What frameworks does the skill support?

The skill utilizes the CIA triad, MITRE ATT&CK, Zero Trust Architecture, Defense in Depth, and NIST Cybersecurity Framework standards.

What is the core philosophy of this security skill?

It operates on principles of 'Assume Breach,' 'Least Privilege,' and 'Security by Design' to ensure resilient and robust system architectures.

Can I use this for compliance checks?

Yes, it helps assess systems against standards like SOC 2, PCI-DSS, and HIPAA by evaluating technical controls and security posture.

Is it suitable for secure code reviews?

Absolutely, it can identify common security vulnerabilities in software implementations and suggest remediation strategies based on secure coding principles.

How does this skill help with threat modeling?

It applies structured methodologies like STRIDE to systematically identify spoofing, tampering, and other threats in your system design before implementation.

Cybersecurity Analyst

Name: Cybersecurity Analyst
Author: rysweet

byrysweet

•

安全与测试

Analyzes software and infrastructure through the lens of cybersecurity using industry-standard threat modeling and risk-based frameworks.

The Cybersecurity Analyst skill empowers Claude to perform deep security evaluations by applying rigorous frameworks like the CIA triad, STRIDE threat modeling, and MITRE ATT&CK. It provides structured insights into vulnerabilities, potential attack vectors, and defensive strategies, making it an essential tool for security audits, incident response planning, and architecture reviews. Whether you are investigating a potential breach or designing a zero-trust environment, this skill ensures that security is a fundamental component of your development lifecycle rather than an afterthought.

主要功能

01Vulnerability assessment and risk prioritization based on CVSS and FAIR frameworks

02Detailed analysis of attack surfaces across network, software, and human elements

03Implementation guidance for Zero Trust Architecture and Defense in Depth strategies

04Comprehensive threat modeling using STRIDE, PASTA, and VAST methodologies

05Adversary tactic mapping using the MITRE ATT&CK framework for threat-informed defense

0616 GitHub stars

使用场景

01Investigating security incidents to design containment, eradication, and recovery strategies

02Conducting proactive threat modeling to identify vulnerabilities in CI/CD pipelines

03Performing a security architecture review for new cloud-native application deployments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rysweet/amplihack cybersecurity-analyst

For use in Claude.ai and ChatGPT

Download Skill