Total 50,523 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Review contractor/consulting agreements for misclassification, IP, liability, and termination issues. Triggers: (1) 'check contract' → checklist review, (2) 'advise' / 'review' → full consultation with playbook, (3) 'generate' / 'template' → Skala template URL. Jurisdiction: New York, USA.
Designs and documents structured incident response playbooks that define step-by-step procedures for specific incident types aligned with NIST SP 800-61r3 and SANS PICERL frameworks. Covers playbook structure, decision trees, escalation criteria, RACI matrices, and integration with SOAR platforms. Activates for requests involving IR playbook creation, incident response procedure documentation, response runbook development, or SOAR playbook design.
Security scanning via clearwing — source code vulnerability hunting and network pentesting.
Vendor-neutral skill to check a data retention schedule for completeness and risk (coverage, deletion handling, legal holds) and produce a structured findings report.
Audit Trail investigations - who changed what, key compromise, cost spike root cause, compliance evidence (SOC 2/PCI), and AI activity auditing.
DPoP-signed (RFC 9449) authenticated calls to Alien-aware services. Discover any Alien-aware service's manifest at /.well-known/alien-agent-id.json, render its operations as actionable markdown, emit DPoP headers for one request, or one-shot a signed HTTP call with the agent's identity attached. Use when the user gives you a URL on an Alien-aware service (alien-api.com, alien.org, agent-sso.*), asks to call an Alien-aware endpoint, asks what an Alien-aware service can do, or mentions DPoP, agent-bound access tokens, or `cnf.jkt`.
Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials, DLL hijacking, memory manipulation, and insecure API communication in desktop applications using dnSpy, Procmon, and Burp Suite.
Use when setting up, troubleshooting, managing, removing, or checking the health of an Auth0 custom authentication domain (e.g. login.example.com), OR when diagnosing an error (400/403/404/409/429) from the /custom-domains Management API — especially Free-tier 403s (credit card on file, not a plan upgrade), self-managed cert 403s, PATCH-type 400s, `operation_not_supported` on `relying_party_identifier`, and 409 domain-already-exists. Handles CNAME creation in the user's DNS provider (Cloudflare, AWS Route 53, Azure DNS automated; other registrars guided), verification polling, Multiple Custom Domains (MCD), default-domain selection, TLS policy, client-IP header, per-domain passkey relying party identifier, and domain metadata.
Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks. Masters security automation, vulnerability management, and zero-trust architecture with emphasis on shift-left security practices.
Guide Claude on securing Vaadin 25 applications with Spring Security. This skill should be used when the user asks to "add security", "add login", "create a login view", "create a login form", "use Spring Security", "secure a view", "add authentication", "add authorization", "use @RolesAllowed", "use @PermitAll", "use @AnonymousAllowed", "use @DenyAll", "use VaadinSecurityConfigurer", "add OAuth2", "use OAuth2 login", "use Google login", "use Keycloak", "use GitHub login", "add logout", "add a logout button", "use AuthenticationContext", "protect a view", "role-based access", "configure SecurityFilterChain", or needs help with view access control, login forms, OAuth2 providers, or logout handling in Vaadin Flow.
Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.
Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication, insecure token management, session fixation, privilege escalation, and IDOR vulnerabilities. Use when performing API security assessments against mobile app backends, testing JWT implementations, evaluating OAuth flows, or assessing session management. Activates for requests involving mobile API auth testing, token security assessment, OAuth mobile flow testing, or API authorization bypass.