Claude Sonnet 4.6
3b69f255ec
rapid-modernisation-plan.md: New 'Milestone Deliverables' section with 23 numbered, verifiable deliverables across three milestones. Day 30 (7 deliverables): Brownhat Diagnostic, ASTRAL deployed, PULSAR deployed, T0 accounts hardened, attack surface report, quick wins closed, stale account queue opened. Hard gate: if ASTRAL/PULSAR not deployed, the bottleneck is access provisioning not scope. Day 90 (9 more deliverables): MFA for all users enforced (not enrolled), legacy auth blocked, CA baseline, P0/P1 vulns closed, BloodHound before/ after, vendor access hardened, T0 backup verified, ASTRAL restore drill, PULSAR top 5 alert rules with runbooks. Day 180 (7 more deliverables): Alert runbooks, custom detection rules, client IT lead independence (live walkthrough), housekeeping 3 cycles, module completion packages, risk register closure evidence, retained scope. Each milestone includes the verifiable evidence column and a 'what this value stands alone' statement. Section closes with honest timeline modifiers (large AD, high user count, OT environments). business-case-template.md: The Ask updated to quote the three milestones explicitly. Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>