2025-11-15 –, Hochschule München - R0.007
This 4-hour interactive workshop teaches the fundamentals of threat modeling using the 4-question framework. Participants will gain hands-on experience through practical scenarios, learn key terminology and best practices, and discover how to integrate threat modeling into their development processes. Designed for both technical and non-technical roles involved in software development decision-making, attendees will leave with immediately applicable skills and tools to support threat modeling in their organizations.
In this 4-hour interactive workshop, you'll learn the fundamentals of threat modeling, how to apply the 4-question framework to real-world systems, and how your role-based perspective adds depth and accuracy to the process of identifying and prioritizing threats. Participants will work through practical scenarios and leave with immediately applicable skills. The main takeaway will be a clear understanding of the methodology, hands-on experience with examples, and the ability to actively support threat modeling for your systems.
Content:
- The 4 Questions Framework for Threat Modeling
- Hands-on exercises using non-technical and technical scenarios
- Key definitions and terminology
- Best practices for integrating threat modeling into the software development lifecycle
- Common pitfalls and how to avoid them
- Tools and templates for getting started
Who should attend:
This workshop is designed for personnel in both technical and non-technical roles within their organizations - anyone who contributes to decision-making in the software development process. This includes developers, security professionals, product managers, architects, project managers, and team leads.
threat modeling, security by design
Founder & Security Community Expert @ FullCyrcle Security
Juliane Reimann has worked as a cybersecurity consultant for large companies since 2019, with a focus on DevSecOps and community building. Her expertise includes building security communities among software developers and establishing developer-centric communication around secure software development topics. Before entering the cybersecurity field, she founded several companies in web development. Her web development background provides her with extensive knowledge of the software development lifecycle. Since 2024, she has been a core member of the OWASP Security Champions Guide Community.