'Conducts comprehensive network penetration tests against authorized target environments by performing host discovery,

Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate

'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,

Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical

Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.

'Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.

Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity

A Certificate Authority (CA) is the trust anchor in a PKI hierarchy, responsible for issuing, signing, and revoking

'Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and

Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and

'Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute

Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like

Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points.

'Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce

Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and

'Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,

'Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious

'Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for

TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements

'Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction

'Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for

'Configuring Zscaler Private Access (ZPA) to replace traditional VPN with zero trust network access by deploying

'Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed

'Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks,

'Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify

'Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing

Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like

'Deploys deception-based honeytokens in Active Directory including fake privileged accounts with AdminCount=1,

'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,

'Deploys canary files (honeytokens) across file systems to detect ransomware encryption activity in real time.

'Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat

'Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running

'Deploying Palo Alto Networks Prisma Access for SASE-based zero trust network access using GlobalProtect agents,

'Deploys and monitors ransomware canary files across critical directories using Python''s watchdog library for

Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual

Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls,

'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex

'This skill covers deploying anomaly detection systems for industrial control environments using machine learning

'Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning

Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier

Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom

'Detect cyber attacks targeting OT historian servers (OSIsoft PI, Ignition, Wonderware) that sit at the IT/OT

'This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems

Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis

'Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using

Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time