Risk Management and Security Strategy Training (On-site Training)

The Risk Management & Security Strategy Training enables people from all (yet, mostly IT-oriented) backgrounds to facilitate and improve the outcomes of thought- and decision making processes in complex environments which are subject to (lots of) uncertainty. The training specifically works its ways from introducing the participants to different aspects around people’s thought processes to introducing the more technically oriented threat modeling practices. Having set the stage into an adverse world of threat-oriented thinking, we’ll adapt our perspectives to more credible, actionable analysis products: risk analysis based on various qualitative as well as quantitative methodologies. Having enabled the analytical and risk-oriented thinking and decision making we’ll embark on the journey to identify strategic security roadmaps. Attendees extent their analytical toolbox by using structured practices and methodologies to develop sound, logical, adaptive security strategies driving and improving an organization’s security and resilience on a continuous level.

The attendees learn to work with the following methods, standards, and frameworks as key takeaways of this course:

  • Threat Modeling techniques like Attack Trees, STRIDE, and P.A.S.T.A. and how to implement threat modeling at scale
  • Applying risk analysis methods described in ISO31000, the NIST Risk Management Framework, and an outlook on quantitative analysis of the Cyber Risk Quantification domain
  • Getting an understanding what differences between qualitative and quantitative risk analysis methodologies exist and which approach might be better suited for one’s work
  • Introduction into Information Security Management frameworks like ISO27000 family, NIST Cybersecurity Framework, and the assessment of a security organization’s maturity
  • Developing a security strategy by applying structured methods from above frameworks as well as an introduction to Wardley Maps
  • Learning of various cognitive biases that might influence one’s analytical thinking and outcomes of complex thought processes
  • Completing their toolbox to facilitate strategic red teaming exercises and playing the devil’s advocate for improving the strategic decision management and improving the organization’s resilience by applying adverse thinking


  • Introduction & Setting the Scene
  • Basics & Fundamentals - Taxonomy of Threats and Risks
  • Threat Modeling Introduction and Exercises
  • Risk Analysis Introduction and Exercises
  • Bascis & Fundamentals - Taxonomy of (Security) Strategy
  • Structured & Strategic Security Thinking
  • The Devil’s Advocate’s Toolbox of Security Strategy
  • From Intangible Security Work to Tangible Security Outcomes

About the Speaker