iSAQB® EMBEDDEDSEC
The iSAQB® EMBEDDEDSEC course trains software architects and engineers to design secure embedded systems. Through theoretical lectures and practical case studies, participants learn to identify vulnerabilities and apply security controls at the architectural level.
Description
The iSAQB® EMBEDDEDSEC course trains software architects and engineers to design secure embedded systems. Through theoretical lectures and practical case studies, participants learn to identify vulnerabilities and apply security controls at the architectural level.
Key topics include:
Threat modeling and risk assessment
Cryptography for resource-constrained devices
Secure boot and firmware updates
Hardware Security Modules (HSM) and Trusted Execution Environments (TEE)
The training prepares professionals to meet compliance requirements for industry standards like ISO/SAE 21434 and IEC 62443. After completion, attendees can systematically plan and implement security mechanisms within embedded software architectures.
No sessions available
Check back later or contact a provider directly.
What You Will Learn
Curriculum Structure (iSAQB CPSA-Advanced, module EMBEDDEDSEC), based on the official curriculum PDF.
Module 1- Introduction
Security as a quality attribute in architecture, and trade-offs with other quality attributes
Security properties, including confidentiality, integrity, availability, plus authentication, authorization, non-repudiation
Security across the product lifecycle (conception to decommission), including Secure Development Lifecycle concepts
Security-related regulations, standards, and guidelines, with examples such as ISO/IEC 25010, IEC 62443, ISO/SAE 21434, UN R 155, UN R 156, ETSI EN 303 645, NIST SP 800 series
Module 2- Analysis
System definition and system context for security analysis
Assets and damage scenarios
Threat modeling concepts such as threats, attack paths, attack trees, feasibility, impact, and risk
Deriving security goals and security claims from analysis results
Module 3- Verification
Techniques to verify and validate security properties in embedded systems
Module 4- Cryptography (recommended minimum: 90 minutes)
Cryptography fundamentals relevant to embedded architectures and security goals
Module 5- Attacks (recommended minimum: 120 minutes)
Common embedded attack patterns and how they affect assets, goals, and architecture decisions
Module 6- Embedded Design Considerations (recommended minimum: 120 minutes)
Security-relevant qualities, technologies, and architectural considerations for embedded systems
Module 7- Embedded Security Design Patterns (recommended minimum: 270 minutes)
Security design patterns for embedded architectures, and selecting control measures based on risk
Total recommended minimum duration: 1080 minutes (18 hours), typically at least 3 days of training. Source: iSAQB EMBEDDEDSEC curriculum (PDF)
Certification & Exam
The iSAQB® EMBEDDEDSEC course prepares participants for the iSAQB CPSA® Advanced Level program by covering the Advanced Level module Embedded Security for Architects (EMBEDDEDSEC).
The module can be attended independently of holding a CPSA-F certificate, and it contributes credit points that can count toward eligibility for the CPSA-A certification exam. In this module, participants learn how to design embedded system architectures that reflect defined security goals, including methods to identify assets worth protecting, derive security goals, recognize common attack patterns, and select appropriate design patterns and controls. The curriculum also includes approaches to verify and validate security properties in embedded systems.
Official source: iSAQB EMBEDDEDSEC curriculum (PDF).
What You Will Achieve
Course outcomes for iSAQB® EMBEDDEDSEC
Analyze embedded architectures for security attributes and trade-offs using ISO/IEC 25010, ISO/SAE 21434, and IEC 62443 standards.
Create system definitions and context views, including interfaces and assets, to support security analysis and threat modeling.
Apply threat modeling methods such as STRIDE, data flow diagrams, and attack trees using attacker, asset, or system-centric approaches.
Evaluate security risks by mapping threats to damage scenarios and rating them with CVSS and ISO/SAE 21434 frameworks.
Select security verification activities, including SAST, DAST, IAST, fuzzy testing, and vulnerability scanning for embedded software.
Apply cryptographic mechanisms, including symmetric and asymmetric encryption, hashing, and key derivation, to specific embedded use cases.
Analyze attacker profiles and vulnerabilities using data from CVE, CWE, OWASP, SANS, and BSI to inform architecture decisions.
Design security controls such as Secure Boot, signed firmware updates, and secure coding practices based on MISRA and CERT guidelines.
Training Providers
1 providerFAQs
Get Custom In-house Training
Post once, get competitive offers from multiple providers. Choose the one that fits your team.
Similar Trainings
iSAQB® Foundation Level Certification (CPSA-F)
The iSAQB Foundation Level (CPSA-F) training covers software architecture design and documentation for small and medium systems. It teaches architects and developers how to turn requirements into technical structures. Key topics include: Architect roles and definitions. Design patterns and principles. Documentation methods for decisions. Quality evaluation techniques. Practical exercises and theory prepare participants for the official CPSA-F exam.
iSAQB® ADOC - Architecture Documentation Certification
The iSAQB® Architecture Documentation (ADOC) training is an Advanced Level module within the Certified Professional for Software Architecture (CPSA-A) program. The course shows how to document software architectures in a clear and structured way so that developers, architects, and stakeholders can understand and use them in real projects. Participants learn how to create architecture documentation that supports communication, decision making, and long term system maintenance. The training uses well known methods such as arc42 , common diagram types, and clear documentation rules that are widely used in professional software architecture work. The course also explains how good documentation helps teams share knowledge, reduce misunderstandings, and keep systems maintainable as they grow. Through practical examples and exercises, participants learn how to describe architecture decisions, structure documentation, and present complex systems in a simple and consistent way.
iSAQB® AGILA - Agile Software Architecture Certification
The iSAQB® AGILA module is an Advanced Level training course within the Certified Professional for Software Architecture – Advanced Level (CPSA-A) program. The course focuses on how software architecture works in agile development environments. Participants learn how to design and evolve software systems in agile teams where architectural responsibility is shared . The training shows how architects and developers make architecture decisions during short development cycles while keeping systems stable and maintainable. The course also explains how to balance architecture, speed, and quality in agile projects. Topics include collaborative design practices, continuous architecture work, and practical approaches for identifying and managing technical debt during iterative development.
iSAQB® ARCEVAL - Architecture Evaluation Certification
The iSAQB ARCEVAL course teaches systematic methods to evaluate software architectures. This module of the Certified Professional for Software Architecture (CPSA) Advanced Level helps professionals verify if a system meets its quality requirements. ATAM: Identifying risks and design trade-offs. Quality Models: Using ISO/IEC 25010 to define software quality. Review Techniques: Performing audits using checklists and walkthroughs. Economic Evaluation: Analyzing the cost-benefit of technical decisions. This training is for software architects and senior developers who must justify technical choices. Participants learn to document results and provide clear recommendations. Completion provides credit points toward the iSAQB CPSA-A certificate.
iSAQB® CLOUDINFRA - Advanced Level Certification
The iSAQB® CLOUDINFRA Training will familiarize you with the underlying concepts and implementation methods of dynamic cloud-native architectures . How can you operate applications reliably with containers, which methods can be used to set up a target-oriented monitoring system, how can you create a demand-oriented alerting system?
iSAQB® DDD - Domain Driven Design Training
iSAQB® Domain Driven Design (DDD) is an advanced iSAQB module where you can learn to develop a language and use DDD models to connect different applications. Using the sample apps, you can learn the individual steps in DDD training in tecnovy. It is an application-oriented and high-quality software architecture.