Use when designing secure system architectures, performing penetration tests, or implementing cryptographic controls. Trigger when experiencing a security breach, needing to assess threat models for a new feature, or auditing a codebase for OWASP vulnerabilities.