Trainer Name: Geoffrey Hill

Title: Rapid Threat Model Prototyping (RTMP) - a better, faster way to Do Threat Modeling in Agile

Duration: 3 Days

Dates: Sept. 20, 2023 To Sept. 22, 2023

Training Objectives

The objective of this course is to provide the delegates with a structured and streamlined threat modeling approach that aligns with any modern, quick-paced development environment. Delegates will achieve the following 3 training goals:

Goal 1: Clear understanding of where traditional threat modeling fails with modern software workflows

Goal 2: Using and linking publicly available security frameworks for threat and mitigation data (e.g. OWASP Top 10, Mitre CWE, AWS, Azure)

Goal 3: Introduction to Rapid Threat Model Prototyping, and Integrating into an Agile-based Environment

Training level: Basic; Intermediate

Training Outlines

The following modules will be presented to the class:

Day 1

  • Module 1 - Why do Threat Modeling and where traditional modeling fails
    lab - mapping attack kill chain with Mitre Att&ck framework
  • Module 2 - Conceptual Threat Frameworks (STRIDE, OWASP Top 10, Mitre CWE)
    labs - mapping STRIDE, OT10, and CWE frameworks for preseeded threats & mitigations

Day 2

  • Module 3 - Elements that make up a threat model... decomposition of the model (e.g. assets, threats, mitigations, threat agents, owners, etc.)
  • Module 4 - Threat Modeling 101 (basic steps in doing a threat model and STRIDE analysis for very quick threat modeling)
    labs - mapping STRIDE, AWS, Azure, GCP

Day 3

  • Module 5 - Rapid Threat Model Prototyping (Agile Architecture process and integrating new steps)
  • Module 6 - Lab where (putting all the previous modules together); this lab will go through stages such as attributing zones of trust, doing rules execution, and finding threats and mitigations via linked frameworks

The lab is based on several scenarios which the students can pick, or they can choose their own scenarios from work.

There will be a number of smaller labs and presenter-led discussions per module. All labs are group-based, as opposed to individual activities. This model is what takes place in actual work environments.

What to Bring?

Delegates should bring along laptops with access to a technical drawing tool (such as or Lucidcharts) and a spreadsheet app, for creating the links between the security frameworks.

Training Prerequisite

  • Delegates should read Adam Shostack's seminal book, "Threat Modeling: Designing for Security" to get a baseline understanding of what threat modeling is and how it works.
  • There are group discussions and instructor-led ‘hands-on’ labs within each module of this course. Delegates are encouraged to engage fully with each hands-on lab in order to get the best experience.

Who Should Attend?

The intended audience for this course is primarily system Developers, Designers, and Architects.

Anyone who understands the technical aspects of building and maintaining secure systems would also find this course very useful.

What to Expect?

  • Delegates will understand how to leverage current, well-known security frameworks when developing out-living threat models that can be quickly created and maintained in an Agile environment.
  • The RTMP methodology of threat modeling is also a new way to approach the activity, which enables the practitioner to develop threat models much more quickly than in a traditional manner.

What attendees will get

  • Delegates will get a collection of supporting documents regarding the course contents.
  • Delegates will also create integration output for public frameworks, in addition to having a chance to do a live threat model on their own situations.

What not to expect?

  • This is not a secure coding course. It is not a threat-hunting course. It is not an Agile course.
  • This course covers the methods, processes, and frameworks that are crucial for designing secure software systems by using a novel approach to threat modeling.
  • This should be considered at the Basic level (fundamentals of threat modeling) PLUS Intermediate (RTMP and integration with Agile, linking public frameworks, etc.)

About the Trainer

Geoff Hill worked for the past 5 years on Wall Street as a commodities trader. He created an options pricing program and sold the results daily on the NYC Commodities Exchange. He spent 8 years at Microsoft and created an Agile-focused SDL process for our customers.

Geoff has also developed threat model theories with Adam Shostack, the leading threat model specialist in the world. He worked for Cigital (a specialist security firm) for 2 years and then spent 4 years as a software security architect for Visa Europe. He has been a threat modeling and application security trainer for 10+ years.

Most importantly, he is a co-founder of an Agile-based threat model consultancy and the creator of the Tutamen automated threat modeling SaaS product (founder of Tutamantic_Sec).