Hello all,
Team 3 was a diverse crew of security engineers, software developers, and privacy consultants who came together over evenings and weekends to tackle the TMC‑Drive challenge. With backgrounds spanning ethical hacking, web development, and data protection law, we each brought a unique lens to the problem. Due to our background, we chose to focus our analysis on the software components. Given our different background and experience, we opted for a classic yet effective methodology:
Our Methodology in a Nutshell
- DFD Foundation
- STRIDE Analysis
- LINDDUN Assessment
- Threat Scenarios: Based on the STRIDE and LINDDUN, we weaved together the highest‑impact chains into business‑aligned mitigations
- Roadmap: We then mapped these recommendations to short‑, medium‑, and long‑term action plans to be presented to CISO/C-levels
How We Worked
- Kickoff & Collaboration: Before the hackathon even began, we met to agree on our approach: “start high, then drill down.” Upon receiving the prompt, we sketched an initial Data Flow Diagram on a whiteboard, then translated it into draw.io so everyone could iterate in real time.
- Role‑Based Parallel Tracks: Half the team focused on STRIDE threat enumeration and attack chains; the others ran a LINDDUN privacy assessment. We paired up for scenario brainstorming, then crossed‑reviewed each other’s work to catch blind spots.
- Iterative Refinement: Over intensive sessions, we refined our DFD, prioritized the risks that mattered most to TMC’s CISO, and crafted a phased roadmap of practical mitigations, ranging from quick wins like API hardening to long‑term SSDLC improvements, with a touch of privacy-related recommendations.
I want to personnaly thank again my team for the hard work 
and we are all happy to discuss over our results so feel free to comment this post if you have any questions 
Link to our repport → Threat Modeling Hackathon 2025_Threat Model_3.pdf - Google Drive