This week, the first ever Threat Modeling Connect BeNeLux meetup turned out to be a great success. We had a strong turnout, a very mixed audience, and a fantastic venue with a beautiful view over Brussels 
The atmosphere was relaxed and positive from the start, and everything flowed smoothly throughout the evening.
We kicked things off with a short introduction to threat modeling and the STRIDE framework, before moving straight into practice. In small groups, participants started by drawing a Data Flow Diagram (DFD) of the TicketFlow platform. This helped everyone align on how the system works, where data flows, and where trust boundaries and attack surfaces exist. After a short break to recharge, we shared some tips & tricks on how to think like an attacker, and then moved on to the second part of the exercise: identifying threat scenarios.
What was especially interesting was seeing how differently each group approached the exercise. Some started from concrete attack paths, others from high‑value assets or worst‑case scenarios. This led to a wide range of realistic and creative threats. For example:
-
One group explored how an event organiser could be phished (or hit by an API authorisation issue such as a missing BOLA), allowing an attacker to create fake events with “free tickets” or manipulate backend data
-
Another team focused on the database as the most critical asset and looked at social‑engineering scenarios where an attacker impersonates an organiser to change the payout bank account and steal ticket revenue
-
A group thinking in terms of on‑site impact came up with fake QR codes that mimic the scanning front‑end (green tick included), potentially allowing large numbers of people to enter events for free
-
Others looked at larger‑scale attackers, such as competitors or organised groups launching DDoS attacks on the API during peak sales and demanding a ransom to restore access
-
Some teams went more “out of the box”, using higher‑level diagrams to identify reputational threats like phishing campaigns redirecting users to a fake TicketFlow website where people unknowingly buy fake tickets
-
Insider and operational threats also came up, including missing logs preventing support from investigating refunds, insiders reselling tickets, or bots abusing waiting lists to block legitimate customers
To wrap things up, each team shared one threat they were particularly proud of and reflected on how they got there and what they learned. A recurring takeaway was how collaboration really matters: people with different technical backgrounds, roles, and experience levels naturally challenged each other’s assumptions and helped uncover threats that would otherwise be missed.
Overall, the session clearly showed the value of good DFDs, the usefulness of STRIDE to explore different categories of threats, and the real power of threat modeling as a collaborative exercise 
A big thank you to everyone for the great vibe, openness, and active participation but also for proving once again that threat modeling is about people as much as it is about methodology 
We hope to see you all soon !
