Threat Modeling Training

Threat Modeling Training

or Whiteboard Hacking training

Hands-on training

Our threat modeling training is aimed at software developers, architects, system managers, and security professionals. We organise our courses in-house on-demand, in open sessions, at conferences and now also online in our Threat Modeling Practitioner training.

Threat modeling is the way to avoid risks in your applications upfront. Without threat modeling your protection is a shot in the dark and you will only know your vulnerabilities once someone exploits them.

You will learn our risk-based unified threat modeling practice and how to keep it aligned with your business objectives using our Threat Modeling Playbook. With hands-on threat modeling challenges, you will apply the different stages of threat modeling on real world scenarios.

Most of our trainings are organized as in-company trainings teaching development teams and threat modeling practitioners how to threat model and how to start and improve an efficient threat modeling practice.

Training registration

Since 2021 we deliver our threat modeling training through our training subsidiary Data Protection Institute (DPI).

Discover and register for our new Threat Modeling trainings on the DPI website.

UK training delivered through partner QA.

This is what others said :

“Sebastien delivered! One of the best workshop instructors I’ve ever had. (Black Hat training participant)”

“Just finished your excellent Threat Modelling course, led by Steven Wierckx together with colleagues from all over Europe. It was really great, and comes recommended from my side to anyone interested in developing IT systems that are secure by design. (Fedder Skovgaard, Enterprise Architect at”

“I feel that this course is one of the most important courses to be taken by a security professional. (Black Hat training participant)”

“The group hands-on practical exercises truly helped. (OWASP training participant)”

“Toreon’s comprehensive Threat Modeling training has enabled several Trend Micro R&D teams to identify software security risks at the design phase with a structured approach. (ChiChang Kung, R&D Architect at Trend Micro)”

“Modern, comprehensive threat modeling techniques. (O’Reilly training participant)”

TMI newsletter

Our “Threat Modeling Insider” (TMI) newsletter brings a combination of guest articles, white papers, curated articles and tips on threat modeling to your inbox.

It will bootstrap and elevate your security knowledge and threat modeling skills.

What you will learn

In this threat modeling course, our experienced trainer will teach you how to use threat modeling in your current development practice.

You will learn the basics of threat modeling and to understand what you are building, how to identify threats using the STRIDE method and how to address each threat. Comprehensive training material and hands-on workshops with real-world use cases will guide you through all aspects of threat modeling.

If you’ve followed this initial course and are hungry for more, we have an advanced threat modeling training available for you.

We have other training variations, like:

The extras

This course is all about getting you started with Whiteboard hacking or threat modeling as soon – and as effectively – as possible. We make your journey more convenient, with some interesting extras:

  • our Whiteboard Hacking survival guide
  • hand-outs of the presentations
  • worksheets and detailed solution descriptions of the use cases
  • templates, one to document a threat model and one to calculate risk levels of identified threats
  • certification for successful completion of the course

Threat Modeling Playbook

You need a game plan to bootstrap or improve your threat modeling practice.

We will explain how to do this and will provide your with our Threat Modeling Playbook.

This playbook provides the main steps to establish a threat modeling practice for every type of organization or development team, regardless of your size and maturity level.

TM done right

Stop shooting in the dark

Threat modeling – also called Architectural Risk Analysis – is an essential step in the development of your application. Without it, your protection is a shot in the dark.  Download our whitepaper and discover how to do threat modeling right.

Where to find threat modeling open training sessions?

  • Threat Modeling Practitioner training, hybrid online, hosted by DPI  (cohort starting on 27 February, 2023)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Insomni’hack, Lausanne (21-22 March, 2023)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by HITB, Amsterdam (17-18 April, 2023)
  • Threat Modeling Practitioner training, hybrid online, hosted by DPI  (cohort starting on 8 May, 2023)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Black Hat USA, Las Vegas (5-8 August, 2023)

OOPS you missed these trainings

  • OWASP Virtual AppSec Days April & August 2020;
  • Sec4Dev 2020, Vienna, Austria;
  • 44CON Dec-2019, London, UK;
  • IT Security Summit 2019, Berlin, Germany;
  • OWASP AppSec Day 2019, Melbourne, Australia;
  • CS3STHLM 2019, Stockholm, Sweden;
  • OWASP Global AppSec Amsterdam 2019;
  • Black Hat 2019 Las Vegas, USA;
  • O’Reilly Velocity 2019, San Jose, USA;
  • OWASP Global AppSec 2019, Tel Aviv, Israel;
  • SecAppDev 2019, Leuven, Belgium;
  • BlackHat Europe 2018, London,UK;
  • BruCON 2018 in Ghent, Belgium;
  • Black Hat 2018 Las Vegas, USA;
  • O’Reilly conference 2017, NY, USA;
  • Black Hat USA 2017 in Las Vegas, USA;
  • OWASP AppSec Europe 2017 in Belfast, Northern Ireland.

Learn more about Threat Modeling

TMI newsletter 26 – The AI Attack Surface Map

In our May edition of the TMI newsletter we show off The AI Attack Surface Map, a resource for thinking…

OWASP SAMM Threat Modeling: From Good to Great

In this blog post, we will explore how OWASP SAMM threat modeling can take security practices from “good” to “great”…

TMI newsletter 25 – Developer-driven threat modeling at OutSystems

In this edition, we get a take a look at the Developer-driven threat modeling at OutSystems

© 2020 door Toreon | Algemene voorwaarden | Cookie policy

Start typing and press Enter to search

Shopping Cart