3rd Place – Threat Modeling Hackathon 2025 | Executive-First Threat Model for Autonomous Driving System
Title: TMC-Drive: Autonomous Driving Threat Model – 3rd Place (Hackathon 2025)
Overview: As team lead, I guided Team 55 through the 2025 Threat Modeling Hackathon hosted by Threat Modeling Connect, where we placed 3rd out of 55 teams.
Our entry focused on modeling threats to TMC-Drive, a fictional fully autonomous driving system. We concentrated specifically on real-time operations during the trip, where safety, privacy, and business risks intersect most critically.
Key Contributions: • Led cross-functional team collaboration to deliver a CISO-first threat model. • Balanced security (STRIDE) and privacy (LINDDUN) frameworks across the system architecture. • Implemented a cumulative voting method for simple, transparent threat prioritization. • Developed an innovative five-category assumptions framework (Model, Organizational, Attack, Data-Driven, Architecture) to define scope and focus analysis. • Mapped threats directly to business and regulatory impacts to drive actionable mitigation recommendations.
Recognition: Our work was praised by judges for executive-ready communication, business risk alignment, and transparent prioritization methodology.
Links: • Final Submission and Retrospective (TMC Forum Post) https://threatmodelingconnect.discourse.group/t/tmc-drive-autonomous-driving-threat-model-3rd-place-hackathon-2025/909
Quote that Guided the Work:
“If it’s not fun, you’re (probably) doing it wrong.”
— Steve Gibbons