threat▌

Map identified threats to appropriate security controls and mitigations for effective defense-in-depth planning. \n \n Provides control categorization by type (preventive, detective, corrective) and layer (network, application, data, endpoint, process), with templates for building threat-to-control mappings and calculating coverage gaps \n Includes a standard control library with 15+ pre-built controls covering authentication, encryption, logging, access control, and availability, each mapped to

Threat Mitigation Mapping \n Connect threats to controls for effective security planning. \n Use this skill when \n \n Prioritizing security investments \n Creating remediation roadmaps \n Validating control coverage \n Designing defense-in-depth \n Security architecture review \n Risk treatment planning \n \n Do not use this skill when \n \n The task is unrelated to threat mitigation mapping \n You need a different domain or tool outside this scope \n \n Instructions \n \n Clarify goals, constr

Repository-grounded threat modeling that maps trust boundaries, assets, and abuse paths to concrete code evidence. \n \n Enumerates entry points, data flows, and trust boundaries anchored to actual repository structure and configuration \n Derives realistic attacker goals tied to specific assets (credentials, PII, integrity-critical state, compute resources) rather than generic checklists \n Prioritizes threats using likelihood and impact reasoning, with explicit assumptions about deployment, au

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.