Too Long; Didn't Read
In part one of this article, I started to look at the challenge of how to do threat modeling better as a development team. I recommend reading it first before continuing with this one. At this point, you should know your attackers, your assets and build a register of threats. This information should give you enough data to answer the second question of the threat modeling, "What could go wrong?" Then it's time to start digging into the third question - "What are we doing to do about it?"