Expert hands-on certified threat modeling training

Or Whiteboard Hacking Training

Why Toreon?

Our threat modeling training is based on real life hands-on practical threat modeling, and delivered every year at OWASP since 2016, and Black Hat Trainings since 2017.

Our average Black Hat training score is 4.7/5, with great feedback!

It is designed to equip professionals with the skills and knowledge to effectively perform threat modeling, a critical component of secure software development.

Our certification program blends self-paced learning with interactive live labs, providing participants with hands-on experience applying threat modeling techniques to real-world cybersecurity scenarios.

Are you looking for a shorter, more focused version highlighting the benefits for individuals and teams? Then, look at our Threat Model Practitioner training with the Data Protection Institute.

Enhance Your Threat Modeling Skills and Become a Certified Threat Modeling Practitioner

We offer two tailored security training options: an in-company program for teams or a 20-hour online course for individuals.

Both provide hands-on experience, expert guidance, and custom threat modeling to elevate your security skills.

Earn your Threat Modeling Practitioner certification with our in-company training options: the 2-day “Agile Whiteboard Hacking” or the 20-hour “Threat Modeling Practitioner” hybrid course.

Included are our Threat Modeling Playbook, one-year online learning access, and a one-hour personal coaching session.

Learning objectives

By the end of our training, participants will:

Understand the why, what, how, and when of threat modeling.
Learn to create and update threat models.
Develop actionable threat models in collaboration with stakeholders.
Organize and facilitate effective threat modeling workshops.
Explain the importance and methodology of threat modeling to others.

Master diagramming techniques, including Data Flow Diagramming.
Identify threats using techniques such as STRIDE and attack trees.
Perform technical risk rating using the OWASP risk rating methodology.
Mitigate security and privacy threats using standard mitigations.
Develop the soft skills necessary to excel as a threat modeler.

Training structure

Week 1: Introduction to Threat Modeling

Understanding the role of threat modeling in the secure development lifecycle.
Overview of various threat modeling methodologies.
Documenting and communicating threat models effectively.

Week 2: Diagramming and Contextual Analysis

Techniques for diagramming what you’re building.
Understanding context and defining trust boundaries.
Hands-on lab: Diagramming web and mobile applications sharing the same REST backend.

Week 3: Identifying Threats

Introduction to STRIDE and threat identification.
Practical application: Threat modeling an IoT gateway with a cloud-based update service.
Advanced techniques: Attack trees and attack libraries.
Hands-on lab: Modeling attack points against critical infrastructure.

Week 4: Addressing Threats

Strategies for addressing and mitigating identified threats.
Risk management and threat agents.
Hands-on lab: Threat mitigations for OAuth scenarios in an HR application.

Month 2: Practical Application

Apply your knowledge by developing your own threat model.
Engage in a live review session for personalized feedback.
Continue learning with access to our resources and templates.

Who is this training designed for?

Whether you’re already a seasoned professional looking to get certified or you’re part of a team that wants to learn and implement industry security best practices around threat modeling processes, our training is for you.

Software developers and architects.
Product managers and incident responders.
Security professionals responsible for creating or updating threat models.

Threat Modeling Certification

Participants who complete all self-paced activities, actively participate in live labs, and submit a viable threat model will become a threat modeling security professional and you will receive the Toreon Threat Modeling Practitioner certificate.

Additionally, you’ll gain one-year access to our e-learning platform, lab recordings, presentation handouts, and other valuable resources.

Why Choose our Threat Model Training?

Practical Focus: Our course bridges the gap between theoretical knowledge and real-world application, preparing you to handle actual threat modeling challenges.
Expert Instruction: Learn from seasoned professionals who bring years of experience in application security and threat modeling.
Comprehensive Resources: Enjoy extended access to our digital resources, including threat modeling templates, playbooks, and compliance mappings.

Become a Certified Threat Modeling Professional

Earn your Threat Modeling Professional certification with our in-company training options: the 2-day “Agile Whiteboard Hacking” or the 20-hour “Threat Modeling Practitioner” hybrid course. Included are our Threat Modeling Playbook, one-year online learning access, and a one-hour personal coaching session.

Training Brochures

Download brochures for our 2-day “Agile Whiteboard Hacking” or 20-hour hybrid Threat Modeling Practitioner courses.

Medical Device Security

Secure your medical devices from design to deployment. Our specialized training integrates FDA requirements, ISO 14971 risk management, and industry-specific threat scenarios to help you meet regulatory compliance while protecting patient safety.

Enterprise-Scale Implementation

Power up your security program with AI-enhanced threat modeling. Our certification program, developed in partnership with IriusRisk, helps enterprises scale their threat modeling practices through automation, consistent methodologies, and practical implementation strategies.

What others have to say about our certified threat modeling training

Sebastien delivered! One of the best workshop instructors I’ve ever had.

Just finished your excellent Threat Modelling course, led by Steven Wierckx together with colleagues from all over Europe. It was really great, and comes recommended from my side to anyone interested in developing IT systems that are secure by design.

I feel that this course is one of the most important courses to be taken by a security professional.

The group hands-on practical exercises truly helped.

Toreon’s comprehensive Threat Modeling training has enabled several Trend Micro R&D teams to identify software security risks at the design phase with a structured approach.

Modern, comprehensive threat modeling techniques.

Upcoming threat modeling open training sessions

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by HITB, Abu Dhabi

Next training dates:
25-26 November 2024

Threat Modeling Practitioner training, hybrid online, hosted by DPI

Cohort starting on 6 Dec 2024

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Black Hat Europe, London