5,000+ Learners Certified
Certified Threat Modeling ProfessionalTM
Self-paced learning
Browser based lab access
24/7 Instructor support
Self-paced learning mode
Browser based lab access
24/7 Instructor support
Self-paced learning mode
Browser based lab access
24/7 Instructor support
Trusted by top companies across industries, empowering thousands of professionals worldwide. Join the ranks of security leaders
Course Chapters
CTMP Threat Modeling Training Course Prerequisites
- Course participants should have knowledge of basic security fundamentals like Confidentiality, Integrity, and Availability (CIA)
- Basic knowledge of application development is preferred but is not necessary
Chapter 1: Threat Modeling Overview
- What is Threat Modeling?
- The Threat Model Parlance
- Security is a Balancing Act
- Design Flaws and Risk Rating
- Why Threat Model?
- Threat Modeling vs. Other Security Practices
- Threat Modeling Frameworks and Methodologies
- List/Library Centric Threat Modeling
- Asset/Goal Centric Threat Modeling
- Threat Actor/Attacker Centric Threat Modeling
- Software Centric Threat Modeling
- Trust Boundaries vs. Attack Surfaces
- Modern Threat Modeling Approaches for Agile and DevOps
- Risk Management Strategies with Examples
- Avoiding Risks
- Accepting Risks
- Mitigating Risks
- Transferring Risks
- Hands-on Exercises:
- Breakout Sessions to Identify Threats for a Multi-Tiered Application
Chapter 2: Threat Modeling Basics
- Threat Modeling and Security Requirements
- Threat Modeling vs Threat Rating
- Diagramming for Threat Modeling
- List Centric Threat Modeling
- Exploring the STRIDE Model
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privileges
- Pros and Cons of STRIDE
- STRIDE defenses
- Authentication
- Integrity
- Non-Repudiation
- Confidentiality
- Availability
- Authorization
- STRIDE Threat examples
- Goal/Asset Based modeling Approach
- Attack Trees
- Attack Tree Analysis
- Attacker/Threat Actor Centric Modeling Approach
- Using MITRE ATT&CK for Attacker Centric Threat Modeling
- Software Centric Threat Modeling
- Other Threat modeling methodologies
- PASTA
- VAST
- Hybrid Threat modeling
- RTMP
- OCTAVE
- Gamified approaches for Threat Modelling
- Virtual Card Games
- Adversary Card Games
- Introduction to Threat Rating
- DREAD
- OWASP Risk Rating Methodology
- Bug Bar
- Rapid Risk Assessment
- Hands-on Exercises:
- Creating a Data Flow Diagram for Threat Modeling
- Using OWASP Cornucopia to Identity Web Related Threats
- Creating Threat Actor Personas
- Using Threat Actor Personas to Identify Threats
- Risk Rating with OWASP Risk Rating Methodology
Chapter 3: Agile Threat Modeling
- Agile Threat Modeling Approaches
- Threat Modeling Diagrams as Code
- Threat Modeling Inside The Code
- Threat Modeling as Code
- Compliance and Audit as Code
- Rapid Threat Model Prototyping
- Security Requirements as Code With BDD Security
- Events of Agile Software Development Through Scrum
- Writing Security Requirements for Agile Software Development
- Writing Use Cases and Abuse Cases
- Privacy Impact Assessments and Security Requirements
- Identifying Privacy Related Threats
- Hands-on Exercises:
- Writing Abuse Cases for Password Reset Workflow
- Threat Modeling Privacy for your system
- Exploring UML as Code
- Creating Attack Trees Using Code
- Writing Threat Models Alongside Code
- Writing Threat Models With Code
- Writing Threat Models As Code
- Writing Compliance As Code for PCI-DSS
Chapter 4: Reporting and Deliverables
- How To Manage Threat Models
- Documentation
- Backlog
- Bugs, and Tickets
- Code
- Automatio
- Threat Modeling Tools and Templates
- Microsoft Threat Modeling Tool
- OWASP Threat Dragon
- CAIRIS Platform
- Threat Modeling As Code Tools
- Freemium Tools
- Threat Model Templates and Examples
- Validating Threat Models
- Threat Model Versus Reality
- All Threats Accounted For Risk
- Mitigations Are Tested
- Are We Done Threat Modeling?
- Hands-On Exercises:
- Threat Modeling with OWASP Threat Dragon
- Threat Modeling Multi-Tiered Application with Irius Risk
- Threat Modeling for Multi-Cloud with Irius Risk
- Validating Threats with Automated Tests
- Validating Mitigations with Automated Tests
Chapter 5: Secure Design Principles and Threat Modeling Native, and Cloud Native Applications
- Exploring Principles of Secure Design with Examples
- Principle of Economy of Mechanism
- Principle of Fail Safe Defaults
- Principle of Complete Mediation
- Principle of Open Design
- Principle of Separation of Privilege
- Principle of Least Privilege
- Principle of Least Common Mechanism
- Principle of Psychological Acceptability
- Case Study of AWS S3 Threat model
- Case Study of Kubernetes Threat Model
- Case Study of Very Secure FTP daemon
CTMP Course Certification Process
- After completing the course, you can schedule the CTMP exam on your preferred date.
- Process of achieving Practical DevSecOps CTMP Certification can be found here.
Become a Threat Modeling Professional in 60 Days
What you’ll learn from the
Certified Threat Modeling Professional Course?
Threat Modeling Methodologies
- Apply STRIDE, PASTA, VAST, and RTMP frameworks
- Identify vulnerabilities before security incidents.
- Protect your systems and applications using proven techniques
Agile Threat Modeling Security Integration
- Build threat models into DevOps pipelines
- Integrate security within CI/CD workflows
- Transform security from blocker to enabler
Industry-Standard Tools
- Perform threat modeling with IriusRisk and Threat Modeler
- Create models with OWASP Threat Dragon and CAIRIS.
- Apply "Threat Modeling as Code" techniques
Risk Assessment Frameworks
- Prioritize risks using DREAD, OWASP Risk Rating Methodology and Mozilla RRA.
- Implement risk management techniques
- Communicate risks to stakeholders
Cloud-Native Security
- Design secure applications and Kubernetes workloads
- Analyze real-world enterprise case studies
- Validate cloud application security controls
Security Operations at Scale
- Build automation and reusable templates
- Coordinate security across multiple teams
- Meet PCI-DSS and compliance requirements
Benefits of Enrolling in the Practical DevSecOps Courses
Master today’s security challenges with our updated curriculum and hands-on labs, preparing you for real-world threats.
Browser-based lab
Access all tools and exercise directly in your browser. Enjoy a practical, hassle-free learning experience - no downloads or installations needed!
Explore commands with our new AI-Powered 'Explain to me' feature
Gain detailed insights into any command with our AI-powered feature, designed to enhance your understanding and accelerate your learning.
Master cutting-edge tools
Enhance your security skills through hands-on experience with the latest industry tools in our labs. Get equipped for real-world applications and stay ahead of industry changes.
Become a Threat Modeling Professional in 60 Days
Hear from our learners
Explore the global impact of our Practical DevSecOps Certifications through our learners’ testimonials.
Frequently asked questions
What are the prerequisites required before enrolling in the Certified Threat Modeling Professional Course?
To enroll in the CTMP course, students should have a basic understanding of security fundamentals such as confidentiality, integrity, and availability. While application development knowledge is beneficial, it is not mandatory.
What's included in the Certified Threat Modeling Professional course package?
The course includes 3 years of video access, 60 days of browser-based labs, 30+ guided lab exercises, a PDF manual, 24/7 student support, and a one exam attempt.
Do the labs for the Certified Threat Modeling Professional course start immediately after enrollment?
No, The Threat Modeling course does not begin automatically upon enrollment. After purchasing the course, students will have the opportunity to select their desired start date, which will mark the beginning of their course access period.
Does the course come with CPE points?
Yes, the course offers 24 CPE (Continuing Professional Education) points upon completion.
What is the exam format?
The exam consists of 5 challenges to be solved within 6 hours, followed by a 24-hour window to complete and submit the report for evaluation. For more information, visit this link.
Should I go to an exam center, or is the exam online?
Yes, it is an online exam. You can take the exam from the comfort of your home or office.
How long is the Certified Threat Modeling Professional course Valid?
Threat Modeling Certification is a lifetime credential. Once you’ve earned your certification, it will last throughout your career.
What's the Financial Return on completing the Certified Threat Modeling Professional course?
Here’s the reality: threat modeling is so specialized that even Fortune 500 companies have maybe a handful of experts who truly understand it. That scarcity is your opportunity.
While most security professionals earn $85,000–$95,000, CTMP-certified threat modelers command $140,000–$180,000. Why the massive difference? Because you’re one of the rare few who can actually do this work. The market is exploding from $1.06 billion today to a projected $58.13 billion by 2034, but there’s almost nobody qualified to fill these roles.
This isn’t just another security certification where you’re competing with thousands of others. Threat modeling is so niche that having CTMP certification basically makes you a unicorn. Security analysts, software architects, and senior developers are trying to break into this field, but very few actually master it.
Why Certified Threat Modeling Professional Course from Practical DevSecOps?
The first of its kind vendor-neutral Certified Threat Modeling Professional Certification delivers hands-on training through real-world exercises across all five chapters. Unlike theoretical courses, it focuses on practical implementation in DevSecOps environments with expert instructors who’ve successfully integrated threat modeling into Agile and CI/CD workflows.
What will you learn:
Implement four proven methodologies (STRIDE, PASTA, VAST, RTMP) to identify vulnerabilities before deployment.
- Create threat models using industry tools and “Threat Modeling as Code” techniques. Apply risk frameworks to prioritize issues and communicate effectively with stakeholders.
- Build scalable security processes that work across teams while meeting compliance standards.
Unmatched practical focus
70% hands-on labs for Mastering real-world scenario’s.
Expert-crafted curriculum
Get real-world insights from the experienced Security Experts.
Practical exam
Take a 6-hour examination to show what you have learned.
24/7 expert support
Future-Proof Your Career with Threat Modeling Training
Unlock your potential with Threat Modeling Training! Our Certified Threat Modeling Professional Course equips you with job-ready skills. Conquer the 6-hour exam with confidence and open doors to exciting opportunities and Challenges.