Annualreports
by danielmiessler
Annual security report aggregation and analysis. USE WHEN annual reports, security reports, threat reports, industry reports, update reports, analyze reports, vendor reports, threat landscape.
Skill Details
Repository Files
4 files in this skill directory
name: AnnualReports description: Annual security report aggregation and analysis. USE WHEN annual reports, security reports, threat reports, industry reports, update reports, analyze reports, vendor reports, threat landscape.
Customization
Before executing, check for user customizations at:
~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/AnnualReports/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
AnnualReports - Security Report Aggregation
Aggregates and analyzes annual security reports from 570+ sources across the cybersecurity industry.
Source: awesome-annual-security-reports
Workflow Routing
- UPDATE - Fetch latest report sources from GitHub →
Workflows/Update.md - ANALYZE - Analyze reports for trends and insights →
Workflows/Analyze.md - FETCH - Download specific reports →
Workflows/Fetch.md
Quick Reference
# Update sources from GitHub
bun run ~/.claude/skills/AnnualReports/Tools/UpdateSources.ts
# List all sources
bun run ~/.claude/skills/AnnualReports/Tools/ListSources.ts [category]
# Fetch a specific report
bun run ~/.claude/skills/AnnualReports/Tools/FetchReport.ts <vendor> <report-name>
Categories
Analysis Reports
- Global Threat Intelligence (56 reports) - CrowdStrike, Microsoft, IBM, Mandiant, etc.
- Regional Assessments (11 reports) - FBI, CISA, Europol, NCSC, etc.
- Sector Specific Intelligence (13 reports) - Healthcare, Finance, Energy, Transport
- Application Security (21 reports) - OWASP, Veracode, Snyk, GitGuardian
- Cloud Security (11 reports) - Google Cloud, AWS, Wiz, Datadog
- Vulnerabilities (14 reports) - Rapid7, VulnCheck, Edgescan
- Ransomware (9 reports) - Veeam, Zscaler, Palo Alto
- Data Breaches (6 reports) - Verizon DBIR, IBM Cost of Breach
- Physical Security (6 reports) - Dragos, Nozomi, Waterfall
- AI and Emerging Technologies (11 reports) - Anthropic, Google, Zimperium
Survey Reports
- Industry Trends (68 reports) - WEF, ISACA, Splunk, Gartner
- Executive Perspectives (7 reports) - CISO reports, Deloitte, Proofpoint
- Workforce and Culture (5 reports) - ISC2, KnowBe4, CompTIA
- Market and Investment Research (5 reports) - IT Harvest, Recorded Future
- Application Security (9 reports) - Checkmarx, Snyk, Traceable
- Cloud Security (7 reports) - Palo Alto, ISC2, Fortinet
- Identity Security (19 reports) - CyberArk, Okta, SailPoint
- Penetration Testing (5 reports) - HackerOne, Cobalt, Bugcrowd
- Privacy and Data Protection (8 reports) - Cisco, Proofpoint, Drata
- Ransomware (6 reports) - Sophos, Delinea, Semperis
- AI and Emerging Technologies (12 reports) - Darktrace, Wiz, HiddenLayer
Data Files
Data/sources.json- All report sources with metadataReports/- Downloaded report files (PDFs, markdown)
Examples
Example 1: Update sources from upstream
User: "Update the annual reports"
→ Invokes UPDATE workflow
→ Fetches latest README from GitHub
→ Parses and updates sources.json
→ Reports new/changed entries
Example 2: Find threat intelligence reports
User: "What threat reports are available?"
→ Lists Global Threat Intelligence category
→ Shows 56 reports from major vendors
→ Provides direct URLs
Example 3: Analyze ransomware trends
User: "Analyze ransomware reports"
→ Invokes ANALYZE workflow
→ Fetches relevant reports
→ Synthesizes findings across vendors
→ Produces trend analysis
Related Skills
Attack Tree Construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Grafana Dashboards
Create and manage production Grafana dashboards for real-time visualization of system and application metrics. Use when building monitoring dashboards, visualizing metrics, or creating operational observability interfaces.
Matplotlib
Foundational plotting library. Create line plots, scatter, bar, histograms, heatmaps, 3D, subplots, export PNG/PDF/SVG, for scientific visualization and publication figures.
Scientific Visualization
Create publication figures with matplotlib/seaborn/plotly. Multi-panel layouts, error bars, significance markers, colorblind-safe, export PDF/EPS/TIFF, for journal-ready scientific plots.
Seaborn
Statistical visualization. Scatter, box, violin, heatmaps, pair plots, regression, correlation matrices, KDE, faceted plots, for exploratory analysis and publication figures.
Shap
Model interpretability and explainability using SHAP (SHapley Additive exPlanations). Use this skill when explaining machine learning model predictions, computing feature importance, generating SHAP plots (waterfall, beeswarm, bar, scatter, force, heatmap), debugging models, analyzing model bias or fairness, comparing models, or implementing explainable AI. Works with tree-based models (XGBoost, LightGBM, Random Forest), deep learning (TensorFlow, PyTorch), linear models, and any black-box model
Pydeseq2
Differential gene expression analysis (Python DESeq2). Identify DE genes from bulk RNA-seq counts, Wald tests, FDR correction, volcano/MA plots, for RNA-seq analysis.
Query Writing
For writing and executing SQL queries - from simple single-table queries to complex multi-table JOINs and aggregations
Pydeseq2
Differential gene expression analysis (Python DESeq2). Identify DE genes from bulk RNA-seq counts, Wald tests, FDR correction, volcano/MA plots, for RNA-seq analysis.
Scientific Visualization
Meta-skill for publication-ready figures. Use when creating journal submission figures requiring multi-panel layouts, significance annotations, error bars, colorblind-safe palettes, and specific journal formatting (Nature, Science, Cell). Orchestrates matplotlib/seaborn/plotly with publication styles. For quick exploration use seaborn or plotly directly.