Overview Next training

Duration 20 hours blended
Time over a period of 8 weeks (details in schedule below)
Next training date Live labs 27-Feb, 2-Mar, 9-Mar; review session 6-Apr
Next training location ONLINE

Our teachers for the training: Threat Modeling Practitioner

Name

Date

Location

Register

Threat Modeling Practitioner

live labs 28-Nov, 2-Dec and 8-Dec; review session 10-Jan

ONLINE

This training is based on Toreons internationally acclaimed ‘Whiteboard Hacking Training’, exclusively given at conferences around the world (Blackhat, OWASP). Now also available in an in-company or online format. 

Threat Modeling is widely agreed upon by cybersec authorities OWASP and NIST as being one of the most effective methods to reduce this cybersecurity risk and ensure secure software architecture from the get-go.  

Training your team in Threat Modeling ensures they have the skills to identify threats and continuously iterate on existing threat models. This way, security becomes part of the development lifecycle of your software or hardware, lowering total costs and increasing security.  

“This training takes a very practical approach. You can feel it is rooted in Seba’s extensive field experience with Threat Modeling” 
“The hands-on real-life exercises truly helped.” 

Our partner for this training is Toreon, a firm with a long-standing reputation for all-things-cybersecurity. They have delivered Threat Modeling trainings since 2016 and created the ‘Threat Modeling Playbook’ for the OWASP foundation. 

Main benefits 

  • Protect your reputation & prevent expensive hacks and exploits
  • Lower your total cost of security by implementing best practices from the get-go
  • Deploy Security & Privacy by Design 
  • Gain a competitive advantage with secure, future-proof products  

Book A Call

Get on a short call with the trainer to discuss in-company course content, pricing and specific needs. 

Schedule Now 

Reserve your seat for the upcoming online course.


 

What to expect 

Learning goals
  • The what, when and how of Threat Modeling 
  • Discover and mitigate critical design flaws in your software  
  • Learn how to create an actionable threat model with your stakeholders 
  • Learn how to carry out technical risk rating using the OWASP methodology 
  • Identify non-trivial threats, using STRIDE and attack trees 
  • Understand how industry leaders mitigate security and privacy threats 
  • Learn to give highly effective threat modeling workshops to small groups  
  • Explain the methodology and need for threat modeling to colleagues  
Deliverables
  • One year of access to the e-learning platform  
  • Incl. live lab recordings 
  • A fully worked-through example that covers multiple aspects of a threat model in depth  
  • A framework to help apply threat modeling to your development lifecycle 
  • STRIDE mapped on compliance standards 
  • All presentation hand-outs 
  • Various templates & worksheets:  
  • Rating risk severity with several risk calculation methods  
  • Threat Model documentation template 
  • Detailed use-case worksheets 
  • Detailed use-case solution descriptions 

 

Teachers 

Toreon’s DPI is globally recognised for its Threat Modeling training and has years of experience delivering cybersecurity to different industries.  

All teachers for this course have years of experience in the field and in front of the classroom.  

Together, we created the most comprehensive Threat Modelling training curriculum. 

Target Group 

If you are involved in any aspect of ensuring security for a product (software or hardware), this course is for you! You do not need to have a background in security.   

We believe that anyone can threat model and that there’s a need for threat modeling to be understood by all those involved in the development lifecycle.  

Typical profiles for this course include: 

  • Software developers/engineers/architects 
  • Product managers/Product Security 
  • Incident Responders 
  • Cyber-security analysts/managers  

What will the course look like? 

In-company

We recommend the in-company formula for organisations with 10+ full-time security or software engineers. Companies that regularly process high-risk data or consider their software to be ‘core’ to the organisation should opt for the in-company formula.  

The training consists of 32h/4 days of interactive learning, with a mixture of theory and real-world examples. A significant part of the course consists of creating your own threat model and discussing this with the trainers.  

 


Book A Call

Get on a short call with the trainer to discuss in-company course content, pricing and specific needs. 


 

Live online

For organisations with <10 security or software engineers or those that don’t consider their software ‘core’ to the business, we recommend our live online formula: This hybrid format combines self-paced learning with three live labs.  

 

 

It consists of 20 hours of blended learning:  

  • Self-paced preparatory material (8 h)  
  • Live lab sessions & review with the trainers (12h)  

Live virtual labs run on three dates (see schedule) from 12:00-15:00 CEST 

During the live sessions, you’ll get the chance to interact with other participants and ask all the questions you like. After this, you will create your own threat model over the next month. Finally, you’ll spend 2 hours with our trainers to review your model. 

 


Schedule Now 

Reserve your seat for the upcoming online course.


 

Get updates on this training? 

Would you like to be kept up to date on Threat Modeling trainings?
Subscribe below.

Week 1

Threat modeling introduction (self-paced)

  • Threat modeling in a secure development lifecycle
  • What is threat modeling?
  • Why perform threat modeling?
  • Threat modeling stages
  • Different threat modeling methodologies
  • Documenting a threat model

Week 2

Lab 1: Diagrams – what are you building? (self-paced & live lab 1)

  • Understanding context
  • Doomsday scenarios
  • Data flow diagrams
  • Trust boundaries
  • Hands-on: Diagramming web and mobile applications, sharing the same REST backend

Lab 2: Identifying threats – what can go wrong? (self-paced & live lab 2)

  • STRIDE introduction
  • Threat tables
  • Hands-on: Threat modeling an IoT gateway with a cloud-based update service
  • Attack trees
  • Attack libraries
  • Hands-on: Get into the attacker’s head – modeling points of attack against a nuclear facility

Week 3

Lab 3: Addressing each threat (self-paced & live lab 3)

  • How to address threats
  • Mitigation patterns
  • Setting priorities through risk calculation
  • Risk management
  • Threat agents
  • The mitigation process
  • Hands-on: Threat mitigations of OAuth scenarios for an HR application
  • Hands-on: threat modeling the CI/CD pipeline

Threat modeling tooling and resources (self-paced)

  • Open-Source & free tools
  • Commercial tools
  • Hard copy
  • Online resources
  • Threat modeling community
  • Example threat models

Month 2

Bring your own case (self-paced & live lab 4)

  • Bring your own threat model
  • Transfer activities
  • Mentoring
  • Review session

Price of the course

€1.440

VAT exclusive

Certificate

"Threat Modeling Practitioner Certificate"

Register now

Book a Call
  • “I took Whiteboard Hacking training with Sebastien and it really helped me understand how to threat model properly. I don’t think I have found any other training to be as comprehensive or deep and Sebastien provided relevant examples. I would highly recommend this training to others interested in Security.”

    Jeevan Singh

    Engineering Manager, Application Security at Segment

  • “Just finished your excellent Threat Modelling course, led by Steven Wierckx together with colleagues from all over Europe. It was really great, and comes recommended from my side to anyone interested in developing IT systems that are secure by design.”

    Fedder Skovgaard

    Enterprise Architect at Energinet.dk

  • “The instructor was extremely knowledgeable about the subject matter and provided a wealth of “war stories” that made this, often abstract, subject very real. I would highly recommend the threat modeling training presented by Toreon for any engineering team that takes security seriously.”

    Stephen de Vries

    CEO at IriusRisk

Schedule 2022 & 2023

Name

Date

Location

Taal

Register

Threat Modeling Practitioner

live labs 28-Nov, 2-Dec and 8-Dec; review session 10-Jan

ONLINE
EN

Threat Modeling Practitioner

Live labs 27-Feb, 2-Mar, 9-Mar; review session 6-Apr

ONLINE
EN

Threat Modeling Practitioner

Live labs 8-May, 12-May, 18-May; review session 8-Jun

ONLINE
EN

Threat Modeling Practitioner

Live labs 18-Sep, 22-Sep, 28-Sep; review session 26-Oct

ONLINE
EN

Threat Modeling Practitioner

Live labs 4-Dec, 8-Dec, 14-Dec; review session 11-Jan 2024

ONLINE
EN

We are recognized by:

  • Registration number KMO portefeuille: DV.O213013

    Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 30% or 20% subsidy from the Flemish Government on the cost of registration.

  • Acknowledgement by Chèque-Formation

    The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.

x

Stay informed via our newsletter

Stay connected with our latest news, offers and available training.

Newsletter
x

Enroll