antifragile

cqrenet/antifragile

Fork 0

Commit Graph

Author	SHA1	Message	Date
Claude Sonnet 4.6	3b69f255ec	feat: Add concrete milestone deliverables at Day 30/90/180 rapid-modernisation-plan.md: New 'Milestone Deliverables' section with 23 numbered, verifiable deliverables across three milestones. Day 30 (7 deliverables): Brownhat Diagnostic, ASTRAL deployed, PULSAR deployed, T0 accounts hardened, attack surface report, quick wins closed, stale account queue opened. Hard gate: if ASTRAL/PULSAR not deployed, the bottleneck is access provisioning not scope. Day 90 (9 more deliverables): MFA for all users enforced (not enrolled), legacy auth blocked, CA baseline, P0/P1 vulns closed, BloodHound before/ after, vendor access hardened, T0 backup verified, ASTRAL restore drill, PULSAR top 5 alert rules with runbooks. Day 180 (7 more deliverables): Alert runbooks, custom detection rules, client IT lead independence (live walkthrough), housekeeping 3 cycles, module completion packages, risk register closure evidence, retained scope. Each milestone includes the verifiable evidence column and a 'what this value stands alone' statement. Section closes with honest timeline modifiers (large AD, high user count, OT environments). business-case-template.md: The Ask updated to quote the three milestones explicitly. Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>	2026-06-05 09:54:49 +00:00
Claude Sonnet 4.6	878fca3f0b	feat: Rewrite rapid-modernisation-plan and business-case for realism rapid-modernisation-plan.md: - Add honest framing section: what 180 days delivers vs. what takes 2-3 years - Extend Phase 1 from 30 to 60 days; rename to Visibility - Remove dangerous 'disable all unknown accounts in week 1-2' instruction - Replace Phase 3 (AI Sovereignty) with Signal and Retained Capability - Phase 3 now: detection engineering, alert runbooks, knowledge transfer - Phase 4 made explicitly open-ended (not complete at day 180) - Fix success metrics: remove unverifiable targets, replace with honest ones - Remove 'compress Phases 1-2 into 30 days for small orgs' adaptation - Add 'What This Plan Is Not' practitioner section - ASTRAL and PULSAR integrated as Phase 1 deliverables - AI Sovereignty moved to multi-year parallel initiative business-case-template.md: - Break-even corrected: Day 90 -> 12-18 months post-programme - Phase budget table updated: 30/30/30/90 -> 60/60/60/ongoing - Phase names and deliverables aligned with revised RMP - AI sovereignty removed from core deliverables - Sensitivity analysis: 3 scenarios -> 4 including abort condition - Alternatives table: AI sovereignty removed from Antifragile programme description - ROI table: cloud AI cost line replaced with audit preparation time saving - The Ask: 30-day first gate -> 60-day first gate Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>	2026-06-05 09:47:25 +00:00
tomas.kracmar	763da003d3	Initial commit: antifragile cybersecurity consulting blueprint Complete repository of frameworks, playbooks, and assessment resources for cybersecurity consultations focused on antifragile enterprise design. Includes: - Core philosophy and manifest (5 pillars) - 12 modular engagement packages - AI sovereignty and operations frameworks - Zero-budget vulnerability discovery and hardening playbooks - M365 E3 hardening and antifragile project plans - Osquery sovereign discovery platform blueprint - Perimeter scanning capability guide - AI-assisted TVM blueprint for AI-powered adversaries - Vertical specializations: banking, telco, power/utilities - CIS Controls v8 and NIST CSF 2.0 mappings - Risk registers and assessment templates - C-suite conversation guide and business case templates	2026-05-09 16:53:22 +02:00

Author

SHA1

Message

Date

Claude Sonnet 4.6

3b69f255ec

feat: Add concrete milestone deliverables at Day 30/90/180

rapid-modernisation-plan.md: New 'Milestone Deliverables' section with
23 numbered, verifiable deliverables across three milestones.

Day 30 (7 deliverables): Brownhat Diagnostic, ASTRAL deployed, PULSAR
deployed, T0 accounts hardened, attack surface report, quick wins closed,
stale account queue opened. Hard gate: if ASTRAL/PULSAR not deployed,
the bottleneck is access provisioning not scope.

Day 90 (9 more deliverables): MFA for all users enforced (not enrolled),
legacy auth blocked, CA baseline, P0/P1 vulns closed, BloodHound before/
after, vendor access hardened, T0 backup verified, ASTRAL restore drill,
PULSAR top 5 alert rules with runbooks.

Day 180 (7 more deliverables): Alert runbooks, custom detection rules,
client IT lead independence (live walkthrough), housekeeping 3 cycles,
module completion packages, risk register closure evidence, retained scope.

Each milestone includes the verifiable evidence column and a 'what this
value stands alone' statement. Section closes with honest timeline
modifiers (large AD, high user count, OT environments).

business-case-template.md: The Ask updated to quote the three milestones
explicitly.

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>

2026-06-05 09:54:49 +00:00

Claude Sonnet 4.6

878fca3f0b

feat: Rewrite rapid-modernisation-plan and business-case for realism

rapid-modernisation-plan.md:
- Add honest framing section: what 180 days delivers vs. what takes 2-3 years
- Extend Phase 1 from 30 to 60 days; rename to Visibility
- Remove dangerous 'disable all unknown accounts in week 1-2' instruction
- Replace Phase 3 (AI Sovereignty) with Signal and Retained Capability
- Phase 3 now: detection engineering, alert runbooks, knowledge transfer
- Phase 4 made explicitly open-ended (not complete at day 180)
- Fix success metrics: remove unverifiable targets, replace with honest ones
- Remove 'compress Phases 1-2 into 30 days for small orgs' adaptation
- Add 'What This Plan Is Not' practitioner section
- ASTRAL and PULSAR integrated as Phase 1 deliverables
- AI Sovereignty moved to multi-year parallel initiative

business-case-template.md:
- Break-even corrected: Day 90 -> 12-18 months post-programme
- Phase budget table updated: 30/30/30/90 -> 60/60/60/ongoing
- Phase names and deliverables aligned with revised RMP
- AI sovereignty removed from core deliverables
- Sensitivity analysis: 3 scenarios -> 4 including abort condition
- Alternatives table: AI sovereignty removed from Antifragile programme description
- ROI table: cloud AI cost line replaced with audit preparation time saving
- The Ask: 30-day first gate -> 60-day first gate

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>

2026-06-05 09:47:25 +00:00

tomas.kracmar

763da003d3

Initial commit: antifragile cybersecurity consulting blueprint

Complete repository of frameworks, playbooks, and assessment resources
for cybersecurity consultations focused on antifragile enterprise design.

Includes:
- Core philosophy and manifest (5 pillars)
- 12 modular engagement packages
- AI sovereignty and operations frameworks
- Zero-budget vulnerability discovery and hardening playbooks
- M365 E3 hardening and antifragile project plans
- Osquery sovereign discovery platform blueprint
- Perimeter scanning capability guide
- AI-assisted TVM blueprint for AI-powered adversaries
- Vertical specializations: banking, telco, power/utilities
- CIS Controls v8 and NIST CSF 2.0 mappings
- Risk registers and assessment templates
- C-suite conversation guide and business case templates

2026-05-09 16:53:22 +02:00

3 Commits