Bodhi Security Logo
HomeServicesAboutInsightsContact Us
Where Does the Rain Get In? Why Threat Modeling Matters More Than You Think

Where Does the Rain Get In? Why Threat Modeling Matters More Than You Think

Jacob Combs
Jacob Combs
March 07, 2025

During college, I visited Frank Lloyd Wright's Fallingwater with friends. This architectural masterpiece showcases human creativity and ingenuity through its stunning integration with nature. Years later, while reminiscing about that visit, I researched the building further and discovered something surprising—even this architectural marvel suffered from leaks. Threat modeling is what happens when you stop admiring the blueprint and start asking: Where does the rain get in?

As someone who's spent years in product security, I've seen organizations invest millions in user experience and security tools while skipping the most crucial step: actually sitting down and thinking about how their products might let in the proverbial rain.

In my experience leading security programs across multiple organizations, I've found that threat modeling is the single most impactful activity for building resilient products. Yet just like Wright's masterpiece that still needed waterproofing, even the most elegant technical designs will have vulnerabilities if we don't systematically search for the cracks where threats can seep through.

The Secret Sauce: Collaboration > Methodology > Tools

The most effective threat modeling doesn't start with fancy tools or rigid frameworks. It starts with getting the right people in the room. Here's the hierarchy I've developed after facilitating hundreds of threat modeling sessions:

1. Collaboration: The Foundation

Threat modeling is inherently a team sport. The most insightful sessions I've led included:

  • Engineers who understand the product's inner workings
  • Testers who think about edge cases and unexpected inputs
  • Product managers who know how real users interact with features
  • Customer support teams who bring real-world usage scenarios
  • Security specialists who understand attacker mindsets

I once facilitated a session where a junior customer support representative identified a critical security flaw that had been overlooked by senior engineers. Why? Because they dealt with customers who were using the product in ways the engineers never anticipated.

Here's what happens when you do collaborate:

  • Engineers bring product design and functionality insights
  • Testers challenge assumptions
  • Product managers highlight real-world usage
  • Security guides the discussion (instead of dictating from the top)

The security ivory tower is dead. The best insights come from engaging those who build, operate, and support the product daily.

2. Methodology: The Framework

Once you have the right people, you need a structured approach to guide the conversation. I've experimented with various methodologies, and here's what works:

  • Start with Data Flow Diagrams (DFDs). Before talking about threats, everyone must agree on how data moves through the system. Without this shared understanding, security discussions become abstract.
  • Use threat-focused frameworks (STRIDE, PASTA, OCTAVE) as conversation starters and as a guide for ensuring comprehensive coverage of your system.
  • Adapt methodologies to fit your context. I've seen teams waste hours trying to force their unique product ecosystems into cookie-cutter frameworks.

3. Tools: The Enablers

The security industry loves to debate tools. I've seen heated arguments about threat modeling platforms that ultimately miss the point: the best tool is the one your team will actually use.

  • Complex doesn't mean secure. I've seen organizations invest in sophisticated threat modeling tools that nobody used because they were too cumbersome.
  • Documentation matters more than the platform. Whether you're using specialized software or sticky notes on a whiteboard, what matters is capturing insights and actionable outcomes.
  • Integration with development workflows is key. The most effective tools connect threat modeling outputs directly to issue tracking systems.

The AI Revolution in Threat Modeling

As someone who embraces technological advancement while maintaining healthy skepticism, I see AI transforming threat modeling in fascinating ways:

  • AI assistants can analyze vast product ecosystems, architectures, and implementations to flag potential security issues in seconds, accelerating the process dramatically.
  • Humans are shifting from execution to validation—instead of manually identifying every potential threat, teams can focus on evaluating and prioritizing AI-generated insights.
  • The potential downside? Loss of deep understanding. When AI does the heavy lifting, teams may lose the intuitive security awareness that comes from actively thinking through attack scenarios.

The sweet spot is using AI to augment human expertise, not replace it. In recent sessions, I've started using AI to generate initial threat models that the team then refines, challenges, and extends.

Practical Takeaways

If you're looking to elevate your security posture through threat modeling, here's what I recommend:

  1. Start with people, not tools. Identify representatives from development, testing, product, and customer-facing teams who can contribute diverse perspectives.
  2. Choose a methodology that fits your culture. If your organization values creativity, use more open-ended approaches. If structure is your strength, leverage more formal frameworks.
  3. Document outcomes, not just threats. Effective threat modeling results in clear, prioritized action items linked to business impact or risks.
  4. Make it a continuous conversation. Threat modeling isn't a one-time event but an ongoing practice that evolves with your product.
  5. Embrace AI as an assistant, not a replacement. Use emerging tools to accelerate the process while maintaining human judgment.

The Final Word

Security without threat modeling is like Fallingwater without proper waterproofing—you might have created something beautiful and innovative, but inevitable leaks will compromise its integrity over time. Just as Wright's architectural vision required understanding where the rain would get in, your security strategy needs this same fundamental analysis.

In my experience, the organizations that prioritize collaborative threat modeling don't just build more secure products—they build more thoughtful, resilient teams that, like good architects, can anticipate where vulnerabilities might appear and design systems that remain standing, dry, and secure even when the storms come.

Is your organization proactively identifying and mitigating security risks before they become costly vulnerabilities? At Bodhi Security, we specialize in helping businesses implement effective, collaborative threat modeling processes that strengthen product security without slowing innovation.

Our team of experts brings deep technical knowledge and real-world experience to guide your teams in identifying potential threats, refining security strategies, and integrating threat modeling seamlessly into your development lifecycle. Whether you're building your first threat model, refining your approach, or looking to leverage AI-driven insights, we provide the tailored expertise you need.

Contact Bodhi Security today at [email protected] to schedule a consultation and take the first step toward building more resilient, secure, and future-proof products.

If you want to read further on threat modeling, I suggest the following sources: