cqrenet/antifragile
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Fix review issues and integrate ASTRAL, PULSAR, AURORA product suite

Browse Source 
Framework fixes:
- antifragile-manifest.md: Correct AI Sovereignty pillar (data residency/audit rights framing); add consultant note
- executive-summary.md: Same AI sovereignty correction; add EU Regulatory Context (NIS2, DORA, GDPR)
- README.md: Add Brownhat brand explanation; expand Standards Alignment with NIS2/DORA/GDPR
- core/about-cqre.md: Prominent TEMPLATE WARNING banner to prevent accidental sharing
- index.md: Add CQRE Product Suite; renumber consultant nav 1-26 consistently

New: playbooks/cqre-product-suite.md - ASTRAL/PULSAR/AURORA product reference with antifragile pillar alignment, regulatory mapping, deployment prerequisites, and objection handling

Updated: sovereign-tool-stack.md - ASTRAL updated to GitHub product spec; AOC replaced with PULSAR; AURORA section added

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>
This commit is contained in:
Claude Sonnet 4.6
2026-06-05 04:59:20 +00:00
parent 64f73371c9
commit 48f891db36
7 changed files with 335 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
antifragile-consulting/README.md
+11 -1
View File
@@ -47,7 +47,8 @@ Most security and resilience frameworks optimize for **robustness**—the abilit
│ ├── ad-endpoint-hardening.md # On-prem AD, Windows endpoint, hybrid identity
│ ├── zero-budget-hardening.md # Maximize existing tool investment
│ ├── implementation-playbook.md # Step-by-step operational guide
│ ├── sovereign-tool-stack.md # Open-source arsenal and capability map
│ ├── cqre-product-suite.md # ASTRAL, PULSAR, AURORA: details, alignment, deployment
│ ├── sovereign-tool-stack.md # Full arsenal: CQRE products, open-source, and commercial tools
│ ├── privileged-access-architecture.md # PAM: Teleport, Tailscale/Headscale, JIT access (Module 13)
│ ├── sovereign-communications.md # Delta Chat chatmail, Matrix/Element, crisis channels (Module 14)
│ └── business-case-template.md # Financial justification and ROI framework
@@ -68,6 +69,12 @@ Most security and resilience frameworks optimize for **robustness**—the abilit
└── assets/ # Diagrams, visuals, and presentation materials
```
## What Is Brownhat?
Brownhat is the delivery brand for CQRE consulting engagements. The name is a deliberate rejection of the traditional hat colour taxonomy in security (black hat / white hat / grey hat) — our work is not about adversarial simulation or compliance theatre. It is about the unglamorous, practical work of making real environments more resilient: brownfield by design, working with what exists, fixing what matters most.
The **Brownhat methodology** is the operational posture behind every engagement: move fast, extract value from existing investments, and close existential gaps before they become incidents. The **Brownhat Diagnostic** is the specific entry engagement — a structured NIST CSF 2.0 baseline assessment that every new client completes before any module recommendation is made.
## Our Posture: Move Fast and Fix Things
This practice is built on a simple, actionable stance: **move fast and fix things**. We do not wait for perfect plans. We identify the kill chain, extract value from existing investments, and close existential gaps before they become incidents.
@@ -92,6 +99,9 @@ Our approach is not an alternative to established frameworks. It is the fastest
- **[CIS Controls v8](reference/cis-controls-mapping.md)** — IG1 as a non-negotiable 90-day floor, achieved primarily through existing tool configuration
- **[NIST CSF 2.0](reference/nist-csf-mapping.md)** — All six functions addressed with emphasis on GOVERN as the missing keystone
- **NIS2 (EU 2022/2555)** — Every engagement produces direct evidence for the Article 21 measures: configuration management (ASTRAL), logging and monitoring (PULSAR), access control, and incident detection. Essential and important entities under NIS2 will find the Brownhat module set directly maps to their supervisory obligations.
- **DORA (EU 2022/2554)** — ICT change management records (ASTRAL Git trail), incident log retention (PULSAR), and ICT third-party risk governance map onto DORA Articles 10 and 11. Designed for financial entities who need demonstrable controls, not documentation exercises.
- **GDPR Article 32** — Continuous configuration governance and audit log retention constitute "appropriate technical measures" under the accountability principle. Evidence produced by ASTRAL and PULSAR is directly usable in DPA and auditor reviews.
## Quick Start for Executives and Board Members