4. Security & Compliance

Defines trusted domain standards, security assessment patterns, and domain research protocols for secure WebFetch permissions management.

Audits code for security vulnerabilities using OWASP Top 10 and STRIDE, delivering prioritized findings with remediation guidance.

Performs comprehensive code audits to identify bugs, security vulnerabilities, and compliance issues, generating prioritized markdown reports.

Comprehensive Active Directory security skill covering Kerberos attacks, privilege escalation, LDAP exploitation, and ELK-integrated threat detection for enhanced security monitoring.

Provides Level 2 security and compliance patterns for vulnerability scanning, licensing checks, SBOM analysis, and environment health monitoring.

Automates compliance workflows via Drata's API, managing evidence, personnel training, risk assessments, and vendor management for GRC operations.

Provides database-backed session management with cookie handling, audit trails, and multi-device support for secure authentication systems.

Enables Active Directory threat detection through Elastic Stack (Elasticsearch, Logstash, Kibana) for Windows event and Sysmon log analysis.

Scans npm dependencies for known vulnerabilities to identify and mitigate security risks in software projects.

Expert in application security, vulnerability assessment, and secure coding practices with specialization in OWASP Top 10 and security audits.

Builds RFC-compliant OAuth 2.1 authorization servers in Rails for secure third-party client authorization and token management.

Scans code for vulnerabilities using gosec and govulncheck to identify security risks in software.

Provides implementation patterns for access control systems using RBAC and ABAC to secure application resources.

Evaluates software dependency licenses for compliance and compatibility, ensuring adherence to open-source license terms.

Provides secure storage patterns for sensitive data such as tokens and credentials using Expo Secure Store.

Provides runtime security validation for AI agents, including secret scanning, PII detection, and prompt injection defense to prevent data breaches and enforce security guardrails.

Scans Python projects for security vulnerabilities and delivers actionable enhancement guidance to strengthen security posture.

Generates forensic timelines by correlating events from multiple data sources to reconstruct security incidents and visualize progression.

Generates compliance policies, assesses control effectiveness, and tracks regulatory status for GRC programs and audit readiness.

Analyzes volatile memory dumps to investigate security incidents including malware, rootkits, and credential theft across Windows, Linux, and macOS.

Analyzes Windows Registry hives for forensic investigations, detecting malware persistence, user activity, and system configuration changes from disk images or extracted hives.

Conducts security audits for Solidity smart contracts to identify and mitigate vulnerabilities using standardized checklists and tools.

Provides common Solidity vulnerability patterns and prevention strategies for security code reviews and learning about smart contract exploits.

Manages vulnerability assessment, prioritization, and remediation tracking for security programs and assessments.