Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,

'Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress

The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing

'Automates GDPR Data Subject Access Request (DSAR) workflows including identity verification, PII discovery across

Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection

'Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant

Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning,

Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized

'Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication

'Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates

'Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible

'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)

'Deploy and configure Tofino industrial firewalls from Belden/Hirschmann to protect SCADA systems and PLCs using

Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle

Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based

'This skill covers designing and implementing security zones and conduits for industrial automation and control

Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations,

'Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant

'This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using

ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete

Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound

JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization

Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod

Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted

'Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection,

Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed

Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is

'Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout

'Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,

Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure

'Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged

'Configures mutual TLS (mTLS) authentication between microservices using Python cryptography library for certificate

'This skill covers implementing North American Electric Reliability Corporation Critical Infrastructure Protection

Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass,

'Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch

Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral

Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets,

Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control

'This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies

Deploy and query Arkime (formerly Moloch) for full packet capture network traffic analysis. Uses the Arkime API

Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score

Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies,

Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates, Rego rules, and the Gatekeeper

'Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443,

'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset

Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL.

'Implements passwordless authentication using Microsoft Entra ID with FIDO2 security keys, Windows Hello for

Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn