About The Training
Goa 2025 | Trainings
- AI Security: Terminating The Terminator
- Advanced Infrastructure Security Assessment
- Azure Cloud Attacks for Red and Blue Teams
- Blocking the Storm: A Hands-On Guide to Hardening and Securing Kubernetes Clusters
- DevSecOps - A Hands-on Experience
- Efficient Malware Analysis: Comprehensive Approach
- IoT Security Bootcamp GOA Edition
- Rapid Threat Model Prototyping (RTMP) - Agile Threat Modeling Mastery including Cloud and AI
- The Application Security Tool Stack - How to Discover Vulnerabilities in Software
Rapid Threat Model Prototyping (RTMP) - Agile Threat Modeling Mastery including Cloud and AI
Start Date: Feb 26, 2025
End Date: Feb 28, 2025
Venue: TBA
The objective of this course is to provide the delegates with a structured and streamlined threat modeling approach that aligns with any modern, quick-paced development environment. Delegates will achieve the following 3 training goals: Goal 1: Clear understanding of where traditional threat modeling fails with modern software workflows Goal 2: Using and linking publicly available security frameworks for threat and mitigation data (e.g. OWASP Top 10, Mitre CWE, AWS, Azure) Goal 3: Introduction to Rapid Threat Model Prototyping, and Integrating into an Agile-based Environment. In addition the delegates will consider modern cloud, privacy and AI issues that they are encountering currently.
Basic - Intermediate
The following modules will be presented to the class:
Day 1
- Module 1 - Why do Threat Modeling and where does traditional modeling fail
Labs - mapping attack kill chain with Mitre Att&ck framework
- Module 2 - Conceptual Threat Frameworks (STRIDE, OWASP Top 10, Mitre CWE);understanding cloud threats;understanding privacy (LINDDUN)
Labs - mapping STRIDE, OT10, and CWE frameworks for preseeded threats & mitigations
Day 2
- Module 3 - Elements that make up a threat model... decomposition of the model (e.g. assets, threats, mitigations, threat agents, owners, etc.);understanding AI threats
- Module 4 - Threat Modeling 101 (basic steps in doing a threat model and STRIDE analysis for very quick threat modeling)
Labs - mapping STRIDE, AWS, Azure, GCP
Day 3
- Module 5 - Rapid Threat Model Prototyping (Agile Architecture process and integrating new steps)
- Module 6 - Lab where (putting all the previous modules together);this lab will go through stages such as attributing zones of trust, doing rules execution, and finding threats and mitigations via linked frameworks
The lab is based on several scenarios which the students can pick, or they can choose their own scenarios from work. There will be a number of smaller labs and presenter-led discussions per module. All labs are group-based, as opposed to individual activities. This model is what takes place in actual work environments.
Delegates should bring laptops with access to a technical drawing tool (such as draw.io (https://app.diagrams.net/ ) or Lucidcharts) and a spreadsheet app to create the links between the security frameworks. Delegates from the same company should plan to work together on systems they have as opposed to the default scenarios that the course provides for the final lab.
Delegates should read Adam Shostack's seminal book, "Threat Modeling: Designing for Security" to get a baseline understanding of what threat modeling is and how it works.
There are group discussions and instructor-led ‘hands-on’ labs within each module of this course. Delegates are encouraged to engage fully with each hands-on lab in order to get the best experience.
The intended audience for this course is primarily system Developers, Architects, Designers, and Testers. Anyone who understands the technical aspects of building and maintaining secure systems would also find this course very useful.
Delegates will understand how to leverage well-known active security frameworks using the RTMP methodology to develop and maintain living threat models in an Agile environment.
RTMP will enable practitioners to repurpose their current library of functional models, schema and stories into threat models, and do this much more quickly than using traditional threat modeling methods.
Delegates will create libraries to integrate the public security frameworks into their threat models , in addition to doing a live threat model on their own scenarios during the final lab (if they choose).
Delegates will also get a collection of supporting pdfs on the main concepts covered in the training.
This is not a secure coding course. It is not a threat-hunting course. It is not an Agile course.
This course covers the methods, processes, and frameworks that are crucial for designing secure software systems by using a novel approach to threat modeling.
This should be considered at the Basic level (fundamentals of threat modeling) PLUS Intermediate (RTMP and integration with Agile, linking public frameworks, etc.)
Geoffrey Hill is an accredited cybersecurity professional who has been practicing threat modeling for over 20 years. He has spent time working with Wall Street commodities firms on their risk models. He worked for 8 years at Microsoft and created an Agile-focused security process for their customers. He developed several threat model theories with industry thought leaders such as Adam Shostack. Geoff has also had 4 years as a software security architect for Visa (London) and ~2 years with the London Metals Exchange.
Geoff has been a security trainer for over 15 years and is a Fellow of the Chartered Institute of Information Security (CIISec) in addition to being a full member of the UK-based Cybersecurity Business Network. He is the founder of Tutamantic_Sec and the creator of the Tutamen automated threat modeling SaaS product.