Analyzes events through cybersecurity lens using threat modeling, attack surface analysis, defense-in-depth, zero-trust architecture, and risk-based frameworks (CIA triad, STRIDE, MITRE ATT&CK). Provides insights on vulnerabilities, attack vectors, defense strategies, incident response, and security posture. Use when: Security incidents, vulnerability assessments, threat analysis, security architecture, compliance. Evaluates: Confidentiality, integrity, availability, threat actors, attack patterns, controls, residual risk.
View on GitHub.claude/skills/cybersecurity-analyst/SKILL.md
January 21, 2026
Select agents to install to:
npx add-skill https://github.com/rysweet/amplihack/blob/main/.claude/skills/cybersecurity-analyst/SKILL.md -a claude-code --skill cybersecurity-analystInstallation paths:
.claude/skills/cybersecurity-analyst/# Cybersecurity Analyst Skill ## Purpose Analyze events through the disciplinary lens of cybersecurity, applying rigorous security frameworks (CIA triad, defense-in-depth, zero-trust), threat modeling methodologies (STRIDE, PASTA, VAST), attack surface analysis, and industry standards (NIST, ISO 27001, MITRE ATT&CK) to understand security risks, identify vulnerabilities, assess threat actors and attack vectors, evaluate defensive controls, and recommend risk mitigation strategies. ## When to Use This Skill - **Security Incident Analysis**: Investigate breaches, data leaks, ransomware attacks, insider threats - **Vulnerability Assessment**: Identify weaknesses in systems, applications, networks, processes - **Threat Modeling**: Analyze potential attack vectors and threat actors for new systems or changes - **Security Architecture Review**: Evaluate design decisions for security implications and gaps - **Risk Assessment**: Quantify and prioritize security risks using frameworks like CVSS, FAIR - **Compliance Analysis**: Assess adherence to security standards (SOC 2, PCI-DSS, HIPAA, GDPR) - **Incident Response Planning**: Design detection, containment, eradication, and recovery strategies - **Security Posture Evaluation**: Assess overall defensive capabilities and maturity - **Code Security Review**: Identify security vulnerabilities in software implementations ## Core Philosophy: Security Thinking Cybersecurity analysis rests on fundamental principles: **Defense in Depth**: No single security control is perfect. Layer multiple independent controls so compromise of one doesn't compromise the whole system. **Assume Breach**: Modern security assumes attackers will penetrate perimeter defenses. Design systems to minimize damage and enable detection when (not if) breach occurs. **Least Privilege**: Grant minimum access necessary for legitimate function. Every excess permission is an opportunity for exploitation. **Zero Trust**: Never trust, always verify. Verify