ciso-review
/cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.
What this skill does
# /cs:ciso-review — CISO Forcing Questions **Command:** `/cs:ciso-review <plan>` The risk-paranoid threat-modeler. Six questions before any production change that touches customer data or compliance scope. ## When to Run - Before deploying any system that touches PII / PHI / cardholder data - Before signing a new vendor with data access - Before a compliance audit (SOC 2, ISO 27001, HIPAA, GDPR) - Before any architecture decision crossing trust boundaries - After any near-miss incident ## The Six CISO Questions ### 1. Threat Model **What's the STRIDE threat model for this system, and which threat is most likely?** - Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation of Privilege. - Pick the top 3 by likelihood × impact. ### 2. Blast Radius **If this is fully compromised, what data is exposed and how many users are affected?** - Worst case in plain English. - Quantify in dollars via FAIR-based ALE. ### 3. Detection **What signals indicate compromise, and how long until they're triggered (MTTD)?** - Logs alone are not detection. - Define the detection rule, the alert, and the on-call. ### 4. Response **Is there an IR runbook for this scenario, and has it been tabletop-tested?** - If no runbook: build one before ship. - If untested: tabletop before ship. ### 5. Regulatory Window **What's the regulator notification window if this scenario occurs?** - GDPR: 72h. HIPAA: 60d. State breach laws vary. - Pre-write the customer comms template. ### 6. Vendor & Supply Chain **Which third-party vendors are in scope, and what's their security posture?** - Subprocessor list current? - DPAs in place? - Last security review per vendor? ## Workflow ```bash python ../../../skills/ciso-advisor/scripts/risk_quantifier.py python ../../../skills/ciso-advisor/scripts/compliance_tracker.py ``` ## Output Format ```markdown # CISO Review: <plan> **Date:** YYYY-MM-DD ## Threat Model - Top threat: <STRIDE category> — <description> - Likelihood: H/M/L | Impact: H/M/L - ALE: $X / year ## Blast Radius - Data exposed (worst case): <description> - Users affected: N - Estimated cost: $X ## Detection - MTTD target: X hours - Current MTTD: X hours - Detection rule: <name> ## Response - IR runbook: ✅ / ❌ - Last tabletop: <date> ## Regulatory - Frameworks in scope: SOC 2 / ISO 27001 / HIPAA / GDPR - Notification window: X hours/days ## Vendors - New vendors added: N - DPAs signed: N / N - Security reviews complete: N / N ## Verdict 🟢 SHIP | 🟡 MITIGATE THEN SHIP | 🔴 BLOCK ``` ## Routing - `/cs:cto-review` — architecture alignment - `/cs:gc-review` — DPA, regulatory implications - `/cs:decide` — log risk acceptance - `/cs:boardroom` — for CRITICAL risks ## Related - Agent: [`cs-ciso-advisor`](../../agents/cs-ciso-advisor.md) - Skill: [`ciso-advisor`](../../../skills/ciso-advisor/SKILL.md) - Compliance: `../../../../ra-qm-team/` --- **Version:** 1.0.0
Related in Code Review
gstack
IncludedFast headless browser for QA testing and site dogfooding. Navigate pages, interact with elements, verify state, diff before/after, take annotated screenshots, test responsive layouts, forms, uploads, dialogs, and capture bug evidence. Use when asked to open or test a site, verify a deployment, dogfood a user flow, or file a bug with screenshots. (gstack)
startup-due-diligence
IncludedLegal due diligence review for seed-stage and Series A startups (US, Delaware C-Corp focus). Supports both investor and founder perspectives. Capabilities include: (1) Interactive document review and issue spotting; (2) Document request list generation; (3) Cap table and SAFE/convertible note analysis; (4) Red flag identification with severity ratings; (5) Diligence report generation. TRIGGERS: due diligence, DD, startup investment, cap table review, Series A, seed round, investor diligence, legal review startup, SAFE analysis, convertible note, 409A, founder vesting.
interview-master
IncludedThis skill should be used when the user asks to "generate interview questions", "prepare for interview", "optimize resume", "conduct mock interview", "analyze git commits for resume", "generate resume from code", "review my resume", or mentions interview preparation, career assistance, or extracting project experience from git history. Provides comprehensive interview and career development guidance for both job seekers and interviewers.
fix-issue
IncludedFixes GitHub issues using parallel analysis agents for root cause investigation, code exploration, and regression detection. Reads issue context from gh CLI, searches codebase and memory for related patterns, generates a fix with tests, and links the resolution back to the issue via PR. Includes prevention analysis to avoid recurrence. Use when debugging errors, resolving regressions, fixing bugs, or triaging issues.
sf-apex
IncludedGenerates and reviews Salesforce Apex code with 150-point scoring. TRIGGER when: user writes, reviews, or fixes Apex classes, triggers, test classes, batch/queueable/schedulable jobs, or touches .cls/.trigger files. DO NOT TRIGGER when: LWC JavaScript (use sf-lwc), Flow XML (use sf-flow), SOQL-only queries (use sf-soql), or non-Salesforce code.
swift-development
IncludedComprehensive Swift development for building, testing, and deploying iOS/macOS applications. Use when Claude needs to: (1) Build Swift packages or Xcode projects from command line, (2) Run tests with XCTest or Swift Testing framework, (3) Manage iOS simulators with simctl, (4) Handle code signing, provisioning profiles, and app distribution, (5) Format or lint Swift code with SwiftFormat/SwiftLint, (6) Work with Swift Package Manager (SPM), (7) Implement Swift 6 concurrency patterns (async/await, actors, Sendable), (8) Create SwiftUI views with MVVM architecture, (9) Set up Core Data or SwiftData persistence, or any other Swift/iOS/macOS development tasks.