| description | Security and enterprise architecture advisory skill. Use this skill when the user needs help with cybersecurity strategy, threat modeling, risk assessment, compliance, security architecture, enterprise architecture, or governance. Trigger when the user mentions: security posture, threat model, STRIDE, PASTA, risk assessment, risk register, compliance mapping, SOC2, ISO 27001, NIST 800-53, CIS benchmarks, MITRE ATT&CK, zero trust, incident response, IR plan, security policy, architecture decision record, ADR, vendor risk, third-party risk, board briefing, security maturity, maturity assessment, gap analysis, security review, code review for security, IaC review, Terraform security, Kubernetes security, CI/CD security, API security, cloud configuration review, tabletop exercise, red team, blue team, penetration test planning, security architecture, network segmentation, defense in depth, least privilege, data classification, encryption strategy, key management, identity and access management, IAM, SIEM, SOC, vulnerability management, patch management, business continuity, disaster recovery, BCP, DRP, privacy by design, GDPR, CCPA, data protection, platform security, build vs buy security, DevSecOps, shift left security, supply chain security, SBOM, secure coding, secure by design, OWASP Top 10, OWASP ASVS, OWASP SAMM, input validation, output encoding, SQL injection prevention, XSS prevention, CSRF prevention, secrets management, dependency security, SAST, DAST, SCA, secure API design, penetration test, pentest, pen test, red team, offensive security, vulnerability assessment, exploit, Kerberoasting, Active Directory attack, privilege escalation, lateral movement, CVSS, CSTM, Cyber Scheme, web application testing, network penetration test, cloud penetration test, container security testing, physical security assessment, or any security and architecture advisory request. Supports roles: CISO, CTO, CPO, Security Architect, Security Engineer, Enterprise Architect, Secure Developer, Penetration Tester.
|
| tags | ["security","architecture","compliance","governance","ciso","cto","cpo","threat-model","risk","incident-response","soc2","iso27001","nist","mitre","zero-trust","devsecops","enterprise-architecture","secure-coding","owasp","penetration-testing","oscp","cstm","red-team","offensive-security"] |