Security BSides Prague 2026

No more drowning in checklists! Change “we should probably be more secure” into an actual, risk-prioritized engineering backlog. In this hands-on workshop you’ll learn to threat model systems using STRIDE + data-flow diagrams. You'll leave with a repeatable approach you can drop into product work.

No more drowning in checklists! Change “we should probably be more secure” into an actual, risk-prioritized engineering backlog. In this hands-on workshop you’ll learn to threat model systems using STRIDE + data-flow diagrams. You'll leave with a repeatable approach you can drop into product work.

What we’ll do
Working in small groups, we’ll threat model a software system end-to-end:

• sketch a data-flow diagram (DFD) and identify trust boundaries
• apply STRIDE to systematically enumerate threatsprioritize threats by risk, focusing on what matters most
• turn results into a well-scoped mitigation backlog
• identify reusable security patterns you can apply elsewhere

What you’ll learn / take home

• A repeatable workflow for running a threat modeling session with your team
• How to spend more effort on high-impact risks (and less on low-value busywork) without losing the plot with auditors
• A set of “next actions” you can implement immediately: mitigations, logging/monitoring hooks, and design changes expressed as backlog items

Who it’s for

• Developers/engineers who own services in production

• Security champions embedded in product teams

• Architects / tech leads responsible for system design

Prerequisites & logistics
No special tools required: either bring pen and paper for diagrams or laptop with a lightweight drawing tool. Basic familiarity with software architecture helps, but you don’t need prior threat modeling experience.