-
Georges Bolssens Toreon
- Dates: May 10 and 11 2025
- Difficulty: Medium
- Session Format: On-Site
- Language: English
Description
Based on the updated Black Hat edition training, you will be challenged with hands-on threat modeling exercises based on real-world projects. You will get insight into our practical industry experience, helping you to become a Threat Modeling Practitioner. We included an exercise on MITRE ATT&CK, and we focus on embedding threat modeling in Agile and DevOps practices. And we introduce a new challenge on threat modeling a Machine Learning-Powered Chatbot.
We levelled up the threat modeling war game. Engaged in CTF-style challenges, your team will battle for control over an offshore wind turbine park.
The level of this training is Beginner/Intermediate. Participants who are new to threat modeling are advised to follow our self-paced Threat Modeling Introduction training (which is about 2 hours and is included in this training).
As highly skilled professionals with years of experience under our belts, we're intimately familiar with the gap between academic knowledge of threat modeling and real-world practice. To minimize that gap, we have developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model.
Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling: - Diagram techniques applied on a travel booking service - Threat model a cloud-based update service for an IoT kiosk - Create an attack tree against a nuclear research facility - Create a SOC Risk Based Alerting system with MITRE ATT&CK - Mitigate threats in a payment service build with microservices and S3 buckets - Threat modeling a Machine Learning-Powered Chatbot - Apply the OWASP Threat Modeling Playbook on agile development - Threat modeling the CI/CD pipeline - Battle for control over "Zwarte Wind", an offshore wind turbine park
After each hands-on exercise, the results are discussed, and students receive a documented solution.
As part of this training, you will be asked to create and submit your own threat model, on which you will get individual feedback.
All participants get our Threat Modeling Playbook to improve you threat modeling practice, one-year access to our online threat modeling learning platform.
Key Learning Objectives
This advanced threat modeling training starts where other trainings stop. We embed over a decade of real-world experience with threat modeling in a training filled with hands-on exercises that are fun, while at the same time participants understand how to create effective threat models.
Who Should Attend?
Toreon's threat modeling training targets software developers, architects, product managers, incident responders, and security professionals. If creating or updating a threat model is essential to your line of work, then this course is for you.
Prerequisite Knowledge
Students should have a basic understanding of security concepts. Are you new to threat Modeling? Our self-paced Threat Modeling Introduction training is a prerequisite and included in this course.
Hardware Requirements
Bring your own tablet or laptop to get access to our learning platform with all the handouts and solutions.
Bio
Georges Bolssens , Toreon
Georges Bolssens embarked on his coding journey in the early 1990s and delved into the realm of application security in 2017. With an inherent passion for teaching, Georges is not only a seasoned developer but also an adept communicator. His unique talent lies in simplifying intricate subjects through relatable analogies, making him an engaging and effective speaker.
Having undertaken numerous consulting assignments among which he can list vulnerability scanning and penetration testing as a "lone wolf", taking on the role of Security Champion in a Medical Device development team and acting as internal Application Security Coordinator at a Big4-consultancy firm. Throughout his career and in all these assignments, Georges has assumed the role of cybersecurity educator for a diverse spectrum of professionals. His guidance has illuminated the path for individuals ranging from legal experts to ethical hackers and all those in between.
In his capacity as an Application- and Product Security Consultant at Toreon, Georges has been instrumental in assisting numerous clients in constructing comprehensive threat models for their digital assets. His expertise and commitment led threat-modeling authorities Sebastien Deleersnyder and Steven Wierckx to appointment as a co-instructor for Toreon's distinguished "Advanced Whiteboard Hacking – a.k.a. Hands-on Threat Modeling" course. Notably, he taught this course at the esteemed "BlackHat USA", "OWASP BeNeLux" and "Troopers" conferences to a wide variety of international cybersecurity professionals.