Read as
Why this module exists. Threat modelling at the architecture stage — before code is written — is the highest-leverage security activity available to architects. STRIDE, PASTA, LINDDUN, and Attack Trees each address different aspects. This module covers the methods, when each is appropriate, and the operational workflow that integrates threat modelling into engineering practice.
Why this module exists. Threat modelling is referenced in every security architecture guide and practised by few engineering teams. The reason: it sounds like a workshop without a clear deliverable. This module makes the deliverable concrete.
What threat modelling produces
- A documented list of threats relevant to the system being built.
- For each threat: the asset at risk, the threat actor, the attack vector, the impact.
- For each threat: existing controls and gaps.
- For each gap: a treatment decision (mitigate, transfer, accept, avoid).
- The architecture is updated to address the threats that require mitigation.
The artefact is a one-pager per architecture; the discussion that produced it is the value.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants