Loading...
Loading...
Found 25 Skills
AWS CloudFormation patterns for infrastructure security, secrets management, encryption, and secure data handling. Use when creating secure CloudFormation templates with AWS Secrets Manager, KMS encryption, secure parameters, IAM policies, VPC security groups, TLS/SSL certificates, and encrypted traffic configurations. Covers template structure, parameter best practices, cross-stack references, and defense-in-depth strategies.
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
This skill should be used when the user asks to "harden code", "security hardening", "improve security posture", "add security headers", "tighten security", "defensive coding suggestions", or "proactive security improvements". Also triggers when the user asks about CSP, CORS hardening, rate limiting, input validation improvements, security logging, or defense-in-depth measures.
Guides failure-prevention culture and operational excellence for mission-critical engineering— zero-defect aspiration vs error budgets; HRO principles; defense-in-depth; fail-safe/fail-closed; verification gates and independent checks; redundancy and graceful degradation; pre-mortems and FMEA; stop-the-line; defect escape, near-miss, and repeat-incident metrics; leadership against normalization of deviance—not blame culture. Use for failure-prevention programs, HRO practices, verification gates, fail-safe design, pre-mortem/FMEA, stop-the-line, near-miss reporting, or defect-escape metrics—not SRE error budgets only (site-reliability-engineer), incident command only (incident-management-engineer), backup/restore only (cyber-resilience-engineer), CI lint only (build-validator), agile coaching, HR discipline, or classified ATO without ops-excellence lens (classified-cyber-security-senior-manager).
Security patterns for authentication, defense-in-depth, input validation, OWASP Top 10, LLM safety, and PII masking. Use when implementing auth flows, security layers, input sanitization, vulnerability prevention, prompt injection defense, or data redaction.
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
Configure host-based firewalls (iptables, nftables, UFW) and cloud security groups (AWS, GCP, Azure) with practical rules for common scenarios like web servers, databases, and bastion hosts. Use when exposing services, hardening servers, or implementing network segmentation with defense-in-depth strategies.
Reduces attack surface across OS, container, cloud, network, and database layers using CIS Benchmarks and zero-trust principles. Use when hardening production infrastructure, meeting compliance requirements, or implementing defense-in-depth security.
Refactor Kubernetes configurations to improve security, reliability, and maintainability. This skill applies defense-in-depth security principles, proper resource constraints, and GitOps patterns using Kustomize or Helm. It addresses containers running as root, missing health probes, hardcoded configs, and duplicate YAML across environments. Apply when you notice security vulnerabilities, missing Pod Disruption Budgets, or :latest image tags in production.
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.
ALWAYS use before attempting any fix. Never jump to solutions - investigate root cause first. Use when encountering any technical issue, bug, test failure, or unexpected behavior.