threat modeling, no exceptions ◦ All systems have the potential to be exploited, either by external threats (malicious users) or internal threats (stolen employee account, leaked credentials, etc.) • Since brainstorming is a large part of the process, the more minds you have, the better! ◦ Inviting members from various backgrounds (frontend, backend, QA, PMs, security, etc.) can help generate more diverse ideas When and who should do threat modeling? Image Source: Forbes.com