cqrenet/antifragile
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add AI Mythos counter-narrative; rewrite ai-sovereignty-framework

Browse Source 
move-fast-and-fix-things.md: 'The AI Distraction' section.
  Multiplier principle, CIS IG1 sequencing, client redirect script.

antifragile-manifest.md: Pillar sequencing note (Pillar 4 after 1-3).

consultant-field-guide.md: Mistake #11 + AOC->PULSAR rename.

ai-sovereignty-framework.md: Full rewrite with regulatory framing,
  sovereignty spectrum, updated objections, CQRE product examples.

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>
This commit is contained in:
Claude Sonnet 4.6
2026-06-05 05:19:21 +00:00
parent 48f891db36
commit 46a1f7e005
4 changed files with 225 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files
antifragile-consulting/core/consultant-field-guide.md
+21 -3
View File
@@ -245,6 +245,24 @@ Week 1 produces the baseline. It does not produce improvements. Clients sometime
---
**11. Validating the AI Distraction**
A client opens with: *"We want to implement AI-powered threat detection"* or *"Can AI help us manage our security posture?"* The mistake is engaging with the AI question directly — evaluating vendors, discussing models, building a roadmap — before establishing whether the foundation exists.
AI security tools are multipliers. A multiplier applied to a broken foundation produces nothing except an expensive invoice and a false sense of coverage. The client who wants AI detection but has no MFA on admin accounts, no tested backups, and unpatched internet-facing systems does not need AI detection. They need MFA.
**The redirect script**:
> *"I want to get you to the AI layer — that's where the interesting work is. The fastest path there is closing the gaps that AI can't compensate for first. Otherwise, we're tuning the detection system while the front door is unlocked. Let's run the Brownhat Diagnostic, find your kill chain, close the existential gaps, and then we build the intelligence layer on top of something solid. You'll actually get value from the AI at that point."*
**When to apply this**: Any time a client's opening request is for an intelligence or detection capability before you have confirmed that basic hygiene is in place. The discovery call question that surfaces it: *"What's your current MFA coverage across admin accounts?"* If the answer is anything other than "100%, enforced by policy," you have a layer-one gap. Fix that before any AI conversation.
**The one exception**: A client with demonstrably strong fundamentals — IG1 complete, MFA enforced, logging in place, backups tested — who wants to build on that foundation. This is a legitimate AI conversation. But verify the foundation before accepting the premise that it exists.
See [Move Fast and Fix Things — The AI Distraction](move-fast-and-fix-things.md#the-ai-distraction) for the full philosophical statement.
---
## Part 5: Technical Onboarding
### CQRE tool repositories
@@ -253,8 +271,8 @@ Before leading a module, you need to be able to deploy and use the tools that mo
| Tool | Repository | Used in |
|------|-----------|---------|
| **ASTRAL** | `cqrenet/astral` (public) · `cqrenet/Intune` (internal, full version) | Modules 1, 2, 3 |
| **AOC** | `cqrenet/aoc` | Modules 2, 3, 12; retained capability |
| **ASTRAL** | [github.com/cqrenet/astral](https://github.com/cqrenet/astral) | Modules 1, 2, 3 |
| **PULSAR** | [github.com/cqrenet/pulsar](https://github.com/cqrenet/pulsar) | Modules 2, 3, 12; retained capability |
| **macOS_IntuneManagement** | `cqrenet/macOS_IntuneManagement` | Module 1; tenant migrations |
| **Elysium** | `cqrenet/elysium` | Module 6, 10 |
| **CAExporter** | `vibecoding/CAExporter` | Modules 2, 3 |
@@ -271,7 +289,7 @@ This is the minimum bar for leading (not shadowing) a module. If you are not the
| Module | Minimum competency |
|--------|-------------------|
| **Module 1** (Endpoint) | PowerShell 7+; Intune policy structure; ASTRAL deployment and configuration; E8-CAT scoring |
| **Module 2** (Identity) | Entra ID architecture; Conditional Access design; PIM/PAM concepts; AOC deployment; CAExporter export and analysis |
| **Module 2** (Identity) | Entra ID architecture; Conditional Access design; PIM/PAM concepts; PULSAR deployment; CAExporter export and analysis |
| **Module 3** (M365 Hardening) | Modules 1 and 2 competency; Prowler Azure audit; ASTRAL drift detection; ASR rules |
| **Module 6** (AD Hardening) | Active Directory architecture; BloodHound collection and analysis; DSInternals and Elysium operation; LAPS deployment; GPO design; Sysmon configuration |
| **Module 8** (OT Security) | OT/IT network segmentation concepts; NIS2 Article 21 and 23 requirements; SCADA/ICS risk framing; Zeek or Suricata basics |