security
Information security expertise for cybersecurity frameworks (NIST, ISO 27001), security architecture, incident response, vulnerability management, identity management, and cloud security. Use when designing security programs, responding to incidents, or assessing vulnerabilities.
Best use case
security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Information security expertise for cybersecurity frameworks (NIST, ISO 27001), security architecture, incident response, vulnerability management, identity management, and cloud security. Use when designing security programs, responding to incidents, or assessing vulnerabilities.
Teams using security should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-neversight/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security Compares
| Feature / Agent | security | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Information security expertise for cybersecurity frameworks (NIST, ISO 27001), security architecture, incident response, vulnerability management, identity management, and cloud security. Use when designing security programs, responding to incidents, or assessing vulnerabilities.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Information Security Expert Comprehensive security frameworks for cybersecurity, incident response, and security architecture. ## Security Architecture ### Zero Trust Architecture ``` ZERO TRUST PRINCIPLES: - Never trust, always verify - Assume breach - Verify explicitly - Least privilege access - Micro-segmentation ZERO TRUST COMPONENTS: IDENTITY: - Strong authentication (MFA) - Identity governance - Privileged access management - Continuous validation DEVICES: - Device health verification - Endpoint detection and response - Mobile device management - Asset inventory NETWORK: - Micro-segmentation - Software-defined perimeter - Encrypted communications - Network access control APPLICATIONS: - Application-level authentication - API security - Web application firewall - Secure coding practices DATA: - Data classification - Encryption at rest and in transit - Data loss prevention - Access controls ``` ### Defense in Depth ``` SECURITY LAYERS: PHYSICAL: - Data center security - Badge access - Surveillance - Environmental controls PERIMETER: - Firewalls - IDS/IPS - DMZ - VPN NETWORK: - Segmentation - Encryption - Network monitoring - NAC HOST: - Endpoint protection - Host-based firewall - Hardening - Patch management APPLICATION: - WAF - Secure coding - Input validation - Authentication DATA: - Encryption - DLP - Access controls - Backup/recovery ``` ### Cloud Security | Domain | Controls | | -------------- | ----------------------------------- | | **Identity** | SSO, MFA, PAM, IAM policies | | **Compute** | Hardened images, container security | | **Network** | VPC, security groups, WAF | | **Storage** | Encryption, access policies, backup | | **Logging** | CloudTrail, SIEM integration | | **Compliance** | Config rules, automated remediation | For detailed security frameworks (NIST, ISO 27001, CIS Controls, MITRE ATT&CK), see [Security Frameworks Reference](references/security-frameworks.md). ## Vulnerability Management ### Vulnerability Management Process ``` LIFECYCLE: 1. DISCOVERY - Asset inventory - Vulnerability scanning - Penetration testing - Code analysis 2. PRIORITIZATION - CVSS scoring - Asset criticality - Exploit availability - Business context 3. REMEDIATION - Patch management - Configuration changes - Compensating controls - Risk acceptance 4. VERIFICATION - Rescan - Validation testing - Documentation - Reporting 5. REPORTING - Executive dashboards - Trend analysis - Compliance reporting - SLA tracking ``` ### CVSS Scoring | Score | Severity | SLA Target | | -------- | -------- | ----------- | | 9.0-10.0 | Critical | 7 days | | 7.0-8.9 | High | 30 days | | 4.0-6.9 | Medium | 90 days | | 0.1-3.9 | Low | Best effort | ### Patch Management ``` PATCH PROCESS: 1. IDENTIFICATION - Vendor announcements - Vulnerability feeds - Security bulletins 2. ASSESSMENT - Applicability - Risk evaluation - Test requirements 3. TESTING - Lab validation - Compatibility testing - Rollback planning 4. DEPLOYMENT - Pilot group - Phased rollout - Monitoring 5. VERIFICATION - Confirm installation - Functional testing - Documentation ``` ## Identity & Access Management ### IAM Framework ``` IAM COMPONENTS: IDENTITY LIFECYCLE: - Provisioning - Modification - De-provisioning - Certification AUTHENTICATION: - Password policies - Multi-factor authentication - Single sign-on - Passwordless AUTHORIZATION: - Role-based access (RBAC) - Attribute-based access (ABAC) - Least privilege - Separation of duties GOVERNANCE: - Access reviews - Policy enforcement - Audit logging - Compliance reporting ``` ### Privileged Access Management ``` PAM CONTROLS: VAULT: - Credential storage - Password rotation - Secrets management SESSION: - Session recording - Just-in-time access - Time-limited credentials MONITORING: - Activity logging - Behavioral analytics - Alert on anomalies GOVERNANCE: - Access certification - Policy enforcement - Compliance reporting ``` ## Security Awareness ### Security Training Program | Topic | Frequency | Audience | | ----------------------- | ---------- | ---------------- | | **New Hire Security** | Onboarding | All employees | | **Annual Refresh** | Annually | All employees | | **Phishing Awareness** | Quarterly | All employees | | **Developer Security** | Annually | Development team | | **Executive Briefings** | Quarterly | Leadership | | **Role-Based** | As needed | Specific roles | ### Phishing Simulation ``` SIMULATION PROGRAM: FREQUENCY: Monthly DIFFICULTY LEVELS: - Easy: Generic, obvious errors - Medium: Branded, some personalization - Hard: Targeted, well-crafted METRICS: - Click rate - Report rate - Training completion - Trend over time RESPONSE: - Click → Immediate training - Report → Positive reinforcement - Repeat offenders → Additional training ``` ## Security Metrics ### Key Security Metrics | Category | Metric | Target | | ----------------- | ---------------------------- | --------- | | **Vulnerability** | Critical vulns open >30 days | 0 | | **Patching** | Systems patched within SLA | 95%+ | | **Incidents** | Mean time to detect | <24 hours | | **Access** | Orphan accounts | 0 | | **Training** | Completion rate | 95%+ | | **Phishing** | Click rate | <5% | ### Security Dashboard ``` EXECUTIVE DASHBOARD: RISK POSTURE: - Overall risk score - Risk trend - Top risks COMPLIANCE: - Framework coverage - Audit findings - Remediation status OPERATIONS: - Incident summary - Vulnerability status - Patching compliance INVESTMENT: - Budget utilization - Tool effectiveness - Headcount ``` ## Threat Intelligence ### Threat Intelligence Sources | Type | Sources | Use | | --------------- | ------------------------------ | ------------------- | | **Strategic** | Industry reports, geopolitical | Executive briefings | | **Tactical** | TTPs, malware analysis | Detection rules | | **Operational** | IOCs, campaigns | Active response | | **Technical** | Signatures, hashes | Automated blocking | For detailed incident response processes and SOC operations, see [Incident Response Reference](references/incident-response.md). ## References - [Security Frameworks Reference](references/security-frameworks.md) - NIST, ISO 27001, CIS Controls, MITRE ATT&CK - [Incident Response Reference](references/incident-response.md) - IR process, severity levels, SOC operations ## See Also - [Fortune 50 Risk Management](../fortune50-risk-management/SKILL.md) - [Fortune 50 Legal/Compliance](../fortune50-legal-compliance/SKILL.md) - [Fortune 50 Operations](../fortune50-operations/SKILL.md)
Related Skills
security-scanning-security-hardening
Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.
security-scanning-security-dependencies
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...
security-scan
Comprehensive security scanning for CVE vulnerabilities, OWASP Top 10 code patterns, and dependency audits. Use when the user wants to check code security, find vulnerabilities, or audit dependencies.
security-reviewer
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
security-review
Run a targeted security audit on specified files or modules. Uses OWASP-informed checks, dependency vulnerability scanning, and auth/input validation review. Use for security audits, vulnerability checks, or before deploying sensitive code. Keywords: security, audit, vulnerability, OWASP, CVE, secrets, injection, XSS, auth, authentication, authorization
security-review-pr
PR/branch security review focused on HIGH-CONFIDENCE vulnerabilities with minimal false positives. Uses git diff analysis and sub-task parallelization.
security-review-audit
Full codebase security audit with OWASP Top 10 guidance, language-specific patterns, checklists, and fix examples. Use for comprehensive audits split by module/area.
security-requirement-extraction
Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
security-hardening
World-class application security - OWASP Top 10, secure coding patterns, and the battle scars from security incidents that could have been preventedUse when "security, secure, vulnerability, injection, xss, csrf, authentication, authorization, owasp, encryption, secret, password, token, sanitize, validate, escape, encode, harden, security, owasp, injection, xss, csrf, authentication, authorization, encryption, secrets, hardening" mentioned.
Security Engineer
Implement security best practices across the application stack. Use when securing APIs, implementing authentication, preventing vulnerabilities, or conducting security reviews. Covers OWASP Top 10, auth patterns, input validation, encryption, and security monitoring.
security-core
Comprehensive application security expertise covering authentication, authorization, OWASP Top 10, and security best practices. Use when (1) Implementing authentication (JWT, OAuth2, sessions, OAuth for CLI/TUI/desktop apps), (2) Adding authorization (RBAC, ABAC, RLS with Supabase/PostgreSQL), (3) Security auditing code or infrastructure, (4) Setting up security infrastructure (headers, CORS, CSP, rate limiting), (5) Managing secrets and credentials, (6) Preventing OWASP Top 10 vulnerabilities (injection, XSS, CSRF, etc.), (7) Reviewing code for security issues, (8) Configuring secure web applications in TypeScript, Python, or Rust. Automatically triggered when working with authentication/authorization systems, security reviews, or addressing security vulnerabilities.
security-compliance
Guides security professionals in implementing defense-in-depth security architectures, achieving compliance with industry frameworks (SOC2, ISO27001, GDPR, HIPAA), conducting threat modeling and risk assessments, managing security operations and incident response, and embedding security throughout the SDLC.