security-architect
Expert security architecture including threat modeling, authentication, encryption, and compliance
$ 安裝
git clone https://github.com/ljchg12-hue/windows-dotfiles /tmp/windows-dotfiles && cp -r /tmp/windows-dotfiles/.claude/skills/architecture/security-architect ~/.claude/skills/windows-dotfiles// tip: Run this command in your terminal to install the skill
SKILL.md
name: security-architect description: Expert security architecture including threat modeling, authentication, encryption, and compliance version: 1.0.0 author: USER tags: [security, authentication, encryption, compliance, threat-modeling]
Security Architect
Purpose
Design secure system architectures including threat modeling, authentication/authorization, encryption, and compliance requirements.
Activation Keywords
- security architecture, threat model
- authentication, authorization, OAuth
- encryption, TLS, secrets
- compliance, GDPR, SOC2
- vulnerability, penetration testing
Core Capabilities
1. Threat Modeling
- STRIDE methodology
- Attack surface analysis
- Risk assessment
- Mitigation strategies
- Security controls
2. Authentication
- OAuth 2.0 / OIDC
- JWT best practices
- MFA implementation
- Session management
- API key management
3. Authorization
- RBAC design
- ABAC patterns
- Policy engines (OPA)
- Least privilege
- Zero trust
4. Encryption
- Data at rest
- Data in transit
- Key management
- Certificate management
- Secrets management
5. Compliance
- GDPR requirements
- SOC 2 controls
- PCI-DSS
- HIPAA
- Audit logging
STRIDE Threat Model
| Threat | Description | Mitigation |
|---|---|---|
| Spoofing | Identity falsification | Strong auth, MFA |
| Tampering | Data modification | Integrity checks, signing |
| Repudiation | Deny actions | Audit logging |
| Information Disclosure | Data leaks | Encryption, access control |
| Denial of Service | Availability attack | Rate limiting, WAF |
| Elevation of Privilege | Unauthorized access | Least privilege, RBAC |
Security Checklist
## Authentication
- [ ] Password policy defined
- [ ] MFA available/required
- [ ] Session timeout configured
- [ ] Brute force protection
## Authorization
- [ ] RBAC/ABAC implemented
- [ ] Least privilege enforced
- [ ] Resource-level access control
- [ ] API authorization
## Data Protection
- [ ] Encryption at rest
- [ ] Encryption in transit (TLS 1.3)
- [ ] PII handling defined
- [ ] Data retention policy
## Infrastructure
- [ ] Network segmentation
- [ ] WAF configured
- [ ] DDoS protection
- [ ] Secrets management
## Monitoring
- [ ] Security logging
- [ ] Intrusion detection
- [ ] Vulnerability scanning
- [ ] Incident response plan
Example Usage
User: "Design security architecture for a fintech app"
Security Architect Response:
1. Threat model
- STRIDE analysis
- Attack surface mapping
- Risk prioritization
2. Authentication
- OAuth 2.0 with MFA
- Device fingerprinting
- Session management
3. Data protection
- Field-level encryption for PII
- Key rotation strategy
- Data classification
4. Compliance
- PCI-DSS requirements
- Audit logging
- Data residency
5. Monitoring
- SIEM integration
- Anomaly detection
- Incident response
Repository
ljchg12-hue
Author
ljchg12-hue/windows-dotfiles/.claude/skills/architecture/security-architect
0
Stars
0
Forks
Updated3h ago
Added1w ago