Duration 32 hours, including 16 hours of live lab sessions
Time over a period of 6 weeks (details in schedule below)
Next training date Access 19-Aug; live labs Aug-29 through Sep-1 (12-4pm EST, 9am-1pm PST, 18h-22h CEST) every day
Next training location ONLINE

Our teachers for the training: DPI – MedCrypt Threat Modeling Medical Devices





Taught in English, this course is a blend of 16 hours of self-paced training and 16 hours of online live labs over 6 weeks.


Learn how to create, maintain, and update threat models in our training tailored for Medical Device Makers.
Together with our partner for this training: MedCrypt

Why take this course?

Regulators across the world, including the Food & Drug Administration (FDA) and European Medicines Agency (EMA), are embracing threat modeling as part of their requirements. It is widely agreed upon by security standards groups, such as OWASP and NIST, that threat modeling is a highly effective method to inform secure software architecture and requirements. Threat modeling identifies potential security issues across a number of risk types for makers and users; including patient safety risks Threat modeling is a clear and efficient method to communicate requirements to all stakeholders, independent of technical abilities. The artifacts produced through threat modeling are pieces that can directly be used as part of regulatory submissions, and do not add regulatory overhead to build specific documentation.

Even with growing security teams, there will never be enough security experts to thoroughly evaluate the security threats for each medical device continually. By training your team, from security analysts to software engineers to product managers, you will be able to ensure that your team has the ability to identify threats and iterate on existing threat models that your teams generate. This allows security to be a part of the medical device development lifecycle, rather than a separate burdensome process.

MedCrypt, a leading cybersecurity firm 100% focused on medical devices, and Toreon’s Data Protection Institute (DPI), a globally-recognized leader in threat modeling training, have partnered to create the most comprehensive threat modeling training specifically for Medical Device Manufacturers (MDMs). Leveraging the curriculum that Toreon uses for their Black Hat training, our teams have incorporated lessons learned from delivering cybersecurity to MDMs and regulatory requirements to ensure that this curriculum meets the needs of medical devices.

As part of this course, you will see how you can leverage your threat model in multiple other aspects of your regulatory submission, allowing you to focus on addressing any issues rather than assembling a multitude of different documents.

Every medical device needs a threat modeler, but not every threat modeler needs to be a cybersecurity specialist. Through our training every participant will walk away with both knowledge about threat models, how to assemble a team and conduct a session as well as all of the materials to do that the very next day.

Schedule & overview

Hours of training: 32 hours, including 16 hours of live lab sessions.

Live virtual labs run between August 29th and September 1st from 12 PM EST/9AM PST/18h CEST to 3PM EST/1PM PST/21h CEST every day. In addition to the 16 hours of live sessions, there are 8 hours of self-paced preparatory materials that will be released August 19th.

Upon finishing the live sessions, participants will create their own threat model over the next month, and then spend 2 hours with our trainers reviewing that model.

Target group

If you are involved in any aspect of building and maintaining medical devices this course is for you! You do not need to have a background in security. All that we ask is that you come with a willingness to learn, and ask as many questions as possible.

It is our belief that anyone can threat model, and that there’s a need for threat modeling to be understood by all those involved in the development lifecycle of medical devices.

Learning goals

After this training, you will be able to:

  • Understand the why, what, how, and when of threat modeling
  • Create and update a threat model
  • Create an actionable threat model with your stakeholders
  • Organize and prepare efficient threat modeling workshops
  • Explain the methodology and need for threat modeling to others
  • Decompose a medical device architecture and highlight security implications and decisions for software design and regulatory submission
  • Apply diagramming techniques, including Data Flow Diagramming
  • Identify threats, using STRIDE and attack trees
  • Evaluate risks using the
  • Understand how to mitigate security and privacy threats with standard mitigations
  • Communicate your threat model to stakeholders
  • Understand the critical soft skills required for successful threat modeling


Educational approach of this course

With our team’s depth of knowledge and experience in medical devices and threat modeling, we understand the frustration and uncertainty that many people involved in the creation of medical devices have about how to use threat modeling.

Our course will make you much more comfortable with threat modeling, and will make you look forward to your next threat modeling session! The training is a hybrid format that combines self-paced learning with an intensive four live labs.  You’ll start your learning on our hybrid learning platform, which will walk you through a series of assignments that you’ll want to do before the live sessions. During that time you’ll walk through the materials at your own pace, as well as interact with your peers, who are also taking the course, with a forum and discussions that are part of the assignments.

When we come together for the live sessions, we understand that you may have questions and that some things may not have made sense or resonated. That’s completely normal! You can either reach out to our training staff before we get together or feel free to bring your questions with you.

We want to ensure that you get the most out of this training, and so we’ll spend most of the live sessions walking through the theoretical material by applying it to a fictional medical device. We’ll periodically put you in breakout rooms so that you’ll brainstorm and apply what you are learning to something that you’ll have some familiarity with. You’ll not only see how to use threat modeling for medical devices, but also start to build templates and documents that you can leverage on your own work.

Some of the exercises we’ll do include (a more comprehensive list can be found in the training outline):

  • Diagramming a clinical decision support application that uses the same REST hosted backend as a mobile patient dashboard
  • Discussing how an attacker might gain access to an implanted device using a compromised hospital’s network
  • Evaluating threats for an implantable device, including deciding what features/integrations to build based on risk and business evaluation
  • Building parts of the regulatory submission for FDA using the results of a threat model


As we go through each stage of the threat modeling process, we’ll link it back to regulatory requirements so you can see how this will directly impact your submission materials. Our ambition is that you’ll see how much threat modeling can help you with regulations and ensure your devices leverage secure architecture.

Finally, you’ll be asked to create your own threat model after the live labs. You’ll be able to do this using what you’ve learned combined with templates that we’ll provide you of the scenarios discussed. We’ll then review those threat models individually with you approximately one month after the live sessions and answer any questions you might have about regulatory requirements.

End product

In addition to all of the learning you’ll do, you will also receive the following:

  • One year of access to the e-learning platform, including all updates to training materials
  • A fully worked through example of a medical device that covers multiple aspects of a threat model in depth
  • The example will also include templates to be used in a variety of diagramming and threat modeling tools
  • Explanations of the regulatory requirements and mapping them to various parts of threat modeling
  • A framework to help apply threat modeling to your current medical device lifecycle, including how to figure out what tools are needed
  • Templates to rate risk severity across a number of risk calculation methods
  • Examples of privacy regulations and how to incorporate them in your threat model

How to prepare yourself

Course essentials include:

  • Stable internet access
  • Your own laptop (preferred) or tablet
  • Access to MS Teams with sharing turned on


And … bring excitement to learn!



  • Why threat modeling
  • Regulatory requirements
  • How it relates to the medical device development lifecycle, including risk evaluations
  • How to think about documentation
  • Overview of methods and stages

Lab 1 - Starting a threat model

  • Putting a device in clinical and risk context
  • Brainstorming threats, updating devices, and multi-patient harm scenarios
  • Diagramming and security architecture decomposition
  • Trust Boundaries


  • Diagramming a clinical decision support application that uses the same REST hosted backend as a mobile patient dashboard

Lab 2 - Identifying Threats

  • Using for threat identification
  • Combining misuse cases with attack trees
  • Building and improving attack libraries


  • Analyzing an implanted device that can be remotely controlled by a provider using STRIDE
  • Discussing how an attacker might gain access to an implanted device using a compromised hospital’s network using attack trees
  • Modifying a threat model to include moving from an on-premise database to a cloud hosted one that includes anonymized patient data

Lab 3 - Evaluate & Mitigate

  • Risk Evaluation, including multi-patient harm analysis
  • Mitigating threats and addressing potential future threats with patching
  • Documenting threats and justifying decisions for internal stakeholders and regulators


  • Evaluating threats for an implantable device, including secure updating and integrations based on risk and business evaluation

Lab 4 - Mapping to Regulations

  • How to justify evaluations and courses of action for regulatory submissions
  • Explanation of how each aspect of threat modeling covered relates to regulatory requirements
  • Ways to use the results of a threat model to build other pieces of regulatory submission

Bringing it all Together


  • In the immediate month following the live sessions, participants will create their own threat models bringing together all that they’ve learned
  • Threat models will then be reviewed individually with our training team, and include a two hour review session
  • Additionally, participants are able to speak with our regulatory experts to answer any questions about expectations for regulatory compliance and specific feedback on meeting those requirements

Price of the course


VAT exclusive

An invoice in USD is available upon request (2,465 USD).

At location Inhouse

Schedule 2022





DPI – MedCrypt Threat Modeling Medical Devices

Access 19-Aug; live labs Aug-29 through Sep-1 (12-4pm EST, 9am-1pm PST, 18h-22h CEST) every day


We are recognized by:

  • Registration number KMO portefeuille: DV.O213013

    Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 30% or 20% subsidy from the Flemish Government on the cost of registration.

  • Acknowledgement by Chèque-Formation

    The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.