Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested

Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,

The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing

'Automates GDPR Data Subject Access Request (DSAR) workflows including identity verification, PII discovery across

Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection

'Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant

Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized

'Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates

'Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible

'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)

Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle

Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based

'This skill covers designing and implementing security zones and conduits for industrial automation and control

Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations,

'Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant

'This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using

ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete

Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted

'Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection,

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,

'This skill covers implementing North American Electric Reliability Corporation Critical Infrastructure Protection

Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass,

Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral

Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets,

Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies

Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies,

'Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443,

'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset

Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL.

Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn

'This skill covers implementing a structured patch management program for OT/ICS environments where traditional

Patch management is the systematic process of identifying, testing, deploying, and verifying software updates

PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements

Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace

'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes

Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across

Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware,

'Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,

Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated

Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings,

Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon

Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.

'This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories.

'This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including

'Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators,

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards,

'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics

Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information)