Skip to content

Skill Catalog

Browse 4,314 curated AI agent skills. No account needed.

Design, Media & Creative

Data, AI & Research

Personal Productivity

Business, Marketing & Sales

Software Engineering

Security & Compliance

Implementing Alert Fatigue Reduction

Implements strategies to reduce SOC alert fatigue by tuning detection rules, consolidating duplicate alerts, implementing risk-based alerting, and measuring alert quality metrics to maintain analyst effectiveness and prevent critical alert dismissal. Use when SOC teams face overwhelming alert volumes, high false positive rates, or declining analyst performance.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Anti Phishing Training Program

Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Anti Ransomware Group Policy

Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements AppLocker rules, Software Restriction Policies, Controlled Folder Access, attack surface reduction rules, and network protection settings. Activates for requests involving Windows GPO hardening against ransomware, AppLocker configuration, Controlled Folder Access setup, or endpoint protection via Group Policy.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing API Abuse Detection With Rate Limiting

Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent DDoS, brute force, and credential stuffing attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing API Gateway Security Controls

Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request validation, IP allowlisting, TLS termination, and threat protection. The engineer configures API gateways (Kong, AWS API Gateway, Azure APIM, Apigee) to act as a centralized security enforcement point that validates, throttles, and monitors all API traffic before it reaches backend services. Activates for requests involving API gateway security, API management security, gateway authentication, or centralized API protection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing API Key Security Controls

Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication credentials from leakage, brute force, and abuse. The engineer designs API key formats with sufficient entropy, implements secure hashing for storage, enforces per-key scoping and rate limiting, monitors for leaked keys in public repositories, and builds key rotation workflows. Activates for requests involving API key management, API key security, key rotation policy, or API credential protection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing API Rate Limiting And Throttling

Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms to protect against brute force attacks, credential stuffing, resource exhaustion, and API abuse. The engineer configures per-user, per-IP, and per-endpoint rate limits using Redis-backed counters, API gateway plugins, or application middleware, and implements proper HTTP 429 responses with Retry-After headers. Activates for requests involving rate limiting implementation, API throttling setup, request quota management, or API abuse prevention.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing API Schema Validation Security

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing API Security Posture Management

Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while enforcing security policies across the API lifecycle.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing API Threat Protection With Apigee

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Application Whitelisting With Applocker

Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints, reducing attack surface from malware, unauthorized tools, and shadow IT. Use when enforcing application control policies, meeting compliance requirements for software restriction, or preventing execution of unsigned or untrusted binaries. Activates for requests involving AppLocker, application whitelisting, software restriction, or executable control.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Aqua Security For Container Scanning

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Attack Surface Management

Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder, httpx, nuclei) for asset discovery, subdomain enumeration, service fingerprinting, and exposure scoring. Includes a weighted risk scoring algorithm based on OWASP attack surface analysis methodology and the Relative Attack Surface Quotient (RSQ). Use when building continuous ASM programs or performing external reconnaissance for security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing AWS Config Rules For Compliance

Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom rules aligned to CIS and PCI DSS frameworks, configuring automatic remediation with SSM Automation, and aggregating compliance data across accounts.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing AWS Iam Permission Boundaries

Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing AWS Macie For Data Classification

Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine learning and pattern matching for PII, financial data, and credentials detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing AWS Nitro Enclave Security

Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy integration using PCR-based condition keys, and secure vsock communication channels. The practitioner builds enclave images, configures attestation-aware KMS policies, validates attestation documents against the AWS Nitro PKI root of trust, and establishes isolated computation pipelines for processing sensitive data such as PII, cryptographic keys, and healthcare records. Activates for requests involving Nitro Enclave setup, enclave attestation validation, confidential computing on AWS, or KMS enclave policy configuration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing AWS Security Hub

This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that aggregates findings from GuardDuty, Inspector, Macie, and third-party tools. It details enabling security standards like CIS AWS Foundations Benchmark, configuring automated remediation, and building executive dashboards for compliance tracking across multi-account AWS organizations.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing AWS Security Hub Compliance

Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards like CIS AWS Foundations and PCI DSS, configure automated remediation with EventBridge and Lambda, and create custom security insights for organizational risk management.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Azure Ad Privileged Identity Management

Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows, and access reviews for Azure AD privileged roles.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Azure Defender For Cloud

Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Beyondcorp Zero Trust Access Model

Implementing Google's BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter, enforce identity-aware access controls using IAP, Access Context Manager, and Chrome Enterprise Premium for VPN-less secure application access.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Bgp Security With Rpki

Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and ROV policies on Cisco and Juniper routers to prevent route hijacking.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Canary Tokens For Network Intrusion

Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access and lateral movement. Integrates with webhook alerting (Slack, Teams, email, generic HTTP) for real-time intrusion notifications. Provides automated token generation, placement strategies, and monitoring for enterprise network environments. Use when building deception-based network intrusion detection with Canarytokens.org and Thinkst Canary platforms.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Cisa Zero Trust Maturity Model

Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications, and data to achieve progressive organizational zero trust maturity.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Cloud Dlp For Data Protection

Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud DLP API to discover, classify, and protect sensitive data across cloud storage, databases, and data pipelines.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Cloud Security Posture Management

Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations, compliance violations, and security risks using Prowler, ScoutSuite, AWS Security Hub, Azure Defender, and GCP Security Command Center.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Cloud Trail Log Analysis

Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation using Athena, CloudWatch Logs Insights, and SIEM integration to identify unauthorized access, privilege escalation, and suspicious API activity.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Cloud Vulnerability Posture Management

Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source tools like Prowler and ScoutSuite for multi-cloud vulnerability detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Cloud Waf Rules

This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare to protect cloud-hosted applications against OWASP Top 10 attacks. It details configuring managed rule sets, creating custom rules for business logic protection, implementing rate limiting, deploying bot management, and reducing false positives through rule tuning and logging analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Code Signing For Artifacts

This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout the software supply chain. It addresses signing binaries, packages, and containers using GPG, Sigstore, and platform-specific signing tools, establishing trust chains, and verifying signatures in deployment pipelines.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Conduit Security For Ot Remote Access

Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying jump servers, MFA-enabled gateways, session recording, and approval-based workflows to control vendor and engineer access to industrial control systems without exposing OT networks directly.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Container Image Minimal Base With Distroless

Reduce container attack surface by building application images on Google distroless base images that contain only the application runtime with no shell, package manager, or unnecessary OS utilities.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Container Network Policies With Calico

Enforce Kubernetes network segmentation using Calico CNI network policies and global network policies to control pod-to-pod traffic, restrict egress, and implement zero-trust microsegmentation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Continuous Security Validation With Bas

Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating real-world attack techniques across the kill chain.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Data Loss Prevention With Microsoft Purview

Implements data loss prevention policies using Microsoft Purview to protect sensitive information across Exchange Online, SharePoint, OneDrive, Teams, endpoint devices, and Power BI. The analyst configures sensitivity labels with encryption and content marking, creates DLP policies using built-in and custom sensitive information types with regex patterns, deploys endpoint DLP rules to control file operations on Windows and macOS devices, and monitors policy effectiveness through Activity Explorer and DLP alert management. Uses PowerShell cmdlets and the Microsoft Graph API for programmatic policy management. Activates for requests involving DLP policy creation, sensitivity label configuration, data classification, endpoint data protection, or Microsoft Purview compliance administration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Ddos Mitigation With Cloudflare

Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin protection to mitigate volumetric, protocol, and application-layer attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Deception Based Detection With Canarytoken

Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug tokens, DNS tokens, document tokens, and AWS key tokens.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Delinea Secret Server For Pam

Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration, role-based access policies, automated password rotation, session recording, and integration with Active Directory and cloud platforms. Activates for requests involving PAM deployment, privileged credential vaulting, secret server administration, or password rotation automation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Device Posture Assessment In Zero Trust

Implementing device posture assessment as a zero trust access control by integrating endpoint health signals from CrowdStrike ZTA, Microsoft Intune, and Jamf into conditional access policies that enforce compliance before granting resource access.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Devsecops Security Scanning

Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) into CI/CD pipelines using open-source tools. Covers Semgrep for SAST, Trivy for SCA and container scanning, OWASP ZAP for DAST, and Gitleaks for secrets detection. Activates for requests involving DevSecOps pipeline setup, automated security scanning in CI/CD, SAST/DAST/SCA integration, or shift-left security implementation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Diamond Model Analysis

The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining four core features - Adversary, Capability, Infrastructure, and Victim. This skill covers implementing the Diamond Model programmatically to classify and correlate intrusion events, build activity threads, and generate pivot-ready intelligence.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Disk Encryption With Bitlocker

Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from unauthorized access in case of device loss or theft. Use when deploying encryption for compliance requirements, securing mobile workstations, or implementing data protection controls across the enterprise. Activates for requests involving BitLocker encryption, disk encryption, TPM configuration, or data-at-rest protection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Dmarc Dkim Spf Email Security

SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper im

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Dragos Platform For Ot Monitoring

Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol parsers, intelligence-driven threat detection analytics, and asset visibility capabilities to protect ICS environments against threat groups like VOLTZITE, GRAPHITE, and BAUXITE.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Ebpf Security Monitoring

Implements eBPF-based security monitoring using Cilium Tetragon for real-time process execution tracking, network connection observability, file access auditing, and runtime enforcement. Covers TracingPolicy CRD authoring with kprobe/tracepoint hooks, in-kernel filtering via matchArgs/matchBinaries selectors, JSON event export, and integration with SIEM pipelines. Use when building kernel-level runtime security observability for Linux hosts or Kubernetes clusters.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Email Sandboxing With Proofpoint

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Endpoint Dlp Controls

Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through email, USB, cloud storage, and printing. Use when deploying DLP agents, creating content inspection policies, or preventing unauthorized data movement from endpoints. Activates for requests involving DLP, data exfiltration prevention, content inspection, or sensitive data protection on endpoints.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Envelope Encryption With AWS Kms

Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself is encrypted with a master key (KEK) managed by AWS KMS. This approach allows encrypting

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Epss Score For Vulnerability Prioritization

Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based on real-world exploitation probability within 30 days.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing File Integrity Monitoring With Aide

Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, scheduled integrity checks, change detection, and alerting

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Fuzz Testing In Cicd With Aflplusplus

Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling, and logic vulnerabilities in C/C++ and compiled applications.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing GCP Binary Authorization

Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested container images are deployed to Google Kubernetes Engine and Cloud Run.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing GCP Organization Policy Constraints

Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing GCP Vpc Firewall Rules

Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress traffic, apply hierarchical firewall policies across the organization, and monitor firewall rule effectiveness using VPC Flow Logs.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Gdpr Data Protection Controls

The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing the collection, processing, storage, and transfer of personal data. This skill cover

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing GitHub Advanced Security For Code Scanning

Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Google Workspace Admin Security

Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant MFA enforcement, DLP policies, email authentication (SPF/DKIM/DMARC), OAuth app control, and external sharing restrictions. Activates for requests involving Google Workspace hardening, G Suite security configuration, or cloud office security administration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Google Workspace Phishing Protection

Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Google Workspace Sso Configuration

Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Hardware Security Key Authentication

Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication flows, YubiKey enrollment, and passkey migration strategies. Builds a complete relying party server using the python-fido2 library that supports cross-platform authenticators, resident key (discoverable credential) workflows, and user verification policies. Activates for requests involving FIDO2 implementation, WebAuthn registration, hardware security key enrollment, YubiKey integration, or passkey migration from password-based authentication.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Hashicorp Vault Dynamic Secrets

Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates with automatic generation, lease management, and credential rotation to eliminate static secrets in application configurations. Activates for requests involving Vault secrets engine configuration, dynamic database credentials, ephemeral cloud credentials, or automated secret rotation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Honeypot For Ransomware Detection

Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible stage. Configures canary tokens embedded in strategic file locations that trigger alerts when ransomware attempts encryption, uses honeypot network shares that mimic high-value targets, and deploys Thinkst Canary appliances for comprehensive deception-based detection. Activates for requests involving ransomware honeypots, canary files, deception technology for ransomware, or early ransomware alerting.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Honeytokens For Breach Detection

Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records) that trigger alerts when accessed by attackers. Uses the Canarytokens API and custom webhook integrations for breach detection. Use when building deception-based early warning systems for intrusion detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Ics Firewall With Tofino

Deploy and configure Tofino industrial firewalls from Belden/Hirschmann to protect SCADA systems and PLCs using deep packet inspection for OT protocols including Modbus, EtherNet/IP, OPC, and S7comm, enforcing granular access control between ICS security zones.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Identity Verification For Zero Trust

Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based conditional access, and identity governance aligned with the CISA Zero Trust Maturity Model.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Iec 62443 Security Zones

This skill covers designing and implementing security zones and conduits for industrial automation and control systems (IACS) per IEC 62443-3-2. It addresses zone partitioning based on risk assessment, assigning Security Level targets (SL-T), designing conduit security controls, implementing microsegmentation with industrial firewalls, and validating zone architecture through traffic analysis and penetration testing against the Purdue Reference Model.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Image Provenance Verification With Cosign

Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations, and Kubernetes admission enforcement.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Immutable Backup With Restic

Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant data protection. Automates backup creation, integrity verification via restic check --read-data, snapshot retention policy enforcement, and restore testing. Integrates with AWS S3 Object Lock, MinIO, and Backblaze B2 for WORM (Write Once Read Many) storage that prevents backup deletion or encryption by ransomware actors.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Infrastructure As Code Security Scanning

This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using tools like Checkov, tfsec, and KICS. It addresses detecting misconfigurations in Terraform, CloudFormation, Kubernetes manifests, and Helm charts before deployment, establishing policy-based governance, and integrating IaC scanning into CI/CD pipelines to prevent insecure cloud resource provisioning.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Iso 27001 Information Security Management

ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Just In Time Access Provisioning

Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing JWT Signing And Verification

JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization in web applications. This skill covers implementing secure JWT signing with HMAC-SHA256

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Kubernetes Network Policy With Calico

Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod communication.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Kubernetes Pod Security Standards

Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted -- enforced by the Pod Security Admission (PSA) controller built into Kubernetes 1.25+. PS

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing LLM Guardrails For Security

Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection, data leakage, toxic content generation, and hallucinated outputs. Builds a security validation pipeline using NVIDIA NeMo Guardrails Colang definitions, custom Python validators for PII detection and content policy enforcement, and the Guardrails AI framework for structured output validation. The guardrails system intercepts both user inputs (blocking injection attempts, stripping PII, enforcing topic boundaries) and model outputs (detecting hallucinations, filtering toxic content, validating JSON schema compliance). Activates for requests involving LLM output validation, AI content filtering, guardrail implementation, or LLM safety enforcement.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Log Forwarding With Fluentd

Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed infrastructure

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Log Integrity With Blockchain

Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is hashed with the previous entry's hash to create a blockchain-like structure where modifying any entry invalidates all subsequent hashes. Implements log ingestion, chain verification, tamper detection with pinpoint identification, and periodic checkpoint anchoring to external timestamping services.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Memory Protection With Dep Aslr

Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), CFG (Control Flow Guard), and other exploit mitigations to prevent memory corruption attacks. Use when hardening endpoints against buffer overflow exploits, ROP chains, and code injection. Activates for requests involving memory protection, exploit mitigation, DEP, ASLR, or CFG configuration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Microsegmentation With Guardicore

Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create granular network policies, visualize east-west traffic flows, and enforce least-privilege communication between workloads across data centers and cloud.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Mimecast Targeted Attack Protection

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Mitre Attack Coverage Mapping

Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure SOC detection maturity against adversary techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Mobile Application Management

Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged mobile devices through app-level controls including data loss prevention, selective wipe, app configuration, and containerization. Use when securing corporate apps on BYOD devices, implementing Intune App Protection Policies, or enforcing data separation between personal and work apps. Activates for requests involving MAM deployment, app protection policies, mobile containerization, or BYOD security.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Nerc Cip Compliance Controls

This skill covers implementing North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance controls for Bulk Electric System (BES) cyber systems. It addresses asset categorization (CIP-002), electronic security perimeters (CIP-005), system security management (CIP-007), configuration management (CIP-010), supply chain risk management (CIP-013), and the 2025 updates including mandatory MFA for remote access and expanded low-impact asset requirements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Access Control

Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch configurations to enforce identity-based access policies, posture assessment, and automatic VLAN assignment for authorized devices.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Access Control With Cisco Ise

Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass, posture assessment, and dynamic VLAN assignment for network access control.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Deception With Honeypots

Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Intrusion Prevention With Suricata

Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets, and inline traffic inspection for real-time threat blocking.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Policies For Kubernetes

Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control traffic flow between pods, namespaces, and external endpoints. Combined with CNI plu

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Segmentation For Ot

This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial firewalls, data diodes, and software-defined networking. It addresses the Purdue Model-based segmentation strategy, migration from flat networks to segmented architectures without disrupting operations, configuring OT-aware firewalls with industrial protocol deep packet inspection, and validating segmentation effectiveness through traffic analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Segmentation With Firewall Zones

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Network Traffic Baselining

Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score anomaly detection, and hourly/daily traffic pattern profiling

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance