threat-modeling-expert

Sécurité & Conformité

"Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture reviews, threat identification, and secure-by-design planning."

Documentation

Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

Capabilities

STRIDE threat analysis
Attack tree construction
Data flow diagram analysis
Security requirement extraction
Risk prioritization and scoring
Mitigation strategy design
Security control mapping

Use this skill when

Designing new systems or features
Reviewing architecture for security gaps
Preparing for security audits
Identifying attack vectors
Prioritizing security investments
Creating security documentation
Training teams on security thinking

Do not use this skill when

You lack scope or authorization for security review
You need legal or compliance certification
You only need automated scanning without human review

Instructions

1.Define system scope and trust boundaries
2.Create data flow diagrams
3.Identify assets and entry points
4.Apply STRIDE to each component
5.Build attack trees for critical paths
6.Score and prioritize threats
7.Design mitigations
8.Document residual risks

Safety

Avoid storing sensitive details in threat models without access controls.
Keep threat models updated after architecture changes.

Best Practices

Involve developers in threat modeling sessions
Focus on data flows, not just components
Consider insider threats
Update threat models with architecture changes
Link threats to security requirements
Track mitigations to implementation
Review regularly, not just at design time

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

error-detective

Search logs and codebases for error patterns, stack traces, and

VOIR LA FICHE

Cloud Penetration Testing

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.

VOIR LA FICHE

Active Directory Attacks

This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.

VOIR LA FICHE
Utiliser l'Agent threat-modeling-expert - Outil & Compétence IA | Skills Catalogue | Skills Catalogue