Shostack + Friends Blog


Threat Modeling Open Training: First Quarter, 2022

Open threat modeling training, Q1 2022 A data flow diagram

What: I'm really excited to announce my next threat modeling training (open, remote-only, instructor-led) will be Feb 28-March 4, 8AM-10AM Pacific time, and seats are still available! We limit these courses to 24 people so everyone can get personalized attention. Everyone in the course gets a certificate of completion (suitable for CPE credit) as well as a package of cool threat modeling physical tools.

Why: Threat modeling is the language of security, and it's the techniques we use to understand the problems a future system can encounter so we can deal with them in a strategic way. Individuals have signed up for the course to advance their careers, while companies often send people to learn to bring more value earlier in the process.

Who: Course participants are usually senior, experienced engineers who are involved in technology delivery. That includes SWE or software developers, SRE, program and project managers. You do not need to know how to code or hack to participate and learn in this course. We've also had line of business owners, recent graduates, and even PhD candidates. Also, this is earlier than many of our courses, and so it's great for those in Europe.

How: Sign up at Also, if you use coupon adamblog2022 by next Friday (Jan 24), you get 10% off!

Note: the DFD is an exercise from previous class, who wanted to threat model a Spotify-style music service. We had no idea how close any of that might be. All models are wrong, some models are useful.