{ "version": "2.0", "generated": "2026-05-10T00:00:00Z", "positioning": "Making messy systems easier to reason about.", "engagement_note": "Scoped consulting, review, and build work. Good fit depends on the problem, conflict checks, and whether the output can be made useful.", "offers": [ { "id": "cloud-security-reality-check", "name": "Cloud security reality check", "summary": "A practical review of account structure, network paths, IAM blast radius, logging, detection, migration guardrails, and rollback paths.", "best_for": [ "cloud-heavy teams", "cloud migration", "security architecture", "regulated environments" ], "outputs": [ "prioritized findings with risk, evidence, and concrete remediation steps", "target-state notes for boundaries, logs, rollback, and ownership", "quick-win backlog for the first 30 days", "plain-language summary that avoids false precision" ], "evidence": "Hands-on work around cloud networking, managed services, migrations, account structure, and security operations; biased toward evidence, blast-radius reduction, and systems a team can maintain." }, { "id": "bounded-agent-integration", "name": "Bounded agent integration", "summary": "Design and build an MCP or agent-facing integration with read-only defaults, clear tool scope, authentication handling, pagination, rate limits, tests, and handoff notes.", "best_for": [ "security vendors", "internal platform teams", "SOC automation", "AI-assisted operations" ], "outputs": [ "working MCP server or integration with explicit tool schemas", "authentication and token lifecycle handling", "tests, linting, typing, and deployment notes", "agent-facing documentation and example prompts" ], "evidence": "Released Cisco FMC MCP Server with token lifecycle handling, rate limiting, transparent pagination, read-only design, pytest, mypy, and ruff." }, { "id": "governed-ai-workflow-plan", "name": "Governed AI workflow plan", "summary": "Turn a proposed AI workflow into an implementable design with identity, tool boundaries, review loops, evidence, fallback paths, and explicit non-goals.", "best_for": [ "LLM pilots", "enterprise AI enablement", "risk reviews", "agentic workflows" ], "outputs": [ "workflow architecture with trust boundaries and tool permissions", "control checklist mapped to operational risks", "prototype or implementation plan where useful", "acceptance tests for safe behavior and handoff" ], "evidence": "MÆI/Smactorio work applies control thinking, external review, and task-scoped tool use to real agent workflows." }, { "id": "security-automation-guardrails", "name": "Security automation and migration guardrails", "summary": "Build or review automation that turns cloud-security decisions into repeatable checks, runbooks, scripts, Terraform patterns, or operational dashboards.", "best_for": [ "platform engineering", "security operations", "cloud migration", "lean teams" ], "outputs": [ "automation backlog split by risk and execution cost", "scripts or infrastructure patterns for high-value controls", "operational runbook with validation steps", "handoff notes for the owning team" ], "evidence": "Repeated work converting ambiguous constraints into scripts, runbooks, dashboards, migration notes, and operating patterns." }, { "id": "architecture-reality-check", "name": "Architecture reality check", "summary": "A direct review of a cloud, security, AI, or infrastructure decision when the system is messy and the cost of being wrong is not theoretical.", "best_for": [ "founders", "technical teams", "architecture decisions", "pre-build validation" ], "outputs": [ "decision memo with tradeoffs and recommendation", "risk register for the architecture or plan", "sequenced implementation path", "questions your team should answer before spending more money" ], "evidence": "Useful when identity, network paths, logs, state, fallback behavior, and human handoff matter more than a framework deck." } ] }