Training Module

Threat Modeling

Learn to facilitate threat modeling sessions your team can run without a dedicated security expert. A practical STRIDE-based approach built for fast-moving product teams.

Curriculum

What you'll learn

1

What threat modeling is — and what it's not

Demystifying threat modeling as a practice: it's a structured conversation about how your system could be attacked, not an expert-only security review. Any engineering team can do this.

2

Drawing your system — data flow diagrams

How to create a useful data flow diagram that surfaces trust boundaries and data flows — the foundation of any threat model. Practical templates included.

3

STRIDE-light: applying the framework without a PhD

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege — walking through each category with practical examples from common web and API architectures.

4

Facilitating a team threat modeling session

Step-by-step facilitation guide for running a 90-minute threat modeling session with your engineering team. Who to invite, how to keep it focused, how to capture outputs.

5

Prioritising and tracking threats

Not every threat needs immediate action. How to use a simple risk matrix to prioritise findings and integrate them into your backlog as tracked engineering work.

6

Making threat modeling a team habit

How to embed threat modeling into your feature development process — a lightweight checklist that makes it a standard part of design review, not an annual exercise.

Who It's For

For teams building features without a security team

This module is designed for engineering teams who want to reason about security risks before they build — not just react after a vulnerability is found.

  • Engineering teams building new features or APIs
  • Tech leads responsible for design reviews
  • Product engineers in regulated industries (fintech, health, logistics)

Prerequisites

None — practitioner-accessible

No security background required. Familiarity with how web applications or APIs work is sufficient — you don't need to understand cryptography or penetration testing to benefit from this module.

All session templates and facilitation guides are downloadable and adaptable to your team's specific tech stack.

Start the Threat Modeling module free

Includes all facilitation guides and session templates. Individual access is free.

Enrol free See team pricing