4. Security & Compliance

Guide for drafting GDPR and ePrivacy compliant cookie policies with CNIL 2020 recommendations and reference templates.

Guides evaluation and drafting of compliant whistleblower policies based on EU Directive 2019/1937, Sapin II, and CNIL frameworks.

Audits web content for WCAG 2.2 AA compliance using automated, interactive, and manual testing methods.

Plans WCAG accessibility audits by determining scope, page selection, and generating compliance documents based on WAIC guidelines.

Automates secret-leak prevention by configuring gitleaks, trufflehog, and CI security scans to harden repositories against credential exposure.

Expert in security incident response, conducting evidence collection, forensic analysis, and coordinated mitigation to minimize impact and prevent recurrence.

Provides expert risk assessment, mitigation, and regulatory compliance services to protect organizations from financial, operational, and strategic risks.

Expert in secure payment gateway integration with PCI compliance, fraud prevention, and multi-currency transaction processing for reliable financial operations.

Conducts ethical penetration testing, vulnerability assessments, and security evaluations to identify and validate system weaknesses.

Expert infrastructure security engineer specializing in DevSecOps, cloud security, compliance, and security automation with zero-trust architecture.

Conducts comprehensive security assessments, validates compliance, and manages risks to ensure adherence to security frameworks and regulations.

Provides automated validation and continuous monitoring for regulatory compliance frameworks including GDPR, HIPAA, and SOC 2.

Manages dependencies across ecosystems with security auditing, conflict resolution, and supply chain security focus.

Scans codebases for secrets, API keys, credentials, and PII to detect hardcoded sensitive data, aiding security audits.

Provides modern application security patterns aligned with OWASP Top 10, API Security Top 10, NIST SSDF, and zero trust principles.

Enhances mobile authentication integration for Expo/React Native apps with session management and auth debugging capabilities.

Manages 1Password items via CLI for secure storage of API credentials, secrets, and structured data, adhering to security best practices.

Identifies bugs, security flaws, and code quality issues in local branch changes for security audits and code reviews.

Fetches API keys, tokens, and credentials securely from 1Password using CLI, requiring the secret reference (op://Vault/Item/field) instead of the actual secret.

Specialized security auditor for reviewing pull requests, conducting STRIDE threat modeling, and validating zero-trust architecture compliance.

Provides security-focused product vision, risk assessment, and strategic guidance for product development, integrating CISO and Product Management expertise.

Delivers a comprehensive security checklist and patterns for implementing cybersecurity best practices in development and infrastructure.

Real-time security pattern detector for code editors, warning about command injection, XSS, and unsafe deserialization during file edits.

Provides comprehensive application security services including threat modeling, penetration testing, vulnerability assessment, and compliance with GDPR, HIPAA, and OWASP standards.