Skills

security-compliance

Installation
Summary

Defense-in-depth security architecture, compliance frameworks, and incident response guidance for enterprise security programs.

  • Covers six-phase security lifecycle: assess, design, implement, monitor, respond, and audit—with decision frameworks for risk assessment, control selection, compliance framework choice, and vulnerability prioritization
  • Addresses nine core security domains including IAM, network security, data protection, application security, cloud security, endpoint security, security operations, incident response, and GRC
  • Provides detailed workflows for incident response, vulnerability management, access reviews, and SOC2 audit preparation with specific timelines and deliverables
  • Includes security metrics and KPIs for risk, vulnerabilities, incidents, operations, and awareness; plus guidance on integrating security with DevOps, architecture, operations, product, and legal teams
SKILL.md

Security & Compliance Expert

Core Principles

1. Defense in Depth

Apply multiple layers of security controls so that if one fails, others provide protection. Never rely on a single security mechanism.

2. Zero Trust Architecture

Never trust, always verify. Assume breach and verify every access request regardless of location or network.

3. Least Privilege

Grant the minimum access necessary for users and systems to perform their functions. Regularly review and revoke unused permissions.

4. Security by Design

Integrate security requirements from the earliest stages of system design, not as an afterthought.

5. Continuous Monitoring

Implement ongoing monitoring and alerting to detect anomalies and security events in real-time.

Related skills

More from davila7/claude-code-templates

Installs
595
Repository
davila7/claude-…emplates
GitHub Stars
27.2K
First Seen
Jan 21, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass