Some of my pet peeves with Threat Modeling, as its currently done by a lot of orgs out there: Threat Models are generated as tomes, rarely used by the people