KMS policy peer review caught an over-broad grant we had shipped months ago.
Advanced
Security Review Studio for AWS Designs
You bring a one-page architecture and walk through STRIDE-inspired prompts adapted for VPC-bound workloads. Mentors annotate with blunt, constructive notes you can attach to design review tickets.
From ¥88,000 JPY
Included focus areas
- STRIDE prompt cards tuned for serverless + VPC
- Secrets handling red-team style checklist
- KMS key policy peer review
- Evidence capture for change advisory boards
- Incident learning note template
- Japanese/English phrasing for risk statements
- Follow-up office hour coupon (30 days)
Artifacts you should exit with
- Produce a marked-up threat model for your sample system
- List compensating controls with owners
- Record two questions your CAB will expect answered
Mentor anchor
Former CISO advisor for mid-market manufacturers; prefers short memos over slide decks.
Owen Blake
Primary reviewer for this track
Participant questions
Not performed in class; we discuss how to scope external tests responsibly.
Yes with mutual NDA; bring your own architecture, not customer confidential data.
Legal sign-off or insurance guidance.