antifragile

cqrenet/antifragile

Fork 0

Commit Graph

Author	SHA1	Message	Date
Claude Sonnet 4.6	5c4e91179d	feat: Add findings backlog as pragmatic alternative to risk register New: assessment-templates/findings-backlog.md Design principles: lives where client works, every finding has an owner, feeds the housekeeping stream, accumulates from all sources. Format: 6-field minimal entry (ID, finding, source, priority, owner, status) with optional target date/effort/notes/closed date. P0/P1/P2 priority using kill chain test. Flat file template for Git-based clients. Population guide: Day 30 (from Brownhat), subsequent modules, continuous tools (ASTRAL drift, PULSAR alerts, Elysium, BloodHound). Monthly housekeeping cycle structure. Relationship to formal risk register explained. Backlog health indicators (warning signs it is not functioning). Wired into existing framework: move-fast-and-fix-things.md: Rule 4 now names the backlog as the queue rapid-modernisation-plan.md: Day 30 item 7 and Phase 1 action updated engagement-model.md: Section 4 deliverables table updated at all stages assessment-templates/README.md: Production-ready templates section added index.md: Findings Backlog added to Assessment and Tools table Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>	2026-06-05 10:09:08 +00:00
tomas.kracmar	64f73371c9	feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization New documents: - core/engagement-model.md: Full client-facing engagement lifecycle (Sections 1-6) plus consultant delivery discipline (Section 7) - core/consultant-field-guide.md: Decision models, client qualification, module selection, 10 common mistakes, technical onboarding, proposal writing - core/about-cqre.md: Company overview template with [PLACEHOLDER] markers for client-facing use - core/about-cqre-cs.md: Czech version of company overview (O společnosti CQRE) - core/executive-summary-cs.md: Czech translation of the board executive summary - assessment-templates/nist-csf-baseline.md: Full Brownhat Diagnostic workshop methodology (NIST CSF 2.0) - assessment-templates/nist-csf-baseline-cs.md: Czech version of Brownhat Diagnostic (for Czech-language workshops) - assessment-templates/module-completion-report.md: Module completion package template - assessment-templates/risk-register-example.md: 8 fully populated risk entries (Meridian Logistics GmbH fictional engagement) - playbooks/privileged-access-architecture.md: Module 13 - Teleport, Tailscale/Headscale, JIT access, vendor governance - playbooks/sovereign-communications.md: Module 14 - Delta Chat chatmail relay, Matrix/Element, crisis channels Updated documents: - playbooks/sovereign-tool-stack.md: Added Elysium, CAExporter, E8-CAT, macOS_IntuneManagement, IntunePolicyParser, M365-Scripts; updated capability matrix and module pairings - core/modular-engagements.md: Module 2 now includes CAExporter as first step; Module 6 includes Elysium password audit - reference/nist-csf-mapping.md: Added back-reference to nist-csf-baseline.md - assessment-templates/README.md: Changed Q1/Q2/Q3/Q4 to Phase 1/2/3/4, added Status column - index.md: Registered all new documents; restructured consultant navigation into three labeled groups (1-25) - README.md: Updated directory tree; updated Quick Start for Consultants Czech localization pointers: - executive-summary.md: Added Česká verze pointer - nist-csf-baseline.md: Added Česká verze pointer - engagement-model.md: Added note that client-facing Czech translation is planned Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-27 21:33:52 +02:00
tomas.kracmar	763da003d3	Initial commit: antifragile cybersecurity consulting blueprint Complete repository of frameworks, playbooks, and assessment resources for cybersecurity consultations focused on antifragile enterprise design. Includes: - Core philosophy and manifest (5 pillars) - 12 modular engagement packages - AI sovereignty and operations frameworks - Zero-budget vulnerability discovery and hardening playbooks - M365 E3 hardening and antifragile project plans - Osquery sovereign discovery platform blueprint - Perimeter scanning capability guide - AI-assisted TVM blueprint for AI-powered adversaries - Vertical specializations: banking, telco, power/utilities - CIS Controls v8 and NIST CSF 2.0 mappings - Risk registers and assessment templates - C-suite conversation guide and business case templates	2026-05-09 16:53:22 +02:00

Author

SHA1

Message

Date

Claude Sonnet 4.6

5c4e91179d

feat: Add findings backlog as pragmatic alternative to risk register

New: assessment-templates/findings-backlog.md
  Design principles: lives where client works, every finding has an owner,
  feeds the housekeeping stream, accumulates from all sources.
  Format: 6-field minimal entry (ID, finding, source, priority, owner,
  status) with optional target date/effort/notes/closed date.
  P0/P1/P2 priority using kill chain test.
  Flat file template for Git-based clients.
  Population guide: Day 30 (from Brownhat), subsequent modules, continuous
  tools (ASTRAL drift, PULSAR alerts, Elysium, BloodHound).
  Monthly housekeeping cycle structure.
  Relationship to formal risk register explained.
  Backlog health indicators (warning signs it is not functioning).

Wired into existing framework:
  move-fast-and-fix-things.md: Rule 4 now names the backlog as the queue
  rapid-modernisation-plan.md: Day 30 item 7 and Phase 1 action updated
  engagement-model.md: Section 4 deliverables table updated at all stages
  assessment-templates/README.md: Production-ready templates section added
  index.md: Findings Backlog added to Assessment and Tools table

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>

2026-06-05 10:09:08 +00:00

tomas.kracmar

64f73371c9

feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization

New documents:
- core/engagement-model.md: Full client-facing engagement lifecycle (Sections 1-6) plus consultant delivery discipline (Section 7)
- core/consultant-field-guide.md: Decision models, client qualification, module selection, 10 common mistakes, technical onboarding, proposal writing
- core/about-cqre.md: Company overview template with [PLACEHOLDER] markers for client-facing use
- core/about-cqre-cs.md: Czech version of company overview (O společnosti CQRE)
- core/executive-summary-cs.md: Czech translation of the board executive summary
- assessment-templates/nist-csf-baseline.md: Full Brownhat Diagnostic workshop methodology (NIST CSF 2.0)
- assessment-templates/nist-csf-baseline-cs.md: Czech version of Brownhat Diagnostic (for Czech-language workshops)
- assessment-templates/module-completion-report.md: Module completion package template
- assessment-templates/risk-register-example.md: 8 fully populated risk entries (Meridian Logistics GmbH fictional engagement)
- playbooks/privileged-access-architecture.md: Module 13 - Teleport, Tailscale/Headscale, JIT access, vendor governance
- playbooks/sovereign-communications.md: Module 14 - Delta Chat chatmail relay, Matrix/Element, crisis channels

Updated documents:
- playbooks/sovereign-tool-stack.md: Added Elysium, CAExporter, E8-CAT, macOS_IntuneManagement, IntunePolicyParser, M365-Scripts; updated capability matrix and module pairings
- core/modular-engagements.md: Module 2 now includes CAExporter as first step; Module 6 includes Elysium password audit
- reference/nist-csf-mapping.md: Added back-reference to nist-csf-baseline.md
- assessment-templates/README.md: Changed Q1/Q2/Q3/Q4 to Phase 1/2/3/4, added Status column
- index.md: Registered all new documents; restructured consultant navigation into three labeled groups (1-25)
- README.md: Updated directory tree; updated Quick Start for Consultants

Czech localization pointers:
- executive-summary.md: Added Česká verze pointer
- nist-csf-baseline.md: Added Česká verze pointer
- engagement-model.md: Added note that client-facing Czech translation is planned

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-27 21:33:52 +02:00

tomas.kracmar

763da003d3

Initial commit: antifragile cybersecurity consulting blueprint

Complete repository of frameworks, playbooks, and assessment resources
for cybersecurity consultations focused on antifragile enterprise design.

Includes:
- Core philosophy and manifest (5 pillars)
- 12 modular engagement packages
- AI sovereignty and operations frameworks
- Zero-budget vulnerability discovery and hardening playbooks
- M365 E3 hardening and antifragile project plans
- Osquery sovereign discovery platform blueprint
- Perimeter scanning capability guide
- AI-assisted TVM blueprint for AI-powered adversaries
- Vertical specializations: banking, telco, power/utilities
- CIS Controls v8 and NIST CSF 2.0 mappings
- Risk registers and assessment templates
- C-suite conversation guide and business case templates

2026-05-09 16:53:22 +02:00

3 Commits