Timo Pagel | Web Security Training Expert

Agile Threat Modeling


Approximately 50% of threats in a system are related to architecture and design, so companies should act proactively at this point.

Thread modeling is a methodical approach that uses attack scenarios to identify threats in the system design that lead to real-life consequences for the system or business.

Under the pressure of digital transformation, the temptation for business managers/product owners to continuously deliver technical features is great.

However, security is also a permanently required feature and quality goal that customers expect and deserve.

In the workshop, the participant will be introduced to the approach according to the proven STRIDE method in a clear and comprehensible way with a mix of theory and practical exercises using show cases.

The workshop concludes with the participants learning how to make threat modeling attractive to employees who are not so security-savvy by using playful elements in the form of a card game.

Train efficiently


  • Get to know Secure Design principles

  • Participants gain basic theoretical knowledge and based on this methodological knowledge in order to carry out a risk assessment of (web) systems

  • Threat Modeling as a method to discover design vulnerabilities

  • Create awareness of high cost and effort to fix design vulnerabilities

  • Getting to know gamification elements

  • Tips and tricks for applying threat modeling in practice

Target Audience

Developers, architects and DevOps engineers, but also product managers and IT security architects with a basic understanding of IT architectures.



During the workshop, topics are presented and participants perform hands-on analyses in a training environment. In some cases, measures are implemented.
During this workshop with a mix of hands-on and lecture, developers and administrators learn about threats and measures when using container technologies.

  • Technically highly specialized and customized to your needs
  • Structured and practice-oriented
  • Playful learning
  • Participants are interactively involved
  • Balancing heterogeneity in prior knowledge

More about the training methodology here.


Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation