I’ve worked on a couple of threat modelling jobs for Wire-Security. We take a STRIDE approach to the methodology. You’ll come across many resources online from other bloggers etc. that will be a much more comprehensive guide for some people but I’m going to keep it simple here, and hopefully satisfying, and write about what works for us.
STRIDE comes in great for a guide to writing part of your report however we also need to add a graphic.