2 day in-person course, 20 hours including classes and homework. Limited to 25 participants. Course enrollment is $3400.00.

Every participant recieves

printed and electronic copies of:

  • Slidebook (125 pages, spiral bound)

  • Elevation of Privilege game

  • Exercises booklet

  • Threat modeling stencil

  • Whiteboard sketchbook

Reviews

"One of the top professional development courses in my 35+ year career. - Charles F."

Course curriculum

  • 1

    Getting Ready (Due: Monday, October 11)

    • Preparing for Distributed Learning

    • Shipping Information

    • Exercises File (downloadable)

    • Welcome and Introduction

    • Learning Online

    • Welcome to Threat Modeling

      FREE PREVIEW
    • Slide Book (downloadable)

    • Syllabus (downloadable)

  • 2

    Monday Live Class

    • Monday, October 11th Live Class (calendar invite)

  • 3

    What Are We Working On? (Due: Tuesday)

    • The Question: What Are We Working On?

    • DFDs: Diagrams and Models

      FREE PREVIEW
    • Trust Boundaries (Introduction)

    • Exercises: DFD Essay + DFD Creation

    • Models Answer Key

    • Exercises: Trust Boundary Essay, Make Trust Boundaries Explicit

  • 4

    Tuesday Live Class

    • Tuesday, October 12th Live Class (calendar invite)

  • 5

    What Can Go Wrong? (Due: Wednesday)

    • Sketching

    • DFDs in Depth

    • Boundaries In Depth

    • What Can Go Wrong? Brainstorming

    • STRIDE (Introduction)

    • Applying STRIDE

      FREE PREVIEW
    • Tracking Threats & Assumptions

    • Exercises: STRIDE Essay, Apply STRIDE

  • 6

    Wednesday Live Class

    • Wednesday, October 13th Live Class (calendar invite)

  • 7

    What Are We Going To Do About It? (Due: Thursday)

    • Tools in Context

    • Elevation of Privilege

    • Attack Trees

    • Final Tips & Recap: What Can Go Wrong

    • Mitigations

    • Strategies for Addressing Threats

    • Addressing Threats

    • Exercises: Design many controls, Design controls in depth, risk mitigation

    • Did We Do A Good Job?

    • Retrospectives

  • 8

    Thursday Live Class

    • Thursday, October 14th Live Class (calendar invite)

  • 9

    Did We Do A Good Job? (Due: Friday)

    • Introduction to Kill Chains

    • Applying the Kill Chain

    • "Act On Objectives" Stage of the Kill Chain

    • MITRE'S ATT&CK Kill Chain

    • Exercises: Kill Chain Essay, Kill Chain Applied

    • (optional) Kill Chain Cheat Sheet

    • (Optional) A Sense of Urgency

    • (Optional) Models of Change

    • (Optional) Managing "What We're Going to Do About it"

    • (Optional) Chess and Arms Races

    • Optional (Prioritization)

    • Exercise: End to End Threat Model

  • 10

    Friday Live Class

    • Friday, October 15th Live Class (calendar invite)

  • 11

    How Did We Do?

    • How Did We Do? Give us survey feedback

    • Answer Key

  • 12

    Bonus Content

    • Threat Modeling Lessons From Star Wars

    • Threat Modeling in 2020

    • The Threat Modeling Manifesto

Time until kickoff

  • 00 Days
  • 00 Hours
  • 00 Minutes
  • 00 Seconds