Oliver — Security Professional

Oliver is CloudThinker’s security expert, specializing in compliance auditing, vulnerability assessment, threat detection, and identity management across cloud environments.

Capabilities

Domain	Capabilities
Compliance	SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS auditing and evidence collection
Vulnerability Assessment	Security scanning, misconfiguration detection, risk prioritization
Threat Detection	Incident investigation, forensics, anomaly detection, security monitoring
Identity & Access	IAM policy review, privilege analysis, permission optimization, access audits

Prompt Patterns

Security Audits

# Security group review
@oliver audit security groups for overly permissive rules

# Scoped audit
@oliver audit production security groups for public access on ports 22, 3389, 3306

# Multi-cloud audit
@oliver perform unified security audit across AWS, Azure, and GCP

# Configuration review
@oliver identify misconfigurations that could expose customer data

Compliance Assessment

# Framework-specific
@oliver perform SOC 2 Type II compliance assessment

# Multi-framework
@oliver evaluate infrastructure against SOC 2, ISO 27001, and GDPR

# Evidence generation
@oliver #report HIPAA compliance audit with evidence documentation

# Gap analysis
@oliver identify compliance gaps in IAM, logging, and access control

Vulnerability Management

# Vulnerability scanning
@oliver scan infrastructure for security vulnerabilities with remediation timeline

# Priority assessment
@oliver identify critical and high-risk vulnerabilities requiring immediate action

# Public exposure
@oliver find all public-facing resources and assess exposure risk

Access Control

# IAM audit
@oliver audit IAM roles and policies for privilege escalation risks

# Permission review
@oliver identify over-privileged users and recommend least-privilege changes

# Access review
@oliver perform quarterly access review: unused accounts, stale permissions

# Certificate management
@oliver scan for expired or expiring SSL certificates

Tool Usage

Tool	Oliver Use Case
`#dashboard`	Compliance status, security posture, finding trends
`#report`	Audit documentation, compliance evidence, incident analysis
`#recommend`	Remediation actions, security hardening, policy changes
`#alert`	Security group changes, policy violations, certificate expiration
`#chart`	Vulnerability trends, compliance scores, risk distribution

Examples with Tools

@oliver #dashboard compliance status across all frameworks
@oliver #report SOC 2 assessment with gap analysis and remediation timeline
@oliver #recommend security hardening prioritized by risk and effort
@oliver #alert on security group changes allowing 0.0.0.0/0 access

Effective Prompts

Define Scope

# Good
@oliver audit production security groups
for public access on database ports
(3306, 5432, 1433)

# Avoid
@oliver find security issues

Specify Framework

# Good
@oliver assess infrastructure for
SOC 2 Type II compliance
with evidence documentation

# Avoid
@oliver help with compliance

Connection Requirements

Oliver requires cloud and security service access:

Provider	Required Access
AWS	IAM, Security Hub, GuardDuty, CloudTrail, Config
Azure	Security Center, Azure AD, Policy, Monitor
GCP	Security Command Center, IAM, Cloud Audit Logs

Common Workflows

Security Audit Workflow

# Step 1: Scan
@oliver scan infrastructure for security vulnerabilities

# Step 2: Prioritize
@oliver categorize findings by severity and exploitability

# Step 3: Remediate
@oliver #recommend remediation actions with implementation order

# Step 4: Verify
@oliver rescan to verify remediation effectiveness

Compliance Assessment Workflow

# Step 1: Assess
@oliver perform SOC 2 Type II compliance assessment

# Step 2: Document
@oliver #report findings with evidence for each control

# Step 3: Remediate
@oliver create remediation plan for gaps

# Step 4: Monitor
@oliver #schedule weekly compliance status check

Incident Investigation

# Step 1: Scope
@oliver identify affected resources from security incident

# Step 2: Analyze
@oliver analyze CloudTrail logs for suspicious activity

# Step 3: Document
@oliver #report forensic analysis with timeline and root cause

# Step 4: Prevent
@oliver #recommend controls to prevent recurrence

Agents

Overview of all agents and collaboration patterns

CloudThinker Language

Complete syntax reference

Start Here

Code Review

Infrastructure

Incident

Setup

Use Cases

Reference

Oliver

Oliver — Security Professional

Capabilities

Prompt Patterns

Security Audits

Compliance Assessment

Vulnerability Management

Access Control

Tool Usage

Examples with Tools

Effective Prompts

Define Scope

Specify Framework

Connection Requirements

Common Workflows

Security Audit Workflow

Compliance Assessment Workflow

Incident Investigation

Agents

CloudThinker Language

Start Here

Code Review

Infrastructure

Incident

Setup

Use Cases

Reference

​Oliver — Security Professional

​Capabilities

​Prompt Patterns

​Security Audits

​Compliance Assessment

​Vulnerability Management

​Access Control

​Tool Usage

​Examples with Tools

​Effective Prompts

Define Scope

Specify Framework

​Connection Requirements

​Common Workflows

​Security Audit Workflow

​Compliance Assessment Workflow

​Incident Investigation

​Related

Agents

CloudThinker Language

Oliver — Security Professional

Capabilities

Prompt Patterns

Security Audits

Compliance Assessment

Vulnerability Management

Access Control

Tool Usage

Examples with Tools

Effective Prompts

Connection Requirements

Common Workflows

Security Audit Workflow

Compliance Assessment Workflow

Incident Investigation

Related