As security practitioners hired for our expertise, we can too easily assume we always know best. But threat modeling resulting in better security outcomes requires listening to developers and leadership, not just them listening to us. Without listening to learn, communicating security weaknesses is a nonstarter. In this talk I’ll present lessons I’ve learned about listening for effective threat modeling as a consultant, an in-house security engineer, and as a security champion.