The 4-question philosophy is of course a useful and proven tool for guiding the threat model, but perhaps those 4 questions can too be useful for guiding a successful threat modeling program.
Having spoken to so many different practitioners of threat modeling, it’s clear that there’s variances in schools of thought, processes that work for one organization versus another, motivations, and challenges that different teams/orgs encounter.
I’d love to hear from the community your wisdom surrounding:
What were you trying to build (who owned the activity, etc.)?
What can go wrong (analysis paralysis, etc.)?
What did you do about it?
Finally…how did you evaluate if you did a good job?
Threat modeling is all about collaboration, so I’m curious what the community can share based on their experience