'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)

Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based

'This skill covers designing and implementing security zones and conduits for industrial automation and control

Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted

'Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection,

Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed

Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,

Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass,

Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control

'This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial

Deploy and query Arkime (formerly Moloch) for full packet capture network traffic analysis. Uses the Arkime API

'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset

Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL.

'Implements passwordless authentication using Microsoft Entra ID with FIDO2 security keys, Windows Hello for

'This skill covers implementing a structured patch management program for OT/ICS environments where traditional

PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements

'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes

Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration

'Implements privileged session monitoring and recording using Privileged Access Management (PAM) solutions, focusing

'Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate

'Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based

Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated

'This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories.

'Implements security chaos engineering experiments that deliberately disable or degrade security controls to

'Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom)

Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC

'Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for

'Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing

Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response

Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation

'Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false

'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,

'This skill guides organizations through implementing zero trust architecture in cloud environments following

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,

'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption

Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy

Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,

Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy,

Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with

Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify

Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities

Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata

'Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation.

Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,

Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation

Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and