c-level-advisor/

security_strategy

Most startups build security backwards: they get a compliance requirement (SOC 2, ISO 27001) and treat it as the security program. This produces:

security strategy

Content Preview

# Security Strategy Reference

## 1. Risk-Based Security (Not Compliance-First)

### The Problem with Compliance-First Security
Most startups build security backwards: they get a compliance requirement (SOC 2, ISO 27001) and treat it as the security program. This produces:
- Controls that pass audits but don't reduce actual risk
- Resources allocated to documentation over protection
- Security teams optimizing for auditor satisfaction, not threat reduction
- False confidence ("we passed our audi

How to Use

Recommended: Install to project (local)

mkdir -p .claude/skills
curl -o .claude/skills/security_strategy.md \
  https://raw.githubusercontent.com/alirezarezvani/claude-skills/main/c-level-advisor/ciso-advisor/references/security_strategy.md

Skill is scoped to this project only. Add .claude/skills/ to your .gitignoreif you don't want to commit it.

Alternative: Clone full repo

git clone https://github.com/alirezarezvani/claude-skills

Then reference at c-level-advisor/ciso-advisor/references/security_strategy.md

Related Skills

Scanning Container Security

This skill enables Claude to scan container images and running containers for vulnerabilities using tools like Trivy and Snyk. It identifies potential security risks in container environments. Use this skill when the user requests a security assessment of a container image, asks to identify vulnerab

skill-adapterscanning container security

by jeremylongshore · plugins-plus-skills

Scanning Database Security

This skill enables Claude to perform comprehensive database security scans using the database-security-scanner plugin. It is triggered when the user requests a security assessment of a database, including identifying vulnerabilities like weak passwords, SQL injection risks, and insecure configuratio

skill-adapterscanning database security

by jeremylongshore · plugins-plus-skills

Performing Security Code Review

This skill enables Claude to conduct a security-focused code review using the security-agent plugin. It analyzes code for potential vulnerabilities like SQL injection, XSS, authentication flaws, and insecure dependencies. Claude uses this skill when the user explicitly requests a security audit, ask

skill-adapterperforming security code review

by jeremylongshore · plugins-plus-skills

Generating Security Audit Reports

This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit secu

skill-adaptergenerating security audit reports

by jeremylongshore · plugins-plus-skills