We regularly organize online threat modeling courses for product managers, CISOs, software developers, architects, DevOps engineers, and security professionals.

The primary benefit of threat modeling is to get your team on the same page with a shared vision on security. We teach you how to threat model, and “build in” security as part of your secure development practice.

Our methodology strives to identify and manage design flaws in an iterative and repeatable approach that fits agile and DevOps practices.

To you right you find the latest list of online open Toreon trainings. 

Below is a description of our online training events.

If you want to know more about our other trainings (on conferences or in-company), check out our main Threat Modeling Training page.

Most of our trainings are organized as in-company trainings teaching development teams and threat modeling practitioners how to threat model and how to start and improve an efficient threat modeling practice.

Hands-on threat modeling and tooling for DevSecOps (2 x 4h on 18-29 August, 2021) 495 EUR plus VAT per seat

Whiteboard Hacking a.k.a. Hands-on Threat Modeling hosted by Toreon (2 x 4h on 22-23 September, 2021) 495 EUR plus VAT per seat

Hands-on threat modeling and tooling for DevSecOps (2 x 4h on 29-20 October, 2021) 495 EUR plus VAT per seat

Hands-on threat modeling and tooling for DevSecOps (2 x 4h on 23-24 November, 2021) 495 EUR plus VAT per seat

We converted our Black Hat edition training to an online action-packed 1 day training with hands-on workshops covering real live use cases to learn how to do practical threat modeling.

You will learn the basics of threat modeling and to understand what you are building, how to identify threats using the STRIDE method and how to address each threat.

You will be challenged to perform practical threat modeling covering the different stages of threat modeling on:

• A hotel booking web and mobile application, sharing the same REST backend
• An Internet of Things (IoT) deployment with an on premise gateway and secure update service
• An HR services OAuth scenario for mobile and web applications

This course is for you if you are an IT architect, system manager, security professional, ethical hacker or AppSec champion.

Download the full training outline and details here.

We created a 1-day online threat modeling course specifically for DevOps Engineers to improve reliability and security of delivered software.

You will learn an iterative and incremental threat modeling method that is integrated in the development and deployment pipeline

You will be challenged to perform practical threat modeling covering the different stages of threat modeling. Exercises are built upon a fictional Acme Hotel Booking (AHB) system, where we migrate a legacy client-server system towards a cloud based, micro service stack using AWS services:

• Sprint 1: Modeling a hotel booking web and mobile application, sharing a REST backend
• Sprint 2: Threat identification as part of migrating the booking system application to AWS
• Sprint 3: AWS threat mitigations for the booking system build on microservices
• Sprint 4: Building an attack library for CI/CD pipelines

This course is for you if you are a product manager, software developer, architects, DevOps engineer or application security professional.

Download the full training outline and details here.

“Sebastien delivered! One of the best workshop instructors I’ve ever had. (Black Hat training participant)”

“I took Whiteboard Hacking training with Sebastien and it really helped me understand how to threat model properly. I don’t think I have found any other training to be as comprehensive or deep and Sebastien provided relevant examples. I would highly recommend this training to others interested in Security. (Jeevan Singh, Engineering Manager, Application Security at Segment)”

“Just finished your excellent Threat Modelling course, led by Steven Wierckx together with colleagues from all over Europe. It was really great, and comes recommended from my side to anyone interested in developing IT systems that are secure by design. (Fedder Skovgaard, Enterprise Architect at Energinet.dk)”

“I feel that this course is one of the most important courses to be taken by a security professional. (Black Hat training participant)”

“The group hands-on practical exercises truly helped. (OWASP training participant)”

“Toreon’s comprehensive Threat Modeling training has enabled several Trend Micro R&D teams to identify software security risks at the design phase with a structured approach. (ChiChang Kung, R&D Architect at Trend Micro)”

“Modern, comprehensive threat modeling techniques. (O’Reilly training participant)”