Threat Modeling by Adam Shostack


12-13 Sep 2018




$2,100 USD


This course is no longer available

This is a past event

This is the page of a past DevSecCon event. To view and select current events, please return to

Join us this September at Adam Shostack’s Threat Modeling course and DevSecCon Boston 2018: The booking of the training course includes a complimentary 2-day conference pass!

Training Objectives

Threat modeling is how security gets a seat at the table. In this course, you’ll learn from Adam Shostack, author of the book “Threat Modeling: Designing For Security”, threat model real systems, and come back ready to champion threat modeling for your organization. 


Many security leaders find themselves trapped in the moment—the moment of a news cycle, the moment of an incident. Being strategic requires that you move from seeing the leaves on a tree, through to seeing the whole forest, to communicating about the forest. Threat modeling gives you the way of seeing the forest, and a frame for communicating about the work that you (and your team) are doing and why you’re doing it.

More concretely, threat modeling involves developing a shared understanding of a product or service architecture and the problems that could happen. This understanding allows you to be proactive and to either move ahead of security issues or at least prioritize them. Additionally, because you’re starting at the architectural level, you can focus your work on the systems that are most important, rather than responding to “random” issues from penetration testing or compliance.

The training is designed to teach threat modeling to individuals working in software or operations: You will learn how to use models, that can be applied across software development and operations, leading to more effective communication and collaboration.

Course Trainer Adam Shostack is the author of the popular book “Threat Modeling: Designing For Security”

Course outline

Threat Modeling Lessons from Star Wars
What are you building (lecture & discussion)
Hands on (build a model, find threats)
Present threats
What are you going to do about it (lecture and discussion)
Hands on mitigations
Present mitigations
Bringing TM to your org
Common objections
Using Elevation of Privilege
Changing organization practices

Register now

BOSTON | 12-13 SEP 2018

$2,100 USD (excl. VAT)

2-in-1 Package: Booking of this training course includes a complimentary 2-day conference pass for DevSecCon Boston (10-11 Sep 2018)!

SOLD OUT – This course is no longer available

About the trainer

Consultant, Shostack & Associates

Adam is a consultant, entrepreneur, technologist, author and game designer. He’s a member of the BlackHat Review Board, and helped found the CVE and many other things. He’s currently helping a variety of organizations improve their security, and advising and mentoring startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of “Threat Modeling: Designing for Security” and the co-author of “The New School of Information Security”.

Enquire now

Send us a message to find out more about our courses

I'm interested in: Real-World SecuritySecurity in the CloudDocker Security and Orchestration WorkshopPractical DevSecOps - Continuous Security in the age of cloud

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.