Role 4 is my “red team / QA” hat, I play the threat actor so we can prove the gateway actually does what it’s supposed to do. In practice I write and run the malicious simulators (spoofing, fake JWTs, replay/expired-token tries, etc.) and hammer the mock hospital network to see whether a device can fake a heart monitor, steal access, or access the vitals DB without the right key. The goal isn’t to break things for real but to validate the Zero-Trust assumptions: if I don’t have the correct token/role the gateway should deny me and log a clear DENIED_SPOOFING or DENIED_POLICY event. I also act as the project’s QA, I tune attack cadence so the demo is dramatic but controlled, confirm the dashboard shows the right red alerts, and collect reproducible test cases and log lines to hand back to the team. Importantly, I do all of this in an isolated test environment (VMs or an internal virtual switch), with the team’s consent, and I document each failed check and a suggested fix so the Gateway Architect can harden the system.

Log in or sign up for Devpost to join the conversation.