threat▌

Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.

Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework. Loads test definitions from YAML atomics, runs attack simulations, and validates detection coverage. Use when testing SIEM detection rules, validating EDR coverage, or conducting purple team exercises.

Map identified threats to appropriate security controls and mitigations for effective defense-in-depth planning. \n \n Provides control categorization by type (preventive, detective, corrective) and layer (network, application, data, endpoint, process), with templates for building threat-to-control mappings and calculating coverage gaps \n Includes a standard control library with 15+ pre-built controls covering authentication, encryption, logging, access control, and availability, each mapped to

Threat Mitigation Mapping \n Connect threats to controls for effective security planning. \n Use this skill when \n \n Prioritizing security investments \n Creating remediation roadmaps \n Validating control coverage \n Designing defense-in-depth \n Security architecture review \n Risk treatment planning \n \n Do not use this skill when \n \n The task is unrelated to threat mitigation mapping \n You need a different domain or tool outside this scope \n \n Instructions \n \n Clarify goals, constr

Repository-grounded threat modeling that maps trust boundaries, assets, and abuse paths to concrete code evidence. \n \n Enumerates entry points, data flows, and trust boundaries anchored to actual repository structure and configuration \n Derives realistic attacker goals tied to specific assets (credentials, PII, integrity-critical state, compute resources) rather than generic checklists \n Prioritizes threats using likelihood and impact reasoning, with explicit assumptions about deployment, au

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.