Security & Compliance AI Skills

AI Adoption Readiness Assessment

A structured assessment framework that scores your organization across five critical dimensions of AI readiness. Produces an actionable scorecard with prioritized recommendations, a detailed gap analysis spreadsheet, and optional Jira tickets to track remediation efforts.

AI Governance Framework Generator

Generates a complete AI governance framework tailored to your organization's structure and regulatory requirements. Defines a five-tier risk classification system, designs approval workflows with SLAs for each tier, establishes a governance board with RACI matrix, creates escalation paths, and produces all supporting artifacts including charter, decision tree, and meeting templates.

AI Tool Access Request Workflow

Sets up a complete intake-to-approval pipeline for AI tool access requests. Creates a Jira issue type with structured fields, configures automation rules for risk-based tier assignment and reviewer routing, adds Slack notifications for transparency, and includes a security review runbook with decision templates.

AI Usage Policy Generator

Produces a comprehensive, ready-to-review AI acceptable use policy document customized to your industry, regulatory requirements, and risk appetite. Covers data classification, approved tools, prohibited uses, IP ownership, incident response, and training requirements. Outputs a formatted Google Doc with table of contents and employee acknowledgment page.

Cloud Security Posture Review

Performs a comprehensive cloud security posture review against CIS benchmarks for AWS, GCP, or Azure. Checks identity, networking, logging, encryption, and compute configurations, then produces a scored findings report with prioritized remediation steps in a Google Sheet.

Compliance Evidence Collector

Automates the collection and organization of compliance evidence for SOC2, ISO 27001, or HIPAA audits. Pulls evidence from AWS configurations, Google Drive policies, and Jira tickets, then organizes findings into a structured evidence package with control mappings and gap identification.

Data Classification Scanner

Scans GitHub repositories, S3 buckets, and Google Drive for personally identifiable information (PII), protected health information (PHI), financial data, and other sensitive content. Classifies findings by data type and sensitivity level, maps data flows, and generates a comprehensive data classification report with remediation recommendations.

IAM Policy Analyzer

Reviews IAM policies across cloud providers to identify over-permissive access, unused roles, cross-account trust issues, and privilege escalation paths. Generates a risk-scored findings report with specific remediation recommendations for each policy violation.

Incident Response Playbook Generator

Creates detailed incident response playbooks tailored to your cloud environment and team structure. Covers detection, containment, eradication, recovery, and post-incident review phases for common cloud security incidents including compromised credentials, data exposure, cryptomining, and unauthorized access.

MCP Server Security Review

Performs a structured security audit of an MCP server by reviewing its source code for credential handling, data exposure risks, permission scope, transport security, code quality, and documentation. Scores each dimension, checks for common vulnerabilities (hardcoded secrets, eval injection, path traversal), and produces a review report with an approve/conditional/reject recommendation.

Secret Scanning & Rotation Planner

Scans GitHub repositories for exposed secrets including API keys, tokens, passwords, and certificates. Classifies each finding by severity and exposure window, then generates a prioritized rotation plan with step-by-step remediation instructions and prevention recommendations.

Security Alert Triage

Automatically triages security alerts from AWS GuardDuty, CloudTrail, and other cloud security services. Classifies each alert by severity and type, correlates related events, filters false positives, suggests response actions, and routes critical alerts to the appropriate team via Slack and PagerDuty.