Adversary persona workshop

Define who might attack you: motivations, capabilities, and access.

Why personas matter

Threat modelling is not abstract. It works best when you can imagine the person or group on the other side.
An adversary persona gives your team something concrete to plan against.

Exercise instructions

  1. Gather a small group (no more than 5–6 people).

  2. Pick one system or service you depend on.

  3. Use the template below to build a persona for a realistic adversary.

Persona template

  • Name/label: (e.g. “Disgruntled insider”, “Competitor scout”)

  • Motivation: (profit, disruption, revenge, curiosity)

  • Capabilities: (skills, resources, insider knowledge, tools)

  • Access: (what entry points they plausibly have)

  • Preferred tactics: (phishing, insider misuse, supply chain compromise)