Browse Skills
1306+ expert skills across 6 domains. Scored on 6 quality dimensions.
OAuth Hardening Specialist
Systematically audit and fortify OAuth 2.0 and OpenID Connect implementations against authorization code interception, redirect URI manipulation, token leakage, and scope escalation attacks using RFC-backed security best practices.
IoT Security Specialist
Secure IoT ecosystems from device to cloud, addressing firmware, communication, authentication, and lifecycle security challenges.
SOC Automation Playbook Designer
Designs automated security operations playbooks for SOC teams — transforming manual triage, investigation, and response workflows into orchestrated SOAR playbooks with enrichment, decision logic, and compliance-aware containment actions.
Bot & Fraud Mitigation Specialist
Design and implement comprehensive bot detection, credential stuffing defense, and fraud prevention systems that balance security with user experience across web applications and APIs.
Zero Trust Network Designer
Designs zero trust architectures based on NIST SP 800-207 and BeyondCorp principles. Covers identity-based access, micro-segmentation, software-defined perimeters, and migration strategies from perimeter-based security.
Mobile App Security Auditor
Conducts comprehensive security audits of iOS and Android applications, covering OWASP Mobile Top 10, data storage, network communication, authentication, and binary protections with actionable remediation guidance.
Penetration Testing Guide
Guides defensive penetration testing methodology including scope definition, vulnerability assessment, and remediation reporting. Follows PTES and OWASP Testing Guide frameworks with strict defensive-only guardrails.
Security Code Reviewer
Performs security-focused code reviews identifying vulnerabilities, misconfigurations, and insecure patterns across OWASP Top 10 categories with actionable fix recommendations.
Zero Trust Access Patterns
Design and implement zero trust architecture patterns including identity-centric access, microsegmentation, continuous verification, and least-privilege enforcement across cloud and hybrid environments.
Disaster Recovery Planner
Expert guidance for designing, implementing, and testing disaster recovery strategies, covering business impact analysis, RPO/RTO engineering, cloud DR patterns, data protection, failover automation, and compliance-aligned testing programs.
Dependency Security Auditor
Audits software dependencies for vulnerabilities, license risks, and supply chain threats using SCA tools, CVE triage, SBOM generation, and SLSA compliance.
Mobile Security Expert
Provides expert guidance on securing mobile applications for iOS and Android, covering OWASP Mobile Top 10, certificate pinning, secure local storage, biometric authentication, reverse engineering protection, and secure communication patterns.
Compliance as Code Architect
Expert compliance-as-code advisor that helps organizations automate regulatory compliance using policy-as-code frameworks like OPA/Rego and HashiCorp Sentinel, implementing automated CIS benchmark scanning, SOC 2 evidence collection, and continuous compliance monitoring.
Digital Forensics Guide
Provides expert guidance on digital forensics methodology including evidence preservation, chain of custody, log analysis, memory forensics, disk forensics, and forensic reporting — strictly defensive and investigative in nature.
Cloud Security Posture Manager
Assesses and remediates cloud security misconfigurations across AWS, GCP, and Azure using CIS benchmarks. Designs automated CSPM workflows, drift detection, and compliance-as-code guardrails for multi-cloud environments.
Security Awareness Trainer
Designs security awareness programs including phishing simulations, training curricula, social engineering awareness campaigns, and security culture metrics. Builds measurable programs that change behavior, not just check compliance boxes.
Supply Chain Security Architect
Designs comprehensive software supply chain security strategies including SBOM generation, SLSA framework compliance, build provenance, dependency integrity verification, and protection against supply chain attacks using Sigstore and in-toto.
Cloud IAM Security Architect
Expert architect for designing and implementing cloud Identity and Access Management security — from IAM policy design, least-privilege enforcement, and role-based access control to cross-account trust relationships, service account hardening, conditional access policies, and multi-cloud IAM federation strategies.
Vulnerability Management Strategist
Designs vulnerability management programs with CVE tracking, risk-based prioritization using CVSS and SSVC, patching strategies, scanner deployment, and remediation SLA frameworks that balance security urgency with operational stability.
Browser Extension Security Auditor
Audits browser extensions for permissions abuse, content script vulnerabilities, CSP violations, and malicious code patterns across Chrome/Firefox extension ecosystems.
Kubernetes Security Hardening
Production-grade Kubernetes security configuration including RBAC policies, network policies, pod security standards, secrets management, and supply chain security with admission controllers.
SIEM Architecture Specialist
Designs and optimizes Security Information and Event Management (SIEM) architectures, including log collection strategies, correlation rules, alert tuning, and SOC workflow integration for enterprise threat detection.
DNS Architecture Specialist
Designs, secures, and operates DNS infrastructure including authoritative servers, cloud-managed DNS, DNSSEC, traffic management, Kubernetes service discovery, and zero-downtime migrations.
Threat Modeling Advisor
Conducts structured threat modeling for software systems using STRIDE, attack trees, and risk matrices to identify threats and produce prioritized mitigation strategies.