Cadence
Kindo × Deloitte Program
Sprint 1: Jun 29 - Jul 10 Updated Jul 7
ITEMS DELIVERED: 8·DAY 7 OF 10·SPRINT CONFIDENCE ↑ 92%·SOC FOR AI SCOPE LOCKED·COHORT 2 LAUNCH JUL 10·KUSH DESIGN SESSION JUL 10·LMS DOMAIN FIX ✅·ITEMS DELIVERED: 8·DAY 7 OF 10·SPRINT CONFIDENCE ↑ 92%·SOC FOR AI SCOPE LOCKED·COHORT 2 LAUNCH JUL 10·KUSH DESIGN SESSION JUL 10·LMS DOMAIN FIX ✅·
Kindo × Deloitte · Sprint 1

Sprint 1 Tracker.

Live sprint tracker - progress, decisions, and backlog for Sprint 1

Current SprintWk 28
Cycle 2 weeks
Delivered 8 items
Day 7 of 10
Confidence 92%
01 · Sprint Progress

Sprint 1 Progress.

Day 7 of 10 - June 29 → July 10, 2026

Sprint 1 Status

Eight items shipped. Two blockers open.

Day 7
of 10 (Mon Jul 7)
8
Items Delivered
Jul 10
Sprint End + Kush Design Session
Delivered this sprint:
  • SOC for AI Requirements Questionnaire - 5 sections, 19 questions, priority-tagged, Deloitte client language. Sent to Krishna Jul 1. Awaiting responses. Live at /questionnaire
  • Sprint Cadence Calendar (Jul-Oct) - 3-layer cadence (sprint/monthly/quarterly), external-ready. Live at /cadence
  • Deloitte LMS - Technical Track (T1-T4) - All 4 training videos deployed. Charlie (tech SME) reviewed all 4 - APPROVED, no critical issues.
  • Deloitte LMS - Practitioner Track (P1-P4) - P1/P3/P4 visual re-times deployed. P2 provenance issue identified and fix planned.
  • Next Button Gating - LMS module progression locked behind completion state. Shipped.
  • Internal sprint site - kindo-deloitte-internal.pages.dev live with full content for internal team use.
  • LMS domain consistency - Magic link domain mismatch resolved Jul 6. Email sender/auth URL/landing page now consistent.
  • SOC for AI scope locked - Deloitte replied to questionnaire Jul 7. Scope reframed from shadow AI discovery → Kindo platform agent governance. 5 objectives defined, capability gap analysis complete, 3-track delivery plan set.
In progress / blockers:
  • Audit Surface Map for Friday call - Deloitte reframed SOC for AI scope Jul 7 → Kindo platform agent governance (not shadow AI discovery). Need to map Kindo's current audit/telemetry capabilities against their 5 objectives before the Friday requirements call with Krishna's team.
  • AI Discovery Agent - scope under review - Original design targeted shadow AI discovery. With Deloitte's reframe to platform governance, the agent concept needs to pivot to Kindo-native monitoring (drift detection, policy change alerts, tenant boundary checks). Revisit after Friday call.
Upcoming
Key Dates
DateEventDetails
Jul 10 (Fri) Kush Design Session 90 min, virtual. Skills, memory, self-improving agents. Context-gathering + requirements for net new agent pipeline. Tony, Charlie, Kush + team.
Jul 10 (Fri) Deloitte Training Cohort 2 Second training cohort launch. LMS technical review ✅ complete (Charlie approved). Domain consistency fix in progress.
Jul 10 (Fri) Sprint 1 End Sprint Review + Retro. Show-don't-tell evidence for all completed items.
Jul 13 (Mon) Sprint 2 Planning Engineering team returns (Madison early Jul, Sean week of Jul 7). Code work unblocked.
Jul 27 Monthly Portfolio - Houston Ron in Houston. Video evidence + working links for Ron/Forge Point.
Context: June 24 strategy session + June 26 working session confirmed 2-week scrum cadence starting June 29. Tony steps back to biweekly sprint planning (product owner cadence). SOC for AI is the new #1 strategic priority per Kush. Agents A.6 and A.10 deprioritized.
02 · Cadence

Cadence & Ceremonies.

Three-layer cadence: 2-week sprints, monthly portfolio, quarterly deep dives

Three Layers

Sprint. Portfolio. Deep dive.

01 · Sprint
2-Week Cycle

Execution cadence. Ship code, build agents, deliver results.

PlanningMonday (every 2 weeks)
StandupsMon/Wed/Fri (team only)
Review + RetroFriday (every 2 weeks)
Tony attendsPlanning + Review only
02 · Portfolio
Monthly Review

Show results to executives. Video evidence + working links.

First meeting~Late July (Jul 27)
AttendeesTony, Charlie + Ron
FormatShow, don't tell (see below)
NoteSame city as quarterly deep dive to avoid over-travel
03 · Deep Dive
Quarterly Sessions

In-person design sessions. Strategic alignment + release planning.

Duration~5-7 days
Q3 locationHouston, TX (aligned with July monthly portfolio - Ron anchor event Jul 27)
WithTeam + Ron + key engineers
OutputQuarter release plan
Artifacts
Scrum Artifacts - Warren Delivers
Tony expects Warren to programmatically deliver real-time sprint artifacts. No asking for status - artifacts should be self-service.
ArtifactCadenceDescriptionStatus
Sprint Backlog Updated daily Items committed for current sprint, status, blockers Sprint 1
Burndown Real-time Story points or items remaining vs time Sprint 1
Sprint Review Deck End of sprint Video evidence + working links of shipped work Sprint 1
Definition of Ready Standing Criteria for items entering sprint (see below) Defined
Definition of Done Standing Criteria for items being complete (see below) Defined
Principle
"Show Don't Tell" - What Tony Means

We're moving at 5× traditional speed. Words can't keep up. Ron didn't understand net new revenue agents until the third time Tony explained it - and Ron is the sharpest person in the room. If Ron needs three reps to absorb a verbal summary, everyone else needs more.

The old way (what we stop doing):

  • Verbal status updates: "A.5 is code complete, waiting on merge"
  • Slides with bullet points about progress
  • Written summaries explaining what happened
  • "Technical done" without "business done" evidence

The new way (what every portfolio item needs):

  • Video walkthrough - screen recording of the feature working in production (30-90 sec)
  • Live URL - clickable link where the stakeholder can see it themselves, right now
  • Before/after screenshots - visual proof of what changed
  • Metrics - measurable impact (e.g., "21min per alert → 5min")
Tony's original architecture: Akira AI PMO confirms requirements via video → team builds → confirms results via video. Both ends are visual. If you can't show it working on screen, it's not done enough to present. This applies to everyone - Krishna, Kush, Ron, Forge Point.
Rotation
Proposed Location Rotation (Monthly Portfolio)
MonthLocationNotes
JulyHoustonRon in Houston Jul 27 - anchor event
AugustSan FranciscoKrishna's base
SeptemberAustinTony's base
OctoberLos AngelesCharlie's base

Deep dives aligned with monthly portfolio locations to avoid over-travel (Q3 → Houston, Q4 → Los Angeles).

03 · Team

Team & Hiring.

Current team, role evolution, and Value First hiring plan

Current Roster

Six roles. One mission.

Name
Tony
Current Role
Strategic leadership
Evolving To
Product Owner (biweekly)
Sprint Role
Sprint planning + review only
Name
Joana
Current Role
Program delivery
Evolving To
Net new revenue agent design
Sprint Role
Scrum lead + agent designer
Name
Victor
Current Role
Technical delivery
Evolving To
Net new revenue agent design
Sprint Role
Technical lead + agent designer
Name
Charlie
Current Role
Chief Architect / Agent Runtime
Evolving To
Platform + architecture decisions
Sprint Role
Technical advisor
Name
Warren
Current Role
Engineering & Ops AI
Evolving To
Autonomous Delivery Partner
Sprint Role
Delivery method engine, scrum artifacts
Name
Dukane
Current Role
Delivery support
Evolving To
QA manager (#warren-review)
Sprint Role
Output quality review
Role Shift: Joana & Victor moving from program delivery (100 installs, training) → net new revenue agent design. Hires will backfill the program delivery gap.
Hiring
Hiring Plan - Value First / Omberto
RoleCountRegionFocusStatus
AI PMO / Soft Skills 1-2 LatAm (preferred) Requirements gathering, stakeholder mgmt, verification Interviewing
Engineer 1-2 Eastern Europe or LatAm MLflow, Kindo agent configuration, integrations Planning

Process: Invoice → Charlie → Ron. Charlie vets technical candidates. LatAm for soft-skills (live meetings), Eastern Europe for code (Charlie's preference).

Availability
Engineering Availability
June Blocker: Agent Runtime team (Madison, Sean) on extended PTO through end of June. Core Kindo engineering (Brian Van's team) out for 3 weeks. Expected to normalize in July.
TeamStatusExpected BackImpact
Agent Runtime (Madison) PTO Early July 2.5 weeks PTO - multi-agent, agent features blocked
Agent Runtime (Sean) PTO Week of Jul 7 Working ~2 days/week past 2 weeks + off next week
Core Kindo (Brian Van) PTO Mid-July Core platform changes blocked
Charlie (Agent Runtime lead) Active - Shipped memory prototype solo

Sprint 1 implication: Focus on soft-skills deliverables (requirements, agent design, research) that don't need Kindo eng. Engineering-dependent items slot into Sprint 2+ when team is back.

04 · Portfolio

Portfolio Status.

Agent portfolio with June 24 priority shift - SOC for AI is the new #1

Priority Shift

SOC for AI is now #1.

Priority Shift (Kush, June 22): SOC for AI takes top priority. A.6 (Vitals Dashboard) and A.10 (IoT/OT Monitor) deprioritized. We must produce results faster - A.6 took 6 weeks to align, same pattern as Generative UI. If we don't capture, Deloitte builds it themselves.
Status Map
Agent Status Map
IDAgentStatusRevenue ClassBlocker
A.1Threat Monitoring PROD Contracted-
A.2Threat Intel PROD Contracted-
A.3Threat Hunt PROD Contracted-
A.4Detection Engineering PROD Contracted-
A.5CTEM BUILT ContractedDeployment pending
A.6Vitals Dashboard DEPRIORITIZED AllianceKush shifted to SOC for AI
A.7Quality Audit Agent REQS AllianceDesign sprint needed
A.8Cloud Security Agent PLANNED Alliance-
A.9IR Agent PLANNED Alliance-
A.10IoT/OT Monitor DEPRIORITIZED AllianceKush shifted to SOC for AI
A.11Custom Client Agents REQS AllianceShadow & document method
A.12Identity Agent → IdaaS PLANNED AllianceTim Corder engagement
A.13GRC Agent → GRC aaS PLANNED AllianceNathan Ellis engagement
NEWSOC for AI #1 Priority AllianceResearch + integration mapping
SOC for AI
Two-Layer Scope

"Shadow IT for AI" - discover which AI tools, agents, LLMs, copilots, MCP servers run across endpoints, SaaS, cloud; then govern, policy-enforce, remediate. Now #1 priority (Kush deprioritized A6 + A10). Distinct from A.1 (Threat Monitoring) - A.1 is Deloitte's existing SOC agent; SOC for AI coexists with / complements it.

Layer A - Shadow AI Discovery

Which AI, by whom, how much, what risk. Via CASB/SSE + IdP + DLP + SIEM the client already owns.

Layer B - Endpoint / EDR Telemetry

Orchestrate EDR/SIEM agents already on the machine (CrowdStrike-style). No new agent installs - Deloitte was explicit.

Mechanism: API-level orchestration of existing monitoring agents; build domain-specialized agents inside Kindo. No core architecture change. ~80% soft-skills / ~20% engineering.

Validated Market Timing:

  • CrowdStrike Shadow AI Discovery for Endpoint - RSAC 2026, GA, 1,800+ AI apps detected
  • Microsoft Agent 365 - GA May 2026 (Defender+Intune); context mapping + runtime blocking in public preview June 2026
Integrations
Integration Landscape

Source: SOC for AI - Scope & Research doc (Jun 25). Tenant-safe = research-grade, needs Charlie's sign-off. Registry status needs Victor/Charlie confirmation (Q1).

Already in Kindo - can start immediately (confirm registry):

PlatformSOC-for-AI CapabilityIn Kindo?Tenant-safe?
CrowdStrike Falcon Shadow AI Discovery - AI apps, agents, LLM runtimes, MCP servers Confirmed Per-tenant (see Q2)
Splunk / Datadog SIEM + observability for AI activity Confirmed Yes
Grafana / Sumo Logic / Google SecOps Dashboarding, log analytics, security ops Confirmed Yes

Microsoft Stack - covered via Microsoft MCP:

PlatformCapabilityTenantPriority
MS Defender for Endpoint Shadow-AI discovery (Agent 365 - GA May, preview Jun 2026) Azure-native Via MCP
MS Intune AI agent policy enforcement on devices Azure-native Via MCP
MS Purview DLP / data classification for AI Azure-native Via MCP
Nightfall / Netskope / Cyberhaven / Okta GenAI DLP, CASB, data lineage, OAuth-consent discovery Validate P3
Tenant Survival Filter (Tony's note #1): Every integration must pass: (1) tenant-scoped? (2) data stays in tenant, no egress? (3) SOC 2 Type II / BAA / DLP compatible? Cross-tenant/egress = disqualified.

Safest bet: Microsoft stack (Defender+Intune+Purview) - Deloitte is a Microsoft shop, runs inside their Azure/M365 tenant. Charlie's 4-6 net-new estimate looks right.

Gates Layer B (Charlie's call): CrowdStrike Falcon runs a cloud-side control plane. Even if it's in registry, does the orchestration genuinely stay "Deloitte only"? Can't resolve on paper - open question.
Revenue
Revenue Classification
$5.5M
Contracted (A.1-A.5)
$1-2M+
Alliance Net New (A.6-A.13)
$5-12M+
Upside (2-3× Expansion)
05 · Deep Dives

Deep Dive Design Sessions.

Quarterly in-person sessions - strategic alignment + release planning with Deloitte

Quarterly Rhythm

In-person. Strategic. Immersive.

Origin: Tony proposed quarterly deep dives 6 months ago - modeled after what he and Ron did independently in December (7 days of uninterrupted deep thinking). Deloitte "wholeheartedly agreed" at the June 22 meeting.
Topics
Deep Dive Topics (from Deloitte meeting)

These items were categorized under "design sessions" in Tony's meeting notes. More than half of what Deloitte raised maps to these sessions.

#TopicDescriptionOwner
1 Net New Revenue Agents Design + deploy agents that generate alliance revenue (Tier 2/3 packages) Tony / Joana
2 Threat Remediation Extend A.1-A.5 into automated remediation workflows Charlie / Victor
3 Deloitte Roadmap (Azure/GCP) Cloud platform alignment and multi-cloud strategy Charlie
4 Institutional Knowledge / Memory Skills, memory, compound learning flywheel. Don't equip Deloitte to build what we want to build (Charlie) Charlie
5 AI Cyber Guard / Tower Control plane co-development Charlie
6 Lifecycle Hooks Generic lifecycle hooks - Kush says yes but NOT most important. Ship fast MVP, don't over-engineer. Deployment speed > stickiness features. Charlie
7 Workflow Acceleration Accelerate deployment cycle (time-to-value for new Kindo customers) Victor / Joana
8 SOC for AI Shadow IT discovery, AI governance, integration mapping Joana / Victor
Calendar
Proposed Deep Dive Calendar

Kush Design Session - Friday, July 10 (Confirmed)

90 min, virtual. Skills, memory, self-improving agents. Context-gathering + requirements for net new agent pipeline. Tony, Charlie, Kush + team. Aligned with Sprint 1 end date.

Q3 2026 - First In-Person Deep Dive

Houston, TX - aligned with July monthly portfolio (Ron in Houston Jul 27). 5-7 day in-person session. Team + Ron + key engineers. Output: Q3 release plan, SOC for AI architecture, net new revenue agent designs.

Q4 2026 - Second Deep Dive

Los Angeles, CA - aligned with October monthly portfolio (Charlie's base). Review Q3 results, plan Q4 releases, expand to service lines beyond D&RaaS (Identity aaS, GRC aaS).

06 · Sprint 1

Sprint 1 - June 29 → July 10.

Day 7/10. Eight items delivered. SOC for AI scope reframed to Kindo platform governance. Kush Design Session + Cohort 2 launch both on Jul 10. AI Discovery Agent build remains open.

Sprint Goal

Audit Surface Map. Detection Rules. Friday call.

Sprint Goal
Deliver Audit Surface Map → Define Detection Rules → Prepare for Friday Requirements Call

Scope reframed Jul 7: Deloitte doesn't need shadow AI discovery (their detection engineering team handles that). They want Kindo platform agent governance with 5 new objectives. Sprint focus: build capability matrix mapping Kindo audit/telemetry against Deloitte's 5 governance objectives, define detection rules, and prep for Friday requirements call with Krishna's team.

Backlog
Proposed Sprint 1 Backlog
ItemTypeOwnerEffortDependencies / Risks
SOC for AI - Audit Surface Map
Map Kindo's current audit logs, telemetry, RBAC, DLP, MCP policies against Deloitte's 5 governance objectives. Deliver before Friday requirements call.
P0 Warren + Victor 1d In Progress
Capability assessment underway. Packaging into deliverable artifact for Friday call.
SOC for AI - Requirements Questionnaire → Krishna
Generate SOC for AI questionnaire (same format as A.6). Send to Krishna who routes to right person. Answers refine which monitoring tools Deloitte's clients actually use - improves agent design accuracy.
P0 Tony + Joana + Warren 0.5d Done + Sent
Deployed Jun 29. Sent to Krishna Jul 1. Superseded by Deloitte's Jul 7 reply - scope reframed from shadow AI discovery to Kindo platform governance. Questionnaire responses no longer blocking.
SOC for AI - Detection Rule Library
Define detection rules mapping each of Deloitte's 5 objectives to specific Kindo audit events and API endpoints. Package for Krishna's team to implement in their SIEM.
P1 Warren + Victor 2d Depends on Friday call
Detection rules to be refined after Friday requirements call with Krishna's team.
Sprint 1 Meta-Risk: The entire sprint is optimized for soft-skills work because eng is on PTO. That's smart - we're shooting where we're unblocked. But if eng comes back mid-sprint and unblocks code work, do NOT mid-sprint pivot. Finish what we committed to. New engineering items go into Sprint 2 backlog.
Delivery Method Alignment: Every Sprint 1 item must map to the Deterministic Outcome Package - (1) Named Owner, (2) Transcript/Intake Artifact, (3) Standing Rules, (4) Cron-Sustained Refresh, (5) Recipient's Narrative. Evidence Base 85% pattern applies: named human owner + same-day delivery + output in recipient's language.
Exit Criteria
Sprint 1 Exit Criteria

Show-don't-tell: every criterion needs evidence, not a status update.

  • Audit Surface Map delivered before Friday call → deliverable: capability matrix (5 objectives × Kindo audit surface)
  • Detection rule templates drafted → deliverable: rule definitions + API endpoint mappings
  • Friday requirements call completed with Krishna's team → deliverable: refined scope + Sprint 2 plan
  • Warren delivering sprint status automatically → deliverable: live sprint dashboard URL
Out of Scope
Sprint 1 - NOT In Scope
  • Code shipping to Kindo platform (eng on PTO) - Sprint 2 when team returns
  • Core platform changes (Brian's team required) - blocked, not our call
  • A.6 Vitals Dashboard (deprioritized by Kush) - parked
  • Scaling Story for Ron (important but not SOC for AI) - separate workstream, not sprint backlog
  • A.7 Quality Audit design sprint (depends on Krishna scheduling) - backlog, not Sprint 1
  • Hiring decisions (interviews in progress) - parallel track
Definition of Ready
DoR - Entry Criteria

An item can enter the sprint when ALL of these are true:

#CriteriaWhy
1Clear outcome defined - what does "done" look like in business terms, not technical terms?Victor's point: business value, not technical value
2Owner assigned - single person accountableNo orphan items
3Dependencies identified - blocked/unblocked explicitly taggedVictor's framework: shoot where we're unblocked
4Effort estimated - days, not points. Be honest.Tony needs to know what to expect without asking
5Classified soft-skill vs code - which work type? Determines who can execute.~80% soft-skills moves without Brian's team
6Passes tenant filter (if integration) - tenant-scoped? data stays in tenant? SOC 2 II / BAA / DLP?Tony's note #1: "Deloitte only"
7Fits the sprint - total committed work ≤ team capacityDon't overcommit then under-deliver
8Acceptance criteria written - how will we verify it's done?"Show don't tell" starts here
Definition of Done
DoD - Completion Criteria

An item is done when ALL of these are true:

#CriteriaEvidence Required
1Acceptance criteria met - every criterion checked off with proofScreenshots, video, or live URL
2Business done, not just technical done - stakeholder can see and use itWorking link or deployed artifact
3Evidence attached - "show don't tell" proof in the same message as the completion claimVideo walkthrough, screen recording, API response
4Integrations pass tenant + compliance checkTenant filter results documented
5No open blockers or regressionsVerification report
6Reviewed - at least one other team member has seen the outputReviewer name + feedback
7Documented so Warren can report statusWarren updates programmatically
8Owner confirmed doneExplicit sign-off
Hard rule: "Code complete" ≠ done. "Waiting on merge" ≠ done. "I verified" without the actual evidence ≠ done. If you can't show it on screen, it's not done.
07 · Product Backlog

Product Backlog.

Items that produce a built artifact (agent, integration, code in Kindo) - ranked by strategic priority

Ranked by Impact

SOC for AI first. Then net new revenue.

Prioritization framework: SOC for AI is #1 (Kush mandate). Then net new revenue agents (alliance revenue). Then contracted platform work. Unblocked items before blocked items (self-unblocking bias).
P0 - Must Do Now 2 items
SOC for AI — Audit Surface Map
Map Kindo audit/telemetry capabilities against Deloitte's 5 governance objectives. Capability assessment complete (Odin input received). Need to package into deliverable artifact for Friday call.
Governance Mapping In Progress
Scope reframed Jul 7. Deloitte confirmed shadow AI discovery handled by their detection engineering team. Focus now on Kindo platform agent governance with 5 objectives.
SOC for AI — Detection Rule Library
Define detection rules for each governance objective. Maps to specific Kindo API endpoints and audit events. Target: Sprint 1-2 deliverable for Krishna's SIEM team.
Detection Rules API Mapping Depends on Friday call
Detection rules to be refined after Friday requirements call with Krishna's team. Initial mapping based on Deloitte's 5 governance objectives.
P1 - High Priority 5 items
CrowdStrike Shadow AI Discovery - API Scope Validation
Validate Kindo's existing CrowdStrike integration (OAuth2_CC) covers the Shadow AI Discovery endpoints announced at RSAC 2026 (1,800+ AI apps detection).
Technical Charlie Deprioritized / Superseded
Superseded Jul 7: Deloitte confirmed shadow AI discovery is handled by their detection engineering team, not our scope. CrowdStrike API validation no longer blocking.
A.7 Quality Audit Agent - Design Sprint
Option 1: High-bandwidth meeting with Krishna's team (~3hrs). Design the 5-agent Quality Audit package (Alert Scorer, Human Baseline Validator, Efficiency Tracker, Pool Optimizer, Audit Dashboard).
Agent Design Joana Blocked: Krishna scheduling
A.11 Custom Client Agents - Shadow & Document
Option 2: Warren ingests SOPs + ride-along with analysts. Capture institutional knowledge for custom agent patterns. Start with HP deployment patterns.
IK Capture Victor Depends: analyst access
A.5 CTEM - Production Deployment
CTEM is built, needs deployment. Blocked on Kindo eng availability but should be first code ship when team returns.
Deployment Blocked: Eng PTO
Show-Don't-Tell - Video Evidence Pipeline
Establish process for capturing video evidence of working functionality. Every P0/P1 should have video proof + working URL. Tony: "We're moving too fast for words."
Delivery Mechanism Warren + Victor Unblocked
P2 - Medium Priority 3 items
MS Defender for Endpoint Integration (SOC for AI)
New integration needed. Shadow AI discovery via "Agent 365" (May 2026). Critical for enterprise customers. Tenant-scoped.
Integration Engineering Blocked: Eng PTO
A.8 Cloud Security Agent - Requirements
Kush's Deloitte roadmap includes Azure/GCP alignment. Design cloud security agent leveraging cloud-native tools.
Agent Design Depends: Deep Dive
A.9 IR Agent - Requirements
Incident Response automation agent. Extends threat monitoring (A.1) into response workflows.
Agent Design Depends: Deep Dive
P3 - Future / Deep Dive Topics 7 items
MS Purview Integration (SOC for AI - DLP)
Data loss prevention + data classification for AI usage. No Kindo integration today.
IntegrationP3
A.12 Identity Agent → IdaaS (Tim Corder)
Service line expansion into Identity aaS. Requires engagement with Tim Corder + Ravi.
Service Line ExpansionPhase 4
A.13 GRC Agent → GRC aaS (Nathan Ellis)
Service line expansion into GRC aaS. Requires engagement with Nathan Ellis.
Service Line ExpansionPhase 4
Lifecycle Hooks MVP
Kush: short answer is yes, but NOT most important. Ship fast MVP - don't over-engineer. Focus: deployment speed, not stickiness.
PlatformKush deprioritized
IK / Memory Design Session (Kush request)
Kush asked for a session on institutional knowledge, skills, memory. Charlie: protect IP - share "what" not "how."
Deep DiveIP sensitivity
AI Cyber Guard / Tower - Control Plane
Control plane co-development with Deloitte. Design session topic.
Deep DiveCharlie
SaaS Discovery Integrations (Nightfall, Netskope, Okta)
CASB/SaaS-level AI discovery tools. No Kindo integrations today. Lower priority than endpoint-level discovery.
IntegrationP3
Parked 2 items
A.6 Vitals Dashboard
Deprioritized by Kush (June 22). SOC for AI takes its slot. May resurface in future sprints.
Deprioritized
A.10 IoT/OT Monitor
Deprioritized by Kush (June 22).
Deprioritized
Program Track

Program / Strategic Track.

Parallel track - program management work that needs an owner and date but doesn't produce a product artifact. Not sprint-rankable. Joana's track.

Why this is separate: These items are essential program work - investor narratives, portfolio prep, hiring, travel planning - but they don't produce a built artifact in Kindo. They run on their own timelines with their own owners, parallel to the sprint. Mixing them into P0-P3 product lanes creates false prioritization conflicts.
ItemOwnerTarget DateNotes
Deloitte Training Cohort 2 Launch Joana Jul 10 Second cohort goes live. LMS pending Charlie's technical review.
Scaling Story for Ron / Forge Point Tony + Joana During Sprint 1 Capture while Tony is present - he goes biweekly after. 3-5× revenue growth narrative for Forge Point VC.
Monthly Portfolio Prep (July) Joana Ahead of Jul 27 Houston Video evidence + working links for shipped functionality.
Value First Hiring Joana / Victor Ongoing Interviews in progress. Invoice → Charlie → Ron.
Deep Dive Prep / Calendar + Budget Tony / Joana TBD Done - deep dives aligned to monthly portfolio cities (Houston Q3, LA Q4).
Warren Scrum Artifacts Setup Joana + Warren + Victor Sprint 1 Configure Warren for sprint backlog, burndown, status delivery. Verify accuracy before Tony relies on it.
08 · Decisions

Open Decisions & Needs-Human.

Items requiring team input - updated July 7

Attention Required

Scope reframed. New deliverables defined.

SOC for AI
Scope Reframed — Deloitte's 5 Governance Objectives (Jul 7)

Deloitte replied Jul 7 and completely reframed the SOC for AI scope. They don't need shadow AI discovery (their detection engineering team handles that). They want Kindo platform agent governance with 5 new objectives. Friday call with Krishna's team to walk through requirements in detail. Audit Surface Map is the prep artifact.

01
Detect unauthorized agent deployments Covered RBAC + deploy audit logs exist in Kindo. Agents cannot be deployed without appropriate role permissions, and all deployment events are logged.
02
Detect new tool/integration connections Covered MCP registry + integration audit logs capture all new tool and integration connection events. Full visibility into what's connected and when.
03
Detect agent action drift vs SOPs Gap No behavioral baseline engine exists. This is the biggest engineering need. Requires defining expected behavior profiles and detecting deviations from standard operating procedures.
04
Detect guardrail/MCP policy changes Partial Policy configs are logged, but need change-detection alerting. The audit trail exists — what's missing is real-time notification when guardrails or MCP policies are modified.
05
Detect cross-tenant data contamination Partial Prevention controls exist (tenant-scoped memory, data isolation). Detection gap: no active monitoring for data leakage between tenant boundaries.
Other Items
Other Open Items
-
Sprint 1 scope - confirm or adjust proposed items Do the SOC for AI items match what we can realistically ship in 2 weeks with eng on PTO? Each item should map to the Delivery Method's 5-component Outcome Package (named owner, transcript, standing rules, cron refresh, recipient narrative). Apply Evidence Base 85% pattern.
-
SOC for AI questionnaire → Krishna Sent Questionnaire sent to Krishna (Jul 1). 5 sections, 19 questions. Awaiting responses. Answers refine AI Discovery Agent integration priorities. Live at /questionnaire.
-
Value First hiring - interview status Joana met with Omberto's team. Results feed into team planning but don't block Sprint 1. 1-2 AI PMO / soft-skills roles + 1-2 engineers (LatAm preferred for soft-skills, Eastern Europe for code).
-
Agent runtime team return date - confirm July availability Madison back early July, Sean week of Jul 7. Track for Sprint 2 planning.
09 · Evidence Base

Evidence Base.

110 days of empirical data (Mar 9 - Jun 26, 2026) - what worked, what failed, what was killed

110 Days of Data

What works. What fails. What was killed.

Why this matters for Sprint 1: This sprint is the first cycle born after the March→May→June learning curve (Additive → Peak Complexity → Subtraction). Every item should operate on the validated methods, carrying none of the killed ones. Full audit: warren-evolution-audit.pages.dev
85%
Kindo Dashboards (best)
40%
Pipeline Execution (worst)
7
Systems Killed (Jun 17)
Grades
Initiative Grades - Measured, Not Claimed
InitiativeGradeKey Evidence
Kindo × Deloitte Dashboards 85% 2 production dashboards, daily cron, 240 deploys. Owner (Joana) + same-day loop + cron refresh
Strategic Dashboards 80% Same-day delivery pattern. Revenue Map for Ron dinner = built same day Tony directed
Kindo LMS 75% T1-T4 deployed (T1/T2 Joana-confirmed). P1/P3/P4 visual re-times done. Next-button gating shipped. P2 provenance fix + T3 seam fix pending. Cohort 2 target: Jul 10.
Tony CoS Dashboard 55% 136 deploys, CI/CD working. But: DM capture unverified, Phase 2 never started
Autonomous Pipeline 40% Architecture complete (43 routes). But: 0 agents dispatched for 42+ days. Pipeline became meta-work
What Works
The 85% Pattern
  • Named human owner driving the loop (Joana, Tony)
  • Same-day delivery - directive → artifact in hours, not days
  • Output in recipient's language, not internal jargon
  • Cron-sustained refresh - keeps it alive after delivery
  • Synchronous sessions > async (4h live = weeks of async)
What Fails
The 40% Pattern
  • Autonomous pipeline without human driving = meta-work
  • AI judging AI = shared fault amplification (40-48% pass rate)
  • Process docs as probabilistic input = unreliable
  • Complexity accumulation without outcome measurement
  • Demo site proliferation - 8+ sites, most never viewed
Timeline
The Arc - March → May → June

March-April: Build

Pipeline architecture, 67 routes, Sprint 0, first dashboards. Every problem solved by adding.

May: Peak Complexity

6 new Pages in 3 weeks. 5 AI eval crons. 4 daily dossiers. Maximum complexity = diminishing returns.

June: Subtract

7 systems killed. 0% dossier engagement. Silence First. Human-only review. Higher signal than anything added.

Market Signal
Capability Resonance - What Customers Actually React To
#CapabilityWho ReactedWhen
1Thinking model / decision OSIgor: "Jarvis not Siri"May 15
2Knowledge extractionSteve Ward: "floored"May 25
3AIPMO / autonomous PMValent: SOW signed ($5K)Apr-Jun
4Dependency mappingNFL corpus proof pointApr
5Sprint planning / estimationHector: "that's money"Jun
Guard Rail for Sprint 1: If the number of systems, crons, or processes starts climbing without outcome improvement, subtract before adding. The March→May arc proved complexity accumulation is the default - it has to be actively resisted. Max 1-5 individual changes at a time (Tony, Jun 19).
10 · Delivery Method

Delivery Method.

Warren = Autonomous Delivery Partner - the product is the method, Warren is the engine

The Product

The method is the product. Warren is the engine.

Key insight (Tony + Victor, Jun 26): "The product isn't Warren. The product is this delivery method - with Warren as the engine that makes it run at the speed and quality level that a human team can't match." Warren transforms non-technical creative direction into shipped products. Not autonomous SDLC - Autonomous Delivery Partner.
Framework
Deterministic Outcome Package - 5 Components

Every load-bearing milestone (85% of outcomes) used these 5 components. Each Sprint 1 item should map to this template.

01
Named Owner

A human driving the loop

A human on the customer side driving the loop (the "Tony" equivalent). Sprint 1 check: Who is the owner for each item?

02
Intake Artifact

Customer's own words

Customer's own words, not our interpretation. Sprint 1 check: Do we have source material in their language?

03
Standing Rules

Deterministic, written

Deterministic rules, written - never probabilistic process docs. Sprint 1 check: Are the rules codified or still in people's heads?

04
Cron Refresh

Keep it alive after delivery

Keeps the output alive after initial delivery. Sprint 1 check: Will this need automated updates or is it one-shot?

05
Narrative

Recipient's framework

Output framed in the customer's framework, not VtKl's internal language. Sprint 1 check: Are we using Krishna's/Kush's words or ours?

Operating Pair
The Operating Pair - Appears in 5/8 Load-Bearing Milestones

01 - Owner + Same-Day Loop

The mechanism. Without a named owner driving the loop, nothing ships. Present in: Kindo dashboards, CDO thesis, Execution Plan + Revenue Map, Strategic Portfolio Design, Great Subtraction.

11 - Narrative (Recipient's Framework)

The communication layer. Without narrative framing, output ships but doesn't land. Ron needed visual revenue framing. Igor needed "Jarvis" framing. Krishna needed triage language.

Validation
Validated at Three Altitudes

E

Executive

Revenue Map for Ron dinner (May 21-23). Visual, revenue-framed.

S

Strategic

Sprint plan + GANTT + questionnaire (Jun 8-9). Full planning cycle in one thread.

O

Operational

Daily dashboard refresh via cron. 240 deploys. Deloitte logs in daily.

Evolution
Role Evolution - Self-Organized, Not Designed

Each person migrated UP in altitude over 110 days. Sprint 1 should respect these altitudes.

PersonStarted AsEvolved ToSprint 1 Altitude
TonyOperator (every function)Teacher → SubtractorStrategic direction only. Biweekly.
VictorOps SupportChief Operating IntelligenceTactical execution + Warren calibration
JoanaProgram DeliveryDelivery AuthorityScrum lead + agent design
CharlieBuilderPlatform ArchitectArchitecture decisions only
WarrenEngineering ToolAutonomous Delivery PartnerExecution engine - absorbs operations
Strategic Warning
IP Protection (Charlie, Jun 24)

"I don't want to do design partnership work where we equip them to build stuff that we want to build." Deloitte can execute faster than T&C on skills/memory if they know the HOW. Share the WHAT, never the HOW. This applies to all IK/memory sessions with Kush.

Pre-Work
Requirements Questionnaires - Sprint 1 Pre-Work

Tony (Jun 26): needs questionnaires for SOC for AI, A.7, A.11 - same format as A.6. Forward to Krishna who identifies who answers (resolves Adelina maternity leave gap without guessing org structure).

AgentMethodAdelina CoverageStatus
SOC for AI Questionnaire (framed as Kush's priority) Krishna routes to right person Sent to Krishna Jul 1
A.7 Quality Audit Design Sprint questionnaire (~3hr session) Krishna routes to QA lead Sprint 2+ Prep
A.11 Custom Agents Shadow & Document (SOPs + ride-along) Shiva/Harish (client delivery) Sprint 2+ Prep
Blue Ocean (Victor, Jun 26): Agile, Scrum, SAFe - all made for humans, not AI. What T&C is building is the AI agility cycle. Greenfield. Nobody is talking about this yet. Tony isn't just talking - he has implemented and proved the value. The quarterly deep dives = "AI Big Room Planning" - release planning with AI in the room collapsing strategy-to-artifact gap to zero.

Daily Progress Log

Channel activity and progress updates - most recent first

📅 July 7, 2026 (Monday)

  • SOC for AI scope reframe (MAJOR): Deloitte replied to our questionnaire - they don't need shadow AI discovery (their detection engineering team handles that). Instead they want Kindo platform governance: monitoring known AI agents on Kindo. 5 new objectives defined: (1) detect unauthorized agent deployments, (2) detect new tool/integration connections, (3) detect drift in agent actions vs SOPs, (4) detect guardrail/MCP policy changes, (5) detect cross-tenant data contamination.
  • Kindo capability assessment completed: Mapped existing Kindo audit/telemetry/RBAC/DLP capabilities against all 5 objectives. Result: ~60% covered out of the box. Gaps: drift detection (objective 3), policy-change alerting (objective 4), tenant-boundary monitoring (objective 5). Linear tickets identified (ENG-8737, ENG-10042, ENG-8539, ENG-8654, ENG-8453).
  • 3-track delivery plan defined: Track 1: Audit Surface Map (before Friday call) - capability matrix. Track 2: SOC Detection Rules/Use Cases (Sprint 1-2) - detection rule templates for Krishna's SIEM. Track 3: Drift Detection + Tenant Monitoring (Sprint 2-3) - engineering builds.
  • IK Approach page built: New page at /ik-approach for Institutional Knowledge positioning
  • Internal site 451 fix: Cloudflare blocked /cadence/ path (brand impersonation detection on .pages.dev). Moved content to /meeting-cadence/, updated all links and redirects.

📅 July 3, 2026 (Thursday)

🔵 #deloitte-agents-design

  • Dashboard daily auto-refresh process set up - runs at 8 AM PT, pulls from 3 Slack channels
  • Full editorial restyle applied to all dashboard sections (dark statement bands, feature rows, editorial typography)

🟢 #client-kindo-deloitte

  • Charlie (tech SME) reviewed all 4 Technical-track LMS videos - APPROVED, no critical issues
  • Magic link UX feedback: domain mismatch across email sender, Supabase auth URL, and landing page
  • Victor initiated plan to fix domain consistency - exploring new domain or Kindo subdomain delegation
  • Victor assigned to implement Charlie's LMS feedback items

🟡 #client-kindo-training

  • No new activity

📅 July 2, 2026 (Wednesday)

  • Dashboard updated with sprint progress since Monday (Jun 29)
  • Questionnaire → Krishna marked as ✅ SENT (Jul 1), awaiting responses
  • LMS blockers removed - now pending Charlie's technical review only
  • Victor asked about building the SOC for AI Discovery Agent - Warren confirmed design + code skeleton ready
  • First cut of SOC for AI Discovery Agent files delivered: SOP, Skill file, Step config in agents/soc-for-ai-discovery/
  • Internal repo/domain (kindo-deloitte-internal) fully operational - all nav links fixed

📅 July 1, 2026 (Tuesday)

  • Victor requested internal/Deloitte deployment separation after link was accidentally shared externally
  • Internal repo t-and-c/kindo-deloitte-internal created, deployed to kindo-deloitte-internal.pages.dev
  • Allowlist isolation model implemented: Deloitte-facing repo contains ONLY explicitly named files
  • Root page set to sprint planning (Victor's request)
  • SOC for AI questionnaire sent to Krishna