Why

Benefits

An activity with the best retun on investment for development teams!

Identify Vulnerabilities Early

Finding security issues at the design phase saves time and resources compared to discovering them during later stages, like testing or post-deployment, where fixes are costlier.

Reduce Development Costs

By addressing potential security flaws before coding begins, you prevent the need for extensive rewrites or retrofits, which lowers development and maintenance costs.

Enhance Security Awareness

Early threat modeling helps team members (developers, architects, product managers) gain a security-first mindset, encouraging them to incorporate secure practices throughout the SDLC.

Improve Design Decisions

It enables teams to make informed design choices that consider both functionality and security, ensuring that security measures align with business goals without sacrificing usability.

Minimize Risk

Early detection and mitigation of threats reduce the risk of future security incidents, which helps protect sensitive data, prevent downtime, and maintain customer trust.

Support Compliance

Many regulatory frameworks (like EU CRA, GDPR, HIPAA, NIST CSF) require secure design principles; early threat modeling can help satisfy compliance requirements more efficiently.

Price

In-Company Practical Training

Live full day hands-on training for up to 25 attendees.

Hands-on

€5700+VAT

Practical threat modeling workshop for threat modeling practitioners

Onsite / remote options
Printed materials
STRIDE
Attack Kill Chains
MITRE ATT&CK
AI/ML security
TM rollout strategy
Success metrics

Complete

€6900+VAT

After the training, our spealist will support your threat modeling program

Hands-on training, plus:
• 2 rollout strategy follow up calls (1 hour each)

• 3 Threat Modeling sessions with your teams on your products (1 hour each)

Customized

 

Let’s talk

Fully customizable bespoke training to meet your unique needs

Schedule a call →

Download Brochure

Schedule a call →

Request a quote

Make it happen

Request a quote

We will prepare a quotation document for your purchasing team within 24 hours.
No spam afterwards (really).

Agenda

Topics Outline

Introduction to the Threat Modeling

What is Threat Modeling?
Why Threat Model?
When and How Often?
Who should Threat Model?

What are we working on?

Defining the right scope
Data flow diagrams (DFD)
“Draw what are we working on with DFD” hands-on exercise
Explain Trust boundaries with examples
“Trust boundaries” hands-on exercise
Group review of each team’s diagram

What can go wrong?

Introduction to STRIDE
“Identify Threats” hands-on exercise
Review of results and discussions

What are we going to do about it?

Strategies to address threats
“Address discovered threats” hands-on exercise
Managing risk and prioritization
Discussion: Tracking threats, assumptions and mitigations

Attack Kill Chains

The Lockheed Martin Kill Chain
“List threats per kill chain” hands-on exercise
Review of results and discussions
STRIDE vs Kill chains
MITRE ATT&CK®

Did we do a good job?

How to evaluate Threat Modeling Sessions

AI Development

Development time threats
Threats through use
Runtime security threats

Rolling out a Threat Modeling Program

Threat Modeling Capabilities
Convincing Stakeholders
Rollout strategies
Adopting SSDLC
Security Champions Program
Soft skills for successful threat modeling sessions
Tooling and processes
Measuring Threat Modeling Program success

Details

Trainers

Nariman Aga-Tagiyev

Nariman Aga-Tagiyev

Software Security Architect

 

Nariman Aga-Tagiyev is an Application Security Architect with more than
20 year experience in software development. Have been working as full
stack web application developer, backend developer, DevOps engineer,
cloud developer and since 2016 fully involved in Application Security
related activities.

Serhat Altın

Serhat Altın

Security Experience

 

Serhat Altın has a strong focus on security by design and secure
configuration by default. He excels at creating user experiences that
prioritize security without compromising usability, ensuring that systems
are both intuitive and inherently secure from the outset. With his deep
understanding of secure design principles, Serhat integrates security
best practices into every stage of product development, making it easier
for users to adopt secure configurations effortlessly.

Details

FAQ

Your Title Goes Here

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Why adopt Threat Modeling now?

Adopting threat modeling in the Secure Software Development Life Cycle (SDLC) has never been
more crucial for software companies. Nine out of the ten most popular OWASP Top 10 attacks
cannot be effectively mitigated by automated security scanners alone, but require the
comprehensive insights provided by threat modeling. Additionally, the upcoming EU Cyber Resilience Act will mandate threat modeling for all software manufacturers, making it a legal
necessity. Beyond compliance, threat modeling fosters a culture of cybersecurity awareness,
encouraging teams to think proactively about potential risks, thereby enhancing the overall
security posture of the organization

What is the target audience?

This workshop is designed for professionals involved in any stage of the software development
lifecycle. No prior cybersecurity expertise is required to attend.

 

  • Cybersecurity Officers, Software Architects and Software Developers will gain the skills to
    effectively lead and facilitate threat modeling sessions.
  • Quality Engineers will learn to systematically approach the definition and verification of
    security requirements, while also exploring foundational concepts of ethical hacking.
  • Development Managers and Project Managers will understand how to collaborate with
    stakeholders and will gain insights into the return on investment (ROI) of threat modeling
    practices.
  • User Experience Designers and Business Analysts will develop the ability to define and prototype systems with a “secure by design” mindset.
What is the course approach?

In this workshop, participants will be divided into teams of 3-4 and will actively engage in each step of the Threat Modeling process, based on a realistic problem scenario—a cloud-hosted application with backend, frontend, mobile client, and IoT device components. Guided by experienced coaches, teams will create data flow diagrams, identify potential threats, propose mitigations, and outline actionable follow-up steps.

Additionally, we will cover the secure development lifecycle for AI and demonstrate how to apply Threat Modeling when designing custom AI models and applications.

By the end of the training, even participants without prior cybersecurity knowledge will be equipped to identify threats and propose mitigations using structured yet straightforward techniques.

Which topics are covered in the training?

You can find detailed topics outline in our training brochure here: Threat modeling training brochure (page 4).

What facilities are required at the training location?
  1. A projector and power outlet for the trainer
  2. Adequate space to allow participants to form working groups of 3-4 people for independent hands-on exercises
  3. Flat surfaces where electrostatic whiteboards (70cm x 100cm) can be mounted for each breakout team

About

What is Threat Modeling

Threat modeling is a process in software development where potential security threats are identified, evaluated, and addressed to protect the system from vulnerabilities. Doing this early in the development lifecycle is important because it allows teams to integrate security measures into the design from the beginning, reducing the risk of costly fixes later and ensuring the software is built with strong security foundations. This proactive approach helps prevent security breaches and creates more secure, reliable applications.