'Deploys deception technology including honeypots, honeytokens, and decoy systems to detect attackers who have

'Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring

'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution

'Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,

'Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,

'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,

Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session

'Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan,

Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities,

'Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches,

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct

>-

Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance,

'This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including

'This skill covers performing vulnerability assessments in OT environments using the Claroty xDome platform for

'Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,

Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps

'This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation

Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local

'Executes a structured ransomware incident response from initial detection through containment, forensic analysis,

'Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities

'This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant

'Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9),

Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode

SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring,

Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains,

'Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file

Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance,

'Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline

Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems,

Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including

Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak

Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral

'Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment

'This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations

'Reverse engineers malware binaries using NSA''s Ghidra disassembler and decompiler to understand internal logic,

Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network

'Performs advanced network reconnaissance using Nmap''s scripting engine, timing controls, evasion techniques,

'Securing API Gateway endpoints with AWS WAF by configuring managed rule groups for OWASP Top 10 protection,

'Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries,

'This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege

'This skill covers hardening and securing process historian servers (OSIsoft PI, Honeywell PHD, GE Proficy, AVEVA