/cs:ciso-review — CISO Forcing Questions Command: The risk-paranoid threat-modeler. Six questions before any production change that touches customer data or compliance scope. When to Run - Before deploying any system that touches PII / PHI / cardholder data - Before signing a new vendor with data access - Before a compliance audit (SOC 2, ISO 27001, HIPAA, GDPR) - Before any architecture decision crossing trust boundaries - After any near-miss incident The Six CISO Questions 1. Threat Model What's the STRIDE threat model for this system, and which threat is most likely? - Spoofing, Tampering,…