Learn cybersecurity threat modelling, risk assessment, and security validation through hands-on labs and practical scenarios. Experience hands-on labs replicating common vulnerabilities surfaced through Government Bug Bounty Programme, compete in a gamified 'Capture-the-Risk' challenge, and present threat-informed risk assessment projects. This intensive workshop combines theoretical foundations with extensive practical application, culminating in an open book assessment to demonstrate your newfound skillsets.
Key Takeaways
At the end of the programme, you will be able to:
Apply threat modelling techniques to identify and analyse key cybersecurity threats as part of risk assessment
Integrate threat modelling outcomes into the development of System Security Plans (SSPs) to strengthen risk management practices
Scope, assess, and validate security assessments, including penetration testing engagements, to ensure the quality and relevance of findings
Conduct threat-informed risk assessments and effectively communicate results through collaborative and scenario-based exercises
Who Should Attend
Please refer to the job roles section.
ICT&SS Professionals keen on threat modelling and/or in the following job roles – CISOs*, Cybersecurity Engineers*, Cybersecurity Policy Officers as well as Cybersecurity Operations Specialists (*CTM is mandatory for these job roles).
Programme Structure
This programme will cover the following topics:
Pre-workshop: Pre-reading materials and quiz
You will be provided with pre-workshop reading materials and are expected to complete a short quiz on the pre-workshop reading materials
Day 1 & 2: Threat Modelling & Risk Assessment
Partnering with Digital Governance Group
Recap on IM8 reform
Cover threat modelling and the streamlining of TM into our risk assessment to surface key threats for risk analysis
Practical hands-on labs on the application of threat modelling techniques and creation of SSP
Day 3: Understanding Security Assessment
Cover proper scoping of a Penetration Testing (PT) engagement and validating the quality of a PT engagement
Practical hands-on PT labs to appreciate vulnerabilities surfaced through GBBP exercises
Day 4: BYOP Presentation (“Capture-the-Risk”)
“Capture-the-Risk” gamified competition for applying and deeper internalisation of knowledge gained over the past three days
Participants (in teams) will have to present a threat-informed risk assessment project in an IDSC mock-up
Post-Workshop: Online Assessment
To be completed within one week after the end of the workshop (Format: 1-hour open-book exam)
Assess participants’ application of knowledge gained in the workshop
NOTE
You will need to use your laptops (GSIB/COMET/Personal Laptop) on certain days of the workshop.
Day 1, 2, 4: Non-SE GSIB/COMET
Day 3: Personal laptop/GFE with admin rights (e.g. SEED)
