Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Threat modelling is the engineering discipline of doing all of the above (mindset + STRIDE + attack trees + ATT&CK + OWASP) for a specific system before you ship it. The artefact is a short document; the value is the conversation that produces it. Done right, it surfaces 80% of the security work a feature needs before any code is written.
A useful threat model fits on two pages: (1) what is this system, drawn as boxes and arrows; (2) what's the trust boundary at each arrow; (3) what could go wrong at each boundary (STRIDE); (4) what controls handle each; (5) what residual risk remains.
Use these three in order. Each builds on the one before.
In one paragraph, explain what a threat model artefact looks like in practice.
Walk me through threat-modelling a specific feature step by step — what's drawn, what's discussed, what's written down.
How do you keep a threat model alive as the system evolves? When does it stop being useful?