Soatok's Informal Guide to Threat Models
The article discusses the concept of threat modeling in cybersecurity, emphasizing its importance in protecting against potential threats. It provides a guide for beginners, outlining the basic questions a threat model should answer, such as what is being protected and who wants to harm it. The article also highlights the importance of being clear about assumptions and updating threat models regularly.
- ▪A threat model is a formal cybersecurity process that answers basic questions about what is being protected and who wants to harm it.
- ▪Threat models should be living documents, updated whenever necessary, to reflect changing circumstances and new information.
- ▪The Threat Modeling Manifesto is a resource for those looking to do threat modeling professionally.
Opening excerpt (first ~120 words) tap to expand
Categories Software Security Soatok’s Informal Guide to Threat Models Post author By Soatok Post date June 30, 2026 After a long day of exhausting conversations about Hybrid Post-Quantum Cryptography, random jackasses trying to play gotcha with endpoint attacks against end-to-end encrypted messaging apps, and message board discussions in the wake of dumb politicians pushing more “age verification” bullshit on us all, it’s become abundantly clear to me that the phrase “threat model” is a foreign concept to most people. Except, y’know, as a buzzword. Art by Embyr.For context, this was commissioned during the era of anti-vaccine losers claiming to “do their own research” briefly co-opting the word “threat model” as a buzz word.I just still find it kind of funny even without this context.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Dhole Moments.