Threat Modeling in Practice.

STRIDE, attack trees, and the threat model your team will keep updating.

Intermediate

Spalce Academy12 hours

Threat modeling that survives past the first review. We use STRIDE, attack trees, and lightweight whiteboard models, but the emphasis is on the social patterns that keep threat models current as systems evolve. Anchored in OWASP ASVS, NIST CSF, and the specific threat landscape Spalce engineers see in African fintech.

Taught by

Akua Mensah

Level

Intermediate

Format

Cohort

Duration

12 hours

Modules

Enroll Talk to Academy

Free for customers and partners; $699 otherwise

Outcomes

What you will be able to do.

Every outcome is what a Spalce engineer is expected to demonstrate after the equivalent on-the-job learning.

Lead a 90-minute threat modeling session that produces shippable mitigations.
Apply STRIDE to API, mobile, and data-plane scopes.
Map findings to OWASP ASVS and NIST CSF controls.
Keep the threat model alive as the architecture changes.
Prioritise mitigations by exploitability and business impact, not theory.

Prerequisites

What you need before you start.

Two-plus years in engineering or security

Curriculum

Module breakdown.

5 modules, paced for the cohort format.

Cohort cadence

Weekly live sessions
Async office hours
Reviewed capstone project

Threat modeling foundations

120 min

STRIDEDREAD critiqueAttack treesData flow diagrams

Modeling APIs and mobile

180 min

Auth flowsToken storageDeep link abuseApp tampering

Mapping to ASVS and NIST CSF

180 min

ASVS levelsCSF functionsControl selectionEvidence trails

Keeping the model alive

120 min

ADR integrationContinuous threat modelingChange triggersTooling choices

Live threat model lab

120 min

Threat model a real Spalce service end-to-end

Instructor

Lead instructor.

Spalce Academy instructors are working Spalce engineers, not paid externals.

Akua Mensah

Head of Security

Built Spalce's ISO 27001 program. Teaches threat modeling and secure cloud foundations.

3 courses in Spalce Academy

Credential earned

Spalce Threat Modeling Lead (STML)

Verifiable. Shareable. Honoured by Spalce partners and customer hiring teams.

See credentialing

Continue learning

Ready to start Threat Modeling in Practice?

Free for active Spalce customers and partners. Talk to us about a team subscription.

Enroll Back to Academy

Loading…

Threat Modeling in Practice.

STRIDE, attack trees, and the threat model your team will keep updating.

Enroll

Intermediate

Security Engineering Path

Spalce Academy12 hours

Taught by

Akua Mensah

Level

Intermediate

Format

Cohort

Duration

12 hours

Modules

Enroll Talk to Academy

Free for customers and partners; $699 otherwise

Outcomes

What you will be able to do.

Every outcome is what a Spalce engineer is expected to demonstrate after the equivalent on-the-job learning.

Lead a 90-minute threat modeling session that produces shippable mitigations.
Apply STRIDE to API, mobile, and data-plane scopes.
Map findings to OWASP ASVS and NIST CSF controls.
Keep the threat model alive as the architecture changes.
Prioritise mitigations by exploitability and business impact, not theory.

Prerequisites

What you need before you start.

Two-plus years in engineering or security

Curriculum

Module breakdown.

5 modules, paced for the cohort format.

Cohort cadence

Weekly live sessions
Async office hours
Reviewed capstone project

Threat modeling foundations

120 min

STRIDEDREAD critiqueAttack treesData flow diagrams

Modeling APIs and mobile

180 min

Auth flowsToken storageDeep link abuseApp tampering

Mapping to ASVS and NIST CSF

180 min

ASVS levelsCSF functionsControl selectionEvidence trails

Keeping the model alive

120 min

ADR integrationContinuous threat modelingChange triggersTooling choices

Live threat model lab

120 min

Threat model a real Spalce service end-to-end

Instructor

Lead instructor.

Spalce Academy instructors are working Spalce engineers, not paid externals.

Akua Mensah

Head of Security

Built Spalce's ISO 27001 program. Teaches threat modeling and secure cloud foundations.

3 courses in Spalce Academy

Credential earned

Spalce Threat Modeling Lead (STML)

Verifiable. Shareable. Honoured by Spalce partners and customer hiring teams.

See credentialing

Continue learning

Ready to start Threat Modeling in Practice?

Free for active Spalce customers and partners. Talk to us about a team subscription.

Enroll Back to Academy

Threat Modeling in Practice.

What you will be able to do.

Prerequisites

Module breakdown.

Threat modeling foundations

Modeling APIs and mobile

Mapping to ASVS and NIST CSF

Keeping the model alive

Live threat model lab

Lead instructor.

Akua Mensah

Spalce Threat Modeling Lead (STML)

More from Security Engineering Path.

Secure Cloud Foundations

AppSec and SecDevOps

Ready to start Threat Modeling in Practice?

Threat Modeling in Practice.

What you will be able to do.

Prerequisites

Module breakdown.

Threat modeling foundations

Modeling APIs and mobile

Mapping to ASVS and NIST CSF

Keeping the model alive

Live threat model lab

Lead instructor.

Akua Mensah

Spalce Threat Modeling Lead (STML)

More from Security Engineering Path.

Secure Cloud Foundations

AppSec and SecDevOps

Ready to start Threat Modeling in Practice?