Training from Shostack + Associates



Structured, systematic and comprehensive security comes when your team develops a common framework and approach for threat modeling. Our corporate training offerings are designed to help your team develop the common skills and language to deliver the security your customers are demanding.

Read More > >


Every business has unique needs. Sometimes it's training a team or division, sometimes it's a refresher for one or a few people. Our open courses enable a wider range of engagements that fit your needs.

Read More > >


We work with a variety of partners to help us deliver training in different forms and places. Many of these offerings are unique to leverage the strengths and creativity of those partners.

Read More > >

Focused on Threat Modeling

Our founder is one of the leading experts in threat modeling and security engineering. Our training is laser-focused on threat modeling as the heart of security engineering work. We've trained thousands of people with methods that deliver results.

Our Approach

Your team is too valuable to have their time wasted with anything but the best training. We know training works best when people have a chance to develop specific technical skills, to apply them, and to reflect on how they and others have applied them. We design our training on specific learning goals, including skills (technical and soft), values (the importance of security) and understanding (shifting left reduces rework).

Read More > >

Our Catalog

Shostack + Associates offers threat modeling classes in ways that are designed to scale to your needs. We have options ranging from the World's Shortest Threat Modeling Course to self-paced (also called CBT) to standard instructor led offerings, and we've even done highly customized courses to meet specific needs.

Read More > >