Threat Model training through Gamification

Track: Threat Model
When: Thu PM-3
Where: Kings
Organizers Steven Wierckx Steven Wierckx , Orid Ahmed Orid Ahmed
Participants Adam Shostack Adam Shostack , Fraser Scott Fraser Scott , Luis Saiz Luis Saiz , Sara Davis Sara Davis , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris


Training is a crucial activity in AppSec. Security must abandon the silo in which it has lived the last decades to become one more indicator of the quality of a software product. And to do this we need to train people and make security something transversal. Gamification has become a very interesting alternative to train people. As children we learn by playing and we should not stop learning while we play when we become adults.


Open discussion: There are some traditional card games out there to learn Threat Modeling but… wouldn’t be great to play a collaborative Role-playing Game (RPG) about Threat Modeling? Users can play in teams to defeat another teams trying to find weaknesses in the countermeasures of the digital world each team has to build.


This Working Session will publish a document with the specifications of the game.

Register as participant

To register as participant add Threat Model training through Gamification to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions