Tools and techniques may change, but threat modeling persists. Threat modeling is the cornerstone for teaching all other digital security concepts: it helps learners to feel confident in planning their defense against risks, and helps facilitators to better teach to the concerns of their audiences. Help learners use the question-based methodology for assessing risks, and get them ready to understand what they face as well as to create a plan of action.
Gotchas and problems you might hit
It’s best to have a group of people who share the same general risks, concerns, and threats. If that’s not possible, you’ll want to prepare for when different threat models are in the same room.
People might be intimidated by the term “threat model” and associate it with military terms. (Actually, it historically comes from software development!) Some trainers prefer to call this activity “assessing your risks” for this reason.
- People might feel overwhelmed as they consider the five threat modeling questions.