Steven Wierckx , Toreon
Steven Wierckx is a seasoned software and security tester with 15 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design. Steven shares his web application security passion by writing about and through training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He’s the OWASP Threat Modeling Project Lead and organises the BruCON student CTF. Last year, he spoke at Hack in the Box Amsterdam, hosted a workshop at BruCON, and provided threat modeling training at OWASP AppSec USA and O’Reilly Security New York.
Training: Beyond Whiteboard Hacking: Master AI-Enhanced Threat Modeling
This intensive, hands-on training provides an immersive dive into practical threat modeling, refined over a decade of Black Hat delivery and grounded in 25 years of expertise. Avoiding a lecture-heavy format, 70% of the course is dedicated to real-world exercises and scenario-based learning, ensuring participants gain practical, immediately applicable skills.
The training is annually updated with the latest threat intelligence for 2025/2026, including crucial vulnerabilities in LLM and Agentic AI systems. Participants will work in teams on diverse case studies—from microservices and cloud systems to AI-driven chatbots and Agentic architectures—covering data flow diagramming, STRIDE analysis, attack tree construction, and applying GDPR risk patterns.
Key features include using MITRE ATT&CK for threat-informed defense and integrating threat modeling into DevOps/security-by-design workflows. A pre-training assessment ensures foundational readiness. Upon completion, passing an examination and a submitted threat model earns the "Certified Threat Modeling Practitioner" certificate, supported by continued access to a Threat Modeling Playbook and one year of online resources.