'This skill covers implementing a structured patch management program for OT/ICS environments where traditional

Patch management is the systematic process of identifying, testing, deploying, and verifying software updates

PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements

Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace

'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes

Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across

Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration

'Implements privileged session monitoring and recording using Privileged Access Management (PAM) solutions, focusing

Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware,

'Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate

'Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,

'Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based

Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated

Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings,

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital

Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application

Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon

Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end

Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.

'This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories.

'This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

'Implements security chaos engineering experiments that deliberately disable or degrade security controls to

'Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators,

'Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards,

Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events,

Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting

'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics

'Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency

'Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom)

Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger

Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information)

Implement software supply chain integrity verification for container builds using the in-toto framework to create

Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates

Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,

'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,

'Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for

'Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing

Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response

Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets,

Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities

Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation

'Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false

Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private

Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using

Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking,

'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,