Course Description

Short Course | 40 hours | 4.0 CEUs | $6,000

The Boeing Company's Cybersecurity Maturation Methodology (CMM) course was created in close coordination between Boeing Phantom Works and CT Cubed Inc. to fill a void in the professional education and training of Product Security Engineers, Systems Engineers, and Mission System Software Developers. CT Cubed Inc. leveraged experience gained from instructing at the US Air Force Weapons School’s Cyber Warfare Operations course to make the CMM course the success it is today.

Course Outline

    • CMM Overview
    • Security Architectures
    • Embedded Systems
    • Data Buses
    • System Integrity
    • Software Assurance
  • LABS
    • Attack Surface
    • Attack Trees
    • Risk Assessment: First Pass Risk Cubes
    • Security Controls Part 1
    • Security Controls Part 2
    • Residual Risk: Second Pass Risk Cubes
    • Live gamification play as students take on the role of the operator
    • Multi-round competitive down-selection between student teams
  • vMOUSE
    • The vMOUSE links all lessons and labs together. It is an unclassified, strictly academic, virtual, online learning environment. It supports other course material such as the vMOUSE concept of operations (CONOPS), attack surface, and information system boundary. The vMOUSE itself is a systemof-systems that includes communications, navigation, identification (CNI), system storage, sensors, vehicle management, and mission computer subsystems.

Learner Outcomes

By taking the CMM course, students will learn realistic threats to embedded systems, current adversary tactics, and the appropriate selection of security controls within a financially constrained environment. Students will also gain hands-on experience with the CMM using Boeing Proprietary processes and documentation. Students will be exposed to the entire production cycle from Request for Proposal to competitive demonstration. Students will learn to secure the platform each day as they work through challenging lab scenarios from attack tree development through risk analysis and security control tailoring. During the course capstone event, students will employ the lessons learned throughout the week against a thinking adversary and they will receive immediate feedback about their decisions.

  • Identify the unique challenges of embedded systems Understand the strengths & weakness of common data buses
  • Recognize the unique defense-in-depth aspects of platform systems
  • Develop platform attack surface diagrams
  • Think like the adversary & develop attack tree diagrams
  • Conduct risk assessments & develop first and second pass risk cubes
  • Identify residual risk Identify the necessary security controls for a given platform
  • Translate security controls into requirements to pass to suppliers
  • Balance platform performance & security requirements
  • Understand the "so what" behind compliance requirements
  • Make future-proof security design decisions and stop the "prisoner of legacy" condition
  • Apply Boeing's proprietary CMM processes to give your company a competitive advantage

Additional Information

Who should attend:

  • Recent engineering college graduates
  • Product Security Engineers
  • System Security Engineers
  • Mission System Software Developers
  • Boeing supplier and customer Engineers


There are no prerequisites for this course.


40 Hours | 5 Days or 10 Nights

Applies Towards the Following Certificates


Thank you for your interest in this course. Unfortunately, the course you have selected is currently not open for enrollment. Please complete a Course Inquiry or call 314-977-3226 so that we may promptly notify you when enrollment opens.

Required fields are indicated by .
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.