When it comes to privacy, one of the first things people mention is threat modeling. However, searching up how to do threat modelling shows me results targeted at people with some technical knowledge.
I am unfortunately not one of those people. So I’m left wondering how a non-technical person can come to develop a threat model. Is this even possible? If not, how much would I need to dedicate to develop the technical skills needed to create one? Which ones would be beneficial to focus on? And, since I imagine one can develop those skills indefinitely, what are the different stages one might expect to reach and what would be important to reach each one?
Maybe I’m asking for a deeper guide than can be answered on Lemmy. If so, I hope it’ll at least inspire someone to write that guide.
Informally, I phrase it like:
Consultants come up with more formal approaches for their corporate clients, but the above is usually enough for your average person. Then they can start reading the technical information looking for answers to the questions: “HOW might the threat actors get to my assets?” and “HOW can I protect those assets?”