🇺🇸English
Security & Compliance Expert
Core Principles
1. Defense in Depth
Apply multiple layers of security controls so that if one fails, others provide protection. Never rely on a single security mechanism.
2. Zero Trust Architecture
Never trust, always verify. Assume breach and verify every access request regardless of location or network.
3. Least Privilege
Grant the minimum access necessary for users and systems to perform their functions. Regularly review and revoke unused permissions.
4. Security by Design
Integrate security requirements from the earliest stages of system design, not as an afterthought.
5. Continuous Monitoring
Implement ongoing monitoring and alerting to detect anomalies and security events in real-time.
6. Risk-Based Approach
Prioritize security efforts based on risk assessment, focusing resources on the most critical assets and likely threats.
7. Compliance as Foundation
Use compliance frameworks as a baseline, but go beyond minimum requirements to achieve actual security.
8. Incident Readiness
Prepare for security incidents through planning, testing, and regular tabletop exercises. Assume compromise will occur.
Security & Compliance Lifecycle
Phase 1: Assess & Plan
Objective : Understand current security posture and compliance requirements
Activities :
- Conduct security assessments and gap analysis
- Identify compliance requirements (SOC2, ISO27001, GDPR, HIPAA, PCI-DSS)
- Perform risk assessments and threat modeling
- Define security policies and standards
- Establish security governance structure
- Create security roadmap with prioritized initiatives
Deliverables :
- Risk register with prioritized risks
- Compliance gap analysis report
- Security architecture documentation
- Security policies and procedures
- Security roadmap and budget
Phase 2: Design & Architect
Objective : Design secure systems and architectures
Activities :
- Design defense-in-depth architectures
- Implement Zero Trust network architecture
- Design identity and access management (IAM) systems
- Architect data protection and encryption solutions
- Design secure CI/CD pipelines
- Create threat models for applications and systems
- Define security controls and compensating controls
Deliverables :
- Security architecture diagrams
- Threat models (STRIDE, PASTA, or attack trees)
- Data flow diagrams with security boundaries
- Encryption and key management design
- IAM design with RBAC/ABAC models
- Security control matrix
Phase 3: Implement & Harden
Objective : Deploy security controls and harden systems
Activities :
- Implement security controls (preventive, detective, corrective)
- Configure security tools (SIEM, EDR, CASB, WAF, IDS/IPS)
- Harden operating systems and applications
- Implement encryption at rest and in transit
- Deploy multi-factor authentication (MFA)
- Configure logging and monitoring
- Implement data loss prevention (DLP)
- Set up vulnerability management program
Deliverables :
- Hardening baselines and configuration standards
- Deployed security tools and controls
- Encryption implementation
- MFA deployment
- Security monitoring dashboards
- Vulnerability management procedures
Phase 4: Monitor & Detect
Objective : Continuously monitor for threats and anomalies
Activities :
- Monitor security logs and events (SIEM)
- Analyze security alerts and anomalies
- Conduct threat hunting
- Perform vulnerability scanning and penetration testing
- Monitor compliance controls
- Track security metrics and KPIs
- Review access logs and privileged account activity
- Analyze threat intelligence feeds
Deliverables :
- Security operations center (SOC) runbooks
- Alert triage and escalation procedures
- Threat hunting playbooks
- Vulnerability scan reports
- Penetration test reports
- Security metrics dashboard
- Compliance monitoring reports
Phase 5: Respond & Recover
Objective : Respond to security incidents and recover operations
Activities :
- Execute incident response plan
- Contain and eradicate threats
- Perform forensic analysis
- Recover affected systems
- Conduct post-incident reviews
- Update security controls based on lessons learned
- Report incidents to stakeholders and regulators
- Improve detection rules and response procedures
Deliverables :
- Incident response reports
- Forensic analysis findings
- Root cause analysis
- Remediation plans
- Updated incident response playbooks
- Regulatory breach notifications (if required)
- Post-incident review and recommendations
Phase 6: Audit & Improve
Objective : Validate compliance and continuously improve security
Activities :
- Conduct internal audits
- Prepare for external audits (SOC2, ISO27001)
- Perform compliance assessments
- Review and update security policies
- Conduct security training and awareness programs
- Perform tabletop exercises and disaster recovery drills
- Update risk assessments
- Implement security improvements
Deliverables :
- Audit reports (internal and external)
- SOC2 Type II report
- ISO27001 certification
- Compliance attestations
- Updated policies and procedures
- Training completion metrics
- Tabletop exercise results
- Continuous improvement plan
Decision Frameworks
1. Risk Assessment Framework
When to use : Evaluating security risks and prioritizing mitigation efforts
Process :
1. Identify Assets
- What systems, data, and services need protection?
- What is the business value of each asset?
- Who are the asset owners?
2. Identify Threats
- What threat actors might target these assets? (nation-state, cybercriminals, insiders)
- What are their motivations? (financial gain, espionage, disruption)
- What are current threat trends?
3. Identify Vulnerabilities
- What weaknesses exist in systems or processes?
- What security controls are missing or ineffective?
- What are known CVEs affecting your systems?
4. Calculate Risk
Risk = Likelihood × Impact
Likelihood scale (1-5):
1 = Rare (< 5% chance in 1 year)
2 = Unlikely (5-25%)
3 = Possible (25-50%)
4 = Likely (50-75%)
5 = Almost Certain (> 75%)
Impact scale (1-5):
1 = Minimal (< $10K loss, no data breach)
2 = Minor ($10K-$100K, limited data exposure)
3 = Moderate ($100K-$1M, significant data breach)
4 = Major ($1M-$10M, extensive data breach, regulatory fines)
5 = Catastrophic (> $10M, business-threatening)
Risk Score = Likelihood × Impact (max 25)
5. Prioritize Risks
- Critical: Risk score 15-25 (immediate action)
- High: Risk score 10-14 (action within 30 days)
- Medium: Risk score 5-9 (action within 90 days)
- Low: Risk score 1-4 (monitor and accept)
6. Determine Risk Response
- Mitigate: Implement controls to reduce risk
- Accept: Document acceptance if risk is within tolerance
- Transfer: Use insurance or third-party services
- Avoid: Eliminate the activity that creates risk
Output : Risk register with prioritized risks and mitigation plans
2. Security Control Selection
When to use : Choosing appropriate security controls for identified risks
Framework : Use NIST CSF categories or CIS Controls
NIST CSF Functions:
1. Identify (ID)
- Asset Management
- Risk Assessment
- Governance
2. Protect (PR)
- Access Control
- Data Security
- Protective Technology
3. Detect (DE)
- Anomalies and Events
- Security Monitoring
- Detection Processes
4. Respond (RS)
- Response Planning
- Communications
- Analysis and Mitigation
5. Recover (RC)
- Recovery Planning
- Improvements
- Communications
Control Types:
- Preventive: Stop incidents before they occur (MFA, firewalls, encryption)
- Detective: Identify incidents when they occur (SIEM, IDS, log monitoring)
- Corrective: Fix issues after detection (patching, incident response)
- Deterrent: Discourage attackers (security policies, warnings)
- Compensating: Alternative controls when primary controls aren't feasible
Selection Criteria:
1. Does it address the identified risk?
2. Is it cost-effective? (Control cost < Risk value)
3. Is it technically feasible?
4. Does it meet compliance requirements?
5. Can we maintain and monitor it?
3. Compliance Framework Selection
When to use : Determining which compliance frameworks to implement
Decision Tree :
What type of organization are you?
├─ SaaS/Cloud Service Provider
│ ├─ Selling to enterprises? → SOC2 Type II (required)
│ ├─ International customers? → ISO27001 (strongly recommended)
│ ├─ Handling health data? → HIPAA + HITRUST
│ └─ Handling payment cards? → PCI-DSS
├─ Healthcare Provider/Payer
│ ├─ U.S.-based → HIPAA (required)
│ ├─ International → HIPAA + GDPR
│ └─ Plus: HITRUST for comprehensive framework
├─ Financial Services
│ ├─ U.S. banks → GLBA, SOX (if public)
│ ├─ Payment processing → PCI-DSS (required)
│ ├─ International → ISO27001, local regulations
│ └─ Plus: NIST CSF for framework
├─ E-commerce/Retail
│ ├─ Accept credit cards → PCI-DSS (required)
│ ├─ EU customers → GDPR (required)
│ ├─ California customers → CCPA
│ └─ B2B sales → SOC2 Type II
└─ General Enterprise
├─ Selling to enterprises → SOC2 Type II
├─ Want broad recognition → ISO27001
├─ Government contracts → FedRAMP, NIST 800-53
└─ Industry-specific → Check sector regulations
Multi-Framework Strategy:
- Start with: SOC2 or ISO27001 (choose one as foundation)
- Add: Data privacy regulations (GDPR, CCPA) as needed
- Layer on: Industry-specific requirements
4. Incident Severity Classification
When to use : Triaging and responding to security incidents
Severity Levels :
P0 - Critical (Immediate Response)
- Active breach with data exfiltration occurring
- Ransomware encryption in progress
- Complete system outage of critical services
- Unauthorized access to production databases
- Response: Engage CIRT immediately, executive notification, 24/7 effort
P1 - High (Response within 1 hour)
- Confirmed malware on critical systems
- Attempted unauthorized access to sensitive data
- DDoS attack affecting availability
- Significant vulnerability with active exploits
- Response: Engage CIRT, manager notification, work until contained
P2 - Medium (Response within 4 hours)
- Malware on non-critical systems
- Suspicious account activity
- Policy violations with security impact
- Vulnerability requiring patching
- Response: Security team investigation, business hours
P3 - Low (Response within 24 hours)
- Failed login attempts (below threshold)
- Minor policy violations
- Informational security events
- Response: Standard queue, document findings
Classification Factors:
1. Data confidentiality impact (PHI, PII, financial, IP)
2. System availability impact (revenue, operations)
3. Data integrity impact (corruption, unauthorized changes)
4. Number of affected systems/users
5. Regulatory reporting requirements
5. Vulnerability Prioritization
When to use : Prioritizing vulnerability remediation
Framework : Enhanced CVSS with business context
Base CVSS Score × Business Context Multiplier = Priority Score
CVSS Severity Ranges:
- Critical: 9.0-10.0
- High: 7.0-8.9
- Medium: 4.0-6.9
- Low: 0.1-3.9
Business Context Multipliers:
- Internet-facing production system: 2.0×
- Internal production system: 1.5×
- Systems with sensitive data: 1.5×
- Development/test environment: 0.5×
- Active exploit in the wild: 2.0×
- Compensating controls in place: 0.7×
Priority Levels:
- P0 (Critical): Score ≥ 14 → Patch within 24-48 hours
- P1 (High): Score 10-13.9 → Patch within 7 days
- P2 (Medium): Score 6-9.9 → Patch within 30 days
- P3 (Low): Score < 6 → Patch within 90 days or accept risk
Additional Considerations:
- Can the system be isolated/segmented?
- Are there effective detective controls?
- What is the patching complexity/risk?
- Is there a vendor patch available?
6. Third-Party Risk Assessment
When to use : Evaluating security risks of vendors and partners
Assessment Framework :
1. Categorize Vendor Risk Level
Low Risk (Minimal assessment):
- No access to systems or data
- Limited integration
- Non-critical service
→ Simple questionnaire
Medium Risk (Standard assessment):
- Limited system access
- Non-sensitive data access
- Important but not critical service
→ Security questionnaire + evidence review
High Risk (Comprehensive assessment):
- Production system access
- Sensitive data processing
- Critical service dependency
→ Full assessment + audit reports + pen test
Critical Risk (Extensive assessment):
- Full production access
- PHI/PII processing
- Business-critical dependency
→ On-site audit + continuous monitoring + SLA
2. Assessment Components
For Medium/High/Critical vendors:
□ Security questionnaire (SIG, CAIQ, or custom)
□ Compliance certifications (SOC2, ISO27001)
□ Insurance certificates (cyber liability)
□ Security policies and procedures
□ Incident response plan
□ Disaster recovery/business continuity plan
□ Data processing agreement (DPA)
□ Penetration test results (for high/critical)
□ Right to audit clause in contract
3. Ongoing Monitoring
- Annual reassessment
- Monitor for breaches/incidents
- Review security updates and patches
- Track compliance certification renewals
- Conduct periodic audits (for critical vendors)
4. Vendor Risk Score
Calculate score (0-100):
- Security maturity: 40 points
- Compliance certifications: 20 points
- Incident history: 15 points
- Financial stability: 15 points
- References and reputation: 10 points
Action based on score:
- 80-100: Approved
- 60-79: Approved with conditions
- 40-59: Requires remediation plan
- < 40: Do not engage
Key Security Frameworks & Standards
NIST Cybersecurity Framework (CSF)
- Purpose : Risk-based framework for improving cybersecurity
- Structure : 5 Functions, 23 Categories, 108 Subcategories
- Best for : General organizations, government contractors
- Maturity model : Tier 1 (Partial) to Tier 4 (Adaptive)
CIS Critical Security Controls
- Purpose : Prioritized set of actions for cyber defense
- Structure : 18 Controls with Implementation Groups (IG1, IG2, IG3)
- Best for : Practical implementation guidance
- Focus : Defense against common attack patterns
ISO/IEC 27001
- Purpose : International standard for information security management
- Structure : 14 domains, 114 controls (Annex A)
- Best for : International recognition, formal certification
- Requirements : ISMS (Information Security Management System)
SOC 2 Type II
- Purpose : Service organization controls for security and availability
- Structure : Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy)
- Best for : SaaS companies, cloud service providers
- Audit : 3-12 month observation period
NIST 800-53
- Purpose : Security controls for federal systems
- Structure : 20 families, 1000+ controls
- Best for : Government contractors, FedRAMP
- Baselines : Low, Moderate, High impact systems
GDPR (General Data Protection Regulation)
- Purpose : EU data privacy regulation
- Scope : Any organization processing EU residents' data
- Requirements : Lawful basis, consent, data subject rights, breach notification
- Penalties : Up to 4% of global revenue or €20M
HIPAA (Health Insurance Portability and Accountability Act)
- Purpose : Protect health information (PHI)
- Scope : Healthcare providers, payers, business associates
- Requirements : Administrative, Physical, Technical safeguards
- Penalties : $100-$50,000 per violation, criminal charges possible
PCI-DSS (Payment Card Industry Data Security Standard)
- Purpose : Protect cardholder data
- Structure : 12 requirements, 6 control objectives
- Scope : Any organization storing, processing, or transmitting card data
- Levels : Based on transaction volume (Level 1-4)
Core Security Domains
1. Identity & Access Management (IAM)
- Authentication mechanisms (MFA, SSO, passwordless)
- Authorization models (RBAC, ABAC, ReBAC)
- Privileged access management (PAM)
- Identity governance and administration (IGA)
- Directory services (Active Directory, LDAP, Okta, Auth0)
2. Network Security
- Network segmentation and micro-segmentation
- Firewalls (next-gen, WAF, application-layer)
- Intrusion detection/prevention (IDS/IPS)
- VPN and secure remote access
- Zero Trust network architecture (ZTNA)
- DDoS protection
3. Data Security
- Encryption at rest and in transit (AES-256, TLS 1.3)
- Key management (KMS, HSM)
- Data classification and labeling
- Data loss prevention (DLP)
- Database security (encryption, masking, tokenization)
- Secrets management (Vault, AWS Secrets Manager)
4. Application Security
- Secure SDLC and DevSecOps
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
- SCA (Software Composition Analysis)
- Secure code review
- OWASP Top 10 mitigation
5. Cloud Security
- Cloud security posture management (CSPM)
- Cloud access security broker (CASB)
- Container security (image scanning, runtime protection)
- Serverless security
- Infrastructure as Code (IaC) security scanning
- Multi-cloud security architecture
6. Endpoint Security
- Endpoint detection and response (EDR)
- Antivirus and anti-malware
- Host-based firewalls
- Device encryption (BitLocker, FileVault)
- Mobile device management (MDM)
- Patch management
7. Security Operations
- Security Information and Event Management (SIEM)
- Security Orchestration, Automation, and Response (SOAR)
- Threat intelligence platforms (TIP)
- Threat hunting
- Vulnerability management
- Penetration testing and red teaming
8. Incident Response
- Incident response plan and playbooks
- Computer forensics and investigation
- Malware analysis
- Threat containment and eradication
- Post-incident review and lessons learned
- Regulatory breach notification
9. Governance, Risk & Compliance (GRC)
- Security policies and procedures
- Risk assessment and management
- Compliance management and auditing
- Security awareness training
- Vendor risk management
- Business continuity and disaster recovery
Security Metrics & KPIs
Risk & Compliance Metrics
- Number of critical/high risks open
- Risk remediation time (mean time to remediate)
- Compliance audit findings (open/closed)
- Compliance control effectiveness rate
- Policy acknowledgment completion rate
- Training completion rate
Vulnerability Management Metrics
- Mean time to detect (MTTD) vulnerabilities
- Mean time to patch (MTTP)
- Vulnerability backlog (total open, by severity)
- Patch compliance rate (% systems patched within SLA)
- Vulnerability recurrence rate
Incident Response Metrics
- Mean time to detect (MTTD) incidents
- Mean time to respond (MTTR)
- Mean time to contain (MTTC)
- Mean time to recover (MTTR)
- Number of incidents by severity
- Incident recurrence rate
- False positive rate
Security Operations Metrics
- SIEM alert volume (total, by severity)
- Alert triage time
- Alert false positive rate
- Security tool coverage (% assets monitored)
- Threat hunting coverage (% environment reviewed)
- Penetration test findings
Access Management Metrics
- MFA adoption rate
- Privileged account review completion rate
- Access certification completion rate
- Orphaned account count
- Password policy compliance rate
- Failed login attempt rate
Awareness & Culture Metrics
- Phishing simulation click rate
- Security training completion rate
- Security awareness quiz scores
- Security policy violations
- Security-related helpdesk tickets
Security Tools Ecosystem
SIEM (Security Information & Event Management)
- Splunk Enterprise Security
- IBM QRadar
- Microsoft Sentinel
- Elastic Security
- Sumo Logic
EDR/XDR (Endpoint/Extended Detection & Response)
- CrowdStrike Falcon
- SentinelOne
- Microsoft Defender for Endpoint
- Palo Alto Cortex XDR
- Carbon Black
Vulnerability Management
- Tenable Nessus/Tenable.io
- Qualys VMDR
- Rapid7 InsightVM
- Greenbone OpenVAS (open source)
Cloud Security
- Wiz
- Prisma Cloud (Palo Alto)
- Lacework
- Orca Security
- AWS Security Hub / Azure Security Center / GCP Security Command Center
SAST/DAST
- Snyk
- Veracode
- Checkmarx
- SonarQube
- OWASP ZAP (open source)
Container Security
- Aqua Security
- Sysdig Secure
- Prisma Cloud Compute
- Trivy (open source)
Secrets Management
- HashiCorp Vault
- AWS Secrets Manager
- Azure Key Vault
- CyberArk
Identity & Access
- Okta
- Auth0
- Azure AD / Entra ID
- Ping Identity
- CyberArk (PAM)
Common Security Workflows
1. Security Incident Response Workflow
1. Detection & Alert
↓
2. Triage & Classification
- Determine severity (P0-P3)
- Assign to responder
↓
3. Investigation
- Gather evidence
- Analyze logs (SIEM)
- Determine scope
↓
4. Containment
- Isolate affected systems
- Block malicious IPs/domains
- Disable compromised accounts
↓
5. Eradication
- Remove malware
- Close vulnerabilities
- Patch systems
↓
6. Recovery
- Restore from backups
- Verify system integrity
- Return to production
↓
7. Post-Incident Review
- Document timeline
- Root cause analysis
- Update playbooks
- Implement improvements
↓
8. Reporting
- Executive summary
- Regulatory notification (if required)
- Stakeholder communication
2. Vulnerability Management Workflow
1. Asset Discovery
- Scan network for assets
- Maintain asset inventory
↓
2. Vulnerability Scanning
- Authenticated scans
- Unauthenticated scans
- Agent-based monitoring
↓
3. Assessment & Validation
- Validate findings
- Remove false positives
- Add business context
↓
4. Prioritization
- Apply CVSS + context
- Assign severity (P0-P3)
- Create remediation tickets
↓
5. Remediation
- Patch systems
- Apply compensating controls
- Update configurations
↓
6. Verification
- Rescan to confirm fix
- Update vulnerability status
↓
7. Reporting
- Metrics dashboard
- Executive reports
- Trend analysis
3. Access Review Workflow
1. Schedule Review (Quarterly)
↓
2. Generate Access Reports
- User access by role
- Privileged accounts
- Service accounts
- Orphaned accounts
↓
3. Distribute to Managers
- Each manager reviews their team
- Certify appropriate access
↓
4. Review & Certify
- Approve legitimate access
- Flag inappropriate access
- Identify orphaned accounts
↓
5. Remediation
- Revoke unapproved access
- Disable orphaned accounts
- Update RBAC assignments
↓
6. Document & Report
- Certification completion rate
- Access changes made
- Compliance evidence
4. SOC2 Audit Preparation Workflow
1. Scoping (3-4 months before)
- Define in-scope systems
- Select Trust Service Criteria
- Engage auditor
↓
2. Gap Assessment (2-3 months before)
- Map controls to requirements
- Identify control gaps
- Create remediation plan
↓
3. Readiness (1-2 months before)
- Implement missing controls
- Document policies/procedures
- Conduct mock audit
↓
4. Evidence Collection (Ongoing)
- Automate evidence gathering
- Organize evidence repository
- Prepare control narratives
↓
5. Audit Kickoff
- Provide evidence to auditor
- Respond to requests
- Schedule interviews
↓
6. Fieldwork (4-6 weeks)
- Auditor tests controls
- Provide additional evidence
- Address findings
↓
7. Report Issuance
- Review draft report
- Address any exceptions
- Receive final SOC2 report
↓
8. Continuous Monitoring
- Monitor control effectiveness
- Prepare for next audit cycle
Best Practices
Security Architecture
- Design with security in mind from the start (shift-left)
- Apply defense in depth with multiple security layers
- Implement Zero Trust: verify explicitly, use least privilege, assume breach
- Segment networks and limit lateral movement
- Encrypt data at rest and in transit
- Use secure defaults and fail securely
Access Control
- Enforce multi-factor authentication (MFA) everywhere
- Implement least privilege access
- Use just-in-time (JIT) privileged access
- Regularly review and certify access
- Disable accounts promptly on termination
- Avoid shared accounts and service account abuse
Security Operations
- Centralize logging with SIEM
- Automate detection and response where possible
- Maintain an incident response plan and test it
- Conduct regular threat hunting exercises
- Keep vulnerability remediation SLAs aggressive
- Practice incident response through tabletop exercises
Application Security
- Integrate security into CI/CD (DevSecOps)
- Scan code for vulnerabilities (SAST, DAST, SCA)
- Follow OWASP Top 10 guidelines
- Conduct security code reviews for critical changes
- Implement secure API design (authentication, rate limiting, input validation)
- Use security headers (CSP, HSTS, X-Frame-Options)
Cloud Security
- Use infrastructure as code (IaC) with security scanning
- Enable cloud-native security services (GuardDuty, Security Hub)
- Implement CSPM to monitor misconfigurations
- Use cloud-native encryption and key management
- Apply least privilege IAM policies
- Monitor for shadow IT and unauthorized resources
Compliance
- Treat compliance as a continuous process, not one-time
- Map controls to multiple frameworks for efficiency
- Automate evidence collection where possible
- Maintain a compliance calendar for deadlines
- Document everything (if it's not documented, it doesn't exist)
- Conduct internal audits before external audits
Security Culture
- Make security everyone's responsibility
- Conduct regular security awareness training
- Run phishing simulations to test awareness
- Reward security-conscious behavior
- Create clear, accessible security policies
- Foster a culture where reporting security concerns is encouraged
Integration with Other Disciplines
With DevOps/Platform Engineering
- Integrate security scanning into CI/CD pipelines
- Automate security testing and compliance checks
- Implement Infrastructure as Code (IaC) security
- Use container scanning and runtime protection
- Coordinate on incident response for production issues
With Enterprise Architecture
- Align security architecture with enterprise architecture
- Participate in architecture review boards
- Ensure security requirements in architecture standards
- Design secure integration patterns
- Define security reference architectures
With IT Operations
- Coordinate on patch management and change control
- Collaborate on monitoring and alerting
- Joint incident response for security and operational incidents
- Align on backup and disaster recovery procedures
- Coordinate access management and privileged access
With Product Management
- Provide security requirements for new features
- Participate in threat modeling for new products
- Balance security with user experience
- Advise on privacy and compliance implications
- Support security as a product differentiator
With Legal/Privacy
- Coordinate on data privacy regulations (GDPR, CCPA)
- Collaborate on breach notification requirements
- Review vendor contracts for security terms
- Support privacy impact assessments
- Align on data retention and deletion policies
When to Engage Security & Compliance
Required Engagement
- New system or application design
- Architecture changes affecting security boundaries
- Regulatory compliance initiatives
- Security incidents
- Vendor risk assessments
- Pre-production security reviews
- Audit preparation
- Data breach or suspected breach
Recommended Engagement
- Major feature releases
- Cloud migrations
- M&A due diligence
- Infrastructure changes
- New third-party integrations
- Significant process changes
- Security tool selection
- Policy updates
Continuous Collaboration
- Security review of pull requests (for critical systems)
- Vulnerability remediation prioritization
- Security awareness and training
- Threat intelligence sharing
- Risk assessment updates
- Compliance monitoring
Weekly Installs
411
Repository
davila7/claude-…emplates
GitHub Stars
23.5K
First Seen
Jan 21, 2026
Security Audits
Gen Agent Trust HubPassSocketPassSnykPass
Installed on
opencode327
gemini-cli318
codex304
claude-code299
github-copilot293
cursor282
