Now that I've posted something, it is probably worth introducing who I am. My name is Frank Swiderski, and I've been with Microsoft for about two years now. Prior to that, I worked for the security consulting firm @stake, Inc. For the past four years, I've worked in commercial software security. This includes your standard security auditing and design sorts of activities: penetration testing, code review, tool creation, of course threat modeling, and so on. Before @stake, I was employed by the Department of Defense (both as a civilian and a contractor) for about three years, where I also did some security work.
If my name is at all familiar, it could be because:
That's the summary. The bits and pieces can be filled in with google or a small bit of social engineering work.