Threat modeling training
Threat modeling helps to take a wider perspective and understand cases in which you need to protect your essential assets. It is recommended to perform a threat modeling session not only before the start of security tests but also while considering new functionality for an existing application or before making any changes to your infrastructure.
Asking “what could go wrong” early in the SDLC process makes it a lot easier to secure your resources in the first place. Let us share the best practices for implementing threat modeling in your organization.
Training objectives
- Creating a solid basis to understand different threat modeling methodologies.
- Getting to know a simplified threat modeling process using 3 key questions: What? Who? How?
- Gaining practical experience with real-world examples.
- Being able to perform threat modeling at scale and implement it in various test cases.
No theory – just practical application
We focus on the practical application of the acquired knowledge, therefore, during the workshops, you will discover exercises based on real-world examples. Each company is different, so we select example scenarios that may happen in your case. During this training, your team will be exposed to many new situations – in this way, we encourage you to think outside the box and understand the attacker’s perspective.
Your team will confront a wide range of the most common attacks and vulnerabilities that we encounter in our daily work as security professionals. We will broaden your horizons about cybersecurity, but more importantly, we will focus on the appropriate evaluation and prioritization of the implemented security measures.
While preparing such training, we do our best to understand your current situation and adjust to an optimal agenda.
Content and course of the training
We make the training adjustable to your future projects so that you are able to make threat modeling sessions when you need them. No matter if it is an application, an infrastructure, or a business decision.
To ensure this, we stick to the following framework of the course:
- Session effectiveness – How to lead a threat modeling session? Whom to invite? What to prepare? Best tools and common pitfalls.
- Introduction to mechanics – we will share examples (short TM sessions), through which we will gradually introduce participants to more abstract thinking.
- Real-life application – an exercise based on the system/application/infrastructure that is the most similar to your case.
- Methodology selection – adjusting use cases and best practices to the realities of your organization.
- Record of outcomes – documenting and structuring thoughts collected during the workshop.
For a threat modeling session to be effective, it is highly recommended for a team to have a specialist in security – a domain expert who knows how to attack specific technologies under analysis. It would be best if it was a person from your organization, however, we can also “lend” you one of our specialists.
How to get started?
If you would like to implement threat modeling in your organization, fill out our contact form and we will get back to you with our full offer.
You can also schedule a quick discovery call straight away by choosing the time slot in the calendar below:
In the meantime, we recommend an article on threat modeling from our Knowledge Base:
Thinking what can go wrong? Introduction to Threat Modeling.
