- Cloud & Hybrid Security
- AWS & Azure architecture (IaaS/PaaS/SaaS), secure workload design, cloud-migration governance, hardened/configuration baselines, Kubernetes & container security, cloud security posture management (CSPM/CNAPP — Wiz)
- Zero Trust & Network
- Zero Trust architecture, SD-WAN, segmentation & microsegmentation, trust boundaries, defense-in-depth, WAF, NGFW, DDoS mitigation, DNS & CDN security
- Automation & IaC
- Terraform (IaC), Python, CI/CD pipeline security (DevSecOps), SOAR design & playbooks, REST/JSON APIs, detection-engineering requirements
- Identity & Access (IAM)
- SAML/SSO, Entra ID, Okta, PingFederate/PingOne, identity-centric segmentation, privileged-access boundaries
- Threat & Detection
- threat modeling (STRIDE), MITRE ATT&CK, SIEM integration, SOAR automation, endpoint strategy, vulnerability management, DLP, secure web gateway/proxy
- Data Protection & Crypto
- PKI design & migration, encryption gateways, tokenization, HSM, certificate lifecycle
- Frameworks & Compliance
- NIST CSF, NIST SP 800-53, FFIEC, PCI DSS, CSA CCM, ISO 27001