Threat Modeling Intensive (222) Course from Shostack + Associates


Course Overview

Our most popular course, designed to provide attendees the ability to more consistently and efficiently apply threat modeling using the Four Question Framework:

Learning outcomes

After taking this class, participants will have the knowledge and skills to consistently and efficiently use the Four Question Framework. That includes data flow diagrams, STRIDE and kill chains to identify threats, risk management and mitigation techniques, and the ability to choose between them for specific situations. They will also understand how to document results, and advance threat modeling results for action.

Course Content

20 Hours over 5 days. This course has equivallent content and learning goals to our 201 and 202 courses, delivered as an integrated package.

Relative to our Architects Course

Threat Modeling for Architects focuses on teaching a single method to address Four Questions. In intensive, we add more methods to address each, and learn to assess which to apply. That includes state machines and message diagrams to express what we're working on, kill chains and attack trees to address what can go wrong, and risk management approaches to bring more nuance to what we're going to do about each. Intensive also has a set of optional videos and exercises to allow students to go further.