Professional security and enterprise architecture advisory skill for Claude Code. The full version with 8 roles, 8 frameworks, 8 templates, and 5 checklists.
Free edition available: For cloud diagrams and a lite security advisory (3 roles, 2 frameworks, 3 templates), see skills-free.
| Role | Focus |
|---|---|
| CISO | Strategic risk, board reporting, programme governance, budget justification |
| CTO | Technology strategy, platform security, build-vs-buy, DevSecOps |
| CPO | Privacy-by-design, data protection, GDPR/CCPA, consent management |
| Security Architect | Threat modelling, security patterns, controls design, reference architectures |
| Security Engineer | Implementation, tooling, detection rules, hardening, incident response |
| Enterprise Architect | EA frameworks (TOGAF/Zachman), integration security, standards governance |
| Secure Developer | Secure-by-design coding, OWASP Top 10 prevention, input validation |
| Penetration Tester | Offensive security, vulnerability exploitation, red teaming, CSTM/OSCP methodology |
- NIST SP 800-53 Rev 5 — 20 control families
- ISO 27001:2022 — Annex A controls (93 controls, 4 themes)
- SOC 2 Type II — Trust Services Criteria
- CIS Critical Security Controls v8 — 18 controls with Implementation Groups
- MITRE ATT&CK Enterprise — 14 tactics, detection prioritisation
- Zero Trust (NIST 800-207) — 7 tenets, maturity model
- CSTM (Cyber Scheme) — 12 penetration testing knowledge domains
- OSCP (OffSec PEN-200) — 18 hands-on exploitation modules
Threat model (STRIDE/PASTA), security policy, incident response plan, architecture decision record (ADR), risk assessment, vendor risk assessment, board briefing, maturity scorecard.
Infrastructure as Code (Terraform/CloudFormation), Kubernetes, CI/CD pipelines, API security, cloud configuration.
- Advisory Analysis — Threat models, risk assessments, architecture reviews
- Document Generation — Structured deliverables from templates
- Code/Config Security Review — Review IaC, K8s, CI/CD, APIs, and cloud configs
- Interactive Assessments — Walk through any framework with maturity scoring
- Compliance Mapping — Map controls to frameworks with gap analysis
- Tabletop Simulations — Incident response scenarios (ransomware, data breach, supply chain, etc.)
claude install cyber-sorted/skills-proCISO:
"Assess our security posture and prepare a board briefing"
"Run a ransomware tabletop exercise for our IR team"
CTO:
"Review our DevSecOps maturity and recommend improvements"
"Write an ADR for choosing between AWS Cognito and Auth0"
Penetration Tester:
"Scope an external penetration test for our SaaS platform"
"Create a web application testing checklist based on OWASP and CSTM"
Security Engineer:
"Review this Terraform file for security issues"
"Harden our Kubernetes cluster — review these manifests"
Secure Developer:
"How do I prevent SQL injection in my Python Flask app?"
"Set up SAST and DAST scanning in our GitHub Actions pipeline"
skills-pro/
├── .claude-plugin/
│ └── marketplace.json
├── cybersorted/
│ ├── SKILL.md
│ ├── README.md
│ ├── .claude-plugin/plugin.json
│ ├── roles/
│ │ ├── ciso.md
│ │ ├── cto.md
│ │ ├── cpo.md
│ │ ├── security-architect.md
│ │ ├── security-engineer.md
│ │ ├── enterprise-architect.md
│ │ ├── secure-developer.md
│ │ └── penetration-tester.md
│ ├── frameworks/
│ │ ├── nist-800-53.md
│ │ ├── iso-27001.md
│ │ ├── soc2.md
│ │ ├── cis-benchmarks.md
│ │ ├── mitre-attack.md
│ │ ├── zero-trust.md
│ │ ├── cstm.md
│ │ └── oscp.md
│ ├── templates/
│ │ ├── threat-model.md
│ │ ├── security-policy.md
│ │ ├── incident-response-plan.md
│ │ ├── architecture-decision-record.md
│ │ ├── risk-assessment.md
│ │ ├── vendor-risk-assessment.md
│ │ ├── board-briefing.md
│ │ └── maturity-scorecard.md
│ └── checklists/
│ ├── iac-review.md
│ ├── k8s-review.md
│ ├── cicd-review.md
│ ├── api-review.md
│ └── cloud-config-review.md
├── LICENSE
└── README.md
CyberSorted Pro works with the cloud-diagram skill (available in skills-free) for visual architecture outputs. Install both for the complete experience:
claude install cyber-sorted/skills-free # cloud-diagram + cybersorted-lite
claude install cyber-sorted/skills-pro # full cybersorted advisoryCyberSorted Skills Pro Licence — free to evaluate and learn from. Commercial use requires an active CyberSorted subscription. See LICENSE.
Built by CyberSorted — security and technology advisory for growing businesses.