Running Interactive Threat Modeling Workshops for Developers
Designed for Senior software developers tasked with integrating threat modeling practices into their agile teams for the first time, often with limited security background. to spark real collaboration and high-energy learning.
A 90-minute hybrid workshop designed for developers who are expected to lead or participate in interactive threat modeling. Many have seen threat modeling as either too abstract or 'security-only,' resulting in low engagement and unclear benefits. The format includes breakout groups, live collaboration boards, and a mix of virtual and in-person attendance.
Reverse Threat Hunt
Kick off with a rapid-fire challenge: show developers a seemingly innocuous user story (e.g., 'User uploads profile image') and ask, 'What’s the worst thing that could happen?' Participants are encouraged to speculate wildly for 3 minutes, building anticipation before revealing actual threat vectors related to the story.
Tap to view the full activity.
Why this works
Curiosity-driven speculation wakes up analytical thinking and primes learners for deeper risk exploration, making threat modeling feel relevant and unpredictable.
Myth-Busting Threat Cards
Hand out (physically or digitally) cards with statements like, 'Threat modeling is only for security experts,' 'Developers don’t create threats,' and 'Threat modeling slows down sprints.' Each group sorts them into 'True' or 'False,' then discusses the rationale as you reveal research-backed answers.
Tap to view the full activity.
Why this works
Directly confronting misconceptions (and why they exist) builds trust and clarity, setting the stage for learning.
Silent Scenario Sketch
Each participant sketches or writes a simple threat scenario based on a familiar app feature, but does so silently and independently. After 3 minutes, everyone shares their sketch in a breakout, with no pressure to present or defend their ideas—just quick, anonymous sharing.
Tap to view the full activity.
Why this works
Low-pressure participation removes fear of ‘wrong answers,’ encouraging broader engagement and making risk identification accessible for introverts.
Threat Modeling Relay Race
Split participants into three teams. Give each a chunk of the same app diagram. Teams have 5 minutes to identify threats, then pass their findings to the next group, who adds mitigations. As the relay moves, energy builds, culminating in a rapid review and applause for creative solutions.
Tap to view the full activity.
Why this works
Gamified, high-energy collaboration pushes participants to move quickly, think on their feet, and celebrate collective creativity.
Live ‘Fix or Ignore?’ Dilemma
Present developers with a real incident: ‘Open redirect vulnerability was found before launch.’ Ask, ‘Should we fix or ignore, and why?’ The group votes, then hears the business impact story from a true case where ignoring led to a breach.
Tap to view the full activity.
Why this works
Connecting learning to real dilemmas (and consequences) grounds threat modeling in business reality, not just academic exercise.
Threat Reflection Wall
Wrap up by inviting each participant to post (physically or digitally) their biggest personal takeaway: ‘One threat modeling insight I’ll use in my next sprint is…’ The wall becomes a visual record, and each person reads one aloud, connecting learning to action.
Tap to view the full activity.
Why this works
Active reflection helps cement new habits, making learning actionable and personally relevant.
Sign up to unlock 3 more activities
Get the full pack, facilitation flow, and more ready-to-run ideas.