com um clique
MSSAMentorAgent
MSSAMentorAgent contém 49 skills coletadas de jay-steenbergen, com cobertura ocupacional por repositório e páginas de detalhe dentro do site.
Skills neste repositório
Manage learner profiles and progress tracking. Use when: starting a session with a new or returning learner, detecting who the current learner is, tracking progress across sessions, adapting teaching style to individual preferences, coordinating multi-learner projects. Handles profile creation via interview, automatic validation via PowerShell scripts, progress persistence to Git, and teaching style adaptation.
Run a ride-along session with an MSSA learner. Use when: starting a coding lesson, mentoring on a new concept, walking a veteran through their first project, learner asks 'help me build X and explain it', any non-trivial build that should also be a learning moment. Provides the full session shape: goal-setting, move-by-move build, naming concepts, after-action reviews.
Interactive knowledge graph health monitoring and maintenance workflow. Runs health check, displays results, and offers actionable next steps. Also handles natural language queries about the codebase by querying the knowledge graph (e.g., 'show me the call flow', 'what uses X', 'trace dependencies').
Sketch the design on a whiteboard before writing any code. Mermaid first, code second.
Build progression that adds Azure Blob Storage attachment uploads to the TODO API from cad-todo-api-auth. Use when the learner wants to learn cloud storage SDKs, async I/O against a network service, multipart file uploads, content types, SAS tokens, and configuration secrets hands-on. Pairs with the ride-along method.
CAD track project #9. Build a GitHub Actions CI/CD pipeline that builds, tests, and deploys both the TodoApi (App Service) from project #7 and the TodoApi.Worker (Function App) from project #8. Use OIDC federated credentials (no long-lived secrets), split build/test/deploy into separate jobs, gate production deploys behind a GitHub Environment with reviewers, and wire a smoke test that fails the pipeline if the deployed system is broken. Auto-load when the learner is in `cloud-app-dev/cad-cicd-pipeline` or asks about GitHub Actions, OIDC, workflow YAML, federated credentials, deployment environments, or CI/CD for Azure.
Build progression that deploys the secured TODO API (with blob attachments) from cad-blob-uploader to Azure App Service. Use when the learner wants to learn Azure App Service, deployment slots, app settings, Key Vault references, managed identity, and configuration-as-code hands-on. Pairs with the ride-along method.
Build progression that adds an Azure Function with a Storage Queue trigger to the TODO API ecosystem. When the API records a new attachment, it drops a message on a queue; the Function picks it up, reads the blob, computes a hash + size, and writes a metadata record back. Teaches serverless triggers, bindings, isolated worker model, idempotency, and poison queues. Use when the learner wants to learn Azure Functions, event-driven processing, queue triggers, blob input bindings, scale-to-zero, or serverless cost models. Pairs with the ride-along method.
CAD track project #1. Learner writes their first C# program: a console app that asks for a name and prints a personalized greeting. Establishes the dev loop (edit → save → `dotnet run` → see output) and the absolute minimum vocabulary they need for project #2 and beyond: variables, methods, classes, namespaces, top-level statements. Auto-load when the learner is in `cloud-app-dev/cad-hello-console` or asks to learn C#, .NET, write their first program, install .NET, or set up a development environment for the first time.
Build progression that adds JWT authentication and per-user authorization to the TODO API from cad-todo-api-ef. Use when the learner wants to learn authentication vs authorization, JWT tokens, claims, [Authorize] filters, or user-scoped data hands-on. Pairs with the ride-along method.
Build progression that swaps the in-memory store in cad-todo-api for a real database using Entity Framework Core and SQLite. Use when the learner wants to learn ORMs, DbContext, migrations, real async/await, or LINQ queries against a database hands-on. Pairs with the ride-along method.
Build progression for an ASP.NET Core Web API that exposes the TODO list from cad-todo-cli over HTTP. Use when the learner wants to learn web APIs, REST, controllers, dependency injection, or model binding hands-on. Pairs with the ride-along method.
CAD track project #2. Learner extends a console app into a working in-memory TODO manager with add/list/complete/remove commands, then refactors the data and behavior out of `Program.cs` into a dedicated `Todo` class and a `TodoStore` class. Introduces collections (`List<T>`), control flow (`switch`, `while`), file I/O (`File.ReadAllText`, `File.WriteAllText`), classes with properties, and the separation-of-concerns discipline that makes project #3's API conversion painless. Auto-load when the learner is in `cloud-app-dev/cad-todo-cli` or asks to learn collections, file I/O, classes, properties, or "how do I organize my C# code into more than one file."
CSO track project #3. Learner onboards a Windows VM to Microsoft Defender for Endpoint, runs the built-in attack simulation evaluation lab, watches an alert fire in the Defender XDR portal, then drills into the alert: process tree, evidence, MITRE techniques, recommended actions. Auto-load when the learner is in `cybersecurity-ops/cso-defender-endpoint-onboard` or asks to learn endpoint onboarding, MDE, Defender XDR, attack simulation, process tree analysis, or alert triage.
CSO track project #6. Learner writes a scheduled analytics rule in Microsoft Sentinel that detects impossible travel in `SigninLogs`, maps entities (Account, IP), tunes false positives with allowlist patterns, then deliberately triggers it via a real VPN-change sign-in to verify an incident is created. Auto-load when the learner is in `cybersecurity-ops/cso-detection-rule` or asks to learn how to write Sentinel analytics rules, scheduled queries, entity mapping, impossible travel detection, or tuning a SIEM detection.
CSO track project #2. Learner creates a named location in Entra, builds a Conditional Access policy requiring MFA for all admins, simulates a risky sign-in via the What-If tool, then uses KQL to hunt sign-in logs for failed MFA challenges and impossible-location patterns. Auto-load when the learner is in `cybersecurity-ops/cso-entra-identity-hardening` or asks to learn Conditional Access, MFA enforcement, named locations, sign-in risk policies, or hunting in `SigninLogs`.
CSO track project #7. Learner writes a proactive hunt query in Sentinel/Defender Advanced Hunting targeting LOLBins (Living Off The Land Binaries) — legitimate Windows binaries attackers abuse — saves the query as a hunt, bookmarks suspicious results, then promotes one of the patterns into a saved hunt query for the team. Auto-load when the learner is in `cybersecurity-ops/cso-hunting-query` or asks to learn threat hunting, LOLBins, `DeviceProcessEvents` hunting, hunt queries, bookmarks, or proactive vs reactive detection.
CSO track project #4. Learner takes a real or simulated incident in Defender XDR, walks alerts → entities → evidence → timeline → impact assessment, and writes a one-page IR (Incident Response) report in markdown. The output is the artifact you'd actually deliver to a SOC lead at end of shift. Auto-load when the learner is in `cybersecurity-ops/cso-incident-investigation` or asks to learn incident triage, IR report writing, alert correlation, impact assessment, or how to investigate a Defender incident.
CSO track project #1. Learner writes their first 8-10 KQL queries against the free Log Analytics demo workspace — `where`, `project`, `summarize`, `bin`, `join`, `top`, `render`. By the end the learner can read a security-relevant table, ask "who logged in from where" type questions, and explain why KQL is the lingua franca of the Microsoft security stack. Auto-load when the learner is in `cybersecurity-ops/cso-kql-foundations` or asks to learn KQL basics, write security queries, or use the LA demo workspace.
CSO track project #5. Learner enables Microsoft Sentinel on a Log Analytics workspace, wires in the Entra ID and Microsoft Defender XDR data connectors, verifies ingestion with KQL, and reads the cost meter. By the end the learner has a real SIEM ingesting real logs, ready for detection rules (project #6), hunts (#7), and playbooks (#8). Auto-load when the learner is in `cybersecurity-ops/cso-sentinel-workspace` or asks to set up Sentinel, enable data connectors, ingest sign-in logs into Sentinel, or estimate Sentinel cost.
CSO track project #8. Learner builds a Logic App playbook that triggers from a Sentinel incident, parses the user entity, calls the Microsoft Graph API to disable the user, and posts back into the incident with an action note. Auto-load when the learner is in `cybersecurity-ops/cso-soar-playbook` or asks to learn SOAR, Logic Apps as playbooks, Sentinel automation rules, disabling a user via Graph, or auto-response patterns.
CSO track project #9 (capstone). Learner integrates threat intelligence into Sentinel — connects the Microsoft Defender Threat Intelligence data connector, manually adds a few indicators, creates a Watchlist for a custom IOC list, then writes an analytics rule on `ThreatIntelligenceIndicator` joined with `DeviceNetworkEvents` to alert when telemetry matches an indicator. Auto-load when the learner is in `cybersecurity-ops/cso-threat-intel-integration` or asks to learn threat intelligence, Sentinel TI, indicators, Watchlists, IOC matching, or TAXII/Defender TI connector.
GitHub Copilot track project #3. Learner takes a deliberately-buggy Python program, uses Copilot Chat `/fix` and `/explain` to walk diagnosis → hypothesis → fix → verify, and learns when the AI's first explanation is wrong. Practices the discipline of reading the explanation BEFORE accepting the fix. Auto-load when the learner is in `github-copilot/ghc-chat-driven-debugging` or asks how to debug with Copilot, use `/fix`, use `/explain`, or fix a stack trace with AI.
GitHub Copilot track project #5. Learner runs Copilot code review on a deliberately-flawed diff (security, perf, naming, dead code, missing test), scores each finding as true-positive / false-positive / missed, and builds a scorecard showing where AI review wins (style, docstring gaps, obvious dead code) and where it loses (business logic, architecture fit, novel security). Auto-load when the learner is in `github-copilot/ghc-code-review-with-copilot` or asks how to review PRs with Copilot, use Copilot for code review, evaluate AI review output, or compare AI review vs human.
GitHub Copilot track project #1. Learner installs the Copilot extensions, signs in, and writes a tiny calculator function with inline completions — learning Tab to accept, Esc to reject, Alt+] / Alt+[ to cycle, Ctrl+→ to accept word-by-word, and how to read ghost text. Auto-load when the learner is in `github-copilot/ghc-copilot-foundations` or asks to install Copilot, set up Copilot, learn the Copilot loop, or understand inline completions vs chat vs edit mode.
GitHub Copilot track project #8. Learner builds a focused custom agent (`api-design-reviewer.agent.md`) with persona, anti-patterns, and a test session. Learns why the `tools:` field is RESTRICTIVE not declarative (default = omit, full toolset inherited), and tests the agent in a fresh chat to verify discoverability + behavior. Auto-load when the learner is in `github-copilot/ghc-custom-agents` or asks how to write a `.agent.md`, build a custom Copilot agent, scope agent tools, or test agent personas.
GitHub Copilot track project #6. Learner writes `.github/copilot-instructions.md` for a small C# Web API and an additional `.instructions.md` file with `applyTo` scoping, then verifies Copilot follows the rules by generating new code and watching it match the conventions. Auto-load when the learner is in `github-copilot/ghc-custom-instructions` or asks how to write copilot-instructions.md, use applyTo, scope instructions to file patterns, or make Copilot follow team conventions.
GitHub Copilot track project #9 (capstone). Learner installs and configures the GitHub MCP server, uses it from Copilot Chat to do real cross-repo work (list PRs, fetch READMEs, create issues), and walks the security boundary (MCP servers run with YOUR credentials). Decides when to use built-in tools vs MCP. Auto-load when the learner is in `github-copilot/ghc-mcp-tools-integration` or asks how to set up MCP, configure an MCP server, use the GitHub MCP, or understand MCP security.
GitHub Copilot track project #7. Learner builds 3 reusable `.prompt.md` files with YAML frontmatter and `${input:...}` parameters, invokes them from Chat, and builds a decision tree for when to use prompt files vs slash commands vs raw chat. Auto-load when the learner is in `github-copilot/ghc-prompt-files` or asks how to write a prompt file, use a .prompt.md, pass parameters to prompts, or create reusable prompts.
GitHub Copilot track project #2. Learner builds 5 small functions by steering Copilot's inline completions with three prompt levers: comments-as-intent, signatures-as-shape, and naming-as-direction. Practices Ctrl+Enter for alternates, the open-tabs context trick, and recognizing when Copilot is guessing vs informed. Auto-load when the learner is in `github-copilot/ghc-prompting-for-completions` or asks how to steer Copilot, prompt inline completions, get better suggestions, use comments as prompts, or use the context window.
GitHub Copilot track project #4. Learner has Copilot generate tests for a small function, discovers the tests pass on a buggy version (false confidence), then writes the bug-revealing test themselves. Teaches the "AI tests as starting line, not finish line" discipline. Auto-load when the learner is in `github-copilot/ghc-test-generation` or asks how to use Copilot to write tests, generate unit tests, use `/tests`, or evaluate AI-generated tests.
SCA track project #4. Learner populates the `mssa.lab` domain (from project #3) with real users, groups, and computers via PowerShell, then writes their first Group Policy Objects to enforce a password policy and map a drive at logon. By the end the learner can sign in to a domain-joined workstation as a domain user and watch a drive map automatically. Auto-load when the learner is in `server-cloud-admin/sca-ad-and-gpo` or asks to learn about Active Directory user/group management, Group Policy, GPO targeting, security filtering, or `gpupdate`.
SCA track project #9 (capstone). Learner converts the VNet + NSG + Windows VM from project #5 into a Bicep template, parameterizes it, runs a `what-if` deployment, deploys it for real via the Azure CLI, then tears it down and redeploys to prove the template is repeatable. Auto-load when the learner is in `server-cloud-admin/sca-arm-bicep-iac` or asks to learn Bicep, ARM templates, Infrastructure as Code, `az deployment group create`, parameterized templates, modules, or `what-if`.
SCA track project #5. Learner builds an Azure VNet with a subnet and NSG, deploys a Windows Server 2022 VM into it, RDPs in via a public IP (locked down by NSG), installs IIS, and proves "I built network infrastructure in the cloud" by hitting the web server from a browser. First Azure-IaaS project in the track. Auto-load when the learner is in `server-cloud-admin/sca-azure-vnet-vm` or asks to learn Azure networking, VNet, NSG, deploy an Azure VM, JIT access, or set up their first cloud server.
SCA track project #6. Learner installs Microsoft Entra Connect on the DC built in project #3, syncs on-prem AD users to Entra ID, fixes the inevitable first-sync errors, and signs into the Azure portal as a synced user. By the end the learner understands how a single identity can authenticate to both an on-prem AD domain and Azure cloud services. Auto-load when the learner is in `server-cloud-admin/sca-entra-hybrid-identity` or asks to learn about hybrid identity, Entra Connect, password hash sync, UPN suffixes, or syncing on-prem AD users to Azure.
SCA track project #2. Learner uses PowerShell to actually administer their local Windows machine — start/stop services, find and kill rogue processes, manage local user accounts, schedule a recurring task, and search the event log to investigate something that happened. This is the bridge from "I know PowerShell as a language" to "I am a sysadmin." Auto-load when the learner is in `server-cloud-admin/sca-local-system-admin` or asks to learn how to manage Windows services, processes, local users, scheduled tasks, or event logs.
SCA track project #8. Learner stands up a Log Analytics workspace, onboards the VM from project #5 via the Azure Monitor Agent and a Data Collection Rule, writes their first KQL queries against the collected logs, then creates an alert rule that emails them when CPU stays above 80% for 5 minutes. Auto-load when the learner is in `server-cloud-admin/sca-monitoring` or asks to learn Azure Monitor, Log Analytics, KQL basics, Azure Monitor Agent, Data Collection Rules, or how to alert on a VM metric.
SCA track project #1. Learner builds PowerShell muscle memory: open a prompt, discover commands with `Get-Help` and `Get-Command`, read objects out of the pipeline, filter and sort them, and persist a personal profile. This is the keyboard the learner uses for every later SCA project. Auto-load when the learner is in `server-cloud-admin/sca-powershell-foundations` or asks to learn PowerShell, get started with Windows administration, or set up a sysadmin development environment for the first time.
SCA track project #3. Learner spins up a Windows Server 2022 VM (Hyper-V on a Pro/Enterprise laptop, or an Azure VM if Hyper-V isn't available), installs the Active Directory Domain Services role, and promotes the VM to the first domain controller of a new forest. By the end they have a real DC named DC01 in a domain like `mssa.lab`, with DNS working and a baseline OU structure. Auto-load when the learner is in `server-cloud-admin/sca-server-vm-setup` or asks to learn how to set up a Windows Server, install Active Directory, promote a domain controller, or build their first lab domain.
SCA track project #7. Learner creates an Azure Storage account, stands up an Azure Files SMB share, mounts it from the Azure VM (project #5) and the on-prem domain workstation, then protects the VM with a Recovery Services Vault — including running a real backup and performing a file-level restore. Auto-load when the learner is in `server-cloud-admin/sca-storage-and-backup` or asks to learn Azure storage tiers, Azure Files, SMB authentication, Recovery Services Vault, VM backup, or restoring files from an Azure backup.