Home Riscure Academy Automotive Security & ISO 21434

Automotive Security & ISO 21434

Riscure Academy - Online Group Training

For architects, designers, and developers to better understand automotive security and become aware of.


4 courses

4 weeks

16 hours self-paced eLearning and practical exercise

4 hours Live Mentoring


70% or higher on final assessment





Live mentoring


Self-paced eLearning

Scheduled live mentoring

Spaced for efficiency & effectiveness

Scale to multiple groups

After this program participants will be able to

Security Engineering

Recognize security assets in a TOE

Understand how to apply the attack tree method

Rate and select attack paths

Describe main methods of defence

Embedded Systems

Use open source tooling to identify PCB interfaces

Determine relevance of a component for security

Understand relevance of a component to an attacker

Create and apply countermeasures

Defence & Countermeasures

Evaluate required security properties of an asset

Understand modern threats: implementation attacks, SCA, FI

Understand the role of team work in implementation of security primitives

Understand how modern countermeasures can protect against modern threats

Automotive Security & ISO 21434

This program helps architects, designers, and developers of bootloaders become aware of common security mistakes and teaches how to correct or avoid these in a highly practical way.

An automotive E/E solution that does not protect from an adversarial action cannot be considered state-ofthe-art. Breached security of a safety-critical component leads to potential liability and may result in a costly delay in production because you cannot meet your functional safety requirements any longer. Based on years of experience developing and certifying secure devices and software across various industries, Riscure has created a dedicated interactive Automotive Security Training.

What makes this program unique?
In this learning path we bridge the gap between formalized safety frameworks such as ISO 26262, SAE J3061-20161 and ISO/SAE 21434 (draft version) and the best practices in security


Architects, designers, and developers of bootloaders


Analyze implementation trade-offs
Implement a secure bootloader
Harden a bootloader


Fast Track Your Security

  • Introduction to automotive security events that shaped the
  • industry and a comparison with other industries.
  • Security terminology and key concepts.
  • Industry security practices from payment to content protection.
  • Safety ≠ Security and how to integrate security in automotive development processes.

Security Requirements Engineering

  • The role of security requirements and why they are issued (based on SAEJ3061)
  • Implementation challenges (e.g. unrealistic requirements), how to work with assumptions, expectations, and processes.
  • Threat modelling: compare/contrast MITRE TARA, EVITA, STRIDE/DREAD, HEAVENS and Common Criteria
  • Case: Mock-up case study (TARA)

Secure Code Development

  • Why MISRA-C compliant code may not be secure code.
  • Secure coding best practices based on 15+ years of code reviews.
  • Understanding costs and trade-offs of secure coding during early development
  • Real world challenges: hunting vulnerabilities, linked vulnerabilities, and inherited vulnerabilities.

Understanding ISO/SAE 21434

  • Recent events in cybersecurity domain: who is affected? ISO/SAE 21434, SAE J3101 and UN ECE regulations and how safety and security contrast
  • Understanding ISO/SAE 21434 changes. Explore Cyber Assurance Levels (CALs) and map ISO21434 (w.r.t ISO26262) to useful resources.

Lead developer

Name Here

Actionable and indispensable knowledge of security in Embedded Systems and IoT devices. Training on hardware and software security in a classroom setting, online or hosted in your own knowledge program.

Let’s schedule a digital meeting

Get Started Today

Don’t let your organization’s embedded systems become an easy target. Invest in the security and success of your business by partnering with Riscure Academy. Contact us today to discuss your training needs and explore our approach. Together, we’ll empower your team to secure your organization’s future.

Get in touch with us

Feel free to contact us anytime at inforequest@riscure.com or fill out the form below.

By checking this box you agree to process your data according to Riscure's privacy policy:
Check this box to also subscribe to our monthly newsletter:

Frequently asked questions

Do you do individual training?
Individual training is available for self-enrollers within enterprises, but we do not training for individuals outside of organizations. For individuals we recommend Self-Paced or Open training. If you are unsure, please get in touch by filling in the form below.
What is the minimum group size for your expert-led training program?
Minimum of 5 participants is required for our expert-led hybrid and classroom programs.
Are your programs delivered online or as classroom ?
Our training courses are delivered in various formats depending on the need and the subject matter. Programs can be deployed as online self-paced training, hybrid courses with expert-led sessions, or classroom-based instruction at Riscure facilities or the
customer's location. Our online programs blend self-paced e-learning, exercises, assessments, and in certain cases expert-sessions (like Q&A webinars or Group Exercises) with Riscure experts.
When can we start with the training/ what do the training schedules look like?
We do not have pre-defined dates for our training sessions. Instead, we aim to accommodate your preferred start time and schedule the spacing of training and relevant sessions accordingly. To ensure a seamless scheduling process, please provide advance notice of 3-4 weeks for our online group programs and 6-8 weeks for classroom programs, as this allows us to secure our trainers' availability. For online training by individuals (self-paced) any enrollment will be facilitated within days or weeks, depending on the level of integration with the customer training platform or HR system. For Open Training schedules, please, contact us by filling in the form below.
Does customer have access to the training materials after the program?
Participants in self-paced training have 180 days from enrollment to complete the courses, exercises, and tests, to receive their certificate of completion. After 180 days, they will still have access to the course materials, but they can’t receive the certificate any longer.
For expert-led group training, including online/hybrid and classroom formats, access to relevant training materials remains available after the training period. The formal training schedule with deadlines is coordinated between Riscure and the customer.