antifragile/antifragile-consulting/index.md

# Antifragile Enterprise Consulting Repository — Index

## For Executives and Board Members

| Document | Purpose | Audience |
|----------|---------|----------|
| [Executive Summary](core/executive-summary.md) | One-page strategic overview | CEOs, Boards, Executive Committees |
| [Modular Engagements](core/modular-engagements.md) | Menu of independent modules; choose your starting point | CEOs, CFOs, Procurement |
| [C-Suite Conversation Guide](core/c-suite-conversation-guide.md) | Scripts, objection handling, and psychological framing | Executives, Advisors |
| [Business Case Template](playbooks/business-case-template.md) | Financial justification, ROI, and risk quantification | CFOs, Boards, Risk Committees |
| [Antifragile Manifest](core/antifragile-manifest.md) | Core philosophy and five pillars (business translation) | Executives, Architects, Consultants |

## For Practitioners and Consultants

| Document | Purpose | Audience |
|----------|---------|----------|
| [README](README.md) | Repository overview and quick start | Everyone |
| [Move Fast and Fix Things](core/move-fast-and-fix-things.md) | Company motto and engagement posture | Consultants, Executives |
| [Antifragile Manifest](core/antifragile-manifest.md) | Core philosophy and five pillars | Executives, Architects, Consultants |
| [AI Operations Inevitability](core/ai-operations-inevitability.md) | Defensive AI is inevitable; business AI is optional | CISOs, CTOs, Consultants |
| [Azure OpenAI Sovereignty Bridge](core/azure-openai-sovereignty-bridge.md) | Azure OpenAI/Foundry as pragmatic sovereignty step | CTOs, Architects, Consultants |
| [Organizational Resilience](core/organizational-resilience.md) | Shift left and Dev/Sec/Ops merger talking points | CTOs, CISOs, Consultants |
| [Embedded Quality Assurance](core/quality-management-engagement.md) | Process assurance for teams feeling "not in control" | Heads of Security, Operations, Project Leaders |
| [Blue/Purple Team Foundation](core/blue-purple-team-foundation.md) | Building defensive capability from existing tool investments | CISOs, SOC Managers, Security Architects |
| [Retained Capability](core/retained-capability.md) | What to keep in-house when outsourcing SOC, pentest, compliance | CISOs, CFOs, Procurement |

## Core Frameworks

| Document | Purpose | Audience |
|----------|---------|----------|
| [Move Fast and Fix Things](core/move-fast-and-fix-things.md) | Speed, repair, and maximizing existing investment | Consultants, Executives |
| [Antifragile Manifest](core/antifragile-manifest.md) | Five pillars of antifragile enterprise | Executives, Architects, Consultants |
| [AI Sovereignty Framework](core/ai-sovereignty-framework.md) | Strategic arguments and implementation for local AI | CISOs, CTOs, Security Architects |
| [T0 Asset Framework](core/t0-asset-framework.md) | Tier 0 classification and protection for critical assets | Security Architects, Infrastructure Leads |

## Playbooks

| Document | Purpose | Audience |
|----------|---------|----------|
| [Rapid Modernisation Plan](playbooks/rapid-modernisation-plan.md) | 30-60-90-180 day transformation roadmap | Program Managers, Consultants, CISOs |
| [Endpoint Management Entry Vector](playbooks/endpoint-management-entry-vector.md) | Intune/device management as the ideal engagement entry point | M365 Consultants, Account Managers |
| [AI-Assisted TVM Blueprint](playbooks/ai-assisted-tvm.md) | AI-powered vulnerability management for AI-powered adversaries | CTOs, CISOs, Vulnerability Management |
| [Zero-Budget Vulnerability Discovery](playbooks/zero-budget-vulnerability-discovery.md) | Script-based and osquery-based server/container vuln discovery without Tenable/Qualys | Security Engineers, Consultants |
| [Perimeter Scanning Capability](playbooks/perimeter-scanning-capability.md) | External attack surface strategy: build, partner, or hybrid | Security Architects, Consultants |
| [Osquery: The Sovereign Discovery Platform](playbooks/osquery-custom-platform.md) | Build a custom vulnerability and asset inventory platform on osquery | Security Engineers, Consultants, CTOs |
| [M365 Antifragile Project](playbooks/m365-antifragile-project.md) | Greenfield and modernisation with antifragile design | M365 Consultants, Project Managers |
| [M365 E3 Hardening](playbooks/m365-e3-hardening.md) | Tactical hardening for M365 E3 environments | M365 Consultants, Security Engineers |
| [AD and Endpoint Hardening](playbooks/ad-endpoint-hardening.md) | On-prem AD, Windows endpoints, hybrid identity | Infrastructure Consultants, Security Engineers |
| [Zero-Budget Hardening](playbooks/zero-budget-hardening.md) | Maximize existing tools, minimize new purchases | Consultants, CISOs, IT Managers |
| [Implementation Playbook](playbooks/implementation-playbook.md) | Tactical step-by-step delivery guide | Technical Leads, Security Engineers |
| [Sovereign Tool Stack](playbooks/sovereign-tool-stack.md) | Open-source arsenal: Prowler, BloodHound, CISO Assistant, ASTRAL, AOC, Wazuh, Shuffle | Consultants, CTOs, CISOs |
| [Business Case Template](playbooks/business-case-template.md) | Financial justification, ROI, risk quantification | CFOs, Boards, Consultants |

## Standards Reference

| Document | Purpose | Audience |
|----------|---------|----------|
| [CIS Controls v8 Mapping](reference/cis-controls-mapping.md) | IG1-IG3 alignment with antifragile actions | Consultants, Auditors, Compliance |
| [NIST CSF 2.0 Mapping](reference/nist-csf-mapping.md) | CSF function mapping and evidence package | Consultants, Auditors, Compliance |

## Vertical References

| Document | Purpose | Audience |
|----------|---------|----------|
| [Vertical: Power and Utilities](reference/vertical-power-utilities.md) | Power generation, transmission, water, OT, NIS2/CER | Consultants in energy/water sectors |
| [Vertical: Telco](reference/vertical-telco.md) | Mobile/fixed operators, signaling security, 5G, fraud | Consultants in telecommunications |
| [Vertical: Banking](reference/vertical-banking.md) | Financial services, DORA, PSD2, SWIFT CSP alignment | Consultants in banking/fintech sectors |

## Assessment and Tools

| Document | Purpose | Audience |
|----------|---------|----------|
| [Antifragile Risk Register](assessment-templates/antifragile-risk-register.md) | Kill chain-aware risk taxonomy and register template | Risk Managers, Consultants |
| [M365 Project Risk Register](assessment-templates/m365-project-risk-register.md) | M365-specific risk register with phase gates | Project Managers, M365 Consultants |
| [Assessment Templates](assessment-templates/README.md) | Future diagnostic tools and maturity models | Consultants, Auditors |

## Navigation by Role

### For the Executive Sponsor

1. [Move Fast and Fix Things](core/move-fast-and-fix-things.md) — understand the engagement posture and speed philosophy
2. [Antifragile Manifest](core/antifragile-manifest.md) — understand the strategic philosophy
3. [AI Sovereignty Framework](core/ai-sovereignty-framework.md) — read the executive summary and five strategic arguments
4. [Rapid Modernisation Plan](playbooks/rapid-modernisation-plan.md) — review phases and governance cadence
5. [Zero-Budget Hardening](playbooks/zero-budget-hardening.md) — understand how existing investments are maximized

### For the Security Architect

1. [T0 Asset Framework](core/t0-asset-framework.md) — master the classification and protection model
2. [Implementation Playbook](playbooks/implementation-playbook.md) — follow the workstreams for identity, perimeter, and resilience
3. [Rapid Modernisation Plan](playbooks/rapid-modernisation-plan.md) — adapt phases to organizational context

### For the Consultant

1. [README](README.md) — repository orientation
2. [Move Fast and Fix Things](core/move-fast-and-fix-things.md) — your opening stance and engagement principles
3. [Modular Engagements](core/modular-engagements.md) — the engagement menu: sell any module standalone
4. [Antifragile Manifest](core/antifragile-manifest.md) — philosophical foundation for client conversations
5. [M365 E3 Hardening](playbooks/m365-e3-hardening.md) — your bread-and-butter: hardening for E3 clients
6. [AD and Endpoint Hardening](playbooks/ad-endpoint-hardening.md) — on-premises identity and endpoint depth
7. [AI Sovereignty Framework](core/ai-sovereignty-framework.md) — persuasive arguments and objection handling
8. [AI Operations Inevitability](core/ai-operations-inevitability.md) — why defensive AI is not optional
9. [Organizational Resilience](core/organizational-resilience.md) — shift left and Dev/Sec/Ops merger talking points
10. [Zero-Budget Hardening](playbooks/zero-budget-hardening.md) — prove value fast without selling
11. [Zero-Budget Vulnerability Discovery](playbooks/zero-budget-vulnerability-discovery.md) — script-based and osquery-based discovery before scanner procurement
12. [Osquery: The Sovereign Discovery Platform](playbooks/osquery-custom-platform.md) — build owned vulnerability and asset inventory capability
13. [Rapid Modernisation Plan](playbooks/rapid-modernisation-plan.md) — structured engagement roadmap
14. [Implementation Playbook](playbooks/implementation-playbook.md) — tactical delivery guidance
16. [Sovereign Tool Stack](playbooks/sovereign-tool-stack.md) — the open-source arsenal: Prowler, BloodHound, CISO Assistant, ASTRAL, AOC, and recommended additions
15. [Vertical: Power and Utilities](reference/vertical-power-utilities.md), [Vertical: Telco](reference/vertical-telco.md), or [Vertical: Banking](reference/vertical-banking.md) — sector-specific adaptations
14. [CIS Controls Mapping](reference/cis-controls-mapping.md) and [NIST CSF Mapping](reference/nist-csf-mapping.md) — standards alignment for auditors and regulators

---

*This index is updated as the repository grows.*