Resources Related to Threat Modeling: Designing for Security

cute graphic

This page contains some resources to help you threat model.

Corporate Training

Organizations working to deliver more secure products and services are hiring Adam to deliver training in threat modeling and secure development lifecycles (SDL/SDLC). Onsite, hands-on training customized to your needs is an outstanding way to jump-start a program.
If you're interested please reach out via the contact us page.

Elevation of Privilege

The Elevation of Privilege (EoP) Threat Modeling Card Game is the easy way to get started threat modeling. You can download the Creative Commons licensed files from Microsoft (including PDF, instructions, score card, and more!). You can buy a copy via GameCrafter or sometimes via ebay.
There are a growing number of derivative works, including two online versions (, and, a German translation by D3tm4r, with discussion here, and OWASP Cornucopia, which is covered on my page of security games. There's also a BoardGameGeek description.

Video: Threat Modeling Lessons from Star Wars

This is the keynote video from BruCon 0x06, which came together particularly well. It's titled "Threat Modeling Lessons from Star Wars." This talk captures some of the ways in which threat modeling goes wrong, ranging from "think like an attacker" to what happens if you threat model when your system is being attacked by stub fighters. (The talk runs 48 minutes with an additional 15 minutes of Q+A).

Sample Chapters

Professor/Instructor Resources

Wiley maintains a instructor companion site for threat modeling including a one hour presentation, and a syllabus and presentations for a 13 week course, a set of quizzes, and other material to help you effectively teach threat modeling. You can also request online access for evaluation.


Errata last updated: Dec 27, 2016