Tomas Kracmar
763da003d3
Complete repository of frameworks, playbooks, and assessment resources for cybersecurity consultations focused on antifragile enterprise design. Includes: - Core philosophy and manifest (5 pillars) - 12 modular engagement packages - AI sovereignty and operations frameworks - Zero-budget vulnerability discovery and hardening playbooks - M365 E3 hardening and antifragile project plans - Osquery sovereign discovery platform blueprint - Perimeter scanning capability guide - AI-assisted TVM blueprint for AI-powered adversaries - Vertical specializations: banking, telco, power/utilities - CIS Controls v8 and NIST CSF 2.0 mappings - Risk registers and assessment templates - C-suite conversation guide and business case templates
Assessment Templates
"What gets measured gets managed. What gets managed honestly becomes antifragile."
This directory contains diagnostic tools, maturity models, and assessment resources for evaluating organizational antifragility. Two production-ready tools are available now; additional assessments are in active development.
Planned Assessments
1. Antifragile Maturity Model (AF-MM)
A five-level maturity model covering:
- Level 1: Fragile — Reactive, undocumented, dependent on single vendors
- Level 2: Robust — Documented, monitored, but static
- Level 3: Resilient — Automated recovery, tested backups, incident response operational
- Level 4: Adaptive — Chaos engineering, continuous learning, structural improvement from failure
- Level 5: Antifragile — Volatility is exploited for gain, optionality is strategic, intelligence is sovereign
2. AI Sovereignty Readiness Assessment
Evaluates:
- Current AI usage inventory completeness
- Data classification and leakage risk
- Local infrastructure readiness
- Vendor dependency and exit feasibility
- Regulatory compliance posture
3. T0 Asset Discovery Scanner
Planned scripted assessment to:
- Enumerate critical assets across on-premises and cloud environments
- Classify assets by tier based on dependency mapping
- Identify gaps in protection, monitoring, and recovery
- Generate prioritized remediation roadmap
4. Dependency Risk Mapper
Planned tool to:
- Map vendor and technology dependencies
- Calculate coupling depth and exit difficulty
- Identify hidden single points of failure
- Simulate failure cascades
5. Incident Learning Index
Measures the organization's ability to convert incidents into structural improvements:
- Mean time to structural fix
- Post-mortem completion rate
- Structural changes implemented per incident
- Repeat incident rate
Development Roadmap
| Quarter | Deliverable | Format |
|---|---|---|
| Q1 | AF-MM v1.0 questionnaire and scoring guide | Markdown + spreadsheet |
| Q2 | AI Sovereignty Readiness Assessment v1.0 | Interactive web form or CLI tool |
| Q3 | T0 Asset Discovery Scanner v0.1 | Python script (cloud APIs + on-premises) |
| Q4 | Dependency Risk Mapper v0.1 | Python + network analysis libraries |
Contributing
When adding new assessments:
- Document the purpose, methodology, and limitations
- Include scoring rubrics with clear criteria
- Provide sample outputs and interpretation guidance
- Version assessments and maintain changelogs
- Test on at least two different organizational profiles before release
Return to Repository Index