'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,

'This skill guides organizations through implementing zero trust architecture in cloud environments following

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,

'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption

Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy

Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,

Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy,

Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with

Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify

Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities

Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata

'Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation.

Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,

Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation

Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and

'Deploys deception technology including honeypots, honeytokens, and decoy systems to detect attackers who have

'Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring

'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution

'Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,

'Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,

'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,

Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session

'Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan,

Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities,

'Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches,

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct

>-

Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance,

'This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including

'This skill covers performing vulnerability assessments in OT environments using the Claroty xDome platform for

'Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,

Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps

'This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation

Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local

'Executes a structured ransomware incident response from initial detection through containment, forensic analysis,

'Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities

'This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant

'Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9),

Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode