We can host this training at your preferred location. Contact us!

The programme is a blend of practical use cases based on real-world projects and mentoring. Each use case includes an environmental description, questions, and templates for building a threat model.

Participants are challenged in virtual breakout rooms to carry out the different stages of threat modelling on the following:

Diagramming web and mobile applications, sharing the same REST backend

Threat modelling an IoT gateway with a cloud-based update service
Get into the attacker’s head – modelling points of attack against a CNI facility
Threat mitigations for microservices and S3 buckets in a payment service
Threat modelling the CI/CD pipeline

The results are discussed after each hands-on workshop, and participants receive a documented solution.

None

Audience

Engineers, architects, solutions consultants, project managers, scrum masters and security professionals.

The why, what, how, and when of threat modelling
How to create and update a threat model
How to create an actionable threat model with your stakeholders
How to organise and prepare efficient threat modelling workshops
How to explain the methodology and need for threat modelling to others
Diagramming techniques, including Data Flow Diagramming
Threat identification techniques, including STRIDE and attack trees
How to carry out technical risk rating using the OWASP risk rating methodology
How to mitigate security and privacy threats with standard mitigations
The soft skills that will make you a better threat modeler

Live Use Case ‘Client’ Scenario specific learning outcome.

Week 1: Threat modeling introduction (self-paced)

Threat modeling in a secure development lifecycle
What is threat modeling?
Why perform threat modeling?
Threat modeling stages
Different threat modeling methodologies
Documenting a threat model

Week 2: Diagrams – what are you building? (self-paced & live lab)

Understanding context
Doomsday scenarios
Data flow diagrams
Trust boundaries
Hands-on: Diagramming web and mobile applications, sharing the same REST backend

Week 2: Identifying threats – what can go wrong? (self-paced & live lab)

STRIDE introduction
Threat tables
Hands-on: Threat modeling an IoT gateway with a cloud-based update service
Attack trees
Attack libraries
Hands-on: Get into the attacker's head – modeling points of attack against a CNI facility

Week 3: Addressing each threat (self-paced & live lab)

How to address threats
Mitigation patterns
Setting priorities through risk calculation
Risk management
Threat agents
The mitigation process
Threat mitigations for microservices and S3 buckets in a payment service
Hands-on: threat modeling the DevOps CI/CD pipeline

Week 4: Threat modeling tooling and resources (self-paced)

Open-Source & free tools
Commercial tools
Hard copy
Online resources
Threat modeling community
Example threat models

Month 2: Bring your own case (self-paced & live lab)

Bring your own threat model – Customer Specific
Transfer activities
Mentoring
Review session

This course, also includes a complimentary online Certified Threat Modelling Practitioner exam, provided by Toreon.

Upcoming Trainings

Join our public courses in our South Africa facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

Classroom / Virtual Classroom

11 July 2024