Building and Leading an Effective Threat Modeling Program from Pluralsight

If you've seen the benefits of threat modeling in action and want to take this popular security approach to the next level, then this course will teach you how to plan, execute, and manage a threat modeling program at scale within your organization.

A successful threat modeling program will quantifiably improve the security of your organization's critical applications and business solutions.

In this course, Building and Leading an Effective Threat Modeling Program, you’ll gain the ability to plan, execute, and manage your own threat modeling program at scale within your organization.

It doesn't take long to become a convert to the benefits of threat modeling, and I'm often being asked by companies how they can get more of their teams to adopt the practices.

Some of the major topics we will cover include preparing a compelling business case so you can secure the resources you need to get your program up and running, using a set of founding principles to guide all your decision making, creating an effective program plan structured around the dimensions of people, process, and technology, and finally, setting, monitoring, and managing key performance indicators so you can track the success of your program.

Before beginning this course, you should be familiar with some of the basic concepts of threat modeling, or otherwise, no previous modeling experience is required.

None.

What's inside

Syllabus

Course Overview

Preparing the Business Case

Founding Principles

Planning for Improvement

Traffic lights

Read about what's good

what should give you pause

and possible dealbreakers

Designed for professionals who seek to lead threat modeling teams within organizations

Ideal for those involved in software security and risk management who want to advance their careers

Suitable for security architects, software engineers, and project managers who seek to improve the security of their organization's applications and systems

Relevant for individuals familiar with basic threat modeling concepts or those willing to invest time in gaining foundational knowledge

Teaches a systematic approach to threat modeling, from planning and execution to measurement and improvement

May require additional research or prior knowledge for those new to the subject

Reviews summary

Leading threat modeling programs at scale

According to students, this course is a highly valuable resource for those aiming to build and lead an effective threat modeling program at scale within their organization. Learners particularly praise its focus on the strategic and programmatic aspects, including securing organizational buy-in, establishing founding principles, and measuring success through KPIs and ROI. The instructor's knowledge and real-world insights are frequently highlighted. However, some learners note that the course is not for beginners in threat modeling or those seeking hands-on, practitioner-level guidance, as its content is more geared towards managers and leaders.

Focuses on high-level strategy, not granular implementation.

"My only minor critique is that some parts felt a little high-level and could have benefited from more detailed examples..."

"A bit high-level at times, but that's expected for a strategic course."

"It's not a beginner's guide to threat modeling, nor does it dive deep into specific methodologies, which is perfectly fine."

Instructor is highly knowledgeable and communicates clearly.

"The instructor, Adam, is incredibly knowledgeable and articulates complex concepts in a very understandable way."

"The instructor's insights were clearly from real-world experience."

"I appreciated the instructor's clear communication and practical tips."

Provides practical advice on securing resources and measuring ROI.

"The practical advice on getting organizational buy-in and measuring success was invaluable. I'm already applying these strategies at work."

"The 'preparing the business case' section was particularly strong... The focus on KPIs and demonstrating value was well done."

"I found the segments on securing resources and demonstrating value to be highly practical."

Offers a strategic framework for scaling threat modeling initiatives.

"I particularly appreciated the focus on building a *program* rather than just individual threat models."

"This course fills a critical gap... very few teach you how to actually *lead and manage* a program. The structure covering people, process, and technology was brilliant."

"It delivers exactly what the title promises: how to build and lead a *program*. It's for those ready to operationalize and mature their security efforts."

Ideal for leaders and managers, not beginners or practitioners.

"I was hoping for more hands-on guidance or practical exercises... It feels more geared towards managers than practitioners."

"I came into this course expecting to learn how to actually *do* threat modeling... it was all about program management and strategy."

"It assumes you already know the basics of threat modeling, which is important to note."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Building and Leading an Effective Threat Modeling Program with these activities:

Revise Threat Modeling Fundamentals

Show steps

Review the fundamentals of threat modeling, including STRIDE concepts and modeling techniques.

Browse courses on Threat Modeling

Show steps

Read through materials on STRIDE threat modeling
Review examples of threat models to understand their structure and content

Show all one activities

Career center

Learners who complete Building and Leading an Effective Threat Modeling Program will develop knowledge and skills that may be useful to these careers:

Security Program Manager

A Security Program Manager plans, develops, and manages information security programs to protect an organization's data and systems. This role requires a deep understanding of security best practices and compliance regulations. By taking the course "Building and Leading an Effective Threat Modeling Program," you will gain the skills and knowledge necessary to effectively manage and implement a threat modeling program within your organization, which can be a valuable asset in this role.

See salaries and explore the career path for Security Program Manager

Information Security Analyst

An Information Security Analyst is responsible for identifying and mitigating security risks within an organization. They need to have a strong understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" will provide you with the skills and knowledge necessary to identify and mitigate security risks within your organization, making you a more effective Information Security Analyst.

See salaries and explore the career path for Information Security Analyst

Security Architect

A Security Architect designs and implements security solutions to protect an organization's data and systems. They need to have a deep understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" will provide you with the skills and knowledge necessary to design and implement effective security solutions for your organization, making you a more effective Security Architect.

See salaries and explore the career path for Security Architect

Security Consultant

A Security Consultant provides advice and guidance to organizations on how to improve their security posture. They need to have a deep understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" will provide you with the skills and knowledge necessary to provide effective security advice and guidance to your clients, making you a more effective Security Consultant.

See salaries and explore the career path for Security Consultant

Risk Analyst

A Risk Analyst identifies and assesses risks to an organization's data and systems. They need to have a deep understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" will provide you with the skills and knowledge necessary to identify and assess risks to your organization's data and systems, making you a more effective Risk Analyst.

See salaries and explore the career path for Risk Analyst

Compliance Analyst

A Compliance Analyst ensures that an organization's data and systems comply with applicable laws and regulations. They need to have a deep understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" will provide you with the skills and knowledge necessary to ensure that your organization's data and systems comply with applicable laws and regulations, making you a more effective Compliance Analyst.

See salaries and explore the career path for Compliance Analyst

Incident Responder

An Incident Responder investigates and responds to security incidents. They need to have a deep understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" will provide you with the skills and knowledge necessary to investigate and respond to security incidents, making you a more effective Incident Responder.

See salaries and explore the career path for Incident Responder

Penetration Tester

A Penetration Tester evaluates the security of an organization's data and systems by simulating attacks. They need to have a deep understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a Penetration Tester.

See salaries and explore the career path for Penetration Tester

System Administrator

A System Administrator installs, configures, and maintains an organization's data and systems. They need to have a good understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a System Administrator.

See salaries and explore the career path for System Administrator

Network Engineer

A Network Engineer designs, implements, and maintains an organization's network infrastructure. They need to have a good understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a Network Engineer.

See salaries and explore the career path for Network Engineer

Software Developer

A Software Developer designs, develops, and maintains software applications. They need to have a good understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a Software Developer.

See salaries and explore the career path for Software Developer

Data Analyst

A Data Analyst collects, analyzes, and interprets data to identify trends and patterns. They need to have a good understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a Data Analyst.

See salaries and explore the career path for Data Analyst

Business Analyst

A Business Analyst analyzes business processes and identifies opportunities for improvement. They need to have a good understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a Business Analyst.

See salaries and explore the career path for Business Analyst

Project Manager

A Project Manager plans, executes, and closes projects. They need to have a good understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a Project Manager.

See salaries and explore the career path for Project Manager

Technical Writer

A Technical Writer creates and maintains documentation for technical products and services. They need to have a good understanding of threat modeling and risk assessment techniques. The course "Building and Leading an Effective Threat Modeling Program" may provide you with some useful skills and knowledge for this role, but it is not specifically tailored to the needs of a Technical Writer.

See salaries and explore the career path for Technical Writer