Create a new game

Give your game session a friendly name so people joining know what's up

Choose the type of game you wish to play

Select the suits you want to play:

Authentication

Authorization

Cornucopia

Cryptography

Data validation & encoding

Session management

Preparations

Identify an application or application process to review; this might be a concept, design or an actual implementation
Have a data flow diagram, or make one!
Invite a group of 3-6 people on your team who know what's been built, or what's going to be built, inside out
Have some prizes to hand (gold stars, chocolate, pizza, beer, flowers, whatever you need)

Scoring

Score +1 for each card you can identify as a valid threat to the application under consideration
Score +1 if you win a round
Once all cards have been played, whoever has the most points wins
The winner receives fabulous prizes

Closure

Review all the applicable threats and the matching security requirements
Create user stories, specifications and test cases as required for your development methodology