Expert hands-on certified threat modeling training

Or Whiteboard Hacking Training

Why Toreon?

Our threat modeling training is based on real life hands-on practical threat modeling, and delivered every year at OWASP since 2016, and Black Hat Trainings since 2017.

Our average Black Hat training score is 4.7/5, with great feedback!

It is designed to equip professionals with the skills and knowledge to effectively perform threat modeling, a critical component of secure software development.

Our certification program blends self-paced learning with interactive live labs, providing participants with hands-on experience applying threat modeling techniques to real-world cybersecurity scenarios.

Are you looking for a shorter, more focused version highlighting the benefits for individuals and teams? Then, look at our Threat Model Practitioner training with the Data Protection Institute.

Enhance Your Threat Modeling Skills and Become a Certified Threat Modeling Practitioner​

We offer two tailored security training options: an in-company program for teams or a 20-hour online course for individuals.

Both provide hands-on experience, expert guidance, and custom threat modeling to elevate your security skills.

Earn your Threat Modeling Practitioner certification with our in-company training options: the 2-day “Agile Whiteboard Hacking” or the 20-hour “Threat Modeling Practitioner” hybrid course.

Included are our Threat Modeling Playbook, one-year online learning access, and a one-hour personal coaching session.

Learning objectives

By the end of our training, participants will:

  • Understand the why, what, how, and when of threat modeling.
  • Learn to create and update threat models.
  • Develop actionable threat models in collaboration with stakeholders.
  • Organize and facilitate effective threat modeling workshops.
  • Explain the importance and methodology of threat modeling to others.
  • Master diagramming techniques, including Data Flow Diagramming.
  • Identify threats using techniques such as STRIDE and attack trees.
  • Perform technical risk rating using the OWASP risk rating methodology.
  • Mitigate security and privacy threats using standard mitigations.
  • Develop the soft skills necessary to excel as a threat modeler. 

Training structure

Week 1: Introduction to Threat Modeling

  • Understanding the role of threat modeling in the secure development lifecycle.
  • Overview of various threat modeling methodologies.
  • Documenting and communicating threat models effectively.

Week 2: Diagramming and Contextual Analysis

  • Techniques for diagramming what you’re building.
  • Understanding context and defining trust boundaries.
  • Hands-on lab: Diagramming web and mobile applications sharing the same REST backend.

Week 3: Identifying Threats

  • Introduction to STRIDE and threat identification.
  • Practical application: Threat modeling an IoT gateway with a cloud-based update service.
  • Advanced techniques: Attack trees and attack libraries.
  • Hands-on lab: Modeling attack points against critical infrastructure.

Week 4: Addressing Threats

  • Strategies for addressing and mitigating identified threats.
  • Risk management and threat agents.
  • Hands-on lab: Threat mitigations for OAuth scenarios in an HR application.

Month 2: Practical Application

  • Apply your knowledge by developing your own threat model.
  • Engage in a live review session for personalized feedback.
  • Continue learning with access to our resources and templates.

Who is this training designed for?

Whether you’re already a seasoned professional looking to get certified or you’re part of a team that wants to learn and implement industry security best practices around threat modeling processes, our training is for you.

  • Software developers and architects.
  • Product managers and incident responders.
  • Security professionals responsible for creating or updating threat models.

We also have a Threat Modeling training program specifically for medical device manufacturers.

Threat Modeling Certification

Participants who complete all self-paced activities, actively participate in live labs, and submit a viable threat model will become a threat modeling security professional and you will receive the Toreon Threat Modeling Practitioner certificate. 

Additionally, you’ll gain one-year access to our e-learning platform, lab recordings, presentation handouts, and other valuable resources.

Why Choose our Threat Model Training?

  • Practical Focus: Our course bridges the gap between theoretical knowledge and real-world application, preparing you to handle actual threat modeling challenges.
  • Expert Instruction: Learn from seasoned professionals who bring years of experience in application security and threat modeling.
  • Comprehensive Resources: Enjoy extended access to our digital resources, including threat modeling templates, playbooks, and compliance mappings.

Become a Certified Threat Modeling Professional

Earn your Threat Modeling Professional certification with our in-company training options: the 2-day “Agile Whiteboard Hacking” or the 20-hour “Threat Modeling Practitioner” hybrid course. Included are our Threat Modeling Playbook, one-year online learning access, and a one-hour personal coaching session.

Training Brochures

Download brochures for our 2-day “Agile Whiteboard Hacking” or 20-hour hybrid Threat Modeling Practitioner courses.

Hear from others

Upcoming threat modeling open training sessions​

Threat Modeling Practitioner training, hybrid online, hosted by DPI

Cohort starting on 23 Sep 2024

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Global AppSec OWASP, San Francisco, USA 

Next training dates:
24-25 September 2024

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by HITB, Abu Dhabi 

Next training dates:
25-26 November 2024

Threat Modeling Practitioner training, hybrid online, hosted by DPI

Cohort starting on 23 Sep 2024

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Global AppSec OWASP, San Francisco, USA 

Next training dates:
24-25 September 2024

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by HITB, Abu Dhabi 

Next training dates:
25-26 November 2024

Threat Modeling Practitioner training, hybrid online, hosted by DPI

Cohort starting on 6 Dec 2024

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Black Hat Europe, London

Next training dates:
9-10 December 2024

Threat Modeling Practitioner training, hybrid online, hosted by DPI

Cohort starting on 6 Dec 2024

Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Black Hat Europe, London

Next training dates:
9-10 December 2024

Ask about our in-company threat modeling training

Get in touch with us today.

Our Services

We have a lot more digital security services for you to discover.

Take a look at what else we can do for your organization.

Toreon Vancancie Logo

Our Services

We have a lot more services for you to discover.

Take a look at what else we can do for your organization.

Start typing and press Enter to search

Shopping Cart