Threat Modelling Training

What Is It?

Threat modelling training is an activity conducted to expand your teams knowledge and capability to identify possible security vulnerabilities in any given system, environment or organisation through mapping of inputs, outputs and functionality utilised. Successful threat modelling will allow potential risks to be traced then rated with countermeasures to be factored in, allowing for specific concerns to be drawn out to guide technical assessments as well as initial prioritised remediation.

Why Assess It?

There are many reasons to conduct threat modelling training, five of which are below.

Focused Assurance

Extending the capability of your risk teams with threat modelling training allows them to pose more informed and targeted security questions which in turn leads to a tighter focus on what needs to be assured and how. This can save both cost and time for future assurance activities without lowering the level of assurance.

Embed Security

Threat modelling is not solely a skill for risk owners, by providing the training to development teams, designers and many other roles your organisation can ensure that security is embedded into their role and is given targeted thought at every stage.

Threat Actor Mindset

As systems are made assumptions are made about how users will utilise the resources, how the architecture will work together amongst other things. Having the capability in house to threat model, you can obtain a unique insight which is further enriched by thinking in the vein of a threat actor who has specific objectives in mind.

Cost and Time Efficient

A thorough hands on security assessment of every component in an organisation can be expensive and take time to execute. With threat modelling, due to it is hypothetical exploratory nature, you can empower your internal teams to cover a large environment or system very efficiently to understand the key threats to your organisation.

Investment in People

Through offering threat modelling training your organisation is demonstrating not only that it takes security seriously but it is willing and able to support employees to help keep the organisation secure.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your threat modelling training and we do this by:

Multi-Modal Delivery

We do not believe delivering a presentation deck is training. For your organisation to benefit the most we use multiple different methods to deliver the training such as elements that are interactive, providing question and answer parts, practical hands on workshops to provide challenge based learning as well as case studies amongst many other activities.

Practical Advice

The training delivered needs to have a tangible uplift on your security awareness and organisational processes. We do not rely purely on theoretical or high level concepts and focus on showcasing practical methods for threat modelling as well as how to identify more nuanced vulnerabilities and potential mitigations.

Bi-Directional

Training is about empowering your teams and providing knowledge. This is not achieved by talking at them. We focus on being engaging and collaborating with the teams so everyone feels they are improving together rather than being lectured at.

Tooling Insight

Adding security into your projects should not make peoples lives harder, nor delay your projects. This is why we focus on showing how modern tooling can be utilised to maintain a map of your threats so that security is ever present but not a blocker or demotivator.

Tailored Advice

Before we deliver any training we want to understand your organisation, the type of applications it develops and the languages / tooling / processes utilised so that your training is tailored to you to further secure its effectiveness.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top