Hands-On Threat Modeling

Instructed by Sebastian Deleersynder

Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application and the supporting architecture. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing.

Classes are limited. Get registered!

Threat modeling allows you to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. It also allows consideration of security issues at the component or application level. The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model. With the decades of experience our instructors possess, they know that there is a gap between academic knowledge of threat modeling and the real world. In order to minimize that gap we have developed practical Use Cases, based on real world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Using this methodology for the hands-on workshops we provide our students with a robust training experience and the templates to incorporate threat modeling best practices in their daily work

Learning Objectives

Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on the following:
  • B2B web and mobile applications, sharing the same REST backend
  • An Internet of Things (IoT) deployment with an on-premise gateway and a cloud-based update service
  • OAuth scenarios for an HR application
  • Privacy of a new face recognition system in an airport
  • Get into the defenders’ head – modeling points of attack against a nuclear facility



Live-Online & In-Person


2024 - TBA


3 days


software developers, architects, system managers or security professionals

  • Standard Rate


Before attending this course, students should be familiar with basic knowledge of web and mobile Applications, databases & Single sign on (SSO) principles.

Why choose the Center for Cyber Security Training

Interactive, classroom-based learning

Subject matter experts

Trusted by US government agencies

Sebastian Deleersynder

Sebastian Deleersynder is the co-founder, CTO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security.

With a background in development and many years of experience in security, He has trained countless developers to create software more securely. He lead OWASP projects such as OWASP SAMM, thereby truly making the world a little bit safer. Now he adapt application security models to the evolving field of DevOps and also focus on bringing Threat Modeling to a wider audience.

Delivered Threat Modeling training at Black Hat, OWASP, O'Reilly and several international customers.

I really enjoyed the course! It was interesting to see a different perspective on penetration testing and ways of progressing from recon to initial access to escalating privilege and lateral movement.

- Robert L., Washington, DC

Want more information?

Download the Hands-On Threat Modeling course outline now.

Upcoming Training Sessions

Hybrid 4 Short Day Training Schedule November 28, December 2, 8 and January 10, 2023 (Live-Online) February 27, March 2, 9 and April 6, 2023 (Live-Online) May 8, 12, 18 and June 8, 2023

Classes are limited.

Enroll Now.

Related Courses

Our classroom delivers the most in-demand content from the highest profile subject matter experts. Intense and interactive, our courses prepare students with actionable insight and proven strategies.


Windows Malware Techniques

User mode malware on Windows is ubiquitous and custom user mode implants are used regularly in red-team engagements. Knowledge of the latest malware techniques helps red teamers improve their custom tooling, malware analysts in taking apart malware, and anti-malware solution developers in designing behavioral solutions to detect malicious activity.


Exploit Development Bootcamp & Advanced

Our three-day Bootcamp will teach both basic & advanced techniques from a leading exploit developer. In our Advanced course, experienced students will learn how to write exploits that bypass modern memory protections for the Win32 platform in a fast-paced, interactive learning environment.

Looking for a course that's not here? We'd love to hear your suggestions!

Are you fully prepared to deal with today's increasing cyber security risks? We can help you get the training you need.


*We respect your privacy