threat-modeling-expert

Sécurité & Conformité

"Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture reviews, threat identification, and secure-by-design planning."

Documentation

Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

Capabilities

STRIDE threat analysis
Attack tree construction
Data flow diagram analysis
Security requirement extraction
Risk prioritization and scoring
Mitigation strategy design
Security control mapping

Use this skill when

Designing new systems or features
Reviewing architecture for security gaps
Preparing for security audits
Identifying attack vectors
Prioritizing security investments
Creating security documentation
Training teams on security thinking

Do not use this skill when

You lack scope or authorization for security review
You need legal or compliance certification
You only need automated scanning without human review

Instructions

1.Define system scope and trust boundaries
2.Create data flow diagrams
3.Identify assets and entry points
4.Apply STRIDE to each component
5.Build attack trees for critical paths
6.Score and prioritize threats
7.Design mitigations
8.Document residual risks

Safety

Avoid storing sensitive details in threat models without access controls.
Keep threat models updated after architecture changes.

Best Practices

Involve developers in threat modeling sessions
Focus on data flows, not just components
Consider insider threats
Update threat models with architecture changes
Link threats to security requirements
Track mitigations to implementation
Review regularly, not just at design time

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

postmortem-writing

Write effective blameless postmortems with root cause analysis, timelines, and action items. Use when conducting incident reviews, writing postmortem documents, or improving incident response processes.

VOIR LA FICHE

Security Scanning Tools

This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.

VOIR LA FICHE

laravel-security-audit

Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.

VOIR LA FICHE
Utiliser l'Agent threat-modeling-expert - Outil & Compétence IA | Skills Catalogue | Skills Catalogue