We have successfully conducted training combined with workshops for several clients, enabling them to build internal knowledge about threat modeling while also developing and documenting threat models for their internal applications and infrastructure. Our offerings are customized to meet the client's needs, but most packages would include:
- An introduction to cybersecurity for technical resources
- An introduction to threat modeling
- Threat modeling techniques
- How to identify threats
- How to prioritize, identify, and assess threats
- Design and choice of security controls
- Tools for threat modeling
Following this, we proceed with the practical workshop where our instructor, together with the client's employees, conducts threat modeling on an internal application. This process can be modified and adapted to your organization before being implemented and standardized. The workshop primarily builds internal competence, but as a result, the client also receives a developed and documented threat model for a chosen application or service.