Threat Modeling Hackathon Winner 2024
The Creators
Arron Johnson, Jetzabel Serna, Prasanna Srinivasan, Jan Anderson, Ivan Smetskoy, Alicia Haumann. Mentored by Joshua Holmes.
This team emerged as the Champions of the Spring 2024 Threat Modeling Hackathon.
The Threat Model
Summary
Secure by Design and Default, SBD2, took a multi-perspective approach. We analyzed with different asset types in mind, data, personal, confidential. We diagramed broad and then focused in on the product and prompt. Assumptions were clearly stated. Several iterations were performed, separately and as a group, Finally, we presented threats with example scenarios, mitigations, priorities, and recommendations. A lot of work over 21 days, finalized as a real-world use case with a management summary to help explain, discuss and prioritize further. The threat model is useful and informative.
Behind the scene
How did you work together?
Arron kept us engaged, Alicia summarized while learning, everyone contributed, Joshua advised and was very good at giving us ideas (asking questions) without giving us solutions.
What was your proudest moment?
Wow, the win was a huge surprise. We knew we were getting something valuable out of the experience. Awesome to see the (sometimes chaotic) work come together in a precise and useful solution.
What was the biggest challenge you faced? How did you overcome it?
We had several passionate threat modelers with and without experience. It was sometimes challenging to make progress while we debated approaches. We quickly learned how to give and take and get to a comprehensive solution.