Duration 20 hours blended
Time over a period of 8 weeks (details in schedule below)
Next training date access 12-Sep; live labs 19-Sep, 23-Sep and 29-Sep (12:00-15:00 CEST); review session 25-Oct (12:00-13:30 CEST)
Next training location ONLINE

Our teachers for the training: Threat Modeling Practitioner





Taught in English, this course is a blend of 8 hours of self-paced training and 12 hours of online live labs over 8 weeks.

This hybrid online training gives you the tools you need to become a threat modeling practitioner, teaching you how to threat model and build in security as an integral aspect of your secure development practice. This training is based on Toreon’s international rewarded whiteboard hacking training that was released in 2016. It’s a course that blends self-paced digital work with action-packed, hands-on live labs run by our seasoned threat modeling experts.

Threat modeling is the best method for avoiding application and system-related risks from the get-go. Without threat modeling, any security measure is just a shot in the dark; you’ll only really know what your vulnerabilities are after they’ve already been exploited. Another bonus? Threat modeling also gets your team on the same page with a shared security vision.

Our hands-on threat modeling challenges get you to apply the different stages of threat modeling to real-world scenarios. A fundamental part of that is learning the ropes of Toreon’s risk-based unified threat modeling practice. You’ll discover how to keep that aligned with your business objectives using an iterative and repeatable playbook that’s also compatible with Agile and DevOps practices.

Master the basics of threat modeling, learn how to diagram what you are building, identify threats using the STRIDE method, and find out how to address every threat. We’ve adapted our Black Hat training to produce an action-packed hybrid of self-paced learning and live labs with engaging, hands-on workshops. In this course, we’ll cover real-life use cases so that you understand how to perform practical threat modeling.

A snapshot of participant feedback:

  • ‘Sebastien delivered! He’s one of the best workshop instructors I’ve ever had.’
  • ‘Great training, one of the best courses I’ve ever attended.’
  • ‘In my opinion, this course is one of the most important courses a security professional can take.’
  • ‘The group hands-on practical exercises truly helped.’


At the end of the course, Toreon awards you with a Threat Modeling Practitioner certificate and one-year access to our threat modeling templates and resources.

Why take this course?

By the end of this threat modeling practitioner training, you’ll understand:

  • How threat modeling relates to a secure development lifecycle
  • The benefits of threat modeling
  • The different threat modeling stages
  • The STRIDE model
  • Secure design mitigations
  • Risk rating


And you’ll be able to:

  • Create and update your threat models with an incremental technique
  • Identify design flaws in your software
  • Use threat modeling as an awareness tool for your team and stakeholders
  • Get your team on the same page with a shared security vision

Target group

Wondering if this course is for you? Toreon’s threat modeling practitioner training targets software developers, architects, product managers, incident responders, and security professionals. If creating or updating a threat model is essential to your line of work, then this course is for you.

Learning goals

What you’ll learn in a nutshell:

  • The why, what, how, and when of threat modeling
  • How to create and update a threat model
  • How to create an actionable threat model with your stakeholders
  • How to organise and prepare efficient threat modeling workshops
  • How to explain the methodology and need for threat modeling to others
  • Diagramming techniques, including Data Flow Diagramming
  • Threat identification techniques, including STRIDE and attack trees
  • How to carry out technical risk rating using the OWASP risk rating methodology
  • How to mitigate security and privacy threats with standard mitigations
  • The soft skills that will make you a better threat modeler

Educational approach of this course

As highly skilled professionals with years of experience under our belts, we’re intimately familiar with the gap between academic knowledge of threat modeling and real-world practice.

We developed a two-month hybrid learning journey for threat modeling practitioners to help bridge that gap. You’ll get a one-year account on our aNewSpring hybrid learning platform. It’s been selected for its excellent blended, adaptive, and social learning features. Your hybrid learning journey starts way before the first live lab. It begins with the self-paced digital work you do to get you lab ready. And that goes hand-in-hand with live online sessions and regular mentoring. By the end of the course, you’ll have created your own threat model and gotten valuable personalised feedback from your trainer.

hybrid threat modeling outline

The course is a blend of practical use cases based on real-world projects and mentoring. Each use case includes an environmental description, questions, and templates for building a threat model.

Participants are challenged in virtual breakout rooms of three to four people to carry out the different stages of threat modeling on the following:

  • Diagramming web and mobile applications, sharing the same REST backend
  • Threat modeling an IoT gateway with a cloud-based update service
  • Get into the attacker’s head – modeling points of attack against a nuclear facility
  • Threat mitigations of OAuth scenarios for an HR application
  • Threat modeling the CI/CD pipeline


The results are discussed after each hands-on workshop, and participants receive a documented solution.

End product

To obtain your Threat Modeling Practitioner certificate, you need to:

  • Complete all the self-paced activities
  • Actively participate in the live labs
  • Hand in your own (viable) threat model


Your bonus training package includes:

  • One year of access to the e-learning platform
  • Access to our live lab recordings
  • Presentation handouts
  • Tailored use case worksheets
  • Detailed use case solution descriptions
  • Threat model documentation template
  • Template for calculating identified threat risk severity
  • Threat modeling playbook
  • STRIDE mapped on compliance standards

How to prepare yourself

Course essentials include:

  • Stable internet access
  • Your own laptop or tablet
  • Access to MS Teams with sharing turned on


And … before you attend, make sure you’ve got basic IT knowledge of web and mobile applications, databases & single sign-on (SSO) principles.


Do not hesitate to contact us if you have any questions on this training!

Week 1

Threat modeling introduction (self-paced)

  • Threat modeling in a secure development lifecycle
  • What is threat modeling?
  • Why perform threat modeling?
  • Threat modeling stages
  • Different threat modeling methodologies
  • Documenting a threat model

Week 2

Lab 1: Diagrams – what are you building? (self-paced & live lab 1)

  • Understanding context
  • Doomsday scenarios
  • Data flow diagrams
  • Trust boundaries
  • Hands-on: Diagramming web and mobile applications, sharing the same REST backend

Lab 2: Identifying threats – what can go wrong? (self-paced & live lab 2)

  • STRIDE introduction
  • Threat tables
  • Hands-on: Threat modeling an IoT gateway with a cloud-based update service
  • Attack trees
  • Attack libraries
  • Hands-on: Get into the attacker’s head – modeling points of attack against a nuclear facility

Week 3

Lab 3: Addressing each threat (self-paced & live lab 3)

  • How to address threats
  • Mitigation patterns
  • Setting priorities through risk calculation
  • Risk management
  • Threat agents
  • The mitigation process
  • Hands-on: Threat mitigations of OAuth scenarios for an HR application
  • Hands-on: threat modeling the CI/CD pipeline

Threat modeling tooling and resources (self-paced)

  • Open-Source & free tools
  • Commercial tools
  • Hard copy
  • Online resources
  • Threat modeling community
  • Example threat models

Month 2

Bring your own case (self-paced & live lab 4)

  • Bring your own threat model
  • Transfer activities
  • Mentoring
  • Review session

Price of the course


VAT exclusive


"Threat Modeling Practitioner Certificate"

At location Inhouse
  • “I took Whiteboard Hacking training with Sebastien and it really helped me understand how to threat model properly. I don’t think I have found any other training to be as comprehensive or deep and Sebastien provided relevant examples. I would highly recommend this training to others interested in Security.”

    Jeevan Singh

    Engineering Manager, Application Security at Segment

  • “Just finished your excellent Threat Modelling course, led by Steven Wierckx together with colleagues from all over Europe. It was really great, and comes recommended from my side to anyone interested in developing IT systems that are secure by design.”

    Fedder Skovgaard

    Enterprise Architect at Energinet.dk

  • “The instructor was extremely knowledgeable about the subject matter and provided a wealth of “war stories” that made this, often abstract, subject very real. I would highly recommend the threat modeling training presented by Toreon for any engineering team that takes security seriously.”

    Stephen de Vries

    CEO at IriusRisk

Schedule 2022





Threat Modeling Practitioner

access 11-Mar; live labs 18-Mar, 24-Mar and 30-Mar (12:00-15:00 CEST); review session 3-May (12:00-13:30 CEST)


Threat Modeling Practitioner

access 9-May; live labs 16-May, 20-May and 25-May (15:00-18:00 CEST); review session 21-Jun (16:00-17:30 CEST)


Threat Modeling Practitioner

access 12-Sep; live labs 19-Sep, 23-Sep and 29-Sep (12:00-15:00 CEST); review session 25-Oct (12:00-13:30 CEST)


We are recognized by:

  • Registration number KMO portefeuille: DV.O213013

    Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 30% or 20% subsidy from the Flemish Government on the cost of registration.

  • Acknowledgement by Chèque-Formation

    The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.