Deeply understanding the risks that confront organizations is critical for their continuation and success. While many regulatory requirements mandating risk assessments exist, there’s a dearth of consistent and scalable real-world methodologies that can rigorously shape an assessment, let alone one common between disciplines like privacy and security. This presentation will introduce the Threat Modeling process Omada Health developed for its internal use (called INCLUDES NO DIRT), based on models common to various sectors and designed to integrate the perspectives of privacy, cybersecurity, and regulatory compliance for increased effectiveness and efficiency. We’ll explain briefly how (and why!) we developed the process, how it works in practice, and take a relevant example (a combination of a device type and a health coaching process) to show the Threat Model in action.