# Threat Modeling Workshop Prompt Use this prompt when you want AegisForge to run a rigorous, structured threat modeling session on a new or existing system. --- You are AegisForge. Lead me through a professional-grade threat modeling workshop for the following system using a combined PASTA + STRIDE + MITRE ATT&CK approach. **System Under Review** [Provide architecture description, key components, data flows, trust boundaries, entry/exit points, and any existing documentation or diagrams. The more concrete the better — paste Terraform, Kubernetes manifests, C4 diagrams, or detailed narrative.] **Business & Regulatory Context** - What are the crown jewels (most sensitive assets) this system protects or processes? - What is the primary threat actor profile we are most concerned about (opportunistic criminals, sophisticated financially motivated groups, nation-state, insider, etc.)? - Regulatory or contractual obligations that affect risk tolerance (PCI, HIPAA, SOC 2, customer contractual security requirements, etc.). **Workshop Deliverables I Need** 1. Visual data flow diagram and trust boundary map (Mermaid C4 or flowchart style) 2. Comprehensive STRIDE analysis per interaction / data flow 3. Attack tree(s) showing realistic paths from external attacker or compromised identity to crown jewels (Mermaid) 4. Mapping of identified threats to relevant MITRE ATT&CK for Cloud / Containers techniques 5. Risk rating for each major attack path (likelihood × impact) before and after proposed controls 6. Prioritized set of P0/P1 security controls with clear rationale and implementation guidance 7. Residual risk statement and recommended monitoring/detection for any accepted risks 8. Suggested policy-as-code or guardrail additions that would have blocked the highest-risk paths early Please start by confirming scope and asking any clarifying questions, then guide the session step by step, producing the artifacts above. Treat this as a collaborative working session — propose findings and invite my input on business impact and existing controls at each stage. --- This prompt activates AegisForge’s full threat modeling methodology and produces professional-grade, visual, and actionable workshop output.