Cybersecurity Analyst
Run structured threat modeling, vulnerability review, and compliance checks on apps and APIs before you ship or respond to incidents.
Overview
Cybersecurity Analyst is an agent skill most often used in Ship (also Build and Operate) that applies STRIDE, CIA, and defense-in-depth analysis for threat modeling, secure design, and vulnerability-focused review.
Install
npx skills add https://github.com/rysweet/amplihack --skill cybersecurity-analystWhat is this skill?
- Applies CIA triad plus STRIDE across six threat categories (spoofing through elevation of privilege)
- Covers threat modeling, vulnerability assessment, app security code review, and incident response
- Supports compliance framing for SOC 2, GDPR, and HIPAA assessments
- Defense-in-depth and assume-breach mindset for confidentiality, integrity, and availability
- Useful for penetration-test scoping and security architecture review
- STRIDE covers six threat categories
- CIA triad frames confidentiality, integrity, and availability
Adoption & trust: 1k installs on skills.sh; 63 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are shipping or operating software with real users and data but lack a repeatable way to threat-model features and review code for security gaps.
Who is it for?
Indie SaaS and API builders who handle auth, PII, or payments and want agent-guided STRIDE and compliance-aware review without hiring a full-time security team first.
Skip if: Purely public read-only content with no accounts or sensitive data, or when you only need a single linter rule fixed with no threat context.
When should I use this skill?
System and application security design, threat modeling, code review for vulnerabilities, incident response, compliance assessment, security architecture review, penetration testing scoping, or cryptography and access co
What do I get? / Deliverables
You get a structured security pass—threat categories, control gaps, and review priorities—so you can fix issues before release or contain incidents with clearer forensics steps.
- Threat model notes aligned to STRIDE
- Prioritized vulnerability and control gaps
- Compliance-oriented review checklist outcomes
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Ship is the canonical shelf because solo builders most often invoke this skill when hardening releases, doing security review, and meeting launch-time compliance expectations. Security subphase matches STRIDE threat modeling, CIA triad checks, cryptography review, and access-control design called out as core frameworks.
Where it fits
Threat-model multi-tenant isolation and session handling before you implement the auth module.
Run STRIDE on a new billing endpoint and prioritize fixes before production deploy.
Ask for a security-focused pass on a PR that touches encryption or role-based access.
Structure initial incident response and logging gaps after a suspected credential leak.
How it compares
Use as a procedural security review skill in chat, not as a live MCP scanner or automated pentest platform.
Common Questions / FAQ
Who is cybersecurity-analyst for?
Solo and indie developers shipping web apps, APIs, or agent tooling who need consistent threat modeling and security review language from their AI coding assistant.
When should I use cybersecurity-analyst?
During Build when designing auth and data flows, in Ship before launch for code review and compliance checks, and in Operate when scoping incident response or post-breach analysis.
Is cybersecurity-analyst safe to install?
Treat it as guidance that may reference reading your codebase; review the Security Audits panel on this Prism page and confirm what files your agent can access before running reviews on production secrets.
SKILL.md
READMESKILL.md - Cybersecurity Analyst
# Cybersecurity Analyst - Quick Reference ## TL;DR Analyze systems through security lenses: threat modeling (STRIDE), vulnerability assessment, cryptography validation, access control, incident response, and application security. Apply defense-in-depth and assume breach mentality to protect confidentiality, integrity, and availability. ## When to Use **Perfect For:** - System and application security design - Threat modeling and risk assessment - Code review for security vulnerabilities - Incident response and forensics - Compliance assessment (SOC 2, GDPR, HIPAA) - Security architecture review - Penetration testing scoping - Cryptography implementation review - Access control design **Skip If:** - System has no security requirements - Working with purely public, non-sensitive data - Focused on pure functionality without threat context ## Core Frameworks ### CIA Triad The foundation of security: - **Confidentiality** - Prevent unauthorized information disclosure - **Integrity** - Prevent unauthorized modification - **Availability** - Ensure authorized users can access system ### STRIDE Threat Model Six threat categories: 1. **Spoofing** - Impersonating user/system (authentication) 2. **Tampering** - Modifying data/code (integrity) 3. **Repudiation** - Denying actions (logging/audit) 4. **Information Disclosure** - Exposing data (confidentiality) 5. **Denial of Service** - Making unavailable (availability) 6. **Elevation of Privilege** - Gaining unauthorized access (authorization) ### OWASP Top 10 (2021) Most critical web vulnerabilities: 1. Broken Access Control 2. Cryptographic Failures 3. Injection 4. Insecure Design 5. Security Misconfiguration 6. Vulnerable and Outdated Components 7. Identification and Authentication Failures 8. Software and Data Integrity Failures 9. Security Logging and Monitoring Failures 10. Server-Side Request Forgery (SSRF) ### Defense in Depth Multiple security layers: - **Perimeter** - Firewall, VPN - **Network** - Segmentation, IDS/IPS - **Host** - Endpoint protection, hardening - **Application** - Input validation, secure coding - **Data** - Encryption, access control - **User** - MFA, least privilege, training ## Quick Analysis Steps ### Step 1: Asset and Trust Boundary Identification (5 min) - What assets need protection? (data, systems, users) - What are the trust boundaries? (internet/DMZ, DMZ/internal, user/admin) - Who are potential attackers? (external, insider, nation-state) - What's the impact if compromised? (financial, reputation, legal) ### Step 2: STRIDE Threat Modeling (10 min) For each component/interface: - **S**: Can attacker impersonate? (weak auth, no MFA) - **T**: Can data be tampered? (no integrity checks, MITM) - **R**: Can actions be denied? (no audit logging) - **I**: Can data be leaked? (no encryption, excessive permissions) - **D**: Can service be disrupted? (no rate limiting, resource exhaustion) - **E**: Can privileges be escalated? (injection flaws, broken access control) ### Step 3: Vulnerability Identification (10 min) Check for common vulnerabilities: - **Input validation** - SQL injection, XSS, command injection - **Authentication** - Weak passwords, no MFA, session fixation - **Authorization** - Broken access control, insecure direct object references - **Cryptography** - Weak algorithms, hardcoded keys, plain text passwords - **Configuration** - Default credentials, unnecessary services, verbose errors - **Dependencies** - Known CVEs, outdated libraries ### Step 4: Attack Surface Assessment (7 min) - List all entry points (APIs, forms, file uploads, network ports) - Identify external vs. internal interfaces - Map unauthenticated vs. authenticated access - Count input sources requiring validation - Prioritize highest-risk interfaces ### Step 5: Security Controls Evaluation (10 min) Assess existing controls: - **Prevention** - Input validation, access control, encryption - **Detection** - Logging, monitoring, anomaly detection - *