Read as
Last updated: April 29, 2026
Why this module. Threat modelling has a reputation as a heavyweight, consultant-driven exercise. It doesn’t have to be. Done right, it’s a 90-minute workshop that produces a list of design-time security improvements worth more than 100 hours of post-deployment patching.
Why this module. Threat modelling has a reputation as a heavyweight, consultant-driven exercise. It doesn’t have to be. Done right, it’s a 90-minute workshop that produces a list of design-time security improvements worth more than 100 hours of post-deployment patching.
STRIDE in 60 seconds
Microsoft’s mnemonic for categories of threats:
- Spoofing — impersonating someone
- Tampering — modifying data
- Repudiation — denying an action
- Information disclosure — leaking data
- Denial of service — making the system unavailable
- Elevation of privilege — gaining unauthorised access
For each component / data flow in your design, ask: which of these apply?
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants