Explain threat modeling using real-world non-technical examples.

• The key steps of threat modeling—identifying threats, assessing vulnerabilities, and mitigating risks—are crucial for protecting individuals, assets, and organizations in non-technical contexts. It's about being proactive and strategic in anticipating and addressing potential problems before they occur.

What are the four questions that can help us organize threat modeling?

• What are we building? What can go wrong? What are we going to do about it? Did we do a good enough job?

You are the project lead for a new application. How would you explain the benefits of Threat Modeling to the rest of the team?

• Threat modeling is a proactive approach to security that helps us identify and mitigate potential risks early in the development process, ultimately leading to a more secure and resilient application.

Resource: https://owasp.org/www-community/Threat_Modeling

https://www.ockam.io/blog/introduction_to_STRIDE_security_model