Skip to main content

Home > Trainings > Certified Threat Modeling Professional

Certified Threat Modeling Professional_CTMP

The Certified Threat Modeling Professional (CTMP) is first of its kind Vendor-neutral threat modeling training and certification Program.

This course is targeted towards individuals or teams interested in devoting their careers to learning and implementing industry security best practices around Threat modeling.

Download Brochure Download Brochure

Training Schedule

Please contact info@taubsolutions.com for more details
Virtual

Features

Self-paced Learning Mode
Browser-based Lab Access
24/7 Instructor Support via Mattermost

Course Objective

As information security threats continue to explode, your ability to build models becomes increasingly important, because building better models means creating better defenses for your organization—defenses that often increase an application’s resilience against external threats and insider threats alike.

The following are the course’s objectives.
1. Build a solid foundation that is required to understand Threat modeling.
2. Gain a practical understanding of threat modeling and the tools to automate it.
3. Understand and implement the modern ways of scaling threat modeling.

Course Agenda

Module 1: Threat Modeling Overview

  1. What is Threat Modeling?
  2. The Threat Model Parlance
  3. Why Threat Model?
  4. Threat Modeling vs. Other Security Practices
  5. Threat Modeling Frameworks and Methodologies
  6. Trust Boundaries vs. Attack Surfaces
  7. Modern Threat Modeling Approaches for Agile and DevOps
  8. Risk Management Strategies with Examples

Module 2: Threat Modeling Basics

  1. Threat Modeling and Security Requirements
  2. Threat Modeling vs Threat Rating
  3. Diagramming for Threat Modeling
  4. List Centric Threat Modeling
  5. Exploring the STRIDE Model
  6. Pros and Cons of STRIDE
  7. STRIDE defenses
  8. STRIDE Threat examples
  9. Goal/Asset Based modeling Approach
  10. Attacker/Threat Actor Centric Modeling Approach
  11. Software Centric Threat Modeling
  12. Gamified approaches for Threat Modelling
  13. Introduction to Threat Rating
  14. Other Threat modeling methodologies

Module 3: Agile Threat Modeling

  1. Agile Threat Modeling Approaches
  2. Security Requirements as Code With BDD Security
  3. Events of Agile Software Development Through Scrum
  4. Writing Security Requirements for Agile Software Development
  5. Writing Use Cases and Abuse Cases
  6. Privacy Impact Assessments and Security Requirements
  7. Identifying Privacy Related Threats

Module 4: Reporting and Deliverables

  1. How To Manage Threat Models
  2. Threat Modeling Tools and Templates
  3. Validating Threat Models

Module 5: Secure Design Principles and Threat Modeling Native, and Cloud Native Applications

  1. Exploring Principles of Secure Design with Examples
  2. Case Study of AWS S3 Threat model
  3. Case Study of Kubernetes Threat Model
  4. Case Study of Very Secure FTP daemon

Exam & Certification

  1. After completing the course, you can schedule the CTMP exam on your preferred date.
  2. Process of achieving Practical DevSecOps CTMP Certification can be found here.

FAQs

Are there any pre-requisites for this course?

  1. Course participants should have knowledge of basic security fundamentals like Confidentiality, Integrity, and Availability (CIA)
  2. Basic knowledge of application development is preferred but is not necessary

How do I take the exam?

TaUB Solutions will request the examinations together with your registration. The exam should be taken at the end of the course. Results are available within 5 working days.

Enroll Now

The session was delivered effectively. It was very interactive with on the job examples. I learned a lot and plan to implement them. Thanks Suresh GP for such a wonderful session.

Sheethal Sudheer BRMPBRM, Business Owner DevSecOps tools, Digital Transformation, Process Management

It was a very interactive session with a lot of real life examples. Very good and informative session by
Suresh GP

Vijaykumar TCVice President - Citi Technology Infrastructure

The CBRM training offered through TaUB Solutions is an excellent course. I first heard Suresh speak a few years back at the BRMConnect conference and taking this course solidified my opinion and respect of Suresh’s vast knowledge of BRM discipline

Michelle Day, CBRM®Director, Business Relationship Management

The training was absolutely fantastic, Extremely valuable.
It changes the way we look at SRE. Suresh was BEST instructor you could ask for, more importantly,
he was helping with real world problems based on his experiences.

Praveen PatilSenior Engineering Manager at Lowe's Companies, Inc.