4. Security & Compliance

Manages enterprise security policies, configuration, and implementation for cloud execution, IDEs, and devcontainers, including organizational security standards.

Provides secure authentication implementation guidance covering JWT, OAuth 2.0, OIDC, MFA, and session management for login systems and SSO.

Manages end-to-end vulnerability lifecycle including CVE tracking, CVSS scoring, risk prioritization, and remediation coordination.

Designs secure secret storage, rotation, and credential management systems using HashiCorp Vault, AWS Secrets Manager, and zero-knowledge architectures.

Guides implementation of DevSecOps practices, including security integration in CI/CD pipelines, vulnerability management, and security champion programs.

Provides HIPAA compliance planning for healthcare applications, including PHI handling, safeguards, BAAs, and risk assessments.

Configures Gemini CLI sandboxing with Docker, Podman, and macOS Seatbelt profiles to enforce security boundaries and isolate processes.

Provides security patterns for containerized applications, covering Docker hardening, image scanning, Kubernetes RBAC, network policies, and secrets management.

Provides hooks for permission control, security enforcement, and audit trails in custom agent implementations to ensure secure and compliant operations.

Guides secure coding practices including OWASP Top 10, CWE Top 25, input validation, and output encoding for code review and implementation.

Provides compliance mapping for security frameworks including ISO 27001, SOC 2, NIST CSF, and CIS Controls.

Guides implementation of Zero Trust architecture principles including ZTNA, micro-segmentation, and identity-based access for secure network design and cloud applications.

Guides creation of security policies for Gemini CLI using TOML rules, covering syntax, priority, conditions, and MCP wildcards for tool access control.

Manages Software Bill of Materials for supply chain security, vulnerability tracking, and regulatory compliance.

Uses STRIDE, DREAD, and attack trees for proactive security threat modeling integrated into SDLC.

Expert guide for configuring Google Gemini CLI security settings, including trusted folders, policy engine, and environment variables.

Provides comprehensive guidance on implementing authorization models including RBAC, ABAC, and policy-as-code for secure access control systems.

Provides comprehensive guidance for implementing encryption, password hashing, TLS configuration, and cryptographic key management in secure systems.

Provides guidance for implementing responsible AI practices through alignment with regulatory frameworks like EU AI Act and NIST AI RMF.

Designs and evaluates security architectures using zero trust principles, including microsegmentation and identity-based access controls.

Manages CVE remediation, vulnerability scanning, and dependency-check for morphir-dotnet including false positive suppression and security report review.

Provides security implementation for APIs including authentication, authorization, and protection against common vulnerabilities.

Provides PCI DSS compliance planning assistance for payment card handling, including scope reduction, SAQ selection, and security controls implementation.

Guides on software supply chain security: SBOM generation, SLSA framework, dependency scanning, and defense against attacks like dependency confusion.