Course Material

Threat Modeling Courses

I deliver Instructor-Led Training (ILT) courses on foundational and advanced threat modeling, covering not only the use of threat modeling tools but also the broader methodology and practice of threat modeling within enterprise environments. These trainings range from learning how to design and conduct manual threat models for targeted enterprise architectures—including cloud-native, API-driven, and SaaS platforms—to applying LLM-augmented approaches for threat analysis. The curriculum also addresses threat modeling for applications built with emerging technologies, such as blockchain ecosystems (including DeFi applications) and AI systems (including LLM-based generative AI applications). The courses are designed for instructor-led engagements at security conferences such as OWASP and Black Hat, as well as for enterprise clients seeking tailored training programs aligned with their organizational roles, security priorities, and curriculum needs. These trainings can be customized to integrate with existing application security (AppSec) and secure development programs, targeting roles such as CISOs, product security leaders, security engineers and champions, and application security architects.

Course Resources (i.e. Reference of books I authored & published, free guides and other staff I use for my courses)

• Securing By Design Decentralized Blockchain Applications
  Wiley, 2025 – A practical guide to designing secure and attack-resilient blockchain applications, focusing on threat modeling of decentralized finance (DeFi) applications, security of smart contracts, and security of enterprise blockchain applications.
• Risk Centric Threat Modeling as Process for Attack Simulation and Threat Analysis (PASTA)
  Wiley, 2015 – A risk-centric threat modeling methodology widely used to align application security practices with business impact and attack simulation.
• OWASP AI Testing Guide, A Guide for Trustworthiness Testing of AI Systems
  OWASP, 2025 - A global initiative to dcocument best practices, testing strategies, and structured AI threat modeling for applications that use LLMs and GenAI. Includes a dedicated threat model scoped for LLM based layered (data, infrastrcuture, model and application) architectures.
• OWASP Threat Modeling Guide
  OWASP, 2015 - A practical guide for security professionals and software engineers to conduct basic-level threat modeling.
• OWASP AppSec CISO Guide
  OWASP, 2013- A resource for CISOs to align application security programs with enterprise risk management and governance.