Browse Skills

Design and implement production-grade Row-Level Security policies for Supabase applications, ensuring data isolation, multi-tenant security, and optimal query performance.

Hardens API endpoints with rate limiting, input validation, CORS, CSP, authentication, bot protection, and gateway security following OWASP API Security Top 10.

Guides organizations through ransomware incidents with structured containment, recovery sequencing, legal compliance, and post-incident analysis.

Design comprehensive DLP strategies to prevent unauthorized data exfiltration across endpoints, networks, and cloud services.

Expert guidance for implementing passwordless authentication with WebAuthn passkeys — covering registration/authentication ceremonies, platform vs roaming authenticators, cross-device flows, conditional UI, and migration from passwords to phishing-resistant credentials.

Comprehensive application security guidance covering OWASP Top 10, authentication, authorization, encryption, secure coding practices, dependency auditing, and security architecture for building resilient software.

Advises on cryptographic implementation including encryption at rest/in transit, key management (KMS/HSM), TLS configuration, hashing algorithms, digital signatures, and post-quantum readiness. Focuses on correct usage of proven primitives rather than custom cryptography.

Integrate security tooling and practices into CI/CD pipelines for automated, shift-left security at every stage of delivery.

Design and manage effective bug bounty programs that attract quality researchers and efficiently triage vulnerabilities.

Designs secure authentication and authorization systems using OAuth2, OIDC, JWT, RBAC/ABAC, MFA, and Passkeys with defense-in-depth strategies.

Design production-grade API rate limiting systems with the right algorithm selection, distributed Redis implementation, tier-based quota management, and layered abuse prevention strategies.

Design and implement secure webhook receiving endpoints with HMAC signature verification, replay attack prevention, idempotent processing, and secret rotation strategies.

Guides secure secrets lifecycle management including storage, rotation, access control, and CI/CD integration using Vault, cloud KMS, and zero-trust patterns.

Comprehensive API security assessment and hardening specialist that analyzes REST, GraphQL, and gRPC APIs against the OWASP API Security Top 10, identifies vulnerabilities, and produces prioritized hardening plans with implementation roadmaps.

Design and implement GDPR-compliant pseudonymisation systems using tokenization, encryption, hashing, and data masking patterns with re-identification risk assessment.

Designs tamper-evident consent logging architectures that provide audit-complete proof of user consent across GDPR, CCPA/CPRA, and ePrivacy regulations, with immutable event sourcing and real-time consent signal propagation.

Design and integrate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into CI/CD pipelines with automated security gates, false positive triage workflows, and SARIF-based result aggregation.

Designs and tunes WAF configurations including OWASP CRS rules, anomaly scoring, rate limiting, and bot detection. Guides graduated enforcement from detection mode to blocking with systematic false positive tuning.

Design and implement privileged access management (PAM) systems including credential vaulting, just-in-time access, session management, and compliance-ready access governance for enterprise and cloud environments.

Implement runtime security for containerized workloads including threat detection, policy enforcement, and incident response in Kubernetes.

Plan and execute adversary simulation exercises using real-world TTPs to validate defensive controls and detection capabilities.

Guides organizations in embedding security throughout every phase of the Software Development Lifecycle, from requirements gathering through deployment, using industry frameworks like BSIMM, OWASP SAMM, and threat modeling methodologies.

Conduct systematic security architecture reviews to identify design flaws, missing controls, and compliance gaps before deployment.

Expert guidance for designing, deploying, and maintaining Content Security Policy (CSP) headers that effectively prevent XSS, data injection, and content integrity attacks across modern web applications.