Many security leaders find themselves trapped in the moment—the moment of a news cycle, the moment of an incident. Being strategic requires that you move from seeing the leaves on a tree, through to seeing the whole forest, to communicating about the forest. Threat modeling gives you the way of seeing the forest, and a frame for communicating about the work that you (and your team) are doing and why you’re doing it.
More concretely, threat modeling involves developing a shared understanding of a product or service architecture and the problems that could happen. This understanding allows you to be proactive and to either move ahead of security issues or at least prioritize them. Additionally, because you’re starting at the architectural level, you can focus your work on the systems that are most important, rather than responding to “random” issues from penetration testing or compliance.
The training is designed to teach threat modeling to individuals working in software or operations: You will learn how to use models, that can be applied across software development and operations, leading to more effective communication and collaboration.
Course Trainer Adam Shostack is the author of the popular book “Threat Modeling: Designing For Security”
|Threat Modeling Lessons from Star Wars|
|What are you building (lecture & discussion)|
|Hands on (build a model, find threats)|
|What are you going to do about it (lecture and discussion)|
|Hands on mitigations|
|Bringing TM to your org|
|Using Elevation of Privilege|
|Changing organization practices|
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Got it!" below then you are consenting to this.