Overview
What this challenge is about.
Read the 25-page redesign architecture document (auth via Clerk, Next.js front-end, FastAPI backend, Postgres, S3 for documents, webhook integration with EMRs). Build data-flow diagrams (Level 0 + Level 1) showing trust boundaries. Run a STRIDE threat-modeling session with 6 participants (you + tech lead + security engineer + product manager + privacy officer + EMR-integration lead). Identify 35-50 raw threats, then rank top-20 using a likelihood × impact scoring including HIPAA breach magnification. Author mitigations per threat (control type: prevention / detection / response) and tag which mitigations must ship before launch vs can ship after. Build a 1-page launch-blocking decision memo with the 5 must-ship items. Deliver DFDs, threat list, mitigation plan, and launch memo.
The Brief
What you'll do, and what you'll demonstrate.
Run a STRIDE threat model on a HealthTech patient-portal redesign and produce a defensible launch-blocking decision list.
Earning criteria — what you'll demonstrate
- Apply STRIDE methodology to a real web-app architecture
- Draw data-flow diagrams with explicit trust boundaries
- Rank threats including regulatory-magnification factors
- Communicate launch-blocking decisions to a product audience
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Product Manager
Product managers who participate fluently in threat-modeling sessions make better trade-off calls between launch dates and risk reduction.
This challenge sharpens
- risk-management
- hipaa
- secure-design