Skill UI

The GCP Organization Policy Service allows administrators to enforce centralized security guardrails and governance policies across an entire resource hierarchy (organization, folder, project). By defining constraints (List, Boolean, Custom), users can restrict risky resource configurations, ensuring compliance with internal security standards and external regulations. Ideal for security architecture, compliance checks, and cloud governance implementation.

A comprehensive guide to implementing technical and organizational measures required by the General Data Protection Regulation (GDPR). This skill covers full lifecycle data protection, including Data Protection by Design, Data Protection Impact Assessments (DPIAs), managing data subject rights (e.g., right to erasure, portability), encryption, pseudonymization, and ensuring cross-border data transfer compliance.

This guide provides comprehensive security hardening procedures for enterprise Google Workspace environments. It covers advanced topics such as enforcing phishing-resistant Multi-Factor Authentication (MFA), configuring email authentication (DMARC/SPF/DKIM), implementing Data Loss Prevention (DLP), and securing super admin accounts using Advanced Protection Program enrollment. Ideal for achieving high compliance and defending against BEC and phishing attacks.

This guide details how to implement HashiCorp Vault's dynamic secrets engine. It automates the generation, lease management, and rotation of short-lived credentials for databases (e.g., PostgreSQL, MySQL), AWS IAM, and PKI certificates. This method eliminates the use of static, hardcoded secrets, enforcing zero-trust principles and meeting stringent compliance mandates like PCI-DSS.

Deploy SailPoint IdentityNow or IdentityIQ to establish robust identity governance and access administration. This comprehensive solution manages the entire identity lifecycle, facilitates access request workflows, conducts certification campaigns, performs role mining, and enforces Separation of Duties (SOD) policies, ensuring continuous compliance reporting for enterprise IAM environments.

This skill details implementing a ransomware-resistant, immutable backup strategy using the restic tool. It leverages S3-compatible Object Lock (Compliance Mode) to ensure Write Once Read Many (WORM) storage, preventing deletion or modification by attackers. The process includes automated backup, cryptographic integrity verification (restic check), and scheduled restore testing, adhering to advanced security standards like 3-2-1-1-0.

This skill covers the architecture, design, and implementation of Just-In-Time (JIT) access provisioning. The goal is to eliminate standing privileges by granting temporary, time-bound access only when specific business needs arise. It guides users through designing robust approval workflows, integrating JIT with PAM and IGA platforms, and enforcing zero standing privilege (ZSP) principles to drastically reduce the attack surface and ensure compliance.

This guide provides a comprehensive deep dive into implementing advanced network segmentation and zero-trust security controls within Kubernetes clusters using Calico. It covers standard Kubernetes NetworkPolicy, utilizing Calico's GlobalNetworkPolicy, and defining security Tiers, ensuring fine-grained, least-privilege communication between pods, and establishing robust security architectures for compliance.

This guide details how to implement Kubernetes Pod Security Standards (PSS) using the Pod Security Admission (PSA) controller. PSS defines three mandatory security levels—Privileged, Baseline, and Restricted—for container workloads. It is essential for enhancing security posture, ensuring compliance, and migrating away from deprecated PodSecurityPolicy (PSP) controls by applying namespace labels and defining compliant pod specifications.

This skill provides comprehensive guidance on configuring Fluentd and Fluent Bit for centralized log collection, routing, filtering, and enrichment. It covers setting up lightweight log forwarders on endpoints and designing central aggregators that route data to SIEM tools, Elasticsearch, or Splunk. Essential for achieving observability and meeting strict security compliance requirements.

This guide details the implementation of microsegmentation using Akamai Guardicore, enabling organizations to map complex application dependencies, visualize east-west traffic flows, and enforce least-privilege network policies. It is crucial for achieving zero-trust compliance by preventing lateral movement across heterogeneous workloads in data centers, cloud environments, and Kubernetes clusters.

A comprehensive guide to implementing Mimecast Targeted Threat Protection (TTP). This suite defends against sophisticated phishing, spearphishing, and Business Email Compromise (BEC) attacks by integrating four core modules: URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect. Follow the detailed workflow to secure your organizational communications and meet compliance standards.