Browse Skills

Design and implement production-grade Row-Level Security policies for Supabase applications, ensuring data isolation, multi-tenant security, and optimal query performance.

Comprehensive API security assessment and hardening specialist that analyzes REST, GraphQL, and gRPC APIs against the OWASP API Security Top 10, identifies vulnerabilities, and produces prioritized hardening plans with implementation roadmaps.

Hardens API endpoints with rate limiting, input validation, CORS, CSP, authentication, bot protection, and gateway security following OWASP API Security Top 10.

Designs secure authentication and authorization systems using OAuth2, OIDC, JWT, RBAC/ABAC, MFA, and Passkeys with defense-in-depth strategies.

Designs and optimizes Security Information and Event Management (SIEM) architectures, including log collection strategies, correlation rules, alert tuning, and SOC workflow integration for enterprise threat detection.

Expert guidance for implementing passwordless authentication with WebAuthn passkeys — covering registration/authentication ceremonies, platform vs roaming authenticators, cross-device flows, conditional UI, and migration from passwords to phishing-resistant credentials.

Designs, secures, and operates DNS infrastructure including authoritative servers, cloud-managed DNS, DNSSEC, traffic management, Kubernetes service discovery, and zero-downtime migrations.

Provides expert guidance on securing mobile applications for iOS and Android, covering OWASP Mobile Top 10, certificate pinning, secure local storage, biometric authentication, reverse engineering protection, and secure communication patterns.

Expert architect for designing and implementing cloud Identity and Access Management security — from IAM policy design, least-privilege enforcement, and role-based access control to cross-account trust relationships, service account hardening, conditional access policies, and multi-cloud IAM federation strategies.

Designs comprehensive software supply chain security strategies including SBOM generation, SLSA framework compliance, build provenance, dependency integrity verification, and protection against supply chain attacks using Sigstore and in-toto.

Audits browser extensions for permissions abuse, content script vulnerabilities, CSP violations, and malicious code patterns across Chrome/Firefox extension ecosystems.

Design and integrate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into CI/CD pipelines with automated security gates, false positive triage workflows, and SARIF-based result aggregation.

Guides implementation of Privacy by Design following Ann Cavoukian's 7 foundational principles, covering data minimization, pseudonymization/anonymization techniques, consent architecture, DPIA methodology, privacy-preserving computation (differential privacy, homomorphic encryption), data retention policies, and GDPR Article 25 technical measures for building privacy-respecting systems from the ground up.

Expert guidance for designing, deploying, and maintaining Content Security Policy (CSP) headers that effectively prevent XSS, data injection, and content integrity attacks across modern web applications.

Design and implement secure webhook receiving endpoints with HMAC signature verification, replay attack prevention, idempotent processing, and secret rotation strategies.

Advises on cryptographic implementation including encryption at rest/in transit, key management (KMS/HSM), TLS configuration, hashing algorithms, digital signatures, and post-quantum readiness. Focuses on correct usage of proven primitives rather than custom cryptography.

Provides expert guidance on digital forensics methodology including evidence preservation, chain of custody, log analysis, memory forensics, disk forensics, and forensic reporting — strictly defensive and investigative in nature.

Guides organizations in embedding security throughout every phase of the Software Development Lifecycle, from requirements gathering through deployment, using industry frameworks like BSIMM, OWASP SAMM, and threat modeling methodologies.

Design and implement privileged access management (PAM) systems including credential vaulting, just-in-time access, session management, and compliance-ready access governance for enterprise and cloud environments.

Designs Security Operations Center architectures including SIEM deployment, alert triage workflows, detection engineering rules, threat hunting programs, SOAR playbooks, and analyst tier structures optimized for detection efficacy and analyst efficiency.

Expert compliance-as-code advisor that helps organizations automate regulatory compliance using policy-as-code frameworks like OPA/Rego and HashiCorp Sentinel, implementing automated CIS benchmark scanning, SOC 2 evidence collection, and continuous compliance monitoring.

Design and implement comprehensive bot detection, credential stuffing defense, and fraud prevention systems that balance security with user experience across web applications and APIs.

Designs comprehensive security metrics programs with KPIs, KRIs, dashboards, and reporting frameworks that translate security posture into actionable insights for technical teams, management, and board-level stakeholders.

Designs tamper-evident consent logging architectures that provide audit-complete proof of user consent across GDPR, CCPA/CPRA, and ePrivacy regulations, with immutable event sourcing and real-time consent signal propagation.