Adds the "from emergency to deliberate staged objectives" pacing strategy
(severity unchanged, tempo deliberate - the depth of the Glaz tools estate makes
rushing the bigger risk) and records Steve's blanket approval (Tier A
execution-cleared). Softens the Tom outreach to a partnership / not-a-fire-drill
tone per Mike.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Grok + Gemini consensus reframe of the way forward: ACG-owned containment
(E-bucket, DB de-privilege, WAF, SQL network segmentation) is the real C0
reduction; the audience/network split is real only for the employee surface.
Tom's one within-skill ask = parameterize the 59 quo() SQL queries (ACG hands
him the exact lines); tokenized payments is a deferred scaffolded sub-project.
Steve Eastman gave ACG blanket approval to proceed (Tier A execution-cleared).
Includes a relief-framed draft message to Tom.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Scope (v0.3) for replacing the website's sysadmin login 'tom' with a
least-privilege login: two-phase plan (GTIware co-residency forces keeping
cc_file in Phase 1), Grok + Gemini independent review folded in, and live
RMM recon findings that materially changed the picture - the website is a
cross-office + Sage accounting + payroll + msdb hub on one sysadmin
credential, SQL is centralized on GTI-INV-SQL\GTISQL:3436 (not per-site).
PARKED pending a full network recon. Session log covers the website outage
fix (incomplete E1 ACL hardening) + the scoping + recon.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Two phishing campaigns hit Glaztech on 2026-04-17 bypassing MailProtector
via exposed M365 MX record. Spoofed internal senders, forwarded by 8 users.
Fixes applied: removed direct M365 MX, DMARC p=reject, Enhanced Filtering
on inbound connector. 32 messages purged across all affected mailboxes.
Forensic samples + full incident report preserved.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
