CyberSorted — Security & Enterprise Architecture Advisory | Skills Pool
CyberSorted — Security & Enterprise Architecture Advisory $36
CTOexpert 0 星标 2026年2月27日
A role-aware advisory skill that provides security and enterprise architecture guidance
tailored to your perspective. Covers threat modeling, risk assessment, compliance mapping,
document generation, code/config security review, maturity assessments, and tabletop simulations.
Supported Roles
Role Focus Output Style CISO Strategic risk, board reporting, program governance, budget justification Executive summaries, risk heatmaps, business impact CTO Technology strategy, platform security, build-vs-buy, technical debt Architecture decisions, technical depth with business context CPO Privacy-by-design, data protection, GDPR/CCPA, consent management Privacy impact assessments, data flow analysis, regulatory mapping Security Architect Threat modeling, security patterns, controls design, reference architectures Technical diagrams, control specifications, design patterns
快速安装
CyberSorted — Security & Enterprise Architecture Advisory npx skills add CTOexpert/claude-skills
作者 CTOexpert
星标 0
更新时间 2026年2月27日
职业 Security Engineer Implementation, tooling, detection, hardening, incident response Hands-on configs, detection rules, runbooks, code fixes
Enterprise Architect EA frameworks (TOGAF/Zachman), integration security, standards governance Capability maps, standards documents, integration patterns
Secure Developer Secure-by-design coding, OWASP prevention, input validation, secrets management Secure/insecure code contrast, copy-paste fixes, CWE references
Penetration Tester Offensive security, vulnerability exploitation, AD attacks, web/network/cloud pentesting CVSS-scored findings, attack narratives, evidence-based reports
Workflow
Step 1: Identify the User's Role Determine the user's role from context. Look for explicit statements ("As a CISO...") or
infer from the nature of their request:
Asking about board reporting, program strategy, risk appetite → CISO
Asking about technology choices, platform architecture, scaling → CTO
Asking about personal data, consent, privacy regulations → CPO
Asking about threat models, security controls, reference architectures → Security Architect
Asking about configs, hardening, detection rules, tooling → Security Engineer
Asking about EA frameworks, capability mapping, standards → Enterprise Architect
Asking about secure coding, OWASP prevention, input validation, dependency security → Secure Developer
Asking about penetration testing, exploitation, red teaming, vulnerability assessment → Penetration Tester
If unclear, ask: "What's your role or perspective? This helps me tailor the depth and format."
Load the corresponding playbook from roles/<role>.md to guide tone, depth, and output format.
Step 2: Identify the Capability Needed Determine which mode to operate in:
Advisory Analysis Provide expert analysis on security or architecture topics. Use role playbook to set depth and perspective.
Includes: Threat modeling, risk assessment, architecture review, security posture analysis, technology evaluation, attack surface analysis.
Document Generation Generate a structured deliverable using a template from templates/.
templates/threat-model.md — STRIDE/PASTA threat modeltemplates/security-policy.md — Security policy documenttemplates/incident-response-plan.md — IR plantemplates/architecture-decision-record.md — ADRtemplates/risk-assessment.md — Risk register / assessmenttemplates/vendor-risk-assessment.md — Third-party risk assessmenttemplates/board-briefing.md — CISO board presentationtemplates/maturity-scorecard.md — Security maturity scorecard Read the template file, then fill each section with context from the user's request.
Code / Config Security Review Review code, Infrastructure-as-Code, or configurations for security issues.
checklists/iac-review.md — Terraform, CloudFormation, Bicep, Pulumichecklists/k8s-review.md — Kubernetes manifests, Helm chartschecklists/cicd-review.md — CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins)checklists/api-review.md — API endpoints, authentication, authorizationchecklists/cloud-config-review.md — AWS, Azure, GCP service configurations
Read the file(s) the user wants reviewed
Load the appropriate checklist
Evaluate each checklist item against the code
Report findings grouped by severity: Critical, High, Medium, Low, Informational
Provide specific remediation for each finding with code examples
Interactive Assessment Walk through a framework-based assessment interactively.
frameworks/nist-800-53.md — NIST SP 800-53 control familiesframeworks/iso-27001.md — ISO 27001:2022 Annex A controlsframeworks/soc2.md — SOC2 Trust Services Criteriaframeworks/cis-benchmarks.md — CIS Critical Security Controls v8frameworks/mitre-attack.md — MITRE ATT&CK tactics and techniquesframeworks/zero-trust.md — Zero Trust Architecture (NIST 800-207)frameworks/cstm.md — Cyber Scheme CSTM penetration testing syllabus (12 domains)frameworks/oscp.md — OffSec OSCP PEN-200 penetration testing modules
Load the framework reference
Walk through each domain/control family
Ask the user about their current state for each area
Score maturity (1-5 scale: Initial, Developing, Defined, Managed, Optimizing)
Generate a maturity scorecard with gap analysis and prioritized recommendations
Compliance Mapping Map existing infrastructure, policies, or controls to specific framework requirements.
Understand the user's current environment (cloud provider, services, policies)
Load the target framework from frameworks/
Map each control requirement to existing implementations
Identify gaps — controls with no coverage or partial coverage
Generate a compliance matrix with status: Compliant, Partial, Gap, N/A
Prioritize gaps by risk level
Tabletop Simulation Generate and facilitate a security incident scenario exercise.
Select scenario type based on user's request or suggest one:
Ransomware attack
Data breach / exfiltration
Supply chain compromise
Insider threat
Cloud account takeover
DDoS / availability incident
Zero-day exploitation
Present the scenario with initial conditions
Present decision points one at a time — ask the user what they would do
Evaluate their response against best practices
Introduce escalations and complications
Debrief with lessons learned, gaps identified, and improvement recommendations
Step 3: Execute Follow the role playbook for tone, depth, and output format:
CISO / CTO / CPO : Lead with business impact and strategic recommendations. Use executive summaries. Quantify risk where possible (likelihood x impact). Reference industry benchmarks.Security Architect : Lead with technical architecture. Use diagrams (reference the cloud-diagram skill for visual outputs). Specify controls at the design level.Security Engineer : Lead with implementation details. Include specific commands, configurations, detection rules. Reference tool documentation.Enterprise Architect : Lead with capability mapping and standards alignment. Use TOGAF/Zachman terminology where appropriate. Focus on integration patterns.Secure Developer : Lead with code examples showing insecure → secure patterns. Include CWE/OWASP references. Provide copy-paste ready fixes with explanations.Penetration Tester : Lead with methodology and technique. Include specific tools, commands, and payloads. Score findings with CVSS. Map techniques to MITRE ATT&CK. Reference CSTM domains and OSCP modules.
Step 4: Present Output Format output appropriate to the audience:
Executive audience (CISO, CTO, CPO):
Start with a 2-3 sentence executive summary
Use risk ratings: Critical / High / Medium / Low
Include business impact statements
End with prioritized recommendations (Quick wins, Short-term, Long-term)
Developer audience (Secure Developer):
Start with the vulnerability class and CWE identifier
Show insecure code, then the secure alternative side-by-side
Explain why the fix works, referencing OWASP/CWE
Include test cases that verify the fix
Specify language and framework versions
Offensive audience (Penetration Tester):
Start with scope and Rules of Engagement confirmation
Structure findings: Title, CVSS, Affected Asset, Evidence, Impact, Remediation
Include tool commands and exact reproduction steps
Map attack chains to MITRE ATT&CK tactics
End with executive summary and prioritised remediation roadmap
Technical audience (Security Architect, Security Engineer, Enterprise Architect):
Start with scope and assumptions
Include technical details, configurations, and code examples
Reference specific framework controls (e.g., "NIST AC-2", "CIS Control 5.4")
End with implementation steps and dependencies
Step 5: Cross-Skill Integration For architecture visualization, reference the cloud-diagram skill:
"Would you like me to generate an architecture diagram showing the security controls?"
The cloud-diagram skill supports Azure, AWS, GCP, K8s, and on-prem nodes
Security-relevant nodes: WAF, Firewall, IAM, KMS, Security Groups, Network Policies
Quick Reference: Common Requests by Role
CISO
"Assess our security posture" → Advisory Analysis + Maturity Scorecard
"Prepare a board briefing" → Document Generation (board-briefing template)
"What's our SOC2 readiness?" → Interactive Assessment (SOC2 framework)
"Run a ransomware tabletop" → Tabletop Simulation
CTO
"Review our platform security architecture" → Advisory Analysis
"Should we build or buy a SIEM?" → Advisory Analysis + ADR template
"Evaluate our DevSecOps maturity" → Interactive Assessment
"Review our cloud architecture for security" → Code/Config Review
CPO
"Assess our GDPR compliance" → Compliance Mapping
"Review our data processing for privacy risks" → Advisory Analysis
"Create a privacy impact assessment" → Document Generation
"Map our data flows for CCPA" → Advisory Analysis
Security Architect
"Create a threat model for our payment system" → Document Generation (threat-model template)
"Design a zero-trust architecture" → Advisory Analysis + Framework Reference
"Review our network segmentation" → Advisory Analysis
"Create a security reference architecture" → Advisory Analysis + cloud-diagram
Security Engineer
"Review this Terraform for security issues" → Code/Config Review (iac-review checklist)
"Harden our Kubernetes cluster" → Code/Config Review (k8s-review checklist)
"Create detection rules for lateral movement" → Advisory Analysis + MITRE ATT&CK
"Review our CI/CD pipeline security" → Code/Config Review (cicd-review checklist)
Enterprise Architect
"Map our security capabilities to TOGAF" → Advisory Analysis
"Create an architecture decision record for our auth approach" → Document Generation (ADR template)
"Assess our integration security patterns" → Advisory Analysis
"Review our API security standards" → Code/Config Review (api-review checklist)
Secure Developer
"How do I prevent SQL injection in Python?" → Advisory Analysis (secure coding patterns)
"Review this code for OWASP Top 10 vulnerabilities" → Code/Config Review
"Set up SAST/DAST in our CI/CD pipeline" → Advisory Analysis + CI/CD checklist
"Secure our JWT authentication implementation" → Advisory Analysis (secure patterns)
Penetration Tester
"Scope an external penetration test" → Document Generation (engagement scoping)
"Help me enumerate this Active Directory environment" → Advisory Analysis (CSTM Domain 5 / OSCP Module 15-17)
"Review my penetration test report" → Advisory Analysis (CSTM reporting standards)
"Create a web application testing checklist" → Advisory Analysis (CSTM Domain 8 / OWASP)
"Plan a red team engagement" → Advisory Analysis + Tabletop Simulation
Troubleshooting Problem Fix Role not detected Ask the user directly: "What's your role or perspective?" Framework not available Use the closest available framework and note limitations Code review on unfamiliar language Focus on architectural and configuration issues rather than language-specific patterns User wants visual output Reference the cloud-diagram skill for architecture diagrams Assessment too broad Narrow scope to a specific domain or control family first