30 January 2023
Recently one of the largest media corporations in the World approached us to train a team of software engineers and developers.
As one of the World’s top providers in bespoke training in technology, we were able to design a custom-made programme that would cover all aspects of training in a specially created course in Threat Modelling.
With ever increasing sophisticated attacks, cyber security is a priority for all organisations and none more so than an international broadcaster.
Most large organisations will have threat modelling frameworks that are designed to counter the specific threats associated with that organisation.
Outlining steps to prevent attacks and identify risk are essential and maintaining and updating knowledge can provide the necessary steps to preventing a major attack.
The training course would need to be tailor made towards the type of attack potentially faced by a broadcaster.
Why Our Training?
In identifying potential threats and vulnerabilities in a system, the training was tailored to teach the delegates how to make changes to the design and architecture of a system thus providing ongoing protection.
The goal of threat modelling is to improve the security posture of a system by prioritising and addressing the most critical threats. Threat Modelling is an advanced, structured approach to cyber threats that observes potential threat scenarios to test the system, identify weaknesses and points of insecurity before an attack is made. The modelling is often undertaken during the design stage, but ongoing training is necessary in order to prevent new and different types of attack.
After an initial consultation it was decided that a two-day training course, supplied via Zoom, would meet the objectives set by the Client team.
Some of the feedback from the course is listed below.
“Lots of information, very powerful labs, great support from the trainer throughout the labs. Presentation of the slides is very good, really nice clear explanations with a focus on practical steps. Sometimes it's too much information presented in the slides without enough breaks or examples in-between to help absorb. I left the labs feeling I could put all this knowledge into practice which is really important for this training to achieve.”. – Lucia, Software Engineering Training Lead
“Great course + brill subject matter. Day 1 was pretty intense, so it took time to review and absorb even after the day finished. However, Day 2 was spot on, putting everything into practice.” – Alex, Software Engineer / Security
“The thought that the delivery of content was well-paced, and the lab sessions were particularly useful for grasping how to put the ideas in to practice. The instructor was friendly, knowledgeable and responsive to questions and input from students.” BC, Software Developer
“Geoff's explanations were very clear. - I appreciated having plenty of time to create threat models on the second day of the course. - I liked the inclusion of a threat modelling approach from the perspective of AWS: STRIDE -> Principles from the security pillar of the AWS Well-Architecture Framework -> Controls (actions/mitigations). Toby, Junior Software Engineer
“Happy that it covered a breadth of content and have come away feeling more confident with greater understanding of how to do threat modelling and how to use various frameworks to enable next steps in developing more secure systems that involve everyone. The cadence of group lab exercises was good. “– Gauri, Software Engineer
“Overall, a well delivered and information-packed course which was as clear and concise as it probably could be. As an apprentice, I would have benefited from slightly more insight into how the different attack patterns and mitigations present themselves in a real-world context as it made some of the labs a little more difficult for me to participate in fully, although I appreciate, I'm not necessarily the target demographic and there is already a lot to cover.” – Cahal, Early Careers Apprentice (Software Engineer)
An excerpt from a 2 day JBI Threat Modelling training course showing an agile architecture session.
For further information on Cyber Security courses, please use the links below: