Topic: Threat Modeling Essentials $1895
Trainer:
- Adam Shostack
Outline:
Why we threat model
The threat landscape is continuously evolving. New attacks and vulnerabilities emerge nearly
every day, making it challenging to build secure systems. This is why we Threat Model.
Threat Modeling is the "measure twice, cut once" of cybersecurity. It's a structured process that
helps you see the big picture, so you can create targeted defense strategies. By methodically
analyzing components, data flows, trust boundaries and more, threat modeling reveals security
design flaws and high-risk areas.
The key benefits of threat modeling include:
- Find bugs early: Fixing flaws late in development is costly. Find them upfront through
threat modeling. - Understand security needs: Threat modeling highlights where defenses should focus,
saving time and resources. - Build better systems: Design secure architecture by identifying risks before
implementation. - Meet deadlines: Prioritize risks and guide security efforts where they matter most.
Who is this course for?
This self-paced version of 'Threat Modeling Essentials' is a focused course perfect for busy
security architects, software developers, product managers, and more, looking to develop
fundamental skills to find and mitigate threats systematically. You will learn to visualize systems,
map data flows, understand vulnerabilities and recommend mitigations.
Course Overview
The Threat Modeling Essentials course is designed to provide attendees the ability to more
consistently and efficiently apply threat modeling using the Four Question Framework:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good job?
Adam Shostack
Adam is the author of Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars. He’s a leading expert on threat modeling, a consultant, expert witness, and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.
His accomplishments include:
- Helped create the CVE. Now an Emeritus member of the Advisory Board.
- Fixed Autorun for hundreds of millions of systems
- Led the design and delivery of the Microsoft SDL Threat Modeling Tool (v3)
- Created the Elevation of Privilege threat modeling game
- Co-authored The New School of Information Security
Beyond consulting and training, Shostack serves as a member of the Blackhat Review Board, an advisor to a variety of companies and academic institutions, and an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.