Since the detection of the Stuxnet and Duqu malware in 2010 and 2011, which were reported being the first malwares targeting SCADA and Industrial Control Systems, cyber attacks have significantly broadened their scope, regularly targeting not only “pure IT/ICT systems” but also Cyber Physical Systems. Nowadays attacks are almost regularly reported against transportation systems, energy plants, water treatment plants, or in the health sector, just to name a few. One of the biggest challenges in protecting such systems is represented by their complexity, because they are often the result of the interconnection among different systems, being in practice Cyber Physical Systems of Systems (CPSoS). The definition of a CPSoS implies a diversity of potential threats that can compromise the integrity of the system, targeting different aspects ranging from purely cyber-related vulnerabilities to the safety of the system as a whole. In such context, a fundamental step toward the development of a solid and (cost-) effective cyber-defense strategy is to perform since the early design stages of the systems a Threat Model step, which allows to identify and correct the design flaws which may impair the security and eventually the safety of the systems themselfes. During this lecture an introduction to threat modelling will be provided, with an overview of the possible Threat Modelling methodologies which can be applied to CPSoS and a discussion of the biggest challenges their application actually raises.