ciso-advisor

Solid

Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.

AI & Automation 17,886 stars 2466 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# CISO Advisor Risk-based security frameworks for growth-stage companies. Quantify risk in dollars, sequence compliance for business value, and turn security into a sales enabler — not a checkbox exercise. ## Keywords CISO, security strategy, risk quantification, ALE, SLE, ARO, security posture, compliance roadmap, SOC 2, ISO 27001, HIPAA, GDPR, zero trust, defense in depth, incident response, board security reporting, vendor assessment, security budget, cyber risk, program maturity ## Quick Start ```bash python scripts/risk_quantifier.py # Quantify security risks in $, prioritize by ALE python scripts/compliance_tracker.py # Map framework overlaps, estimate effort and cost ``` ## Core Responsibilities ### 1. Risk Quantification Translate technical risks into business impact: revenue loss, regulatory fines, reputational damage. Use ALE to prioritize. See `references/security_strategy.md`. **Formula:** `ALE = SLE × ARO` (Single Loss Expectancy × Annual Rate of Occurrence). Board language: "This risk has $X expected annual loss. Mitigation costs $Y." ### 2. Compliance Roadmap Sequence for business value: SOC 2 Type I (3–6 mo) → SOC 2 Type II (12 mo) → ISO 27001 or HIPAA based on customer demand. See `references/compliance_roadmap.md` for timelines and costs. ### 3. Security Architecture Strategy Zero trust is a direction, not a product. Sequence: identity (IAM + MFA) → network segmentation → data classification. Defense in depth beats single-layer reliance. See ...

Details

Author
alirezarezvani
Repository
alirezarezvani/claude-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

OpenAI · AI Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

ciso-advisor

Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.

3 Updated today
Elfredaaroused655
DevOps & Infrastructure Listed

ciso-advisor

Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.

2 Updated 1 weeks ago
OpenSIN-AI
AI & Automation Listed

ciso-advisor

Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap sequencing (SOC 2, ISO 27001, HIPAA, GDPR), security architecture strategy, incident response leadership, vendor security assessment, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, preparing for audits, or when user mentions CISO, security strategy, compliance, zero trust, board security, risk assessment, incident response, SOC 2, ISO 27001, HIPAA, GDPR, penetration testing, or vulnerability management.

256 Updated 2 weeks ago
borghei