Tomas Kracmar
763da003d3
Complete repository of frameworks, playbooks, and assessment resources for cybersecurity consultations focused on antifragile enterprise design. Includes: - Core philosophy and manifest (5 pillars) - 12 modular engagement packages - AI sovereignty and operations frameworks - Zero-budget vulnerability discovery and hardening playbooks - M365 E3 hardening and antifragile project plans - Osquery sovereign discovery platform blueprint - Perimeter scanning capability guide - AI-assisted TVM blueprint for AI-powered adversaries - Vertical specializations: banking, telco, power/utilities - CIS Controls v8 and NIST CSF 2.0 mappings - Risk registers and assessment templates - C-suite conversation guide and business case templates
9.3 KiB
9.3 KiB
Antifragile Enterprise Consulting Repository — Index
For Executives and Board Members
| Document | Purpose | Audience |
|---|---|---|
| Executive Summary | One-page strategic overview | CEOs, Boards, Executive Committees |
| Modular Engagements | Menu of independent modules; choose your starting point | CEOs, CFOs, Procurement |
| C-Suite Conversation Guide | Scripts, objection handling, and psychological framing | Executives, Advisors |
| Business Case Template | Financial justification, ROI, and risk quantification | CFOs, Boards, Risk Committees |
| Antifragile Manifest | Core philosophy and five pillars (business translation) | Executives, Architects, Consultants |
For Practitioners and Consultants
| Document | Purpose | Audience |
|---|---|---|
| README | Repository overview and quick start | Everyone |
| Move Fast and Fix Things | Company motto and engagement posture | Consultants, Executives |
| Antifragile Manifest | Core philosophy and five pillars | Executives, Architects, Consultants |
| AI Operations Inevitability | Defensive AI is inevitable; business AI is optional | CISOs, CTOs, Consultants |
| Azure OpenAI Sovereignty Bridge | Azure OpenAI/Foundry as pragmatic sovereignty step | CTOs, Architects, Consultants |
| Organizational Resilience | Shift left and Dev/Sec/Ops merger talking points | CTOs, CISOs, Consultants |
| Embedded Quality Assurance | Process assurance for teams feeling "not in control" | Heads of Security, Operations, Project Leaders |
| Blue/Purple Team Foundation | Building defensive capability from existing tool investments | CISOs, SOC Managers, Security Architects |
| Retained Capability | What to keep in-house when outsourcing SOC, pentest, compliance | CISOs, CFOs, Procurement |
Core Frameworks
| Document | Purpose | Audience |
|---|---|---|
| Move Fast and Fix Things | Speed, repair, and maximizing existing investment | Consultants, Executives |
| Antifragile Manifest | Five pillars of antifragile enterprise | Executives, Architects, Consultants |
| AI Sovereignty Framework | Strategic arguments and implementation for local AI | CISOs, CTOs, Security Architects |
| T0 Asset Framework | Tier 0 classification and protection for critical assets | Security Architects, Infrastructure Leads |
Playbooks
| Document | Purpose | Audience |
|---|---|---|
| Rapid Modernisation Plan | 30-60-90-180 day transformation roadmap | Program Managers, Consultants, CISOs |
| Endpoint Management Entry Vector | Intune/device management as the ideal engagement entry point | M365 Consultants, Account Managers |
| AI-Assisted TVM Blueprint | AI-powered vulnerability management for AI-powered adversaries | CTOs, CISOs, Vulnerability Management |
| Zero-Budget Vulnerability Discovery | Script-based and osquery-based server/container vuln discovery without Tenable/Qualys | Security Engineers, Consultants |
| Perimeter Scanning Capability | External attack surface strategy: build, partner, or hybrid | Security Architects, Consultants |
| Osquery: The Sovereign Discovery Platform | Build a custom vulnerability and asset inventory platform on osquery | Security Engineers, Consultants, CTOs |
| M365 Antifragile Project | Greenfield and modernisation with antifragile design | M365 Consultants, Project Managers |
| M365 E3 Hardening | Tactical hardening for M365 E3 environments | M365 Consultants, Security Engineers |
| AD and Endpoint Hardening | On-prem AD, Windows endpoints, hybrid identity | Infrastructure Consultants, Security Engineers |
| Zero-Budget Hardening | Maximize existing tools, minimize new purchases | Consultants, CISOs, IT Managers |
| Implementation Playbook | Tactical step-by-step delivery guide | Technical Leads, Security Engineers |
| Business Case Template | Financial justification, ROI, risk quantification | CFOs, Boards, Consultants |
Standards Reference
| Document | Purpose | Audience |
|---|---|---|
| CIS Controls v8 Mapping | IG1-IG3 alignment with antifragile actions | Consultants, Auditors, Compliance |
| NIST CSF 2.0 Mapping | CSF function mapping and evidence package | Consultants, Auditors, Compliance |
Vertical References
| Document | Purpose | Audience |
|---|---|---|
| Vertical: Power and Utilities | Power generation, transmission, water, OT, NIS2/CER | Consultants in energy/water sectors |
| Vertical: Telco | Mobile/fixed operators, signaling security, 5G, fraud | Consultants in telecommunications |
| Vertical: Banking | Financial services, DORA, PSD2, SWIFT CSP alignment | Consultants in banking/fintech sectors |
Assessment and Tools
| Document | Purpose | Audience |
|---|---|---|
| Antifragile Risk Register | Kill chain-aware risk taxonomy and register template | Risk Managers, Consultants |
| M365 Project Risk Register | M365-specific risk register with phase gates | Project Managers, M365 Consultants |
| Assessment Templates | Future diagnostic tools and maturity models | Consultants, Auditors |
Navigation by Role
For the Executive Sponsor
- Move Fast and Fix Things — understand the engagement posture and speed philosophy
- Antifragile Manifest — understand the strategic philosophy
- AI Sovereignty Framework — read the executive summary and five strategic arguments
- Rapid Modernisation Plan — review phases and governance cadence
- Zero-Budget Hardening — understand how existing investments are maximized
For the Security Architect
- T0 Asset Framework — master the classification and protection model
- Implementation Playbook — follow the workstreams for identity, perimeter, and resilience
- Rapid Modernisation Plan — adapt phases to organizational context
For the Consultant
- README — repository orientation
- Move Fast and Fix Things — your opening stance and engagement principles
- Modular Engagements — the engagement menu: sell any module standalone
- Antifragile Manifest — philosophical foundation for client conversations
- M365 E3 Hardening — your bread-and-butter: hardening for E3 clients
- AD and Endpoint Hardening — on-premises identity and endpoint depth
- AI Sovereignty Framework — persuasive arguments and objection handling
- AI Operations Inevitability — why defensive AI is not optional
- Organizational Resilience — shift left and Dev/Sec/Ops merger talking points
- Zero-Budget Hardening — prove value fast without selling
- Zero-Budget Vulnerability Discovery — script-based and osquery-based discovery before scanner procurement
- Osquery: The Sovereign Discovery Platform — build owned vulnerability and asset inventory capability
- Rapid Modernisation Plan — structured engagement roadmap
- Implementation Playbook — tactical delivery guidance
- Vertical: Power and Utilities, Vertical: Telco, or Vertical: Banking — sector-specific adaptations
- CIS Controls Mapping and NIST CSF Mapping — standards alignment for auditors and regulators
This index is updated as the repository grows.