Home > Trainings > Certified Threat Modeling Professional
Certified Threat Modeling Professional_CTMP
The Certified Threat Modeling Professional (CTMP) is first of its kind Vendor-neutral threat modeling training and certification Program.
This course is targeted towards individuals or teams interested in devoting their careers to learning and implementing industry security best practices around Threat modeling.
Training Schedule
Features
Course Objective
As information security threats continue to explode, your ability to build models becomes increasingly important, because building better models means creating better defenses for your organization—defenses that often increase an application’s resilience against external threats and insider threats alike.
The following are the course’s objectives.
1. Build a solid foundation that is required to understand Threat modeling.
2. Gain a practical understanding of threat modeling and the tools to automate it.
3. Understand and implement the modern ways of scaling threat modeling.
Course Agenda
Module 1: Threat Modeling Overview
- What is Threat Modeling?
- The Threat Model Parlance
- Why Threat Model?
- Threat Modeling vs. Other Security Practices
- Threat Modeling Frameworks and Methodologies
- Trust Boundaries vs. Attack Surfaces
- Modern Threat Modeling Approaches for Agile and DevOps
- Risk Management Strategies with Examples
Module 2: Threat Modeling Basics
- Threat Modeling and Security Requirements
- Threat Modeling vs Threat Rating
- Diagramming for Threat Modeling
- List Centric Threat Modeling
- Exploring the STRIDE Model
- Pros and Cons of STRIDE
- STRIDE defenses
- STRIDE Threat examples
- Goal/Asset Based modeling Approach
- Attacker/Threat Actor Centric Modeling Approach
- Software Centric Threat Modeling
- Gamified approaches for Threat Modelling
- Introduction to Threat Rating
- Other Threat modeling methodologies
Module 3: Agile Threat Modeling
- Agile Threat Modeling Approaches
- Security Requirements as Code With BDD Security
- Events of Agile Software Development Through Scrum
- Writing Security Requirements for Agile Software Development
- Writing Use Cases and Abuse Cases
- Privacy Impact Assessments and Security Requirements
- Identifying Privacy Related Threats
Module 4: Reporting and Deliverables
- How To Manage Threat Models
- Threat Modeling Tools and Templates
- Validating Threat Models
Module 5: Secure Design Principles and Threat Modeling Native, and Cloud Native Applications
- Exploring Principles of Secure Design with Examples
- Case Study of AWS S3 Threat model
- Case Study of Kubernetes Threat Model
- Case Study of Very Secure FTP daemon
Exam & Certification
- After completing the course, you can schedule the CTMP exam on your preferred date.
- Process of achieving Practical DevSecOps CTMP Certification can be found here.
FAQs
Are there any pre-requisites for this course?
- Course participants should have knowledge of basic security fundamentals like Confidentiality, Integrity, and Availability (CIA)
- Basic knowledge of application development is preferred but is not necessary
How do I take the exam?
TaUB Solutions will request the examinations together with your registration. The exam should be taken at the end of the course. Results are available within 5 working days.