Threat Modeling for Security Champions - Course by Adam Shostack
Threat modelling is a structured, systematic approach to identifying vulnerabilities at any development stage. Delegates will typically be a member of a product, feature or stream-aligned team with some security knowledge. This course will empower each delegate to act as a Security Champion, guiding and watching over the threat modeling process on behalf of their team.
Delegates will be led through:
How to introduce threat modeling to teams
How to evaluate such work in depth
How to guide and review the work of others in retrospectives and other rituals to ensure systems are correctly documented, threats recorded, and bugs dealt with.
After the course, the champion will return to the team where they will lead the process and review the quality of threat modeling produced.
Course duration and format:
The course is 10 learning hours, roughly equivalent to a one day in person class. The time is split between short video 'lectures,', hands-on exercises homework assignments and group work and discussion and instructor led coaching via Zoom.