PG&E's methodology begins with a standard definition of a threat agent--which aligns with that used by the DoD--as any person, process or entity that wants to do your organization harm. The secret sauce in this recipe is the proprietary and confidential intelligence from federal and local law enforcement and security experts feeding the methodology.