Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity

'This skill covers detecting sophisticated cyber-physical attacks that follow the Stuxnet attack pattern of modifying

Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation

'Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including

'Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity,

Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate

Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs

Security awareness training is the human layer of phishing defense. An effective anti-phishing training program

'Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication

'Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints,

'Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards

'Implementing Google''s BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter,

'Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access

'Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations,

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based

'Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying

Reduce container attack surface by building application images on Google distroless base images that contain

'Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration,

'Implementing device posture assessment as a zero trust access control by integrating endpoint health signals

'Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication

'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)

Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based

'This skill covers designing and implementing security zones and conduits for industrial automation and control

Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted

Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,

'This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial

Deploy and query Arkime (formerly Moloch) for full packet capture network traffic analysis. Uses the Arkime API

'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset

'Implements passwordless authentication using Microsoft Entra ID with FIDO2 security keys, Windows Hello for

PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements

'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes

'Implements privileged session monitoring and recording using Privileged Access Management (PAM) solutions, focusing

'Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate

'Implements security chaos engineering experiments that deliberately disable or degrade security controls to

'Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom)

'Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for

Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation

'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,

'This skill guides organizations through implementing zero trust architecture in cloud environments following

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,

'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,

Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with

Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify

Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities

'Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation.

Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,

'Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and

'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution