- AnalysisAdvancedNew
Privacy-by-Design Review for a Smart-City Data Platform
Map the new module's end-to-end data flow (sensors -> ingestion -> analytics -> dashboards -> exports). Run a Privacy Impact Assessment against OECD privacy principles + per-ten…
- Privacy By Design
- Privacy Regulation
- Compliance
Information Security Management and Governance - AnalysisAdvancedNew
Threat Model a Water-Utility SCADA Network Before a Migration
Review provided network diagrams (current and proposed), the asset inventory (around 180 PLCs (programmable logic controllers), 22 engineering workstations, 6 historian servers)…
- Threat Modeling
- Ics Security
- Scada
Cyber-Physical and Cybercrime Topics - AnalysisAdvancedNew
Penetration-Test the TLS Configuration of an Edge Fleet
Receive read-only access to a 50-node representative sample (anonymized). Scan with testssl.sh + Qualys SSL Labs (where reachable) + a custom Go tool you write to test specific …
- Tls
- Applied Cryptography
- Penetration Testing
Applied Cryptography - AnalysisAdvancedNew
Build a Risk Register for a Cross-Border Healthcare Provider
Run 8 structured interviews (CISO, IT director, clinical-systems lead, DPO, 4 clinic managers) to surface the top risk candidates. Map each risk against NIST SP 800-30 (threat s…
- Risk Management
- Nist Sp 800 30
- Security Governance
Information Security Management and Governance Practice your coursework on real scenarios.
Every challenge is shaped from real industry context — not generic exercises. The work mirrors what your degree prepares you for.
Why Ewance
- AnalysisAdvancedNew
Run a Red-Team Exercise on a Cloud-Native Microservices Platform
Receive a scoped engagement letter (in-scope: 6 microservices and their CI/CD pipelines; out-of-scope: customer-data exfiltration beyond proof-of-access), the architecture diagr…
- Red Teaming
- Kubernetes Security
- Lateral Movement
Computer Systems Security - AnalysisIntermediateNew
GDPR Article 25 Privacy-By-Design Review for a HealthTech API
Review the API specification (OpenAPI 3, provided, 42 endpoints). For each endpoint: identify data categories handled (special-category health data, identifiers, traffic data), …
- Gdpr
- Privacy By Design
- Api Design
Privacy-Enhancing Technologies - AnalysisIntermediateNew
Wireless Security Audit and Hardening for a Telco's Public Wi-Fi
Receive a sampled audit set: AP configurations for 80 sites (vendor mix, current encryption, EAP — Extensible Authentication Protocol — method, captive-portal config). Run analy…
- Wireless Security
- Wpa3
- Eap
Network Security - AnalysisAdvancedNew
Network Privacy Posture Review of a Fintech's Internal Service Mesh
Receive an anonymized service inventory (110 services with owner, data classification, traffic volume buckets) and a sample of east-west traffic logs (5 high-volume service pair…
- Network Privacy
- Mtls
- Service Mesh
Network Security - Browse challenges
Explore role
Product Manager
Ship product that solves real user problems. Combine user research, prototyping, and stakeholder alignment to turn ambiguous briefs into measurable wins — the role at the centre of modern software teams.
- AnalysisIntermediateNew
Audit Encryption Choices for an E-Commerce Checkout Stack
Receive the architecture diagram (Next.js on Vercel, PostgreSQL on a managed service, Stripe-equivalent processor, Redis sessions), the TLS configurations for each public endpoi…
- Cryptography
- Tls
- Pci Dss
Introduction to Computer Security - AnalysisAdvancedNew
Anonymous Communications Threat-Model for a Whistleblower Platform
Document the current stack's threat model using the LINDDUN framework (linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, non-…
- Anonymous Communication
- Threat Modeling
- Tor
Privacy-Enhancing Technologies - AnalysisIntermediateNew
Threat-Model a Patient-Intake Web App for a Telemedicine Startup
Receive the architecture diagram (Next.js front-end, Node.js API, PostgreSQL, S3 for ID-photo uploads, Clerk for auth), the data-flow description for patient intake, and the SOC…
- Threat Modeling
- Stride
- Risk Assessment
Introduction to Computer Security - AnalysisExpertNew
Cyber-Physical Security Audit for a Connected-Building HVAC System
Audit one representative tower's BMS: enumerate BACnet devices (network discovery + capability inventory), identify lateral-movement paths (tenant wifi -> guest network -> BACne…
- Cyber Physical Systems
- Ot Security
- Risk Management
Internet of Things and Cyber-Physical Systems Build a verifiable portfolio.
Submissions become evidence. Reviewers with shipping experience score against a rubric; the result becomes a credential anyone can verify.
Why Ewance
- AnalysisIntermediateNew
Audit a Linux Distribution for Setuid Binary Risk
Mount the provided base image (Ubuntu 22.04 LTS derivative) and inventory all setuid + setgid binaries. For each, classify into 4 buckets: legitimately needed, replaceable with …
- Os Security
- Linux Administration
- Setuid Analysis
Operating Systems - AnalysisAdvancedNew
Secure-by-Design Review of a Microservices Auth Subsystem
Read the 18-page proposed auth-service design (Next.js BFF, FastAPI auth-service, Postgres for sessions + refresh, Redis for short-lived tokens, integration with Auth0 for OIDC)…
- Secure Design
- Owasp Asvs
- Oauth2
Software Security - AnalysisAdvancedNew
GDPR + AI Act Compliance Assessment for an HR-Tech Vendor
Audit the candidate-screening product against: GDPR Articles 5, 6, 13, 14, 22, 25, 32, 35; AI Act high-risk-system obligations (Annex III - employment); plus the customer's spec…
- Compliance
- Privacy Regulation
- Gdpr
Information Security Management and Governance - AnalysisExpertNew
Forensic Reconstruction of an Anonymized Energy-Grid Incident
Triage the artifacts using a timeline-first methodology. Build a unified timeline across syslog, historian, firewall, and disk-image artifacts (Plaso super-timeline). Identify c…
- Digital Forensics
- Incident Response
- Ics Security
Cyber-Physical and Cybercrime Topics
How it works
From brief to credential, in six steps.
Step 01
Browse challenges aligned to your studies.
Step 02
Accept the one that fits your goals.
Step 03
Work through it with AI Copilot guidance.
Step 04
Submit for structured evaluation.
Step 05
Earn a verified credential.
Step 06
Add it to LinkedIn with one click.
Industry teams behind a decade of practitioner briefs
Hiring from this pool?
Sponsor a challenge and meet candidates through actual work.
Industry teams can shape briefs around the skills they hire for, then evaluate students on rubric-scored deliverables — not resumes.
Skills and disciplines shown on this page are derived from the Ewance challenge catalogue. When the median annual salary is available for this role via Adzuna, it will be shown above with the sample size and country.