SalienceNotes.dev

Threat Modeling a Personal Tech Stack

A compact framework for mapping trust boundaries across identity, devices, cloud services, and automation.

Ye Soe · 2 min read · Updated
Contents

Category

Article

Tags

threat modelingidentitycloud

Contents

When a personal stack gets large enough, it starts to behave like a small enterprise environment: one identity provider, a few critical devices, several third-party SaaS accounts, and at least one automation layer that can modify everything if it is misconfigured.

That is the point where casual “best practices” stop being useful. The better move is to write the stack down as a system and identify the trust boundaries.

Start with assets

The useful assets are rarely just files or code. For a personal tech stack, the real assets are:

  • primary identity and recovery channels
  • password manager vaults and backup exports
  • laptop, phone, and browser session state
  • cloud provider credentials and API keys
  • published content and DNS ownership

Once those are listed, the attack paths become clearer. A browser compromise is different from an account takeover. A lost phone is different from a leaked GitHub token. That distinction matters when deciding where to spend time.

Draw the boundaries

I keep the model simple:

  1. Identity boundary
  2. Device boundary
  3. Cloud boundary
  4. Automation boundary

Each boundary needs a different control story. Identity needs strong recovery and phishing resistance. Devices need patching, encryption, and account separation. Cloud services need least privilege and explicit ownership. Automation needs narrow scopes and a revocation path.

Write down the failure modes

The useful question is not “what if everything fails?” It is “what is the most likely failure at each boundary?”

  • Password manager breach
  • OAuth token leakage
  • Public config file exposure
  • Lost device with active sessions
  • Prompt injection into an AI tool with write access

Each failure mode should map to one mitigation and one recovery step. If a control cannot be reversed, it is probably too blunt.

Outcome

The practical result is less complexity, not more. Threat modeling a personal stack should produce a short list of controls that are worth maintaining every month. If the list is long, the architecture is too noisy.

The goal is not perfect safety. The goal is a stack that can survive routine mistakes without turning them into incidents.