We can host this training at your preferred location. Contact us!

The programme is a blend of practical use cases based on real-world projects and mentoring. Each use case includes an environmental description, questions, and templates for building a threat model.

Participants are challenged in virtual breakout rooms to carry out the different stages of threat modelling on the following:

Diagramming web and mobile applications, sharing the same REST backend

Threat modelling an IoT gateway with a cloud-based update service
Get into the attacker’s head – modelling points of attack against a CNI facility
Threat mitigations for microservices and S3 buckets in a payment service
Threat modelling the CI/CD pipeline

The results are discussed after each hands-on workshop, and participants receive a documented solution.

None

Audience

Engineers, architects, solutions consultants, project managers, scrum masters and security professionals.

The why, what, how, and when of threat modelling
How to create and update a threat model
How to create an actionable threat model with your stakeholders
How to organise and prepare efficient threat modelling workshops
How to explain the methodology and need for threat modelling to others
Diagramming techniques, including Data Flow Diagramming
Threat identification techniques, including STRIDE and attack trees
How to carry out technical risk rating using the OWASP risk rating methodology
How to mitigate security and privacy threats with standard mitigations
The soft skills that will make you a better threat modeler

Live Use Case ‘Client’ Scenario specific learning outcome.

Week 1: Threat modeling introduction (self-paced)

Threat modeling in a secure development lifecycle
What is threat modeling?
Why perform threat modeling?
Threat modeling stages
Different threat modeling methodologies
Documenting a threat model

Week 2: Diagrams – what are you building? (self-paced & live lab)

Understanding context
Doomsday scenarios
Data flow diagrams
Trust boundaries
Hands-on: Diagramming web and mobile applications, sharing the same REST backend

Week 2: Identifying threats – what can go wrong? (self-paced & live lab)

STRIDE introduction
Threat tables
Hands-on: Threat modeling an IoT gateway with a cloud-based update service
Attack trees
Attack libraries
Hands-on: Get into the attacker's head – modeling points of attack against a CNI facility

Week 3: Addressing each threat (self-paced & live lab)

How to address threats
Mitigation patterns
Setting priorities through risk calculation
Risk management
Threat agents
The mitigation process
Threat mitigations for microservices and S3 buckets in a payment service
Hands-on: threat modeling the DevOps CI/CD pipeline

Week 4: Threat modeling tooling and resources (self-paced)

Open-Source & free tools
Commercial tools
Hard copy
Online resources
Threat modeling community
Example threat models

Month 2: Bring your own case (self-paced & live lab)

Bring your own threat model – Customer Specific
Transfer activities
Mentoring
Review session

This course, also includes a complimentary online Certified Threat Modelling Practitioner exam, provided by Toreon.

Upcoming Trainings

Join our public courses in our Hong Kong facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

Classroom / Virtual Classroom

11 July 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Classroom / Virtual Classroom

14 July 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Classroom / Virtual Classroom

17 July 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Classroom / Virtual Classroom

25 July 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Classroom / Virtual Classroom

03 August 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Classroom / Virtual Classroom

06 August 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Classroom / Virtual Classroom

08 August 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Classroom / Virtual Classroom

18 August 2024

Hong Kong, Kowloon, Tsuen Wan

2 Days

Threat Modelling Practitioner Training Course in Hong Kong

Hong Kong is officially known as the Hong Kong Special Administrative Region of the People's Republic of China (HKSAR) and is a city and special administrative region of China on the eastern Pearl River Delta in South China. Hong Kong is one of the most densely populated places in the world, with over 7.5 million population. The official languages of the HKSAR are Chinese and English. Hong Kong is a highly developed territory and ranks fourth on the United Nations Human Development Index and the residents of Hong Kong have the highest life expectancies in the world.

The best time to visit Hong Kong is from September to December, since the temperatures, averaging between 19 to 28 degree Celsius. During this outdoor activities-friendly travelling season, you can take a walk along Victoria Harbour, visit the islands of Lantau, Lamma and Cheung Chau and participate in the Mid-Autumn Festival. Top choices of the tourists to visit in Hong Kong are Big Buddha statue, Wong Tai Sin Temple, Repulse Bay and the Beaches and Hong Kong Disneyland.

Explore our diverse range of IT courses, encompassing programming, software development, cyber security, data science, business skills, and Agile/Scrum. Wherever you are in Hong Kong, our seasoned instructors will bring practical training and expert knowledge to your preferred training venue.

Threat Modelling Practitioner Training in Hong Kong

Prerequisites

Audience

What You Will Learn

Outline

ESSENTIAL STRATEGIES FOR SECURE VIRTUAL NETWORKING

Upcoming Trainings