CT Cubed Inc.

Cybersecurity Maturation Methodology Training

Where Product Security meets Cybersecurity

Upcoming Training: TBD

The Boeing Company’s Cybersecurity Maturation Methodology (CMM) training was created in close coordination between Boeing Phantom Works and CT Cubed Inc. to fill a void in the professional education and training of Product Security Engineers, Systems Engineers, and Mission System Software Developers. CT Cubed Inc. leveraged experience gained from instructing at the US Air Force Weapons School’s Cyber Warfare Operations training to make the CMM training the success it is today.

Who Should Attend (Open to non-Boeing employees)
Recent engineering college graduates
Product Security Engineers
Systems Security Engineers
Mission Systems Software Developers
Boeing supplier and customer Engineers


What Students Will Learn

By taking the CMM training, students will learn realistic threats to embedded systems, current adversary tactics, and the appropriate selection of security controls within a financially constrained environment. Students will also gain hands-on experience with the CMM using Boeing Proprietary processes and documentation.
Students will be exposed to the entire production cycle from Request for Proposal to competitive demonstration. Students will learn to secure the platform each day as they work through challenging lab scenarios from attack tree development through risk analysis and security control tailoring. During the training capstone event, students will employ the lessons learned throughout the week against a thinking adversary and they will receive immediate feedback about their decisions.

Students Will Be Able To
Identify the unique challenges of embedded systems
Understand the strengths & weakness of common data buses
Recognize the unique defense-in-depth aspects of platform systems
Develop platform attack surface diagrams
Think like the adversary & develop attack tree diagrams
Conduct risk assessments & develop first and second pass risk cubes
Identify residual risk
Identify the necessary security controls for a given platform
Translate security controls into requirements to pass to suppliers
Balance platform performance & security requirements
Understand the “so what” behind compliance requirements
Make future-proof security design decisions and stop the “prisoner of legacy” condition
Apply Boeing’s proprietary CMM processes to give your company a competitive advantage



Boeing Defense, Space & Security (BDS) Cybersecurity Maturation Process (CMM) Overview
Security Architectures
Embedded Systems
Data Buses
System Integrity
Software Assurance


Attack Surface
Attack Trees
Risk Assessment: 1st Pass Risk Cubes
Security Controls Tailoring Part 1
Security Controls Tailoring Part 2
Residual Risk: 2nd Pass Risk Cubes


Live gamification play as students take on the role of the operator
Multi-round competitive down-selection between student teams


The MOUSE (Mobile Optical Ultrasonic Sensor Explorer) links all lessons and labs together. It is an unclassified, strictly academic, virtual, online learning environment. It supports other training material such as the MOUSE concept of operations (CONOPS), attack surface, and information system boundary. The MOUSE itself is a system-of-systems that includes communications, navigation, identification (CNI), system storage, sensors, vehicle management, and mission computer subsystems.



As featured on Boeing News Now article: Not Just Any Game of Cat and Mouse Boeing-developed cybersecurity training offers interactive hands-on training to engineers, suppliers and customers.

Student Experiences

It is a course that largely covers what would normally encompass skills gained over the course of years. I think ALL product security folks, no matter time in company, should take this class.”

– Boeing Senior Product Security Engineer

I think you packed a lot of information and thought process in a short period of time, and delivered it in a fun, engaging way! I really enjoyed your knowledge, organization, and delivery of the material.’

– Boeing Senior Software Security Engineer

I really enjoyed your course! This training has definitely set a solid framework that I can use moving forward into this Industry.’

– Boeing Systems Security Engineer

Training and Pricing

After successfully completing the training, students will receive memo certifying the completion of the 40-hour CMM training. This memo can be used by students to server as proof when logging continuing education unit requirements for industry certifications.

Contact us for questions, scheduling, and pricing.

1-888-638-6814 | [email protected]

Colorado Springs
Las Vegas