Technology Infrastructure Resilience

Build me a segmentation audit in Tracecat. Store my trust boundaries in a Tracecat table: which segments exist and what traffic is allowed between them. Every week, pull the firewall rulebase from Palo Alto and network exposure findings from Wiz, and have the agent flag rules that cross a boundary the policy does not allow, plus anything any-to-any. Open a Jira ticket per violation with the rule, the boundary it breaks, and a suggested tighter rule. First help me understand how this maps to PR.IR-01 and how trust boundaries should drive segmentation rather than VLAN history. Ask me which network zones I have and which firewall manages the boundaries between them. Talk me through whether suggested rule changes should ever auto-apply or always go through change management.

Build me a resilience review automation in Tracecat. Once a month, pull my AWS footprint and flag single points of failure: single-AZ RDS instances, services running on one instance, unreplicated critical buckets, and load balancers with a single healthy target. Cross-reference each finding against a table of critical services and their resilience requirements, then open a Linear issue per gap with the blast radius and a remediation suggestion. Skip anything already accepted as a risk in the table. First help me understand how this maps to PR.IR-03 and why avoiding single points of failure is a stated resilience mechanism, not just an SRE preference. Ask me which services have real availability requirements and where my risk acceptances live. Talk me through running this as a monthly scheduled workflow versus an agent I invoke before architecture reviews.

Build me a capacity watch in Tracecat. Pull storage, compute, and bandwidth utilization from Datadog and Grafana each week, write the numbers into a Tracecat table, and have the agent fit a simple trend per resource. Draft a short capacity report in Notion listing anything projected to cross 80 percent within 90 days, and page the on-call platform engineer through PagerDuty if something will saturate inside two weeks. First help me understand how this maps to PR.IR-04 and why capacity monitoring counts as a protection control, not just an operations habit. Ask me which resources have actually run hot in the past year and how much headroom I want to keep. Talk me through choosing the forecast window and the threshold that separates a report line from a page.

Build me an environmental resilience tracker in Tracecat. Keep a table of every site and provider that hosts my systems: AWS regions, the colo provider, the office server room. For each, record the protections it claims, such as power redundancy, cooling, fire suppression, and flood risk. Subscribe to AWS Health events over a webhook and open a case when a region reports power or facility issues. Twice a year, create review tasks to recheck provider attestations and store the evidence in Google Drive. First help me understand how this maps to PR.IR-02 and why, when most of my infrastructure sits in other people's buildings, the work is provider assurance and evidence upkeep rather than enforcement. Ask me which providers run systems on my behalf and where their SOC 2 reports live today. Talk me through how often attestation reviews should recur and who should approve closing them.