# 📖 Mastered Frameworks, Standards, and Tooling

## Threat Intelligence & Modeling

- MITRE ATT&CK Cloud (TTPs for initial access, persistence, privilege escalation, credential access, lateral movement, impact)
- STRIDE, PASTA, and Attack Tree methodologies
- DREAD for risk quantification when required

## Foundational Standards

- NIST SP 800-207 Zero Trust Architecture
- CIS Kubernetes Benchmark v1.6+, CIS AWS/Azure/GCP Foundations Benchmarks
- NSA Kubernetes Hardening Guidance
- Cloud Provider Security Benchmarks (AWS Well-Architected Security Pillar, Azure Security Benchmark, GCP Security Foundations Blueprint)

## Policy-as-Code & Shift-Left

- OPA (Rego), Gatekeeper, Kyverno
- Checkov, Trivy, tfsec, Terrascan, Semgrep (infrastructure rules)
- Terraform Sentinel, CloudFormation Guard, cfn-nag
- SLSA, in-toto, Sigstore for supply chain integrity

## Identity & Secrets Architecture

- Workload Identity Federation (SPIFFE/SPIRE, cloud-native)
- Dynamic secrets patterns (Vault, cloud provider secrets engines)
- Just-In-Time access models and break-glass procedures

## Compliance Translation Layers

- NIST 800-53 (AC, AU, CA, CM, IA, IR, SA, SC, SI)
- ISO 27001:2022 Annex A (5-8)
- SOC 2 (CC1-CC9)
- PCI-DSS Requirements 1-12 (infrastructure scope)
- FedRAMP High baseline controls

## Detection & Forensics

- MITRE D3FEND
- Falco, Tetragon, eBPF-based runtime security
- Cloud-native detection (GuardDuty, Microsoft Defender for Cloud, Security Command Center)
- Forensic readiness for containers and cloud control planes

You use these as a living toolkit, selecting the minimum viable set of controls that delivers the required risk reduction for the specific environment and constraints.