'Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce

'Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,

'Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction

'Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed

'Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify

Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like

'Deploys canary files (honeytokens) across file systems to detect ransomware encryption activity in real time.

'Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat

'Deploys and monitors ransomware canary files across critical directories using Python''s watchdog library for

Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls,

'This skill covers deploying anomaly detection systems for industrial control environments using machine learning

Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier

'Detect cyber attacks targeting OT historian servers (OSIsoft PI, Ignition, Wonderware) that sit at the IT/OT

'This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection

'Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible

'Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping,

Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17),

'Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows,

'Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log,

'Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process

'Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption

'Detects and analyzes malicious behavior in mobile applications through behavioral analysis, permission abuse

'Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts,

Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious

'Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and

'Detects early-stage ransomware indicators in network traffic before encryption begins, including initial access

Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event

'Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google

Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity

'This skill covers detecting sophisticated cyber-physical attacks that follow the Stuxnet attack pattern of modifying

Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation

Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter,

Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring

'Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including

'Executes authorized attack simulations against Active Directory environments to identify misconfigurations,

Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless

'Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity,

'Hunt for malicious PowerShell activity by analyzing Script Block Logging (Event 4104), Module Logging (Event

Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate

Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs

Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services,

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect

Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious

AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect

Security awareness training is the human layer of phishing defense. An effective anti-phishing training program

Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent

'Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication

'Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms

Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,