About The Training

The objective of this course is to provide the delegates with a structured and streamlined threat modeling approach that aligns with any modern, quick-paced development environment. Delegates will achieve the following 3 training goals: Goal 1: Clear understanding of where traditional threat modeling fails with modern software workflows Goal 2: Using and linking publicly available security frameworks for threat and mitigation data (e.g. OWASP Top 10, Mitre CWE, AWS, Azure) Goal 3: Introduction to Rapid Threat Model Prototyping, and Integrating into an Agile-based Environment. In addition the delegates will consider modern cloud, privacy and AI issues that they are encountering currently.

Basic - Intermediate 

The following modules will be presented to the class:

Day 1

• Module 1 - Why do Threat Modeling and where does traditional modeling fail 

        Labs - mapping attack kill chain with Mitre Att&ck framework

• Module 2 - Conceptual Threat Frameworks (STRIDE, OWASP Top 10, Mitre CWE);understanding cloud threats;understanding privacy (LINDDUN)

         Labs - mapping STRIDE, OT10, and CWE frameworks for preseeded threats & mitigations

Day 2

• Module 3 - Elements that make up a threat model... decomposition of the model (e.g. assets, threats, mitigations, threat agents, owners, etc.);understanding AI threats
• Module 4 - Threat Modeling 101 (basic steps in doing a threat model and STRIDE analysis for very quick threat modeling)

       Labs - mapping STRIDE, AWS, Azure, GCP

Day 3

• Module 5 - Rapid Threat Model Prototyping (Agile Architecture process and integrating new steps)
• Module 6 - Lab where (putting all the previous modules together);this lab will go through stages such as attributing zones of trust, doing rules execution, and finding threats and mitigations via linked frameworks
   

The lab is based on several scenarios which the students can pick, or they can choose their own scenarios from work. There will be a number of smaller labs and presenter-led discussions per module. All labs are group-based, as opposed to individual activities. This model is what takes place in actual work environments.

Delegates should bring laptops with access to a technical drawing tool (such as draw.io (https://app.diagrams.net/ ) or Lucidcharts) and a spreadsheet app to create the links between the security frameworks. Delegates from the same company should plan to work together on systems they have as opposed to the default scenarios that the course provides for the final lab.

Delegates should read Adam Shostack's seminal book, "Threat Modeling: Designing for Security" to get a baseline understanding of what threat modeling is and how it works.

There are group discussions and instructor-led ‘hands-on’ labs within each module of this course. Delegates are encouraged to engage fully with each hands-on lab in order to get the best experience.

The intended audience for this course is primarily system Developers, Architects, Designers, and Testers. Anyone who understands the technical aspects of building and maintaining secure systems would also find this course very useful.

Delegates will understand how to leverage well-known active security frameworks using the RTMP methodology to develop and maintain living threat models in an Agile environment.

RTMP will enable practitioners to repurpose their current library of functional models, schema and stories into threat models, and do this much more quickly than using traditional threat modeling methods.

Delegates will create libraries to integrate the public security frameworks into their threat models , in addition to doing a live threat model on their own scenarios during the final lab (if they choose).

Delegates will also get a collection of supporting pdfs on the main concepts covered in the training.

This is not a secure coding course. It is not a threat-hunting course. It is not an Agile course.

This course covers the methods, processes, and frameworks that are crucial for designing secure software systems by using a novel approach to threat modeling.

This should be considered at the Basic level (fundamentals of threat modeling) PLUS Intermediate (RTMP and integration with Agile, linking public frameworks, etc.)