Duration 3 days
Time from

Our teachers for the training: Threat Modeling Practitioner

This training is online, taught in English, and involves 24 hours of materials (self-paced and live labs) over of 2 months.

With this hybrid online training we will teach you to become a threat modeling practitioner; how to threat model, and “build in” security as part of your secure development practice. This training is a blend of self-paced digital preparations with action-packed hands-on live labs delivered by our threat modeling experts.

Threat modeling is the best method to avoid risks in your applications or systems upfront. Without threat modeling your protection is a shot in the dark and you will only know your vulnerabilities once someone exploits them. The additional benefit of threat modeling is to get your team on the same page with a shared vision on security.

You will learn our Toreon risk-based unified threat modeling practice and how to keep it aligned with your business objectives using an iterative and repeatable playbook that fits agile and DevOps practices.

You will master the basics of threat modeling, learn how to diagram what you are building, understand how to identify threats using the STRIDE method and how to address each threat. We adapted our Black Hat training to a hybrid action-packed combination of self-paced learning and live labs with hands-on workshops covering real live use cases to learn how to do practical threat modeling.

Some feedback from our training attendees:

  • “Sebastien delivered! One of the best workshop instructors I’ve ever had.”
  • “Very nice training course, one of the best I ever attended.”
  • “I feel that this course is one of the most important courses to be taken by a security professional.”
  • “The group hands-on practical exercises truly helped.”


At the end of the training, you will get a Threat Modeling Practitioner certificate and one year access to our threat modeling templates and resources.

Why take this course?

By the end of this threat modeling practitioner course, you will understand:

  • Where threat modeling fits in a secure development lifecycle
  • The benefits of threat modeling
  • The different stages of threat modeling
  • The STRIDE model
  • Secure design mitigations
  • Risk rating


And you’ll be able to:

  • Create and update your own threat models with an incremental technique
  • Identify design flaws in your software
  • Use threat modeling as an awareness tool for your team and stakeholders
  • Get your team on the same page with a shared vision on security

Target group

This threat modeling practitioner course is aimed at software developers, architects, product managers, incident responders or security professionals who need to create or update a threat model.

Learning goals

You will learn:

  • The why, what, how and when of threat modeling
  • How to create and update a threat model
  • To create an actionable threat model, together with your stakeholders
  • How to organize and prepare efficient threat modeling workshops
  • To explain the methodology and need for threat modeling towards the involved roles
  • Diagramming techniques, including Data Flow Diagramming
  • Threat identification techniques, including STRIDE and attack trees
  • How to do technical risk rating, using the OWASP risk rating methodology
  • How to mitigate security and privacy threats with standard mitigations
  • The soft skills for becoming a better threat modeler

Educational approach of this course

As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.

To minimize that gap we have developed a 2-month hybrid learning journey for threat modeling practitioners. You will get an account for one year on our hybrid learning platform based on aNewSpring, which we selected for its excellent blended, adaptive, and social learning functionality. This hybrid training starts way before the first live lab. Your learning journey starts with self-paced digital preparations to get you lab ready. Followed by live online sessions, and continued mentoring. By the end of the training, you will have created your own threat model and get individual feedback from your trainer.

hybrid threat modeling outline

The training is a blend of practical use cases, based on real world projects, and mentoring. Each use case includes a description of the environment, together with questions and templates to build a threat model.

Students will be challenged in virtual breakout rooms of 3 to 4 people to perform the different stages of threat modeling on the following:

  • Diagramming web and mobile applications, sharing the same REST backend
  • Threat modeling an IoT gateway with a cloud-based update service
  • Get into the attacker’s head – modeling points of attack against a nuclear facility
  • Threat mitigations of OAuth scenarios for an HR application
  • Threat modeling the CI/CD pipeline


After each hands-on workshop, the results are discussed, and students receive a documented solution.

End product

You will get a Threat Modeling Practitioner certificate when you:

  • Completed all the self-paced activities
  • Actively participated in the live labs
  • Handed in your own threat model


You will receive the following package as part of the course:

  • 1 year access to the online learning platform
  • Access to the recordings of the live labs
  • Hand-outs of the presentations
  • Work sheets of the use cases
  • Detailed solution descriptions of the use cases
  • Template to document a threat model
  • Template to calculate risk levels of identified threats
  • Threat modeling playbook
  • STRIDE mapped on compliance standards

How to prepare yourself

Important pre-requisites for the training are:

  • Stable Internet access for the students
  • Students should have their own laptop or tablet available
  • Students should be able to participate in MS Teams with sharing functionality active


Before attending this course, students should have basic IT knowledge of web and mobile applications, databases & single sign on (SSO) principles.

Week 1

Threat modeling introduction (self-paced)

  • Threat modeling in a secure development lifecycle
  • What is threat modeling?
  • Why perform threat modeling?
  • Threat modeling stages
  • Different threat modeling methodologies
  • Document a threat model

Week 2

Lab 1: Diagrams – what are you building? (self-paced & live lab 1)

  • Understanding context
  • Doomsday scenarios
  • Data flow diagrams
  • Trust boundaries
  • Hands-on: Diagramming web and mobile applications, sharing the same REST backend

Lab 2: Identifying threats – what can go wrong? (self-paced & live lab 2)

  • STRIDE introduction
  • Threat tables
  • Hands-on: Threat modeling an IoT gateway with a cloud-based update service
  • Attack trees
  • Attack libraries
  • Hands-on: Get into the attacker’s head – modeling points of attack against a nuclear facility

Week 3

Lab 3: Addressing each threat (self-paced & live lab 3)

  • How to address threats
  • Mitigation patterns
  • Setting priorities through risk calculation
  • Risk management
  • Threat agents
  • The mitigation process
  • Hands-on: Threat mitigations of OAuth scenarios for an HR application
  • Hands-on: threat modeling the CI/CD pipeline

Threat modeling tooling and resources (self-paced)

  • Open-Source & free tools
  • Commercial tools
  • Hard copy
  • Online resources
  • Threat modeling community
  • Example threat models

Month 2

Bring your own case (self-paced & live lab 4)

  • Bring your own threat model
  • Transfer activities
  • Mentoring
  • Review session

Price of the course


Exclusive of VAT


"Threat Modeling Practitioner Certificate"

At location Inhouse

Schedule 2022





Threat Modeling Practitioner

17 january until 19 january 2022


Threat Modeling Practitioner

21 march until 23 march 2022


Threat Modeling Practitioner

23 may until 25 may 2022


Threat Modeling Practitioner

12 september until 14 september 2022


We are recognized by:

  • Registration number KMO portefeuille: DV.O213013

    Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 30% or 20% subsidy from the Flemish Government on the cost of registration.

  • Acknowledgement by Chèque-Formation

    The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.