Course: Threat Modeling for Security Champions
Leading threat modeling execution by product teams 

Are you worried about the lack of security coverage in your development team? Are you concerned about system vulnerabilities being identified too late in the development cycle? You want to integrate cyber security into your agile software development processes and support your developers. 

Threat modelling is a structured, systematic approach to identifying vulnerabilities at any development stage. This course by Adam Shostack will empower each delegate to act as a Security Champion, guiding and watching over the threat modeling process on behalf of their team.

Delegates will typically be a member of a product, feature or stream-aligned team with some security knowledge. They will learn:

  • How to introduce threat modeling to their teams  
  • How to guide and review the work of their team members in depth to ensure systems are correctly documented, threats recorded, and bugs dealt with. 

After the course, the champion will return to the team where they will lead the process and review the quality of threat modeling produced.

Course duration

The course is 10 learning hours, roughly equivalent to a one day in person class.

Course format

The time is split between short video 'lectures,', hands-on assignments, group work and live instructor led coaching via Zoom.


Seats in this class are £1,200 each, and are offered on a first-come, first-served basis.

Course Materials

You will receive a course slide book, threat modeling wallet cards and a copy of the Elevation of Privilege game. 

Course Content:

  • Introducing threat modeling to teams
  • Using the Elevation of Privilege game deck
  • Leading threat modeling work
  • Reviewing threat modeling (Did we do a good job?)
  • Evaluating models of systems
  • Evaluating threat records
  • Evaluating bugs (and reports)
  • Effective retrospectives 
  • Soft skills in threat modeling

Register your details to get 10% off

About Adam Shostack

Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.


Sign up for the latest news and offers