cqrenet/antifragile
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
antifragile/antifragile-consulting/README.md
Tomas Kracmar 2b969af2a8 feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks 
New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.

Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
  Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
  antifragile pillars. Identifies 6 gaps with recommended closes:
  Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
  Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
  Zeek+Suricata (network analysis). Includes per-module tool pairing,
  deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
  and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
  configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
  deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
  description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
  for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation
2026-05-09 17:05:18 +02:00

110 lines
7.9 KiB
Markdown
Raw Permalink Blame History

# Antifragile Enterprise Consulting Repository
> *"Wind extinguishes a candle and energizes fire. You want to be the fire and wish for the wind."* — Nassim Nicholas Taleb
This repository contains reusable frameworks, playbooks, and assessment resources for consulting engagements focused on building **antifragile organizations**—enterprises that do not merely survive disruption but grow stronger from it.
## What Is Antifragile?
Most security and resilience frameworks optimize for **robustness**—the ability to withstand shocks. Antifragility goes further. An antifragile system:
- **Benefits from volatility** and stressors
- **Learns faster** from failures than from successes
- **Decentralizes critical functions** to avoid single points of failure
- **Treats optionality as a strategic asset**, not overhead
## Repository Structure
```
├── core/ # Foundational frameworks and principles
│ ├── move-fast-and-fix-things.md # Company philosophy: speed, repair, existing tools
│ ├── antifragile-manifest.md # The five pillars of antifragile enterprise
│ ├── modular-engagements.md # Menu of independent, self-contained modules
│ ├── ai-sovereignty-framework.md # AI sovereignty as a strategic mandate
│ ├── ai-operations-inevitability.md # Why defensive AI is inevitable (business AI is optional)
│ ├── azure-openai-sovereignty-bridge.md # Azure OpenAI/Foundry as sovereignty stepping stone
│ ├── organizational-resilience.md # Dev/Sec/Ops merger and shift-left arguments
│ ├── quality-management-engagement.md # Embedded process assurance for teams feeling "not in control"
│ ├── blue-purple-team-foundation.md # Building defensive capability from existing tools
│ ├── retained-capability.md # What to keep in-house when outsourcing security (MSSP, pentest, compliance)
│ ├── executive-summary.md # One-page board brief
│ ├── c-suite-conversation-guide.md # Persuasion scripts for top management
│ └── t0-asset-framework.md # Tier 0 asset classification and protection
├── playbooks/ # Executable modernisation and response plans
│ ├── rapid-modernisation-plan.md # 30-60-90-180 day transformation roadmap
│ ├── endpoint-management-entry-vector.md # Intune/device management as engagement entry point
│ ├── ai-assisted-tvm.md # AI-powered vulnerability management blueprint
│ ├── zero-budget-vulnerability-discovery.md # Script-based vuln discovery without commercial scanners
│ ├── perimeter-scanning-capability.md # External attack surface scanning strategy
│ ├── osquery-custom-platform.md # Build a sovereign vuln/asset discovery platform on osquery
│ ├── m365-antifragile-project.md # M365 greenfield/modernisation with antifragile design
│ ├── m365-e3-hardening.md # M365 E3-specific tactical hardening
│ ├── ad-endpoint-hardening.md # On-prem AD, Windows endpoint, hybrid identity
│ ├── zero-budget-hardening.md # Maximize existing tool investment
│ ├── implementation-playbook.md # Step-by-step operational guide
│ └── business-case-template.md # Financial justification and ROI framework
│ ├── sovereign-tool-stack.md # Open-source arsenal and capability map
├── assessment-templates/ # Diagnostic tools and maturity models
│ ├── README.md # Assessment roadmap and development plan
│ ├── antifragile-risk-register.md # Antifragile risk taxonomy and register template
│ └── m365-project-risk-register.md # M365 project-specific risk register
├── reference/ # External standards, mappings, and citations
│ ├── cis-controls-mapping.md # CIS Controls v8 alignment
│ ├── nist-csf-mapping.md # NIST CSF 2.0 alignment
│ ├── vertical-power-utilities.md # Power generation, transmission, water utilities
│ ├── vertical-telco.md # Telecommunications and mobile operators
│ └── vertical-banking.md # Financial services regulatory alignment
└── assets/ # Diagrams, visuals, and presentation materials
```
## Our Posture: Move Fast and Fix Things
This practice is built on a simple, actionable stance: **move fast and fix things**. We do not wait for perfect plans. We identify the kill chain, extract value from existing investments, and close existential gaps before they become incidents.
- **Speed is a security control.** A 90% solution deployed today outperforms a 100% solution that ships in six months.
- **Work beats purchases.** Most organizations own 60-80% of the capabilities they need. We configure and operationalize before we shop.
- **Every fix must produce a signal.** A remediation without telemetry is a remediation that will rot.
Read the full [Move Fast and Fix Things](core/move-fast-and-fix-things.md) philosophy.
## Core Pillars
1. **[Structural Decoupling](core/antifragile-manifest.md#pillar-1-structural-decoupling)** — Remove hidden dependencies before they become fatal ones
2. **[Optionality Preservation](core/antifragile-manifest.md#pillar-2-optionality-preservation)** — Maintain strategic exits and alternatives at every layer
3. **[Stress-to-Signal Conversion](core/antifragile-manifest.md#pillar-3-stress-to-signal-conversion)** — Turn failures, attacks, and outages into intelligence
4. **[Sovereign Intelligence](core/antifragile-manifest.md#pillar-4-sovereign-intelligence)** — Own your cognitive infrastructure; never rent your ability to think
5. **[Asymmetric Payoff Design](core/antifragile-manifest.md#pillar-5-asymmetric-payoff-design)** — Engineer outcomes where small investments yield disproportionate protection
## Standards Alignment
Our approach is not an alternative to established frameworks. It is the fastest path to meeting them while building real resilience:
- **[CIS Controls v8](reference/cis-controls-mapping.md)** — IG1 as a non-negotiable 90-day floor, achieved primarily through existing tool configuration
- **[NIST CSF 2.0](reference/nist-csf-mapping.md)** — All six functions addressed with emphasis on GOVERN as the missing keystone
## Quick Start for Executives and Board Members
1. **Read** [Executive Summary](core/executive-summary.md) — one page, five minutes, the full case
2. **Review** [Business Case Template](playbooks/business-case-template.md) — financial justification, ROI, and risk quantification
3. **Browse** [C-Suite Conversation Guide](core/c-suite-conversation-guide.md) — how your advisors should frame the conversation
## Quick Start for Consultants
1. **Open** `core/move-fast-and-fix-things.md` — understand the engagement posture
2. **Read** `core/antifragile-manifest.md` — understand the philosophy
3. **Study** `playbooks/m365-e3-hardening.md` — master the primary client environment (most clients are E3)
4. **Study** `playbooks/ad-endpoint-hardening.md` — cover on-premises AD and endpoint gaps
5. **Study** `playbooks/zero-budget-hardening.md` — extract value from existing tools in 30 days
6. **Deploy** `playbooks/rapid-modernisation-plan.md` — run the 30-60-90-180 day roadmap
7. **Reference** `core/t0-asset-framework.md` and `core/ai-sovereignty-framework.md` — classify assets and own intelligence
8. **Map** `reference/cis-controls-mapping.md` and `reference/nist-csf-mapping.md` — align to standards
9. **Adapt** `reference/vertical-power-utilities.md`, `reference/vertical-telco.md`, or `reference/vertical-banking.md` — tailor for regulated critical infrastructure clients
## Usage and Licensing
These documents are designed for reuse across client engagements. Adapt, remix, and extend. Credit the framework when presenting externally.
---
*Built for practitioners who defend the future, not just the perimeter.*
Reference in New Issue View Git Blame Copy Permalink