Walk me through how you would threat model a new internal web application used by consultants to store sensitive client financial data.