ciso-advisor
Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/alirezarezvani/ciso-advisorWhat This Skill Does
The ciso-advisor skill acts as a fractional CISO, providing strategic security leadership tailored for growth-stage companies. It moves security beyond technical checklist management into high-level business enablement. The skill focuses on quantifying risks in financial terms, creating actionable compliance roadmaps (SOC 2, ISO 27001, HIPAA, GDPR), designing security architectures, and managing incident response workflows. By leveraging data-driven metrics like Annual Loss Expectancy (ALE), it helps leaders justify budgets, assess vendor risk, and communicate effectively with stakeholders and board members about the organization's security posture.
Installation
To install the CISO Advisor skill into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/alirezarezvani/ciso-advisor
Ensure you have the required Python environment dependencies installed if you plan to use the local helper scripts for risk quantification and compliance tracking found in the source repository.
Use Cases
- Compliance Preparation: Determining which framework (SOC 2 vs. ISO 27001) is required based on specific enterprise customer procurement demands to accelerate sales cycles.
- Budget Justification: Creating board-level presentations that frame security spending as a calculated risk transfer, moving away from subjective requests to objective cost-benefit analysis.
- Vendor Risk Management: Implementing a tiered security assessment strategy to manage third-party risk based on data access levels.
- Incident Response Planning: Developing executive playbooks that define communication strategies, escalation triggers, and regulatory notification timelines.
- Architecture Strategy: Transitioning infrastructure to a Zero Trust model, prioritizing identity (IAM/MFA) and data classification over legacy perimeter-based defenses.
Example Prompts
- "Our top 3 prospects are asking for a SOC 2 Type II report. Based on our current maturity, how should we sequence our compliance efforts over the next 12 months?"
- "Help me draft a board-level report justifying our $150k security budget increase by quantifying our current risk exposure against potential breach costs."
- "We are performing a vendor security assessment for a new cloud provider. What criteria should we use to determine if they are a Tier 1, 2, or 3 risk?"
Tips & Limitations
The ciso-advisor skill is most effective when provided with accurate internal telemetry regarding current security controls and business-critical assets. It is a strategic tool; it does not perform automated penetration testing or real-time vulnerability scanning. Ensure that the financial values used for risk quantification are reviewed by your finance department for alignment with overall company revenue and insurance coverage, as these models are estimations based on provided inputs.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-alirezarezvani-ciso-advisor": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
intl-expansion
International market expansion strategy. Market selection, entry modes, localization, regulatory compliance, and go-to-market by region. Use when expanding to new countries, evaluating international markets, planning localization, or building regional teams.
marketing-strategy-pmm
Product marketing skill for positioning, GTM strategy, competitive intelligence, and product launches. Use when the user asks about product positioning, go-to-market planning, competitive analysis, target audience definition, ICP definition, market research, launch plans, or sales enablement. Covers April Dunford positioning, ICP definition, competitive battlecards, launch playbooks, and international market entry. Produces deliverables including positioning statements, battlecard documents, launch plans, and go-to-market strategies.
paid-ads
When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization.
qms-audit-expert
ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
code-reviewer
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.