At GitHub, threat modeling is a critical process that fosters collaboration between security and engineering teams to enhance system security. This practice involves structured discussions to identify potential vulnerabilities and devise mitigation strategies, which are prioritized due to resource constraints. Regular threat modeling sessions are integrated into the development lifecycle, often using tools like Microsoft's Threat Modeling Tool or OWASP's Threat Dragon, and follow a framework such as Microsoft's STRIDE model to address various vulnerability classes. As threat modeling has matured at GitHub, it has led to system-wide security improvements, proactive design guidance, and enhanced communication between teams, ultimately promoting a security-minded culture. This approach encourages early engagement with security teams, allowing for better anticipation of potential issues and fostering secure design principles before product deployment.