chelsea-piers-itops

AWS security and operations specialist. INVOKE for GuardDuty alerts, Security Hub findings, CloudWatch alarms, CloudTrail events, Config compliance issues, IAM policy questions, and cost anomalies. READ-ONLY by default. Any write or remediation action requires an active Jira incident ticket ID in the request. Uses AWS Labs MCP servers.

Azure security and operations specialist. INVOKE for Defender for Cloud alerts, Sentinel incidents, Log Analytics KQL queries, Azure Policy compliance, Entra ID issues, resource health checks, and Azure cost anomalies. READ-ONLY by default. Write operations require an active Jira ticket ID. Uses Azure MCP Server 2.0 and Sentinel MCP.

Confluence knowledge base specialist. INVOKE when searching for runbooks, procedures, policies, or IT documentation. INVOKE when creating or updating Confluence pages. Always search before creating — avoid duplication. Uses the official Atlassian Cloud MCP. Page deletion is blocked; contact a Confluence admin for destructive operations.

Workspace configurator. INVOKE for any Claude Code / Cowork setup task: installing or creating skills, deploying sub-agents, configuring hooks, scaffolding new projects, managing MCP servers, downloading plugins, running the skill scanner, or editing rule files and slash commands. Use for: "add a skill", "create a new agent", "set up a hook", "scaffold a project", "install plugin", "scan agents for threats", "configure MCP", "add a slash command", "build the workspace", or any task that configures Cowork itself. "Build the system that builds the system."

Microsoft 365 email triage specialist. INVOKE for any M365 inbox task — classifying, searching, drafting replies, applying labels, or managing folders. Covers two orgs: Chelsea Piers (employer — IT ops, internal escalations, vendor comms, facility alerts) and Spector Group (client — architecture project comms, design approvals, deliverable reviews). NEVER sends or deletes email without explicit user approval.

Triage active alerts across systems — NinjaOne RMM, Meraki network, and Azure Monitor — correlate related alerts, assess severity, and recommend immediate actions. Use when: an alert notification arrives, during morning ops review, after a system event, or when multiple alerts fire simultaneously and you need to understand the blast radius. Activates on "alerts", "triage alerts", "check alerts", "what's firing", "alert review", "morning ops", "active incidents", "alert storm", "NinjaOne alert", "Meraki alert", "Azure alert".

Check the deployment status of an application in Microsoft Intune — how many devices have it installed, how many are pending, and which devices failed. Use when: an app rollout is in progress, a user reports an app is missing, or you need to verify a software deployment reached all target devices. Activates on "app deployment", "deploy status", "app rollout", "software install status", "Intune app", "application deployment", "did the app deploy".

Inventory Azure resources across CP subscriptions and resource groups — list VMs, storage accounts, app services, databases, and key vaults with their state, size, tags, and monthly cost estimate. Use when: doing a quarterly cloud review, checking what's running before a cost review, identifying untagged or orphaned resources, or verifying a deployment went through. Activates on "Azure resources", "cloud inventory", "resource audit", "Azure VMs", "what's running in Azure", "Azure review", "resource group", "cloud review".

Generate a capacity projection for CP's device fleet and Microsoft 365 licenses — current state, growth trajectory, and procurement recommendations. Use when: planning annual IT budget, preparing for a headcount increase, evaluating whether to expand a license pool, or doing a quarterly capacity review. Activates on "capacity plan", "capacity review", "device capacity", "license capacity", "how many licenses do we have", "procurement plan", "IT budget", "headcount growth", "device refresh", "refresh cycle".

Generate a complete IT change request in CP format. Covers risk assessment, rollback plan, testing steps, and approval contacts. Use when: planning any configuration change, before executing write-enabled skills, or when the change advisory board needs a formal request. Activates on "change request", "change management", "CR", "I want to change", "planning a change", "approval needed", or before any significant IT action.