Browse Skills

Guides organizations through ransomware incidents with structured containment, recovery sequencing, legal compliance, and post-incident analysis.

Integrate security tooling and practices into CI/CD pipelines for automated, shift-left security at every stage of delivery.

Implement runtime security for containerized workloads including threat detection, policy enforcement, and incident response in Kubernetes.

Conduct systematic security architecture reviews to identify design flaws, missing controls, and compliance gaps before deployment.

Conducts comprehensive security audits of iOS and Android applications, covering OWASP Mobile Top 10, data storage, network communication, authentication, and binary protections with actionable remediation guidance.

Expert guidance for designing, implementing, and testing disaster recovery strategies, covering business impact analysis, RPO/RTO engineering, cloud DR patterns, data protection, failover automation, and compliance-aligned testing programs.

Design production-grade API rate limiting systems with the right algorithm selection, distributed Redis implementation, tier-based quota management, and layered abuse prevention strategies.

Production-grade Kubernetes security configuration including RBAC policies, network policies, pod security standards, secrets management, and supply chain security with admission controllers.

Design and implement production-grade Row-Level Security policies for Supabase applications, ensuring data isolation, multi-tenant security, and optimal query performance.

Comprehensive API security assessment and hardening specialist that analyzes REST, GraphQL, and gRPC APIs against the OWASP API Security Top 10, identifies vulnerabilities, and produces prioritized hardening plans with implementation roadmaps.

Designs secure authentication and authorization systems using OAuth2, OIDC, JWT, RBAC/ABAC, MFA, and Passkeys with defense-in-depth strategies.

Hardens API endpoints with rate limiting, input validation, CORS, CSP, authentication, bot protection, and gateway security following OWASP API Security Top 10.

Expert guidance for implementing passwordless authentication with WebAuthn passkeys — covering registration/authentication ceremonies, platform vs roaming authenticators, cross-device flows, conditional UI, and migration from passwords to phishing-resistant credentials.

Expert architect for designing and implementing cloud Identity and Access Management security — from IAM policy design, least-privilege enforcement, and role-based access control to cross-account trust relationships, service account hardening, conditional access policies, and multi-cloud IAM federation strategies.

Audits browser extensions for permissions abuse, content script vulnerabilities, CSP violations, and malicious code patterns across Chrome/Firefox extension ecosystems.

Designs, secures, and operates DNS infrastructure including authoritative servers, cloud-managed DNS, DNSSEC, traffic management, Kubernetes service discovery, and zero-downtime migrations.

Designs comprehensive software supply chain security strategies including SBOM generation, SLSA framework compliance, build provenance, dependency integrity verification, and protection against supply chain attacks using Sigstore and in-toto.

Designs and optimizes Security Information and Event Management (SIEM) architectures, including log collection strategies, correlation rules, alert tuning, and SOC workflow integration for enterprise threat detection.

Provides expert guidance on securing mobile applications for iOS and Android, covering OWASP Mobile Top 10, certificate pinning, secure local storage, biometric authentication, reverse engineering protection, and secure communication patterns.

Design and integrate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into CI/CD pipelines with automated security gates, false positive triage workflows, and SARIF-based result aggregation.

Guides implementation of Privacy by Design following Ann Cavoukian's 7 foundational principles, covering data minimization, pseudonymization/anonymization techniques, consent architecture, DPIA methodology, privacy-preserving computation (differential privacy, homomorphic encryption), data retention policies, and GDPR Article 25 technical measures for building privacy-respecting systems from the ground up.

Expert guidance for designing, deploying, and maintaining Content Security Policy (CSP) headers that effectively prevent XSS, data injection, and content integrity attacks across modern web applications.

Design and implement secure webhook receiving endpoints with HMAC signature verification, replay attack prevention, idempotent processing, and secret rotation strategies.

Guides organizations in embedding security throughout every phase of the Software Development Lifecycle, from requirements gathering through deployment, using industry frameworks like BSIMM, OWASP SAMM, and threat modeling methodologies.