cqrenet/antifragile
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Full consistency scan — AOC->PULSAR, fix training-data claims, fix 90% claim

Browse Source 
AOC -> PULSAR across 10 files (engagement-model, retained-capability,
modular-engagements, blue-purple-team-foundation, about-cqre, about-cqre-cs,
consultant-field-guide, ai-assisted-tvm, m365-e3-hardening,
sovereign-tool-stack, risk-register-example).

Training-data framing corrected in:
- executive-summary.md: opening paragraph and risk table
- README.md: 90% solution claim -> 30-60% in 180 days
- modular-engagements.md: public API data use claim
- cis-controls-mapping.md: data protection framing
- antifragile-risk-register.md: risk entry softened to accurate framing
- azure-openai-sovereignty-bridge.md: consumer vs enterprise API distinction

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>
This commit is contained in:
Claude Sonnet 4.6
2026-06-05 07:05:13 +00:00
parent bcebf8ebb3
commit 3062e435ca
16 changed files with 55 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
antifragile-consulting/core/retained-capability.md
+1 -1
View File
@@ -32,7 +32,7 @@ When you outsource a security function, you should retain three capabilities int
| Retained Capability | Why It Cannot Be Outsourced | What It Produces |
|--------------------|---------------------------|------------------|
| **Detection Engineering** | Only you know what "normal" looks like in your environment. Only you can write rules that detect anomalies specific to your architecture, your applications, and your user behaviours. | Custom detection rules (KQL, Sigma, YARA, Wazuh) and M365-specific detections via AOC that catch threats generic rules miss |
| **Detection Engineering** | Only you know what "normal" looks like in your environment. Only you can write rules that detect anomalies specific to your architecture, your applications, and your user behaviours. | Custom detection rules (KQL, Sigma, YARA, Wazuh) and M365-specific detections via PULSAR that catch threats generic rules miss |
| **Threat Context & Prioritization** | Only you know which assets are crown jewels. Only you can prioritize a vulnerability on your payment gateway over a vulnerability on your marketing blog. | Risk-ranked remediation that aligns with business impact |
| **Integration & Orchestration** | Only you can connect the SOC to your change management, your identity team, your OT engineers, and your executives. | Closed-loop incident response that produces structural improvement |