New section: 'When to Partner Commercially: The Partnership Doctrine'
Addresses the practical reality of a 5-person consultancy growing to
15-20: where open-source wins, where commercial wins, and the decision
framework for choosing between them.
Partnership Decision Framework:
- Capability (24/7 eyes-on-glass = partner)
- Compliance (audit demands vendor logo = partner)
- Scale (>5,000 endpoints = partner)
- Time to value (<30 days = partner)
- Margin (recurring revenue without proportional labour = partner)
- Differentiation (partner makes us generic = refuse)
Tier 1 Strategic Partnerships (deeply integrated):
- Huntress: Managed EDR for 24/7 coverage we cannot staff
- Thinkst Canary: Enterprise deception, high margin, low touch
- Tenable: Compliance-auditable VM for regulated clients
Tier 2 Situational Partnerships (deploy as needed):
- Delinea (PAM), KnowBe4 (awareness), Veeam (backup),
Proofpoint/Mimecast (email gateway)
Tier 3 Consultant Productivity (not resold):
- Burp Suite Pro, Cobalt Strike/Sliver, training
Also documents what we REFUSE to partner with (all-in-one platforms,
generic SIEM, opaque AI startups, M365 management competitors) and
provides a Year 1 vs Year 3 partnership portfolio roadmap.
E3 includes Entra ID P1 (conditional access, SSPR) and Defender for
Endpoint P1 (AV, device control, ASR audit mode), not just 'Free'/'AV only'.
Key corrections:
- m365-e3-hardening.md: Entra ID P1 with conditional access is now
correctly listed as included; Intune is full not 'basic'; ASR audit
mode is available in P1; risk-based gap reframed as 'No Entra ID P2'
- zero-budget-hardening.md: E3 comparison table now shows Entra ID P1
and Defender for Endpoint P1 correctly; pitch text updated
- modular-engagements.md: MFA description now reflects conditional
access availability in E3
- m365-antifragile-project.md: Conditional Access heading now correctly
notes E3 includes P1; E3 baseline mentions conditional access
- endpoint-management-entry-vector.md: Intune described as full MDM/MAM
