Threat Modeling with STRIDE
Fast-Track Hands-on Bootcamp
We don't have any bootcamps scheduled at the moment.
In an era of increasingly sophisticated cyber threats, proactive defense begins with secure design. This hands-on bootcamp equips participants with practical experience in threat modeling using the STRIDE framework, trusted by leading security architects and auditors worldwide. Learn how to identify vulnerabilities early in the design process, before code is written or systems are deployed, ensuring your applications are secure by design, not by chance.
By the end of this course, you'll be able to:
- Hands-On STRIDE Methodology: Learn threat modeling through guided practical exercises
- Real Architecture Case Studies: Apply threat modeling to enterprise-grade systems
- Structured Workshop Learning: 4 practical workshops covering real attack scenarios
- Live + Self-Practice Model: Workshops 1 & 2 guided during the session, Workshops 3 & 4 completed independently
- 7-Day Lab Access: Continue practicing threat modeling after the bootcamp
- Post-Training Support: Get guidance and clarifications from the trainer via email
Pushpinder
17+ Years of Experience
CCIE R&S (#40412) | SABSA CSF | AWS Security Speciality | AWS Networking Speciality | AWS Solutions Architect | CCSP | CCSK
Pushpinder is a seasoned cybersecurity and cloud architecture professional with a proven track record in designing, securing, and governing large-scale enterprise infrastructures across hybrid and multi-cloud environments.
His specializations include:
- Secure cloud and network architecture design (Azure, AWS, on-prem)
- Zero Trust implementation and DevSecOps integration
- Cloud compliance and risk governance frameworks (ISO 27001, NIST 2.0)
- Identity and access management (IAM) and data protection strategies
- Threat surface reduction through proactive architecture hardening
Having led security transformation initiatives across global enterprises, Pushpinder brings a practitioner's perspective on how to integrate threat modeling and risk mitigation directly into system design. He doesn't just secure systems—he teaches you how to think like an attacker, design like an architect, and defend like an auditor.
🔒 Limited Seats Available!
Secure Your Spot Now!
Register Now to claim the early-bird offer before it expires!
Day 1: Foundations of Threat Modeling
Welcome and Introduction
- Course objectives and expected outcomes.
- Overview of the threat modeling process and why it is critical for secure system design.
- Discussion of how threat modeling integrates into Secure SDLC and enterprise security architecture practices.
- Real-world examples of incidents where missing threat models led to major security failures.
Threat Modeling Fundamentals
- Introduction to threat modeling concepts, including assets, adversaries, attack surfaces, and trust boundaries.
- Understanding how attackers think and how threat modeling anticipates malicious behavior.
- Overview of common threat modeling methodologies
- Discussion on why STRIDE is widely adopted for application and architecture threat modeling.
STRIDE Methodology Deep Dive
- Detailed explanation of each STRIDE threat category:
- Spoofing identity
- Tampering with data
- Repudiation
- Information disclosure
- Denial of service
- Elevation of privilege
- How STRIDE threats map to different architecture components such as services, APIs, databases, and identity systems.
- Discussion of common mitigation patterns and security control examples.
- Instructor walkthrough of a sample STRIDE threat model for a typical enterprise system.
Data Flow Diagrams and Trust Boundaries
- Introduction to architectural decomposition and system modeling.
- Understanding the role of Data Flow Diagrams in threat modeling, including:
- Context diagrams
- System-level DFDs
- Key architectural components
- Explanation of:
- External entities
- Processes
- Data stores
- Data flows
- Identification of trust boundaries and how they impact security risk
- Instructor demonstration of building a complete DFD for a sample enterprise application.
Attack Tree Modeling
- Introduction to attack trees and attacker mindset analysis.
- Understanding attack tree structure:
- Root attack objective
- Attack branches and sub-goals
- AND / OR logic nodes
- Attack path enumeration
- Using attack trees to identify multi-step attack scenarios such as:
- Account compromise
- Data exfiltration
- Privilege escalation
- Ransomware propagation
- How attack trees complement STRIDE by revealing complex attacker pathways.
- Instructor demonstration of building an attack tree for an enterprise authentication system.
Integrated Threat Modeling Walkthrough
- End-to-end instructor walkthrough demonstrating the complete process:
- System architecture overview
- Data flow diagram creation
- Trust boundary identification
- STRIDE threat identification
- Attack tree mapping for high-risk scenarios
- Threat prioritization using likelihood and impact
- Mapping threats to potential mitigations
- Discussion and Q&A.
Day 2: Hands-On Workshops
Workshop 1: Architecture Threat Modeling
- Participants will:
- Analyze the provided system architecture
- Identify critical assets and sensitive data flows
- Create a comprehensive data flow diagram
- Identify key trust boundaries
- Systematically apply each STRIDE category
- Document potential threats for each component
- Prioritize threats based on likelihood and impact
- Develop countermeasures for high-priority threats
- Consider feasibility, operational impact, and cost of implementation
- Participants will also develop attack trees for the most critical threat scenarios.
Workshop 2: Advanced Threat Analysis
- Participants will work through a more complex system architecture.
- Activities include:
- Review domain-specific attack vectors and threat landscapes
- Analyze system-specific data storage and transmission threats
- Create a detailed data flow diagram for a complex architecture
- Conduct team-based STRIDE analysis across all system components
- Consider operational modes and deployment scenarios
- Build attack trees for critical attack scenarios
- Evaluate business impact of identified threats
- Create a risk matrix based on likelihood vs impact scoring
- Identify security control recommendations
Workshop 3: Independent Threat Modeling (Self-Learning Post Bootcamp)
- Participants will independently perform threat modeling for a provided architecture scenario.
- Activities include:
- Architecture decomposition
- Data flow diagram creation
- Trust boundary identification
- STRIDE threat analysis
- Attack tree modeling for high-risk attack paths
- Threat prioritization and mitigation mapping
- Documentation of findings using enterprise threat modeling templates
Workshop 4: Advanced Distributed System Threat Modeling (Self-Learning Post Bootcamp)
- Participants will analyze a modern distributed architecture.
- Activities include:
- Review specialized threat landscape and technology-specific vulnerabilities
- Analyze authentication and authorization patterns
- Identify inter-component communication threats
- Model security risks in distributed systems
- Apply STRIDE to containerized and orchestrated environments
- Address data consistency and integrity across components
- Map threats to regulatory and compliance considerations
- Establish documentation standards for audit and governance
- Participants will receive:
- Access to the threat modeling tool used during the workshop
- 7 days of lab access after the training to complete the self-learning exercises
- A dedicated lab link to run Workshop 3 and Workshop 4 independently
- Example threat models for future reference and practice
- Post-training support via email from the trainer for questions and clarification
- Basic understanding of software architecture and system design
- Familiarity with common security concepts
- Experience with system documentation or diagramming (preferred)
*Note: Participants will have access to session recordings for a period of 60 days.
Interested in Joining the
Our advisor will contact you with event details, and exclusive offers!