This is the public version of the Threat Modeling training run at Segment. The goal of the training is to teach the individual engineers how to threat model, so that they can run the threat modeling sessions themselves.
There are three parts to the training.
The goal of the first training session is to introduce the concept of threat modeling, teach the workflow, and show developers the tools Security uses to find vulnerabilities.
The goal of the second training is to get the developer’s hands dirty with exercises to solidify their knowledge.
The goal of the final training is to perform an end-to-end threat modeling session with the team to cement the concepts that we have previously discussed.
We have a strong sense of community here at Segment and in addition to sharing our training slides, we have an email address so you can submit your questions and thoughts about the program. We are always interested in hearing feedback, good or bad!
Email address: sstm@segment.com