Attending this event?
Back To Schedule
Wednesday, November 1 • 9:00am - 5:00pm
2 Day Training:Advanced Whiteboard hacking – aka hands-on Threat Modeling

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The threat modeling training based on real life hands-on practical threat modeling, and delivered every year at OWASP since 2016, and Black Hat USA since 2017. Our latest Black Hat training score was 4.7/5 with great feedback!

You will get insight into our practical industry experience, helping you to become a Threat Modeling Expert. We included an exercise on MITRE ATT&CK, and we focus on embedding threat modeling in Agile and DevOps practices.

We levelled up the threat modeling war game released at Black Hat 2023. Engaged in CTF-style challenges, your team will battle for control over an offshore wind turbine park.

The level of this training is Intermediate/Advanced. Participants who are new to threat modeling are required to follow our self-paced Threat Modeling Introduction training (which is about 2 hours and is included in this training). As highly skilled professionals with years of experience under our belts, we're intimately familiar with the gap between academic knowledge of threat modeling and real-world practice. To minimize that gap, we have developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling:

  • Diagram techniques applied on a travel booking service 
  • Threat model a cloud-based update service for an IoT kiosk
  • Create an attack tree against a nuclear research facility
  • Create a SOC Risk Based Alerting system with MITRE ATT&CK
  • Mitigate threats in a payment service build with microservices and S3 buckets 
  • Apply data protection by design and default on a loyalty app
  • Apply the OWASP Threat Modeling Playbook on agile development
  • Threat modeling the CI/CD pipeline
  • Battle for control over "Zwarte Wind", an offshore wind turbine park
After each hands-on exercise, the results are discussed, and students receive a documented solution. 

All participants get a copy of “Threat Modeling: A Practical Guide for Development Teams”, by Izar Tarandach and Matt Coles, as well as our Threat Modeling Playbook to improve you threat modeling practice, and a one-year access to our online threat modeling learning platform. 

As part of this training, you will be asked to create and submit your own threat model, on which you will get individual feedback. One month after the training we organize an online review session with all the participants.

avatar for Sebastien Deleersnyder

Sebastien Deleersnyder

CTO and Co-Founder, Toreon
Sebastien Deleersnyder, also known as Seba, is a highly accomplished individual in the field of cybersecurity. He is the CTO and co-founder of Toreon, as well as the COO and lead threat modeling trainer of Data Protection Institute. Seba holds a Master's degree in Software Engineering... Read More →

Wednesday November 1, 2023 9:00am - 5:00pm EDT
Feedback form isn't open yet.