Design a lightweight, scalable threat-modeling practice that dozens of teams can self-serve.
Expected Points
- ✓Provide a lightweight, self-serve method teams can run themselves — e.g. the '4 questions' (what are we building, what can go wrong, what are we doing about it, did we do a good job) plus a simple DFD + STRIDE template.2
- ✓Risk-tier the work: trigger threat modeling on meaningful triggers (new trust boundary, new data classification, auth changes) rather than every PR; deep expert sessions only for high-risk/crown-jewel systems.2
- ✓Train and leverage security champions to facilitate threat models locally, with AppSec available as consultants / for review.2
- ✓Embed it in the SDLC at design time with templates in the design-doc process, and capture outputs as tracked, owned action items — not a throwaway diagram.2
- ✓Feed recurring threats back into paved-road defaults and reusable mitigations so the same risks are handled once, platform-wide.1
- ✓Measure coverage and quality (which significant changes got modeled, action-item closure) to show the practice is real and improving.1
At scale, threat modeling can't be a heavyweight AppSec-led meeting per project. The staff-level move is to template and democratize it — give teams a simple, repeatable method and reserve expert involvement for high-risk designs.