Deloitte × Kindo — Portfolio Management

Program Status

YELLOW

Mar 23, 2026

Executive Overview

59% complete — 59 of 100 items delivered across 6 workstreams. (+6 new issues filed from Mar 23 Office Hours call, +2 done since last update: ThreatConnect integration done, SMK v1.0.3.1 released. Okta write tools moved to Agency team; Okta bug fixed. MITRE ATT&CK canceled.)

Cyber workstream most active with 28 open items; task worker reliability is URGENT. Key integration fixes shipped. SMK v1.0.3.1 released. SMK Installs +6 new items today.

🚧 Top 3 Unresolved Blockers

🚨

Task Worker Heartbeat Loss (ENG-8920)

Silently stops processing. 2nd occurrence. No logs. Kindo highest priority. Critical for RSA.

🔴

ServiceNow OAuth2 (ENG-8794)

OAuth2 fails, REST works. Blocks ServiceNow integration. Assigned Yash Kothari.

🔑

Okta Write/Create Tools (AGE-354)

Write/create action tools needed for full Okta workflow support.

🎯 3 Main Priorities

📅

RSA This Week

In-person review Tue Mar 24 with Mo, Bryan/Nick. SMK v1.0.3.1 released ✅.

🖼️

Canvas — #1 Feature Request

URL params + navigation for SOC production deployment. Strategic path under discussion.

📦

Efficient SMK Install — 13%

Release 2026.03.0 delivered. GitOps support requested. Environment validation scripts planned to reduce need for live engineering support on install calls.

Dashboards

Each dashboard tracks a different class of work across the Deloitte engagement.

● On Track

Training

Platform training program for Deloitte teams — pilot session, LMS, video content, and live trainer coordination.

Bug Fixes & Info Requests

Active bugs, configuration issues, and operational requests from Deloitte teams requiring engineering response.

Platform enhancements, new integrations, and capability requests surfaced through Deloitte engagement calls.

Open Items

High Priority

Workstreams

What Needs Attention Now

Critical items surfaced from the most recent Deloitte call (Mar 23 Office Hours).

🚨

Task Worker Heartbeat Loss — URGENT

Task worker loses Hatchet heartbeat and silently stops processing. Second occurrence. Known bug — Kindo engineering confirmed as highest priority. Patch being coordinated. No application logs available to diagnose root cause. ENG-8920

📊

No Application Logging in Self-Managed Deployment

Deloitte's SMK deployment has zero permanent log storage for container/application logs. When task worker died, nothing to investigate. CloudWatch Logs setup required via K8s add-on — Kindo's turnkey installer includes this, but Deloitte's custom deployment does not. ENG-8924

🖼️

White-Label Logo Not Rendering

Deloitte's logo hosted in S3 bucket is not displaying in the Kindo portal. Suspected CORS issue. Fix call scheduled: Marcos + Nate at 1:30 PM PST today. ENG-8921

🔗

ServiceNow OAuth2 Connection Failure

OAuth2 connection fails while REST API works with same credentials. Now assigned to Yash Kothari. Blocks IAM POC completion. ENG-8794

Engagement Information Flow

Full mind map showing all request sources, classifications, and resolution paths across the Deloitte engagement.

🗺️ View Full Engagement Mind Map

Request sources → Requests → Classification (Bug / Training / Feature) → Resolution paths. Interactive — click to explore.

→

Cross-Functional Delivery

6 workstreams across Cyber, IAM, ERP & more

Enterprise Scale

7 SMK deployments planned across Deloitte

Strategic Partnership

Weekly touchpoints driving alignment & execution

Resource Gap Analysis

Current capacity vs. demand across the Deloitte engagement.

Capacity vs. Demand

⚠️ Significant Gap

👥 Current Capacity (~2 FTE)

Tony Wong — Chief Delivery Officer, relationship management, scope governance, stakeholder alignment
Joana Dias — Program coordination, meeting management, dashboard & portfolio tracking
Kindo Engineering — Shared across all customers; Deloitte-specific allocation is fractional
Agentic Pipeline — AI-assisted engineering for implementation, monitoring, and triage
Marcos Pagnucco — Infrastructure (deployment, K8s, ALB) — shared resource

vs.

📋 Active Demand (6–7 Groups)

Cyber / Adelina — 28 open items, most active workstream, RSA prep, Canvas decisions, agent reliability
IAM / J&J — 2 remaining items, audit logging and multi-agent research
IAM POC (SailPoint/Entra) — 1 blocker (ServiceNow OAuth2)
Meta Global Ops — 10 items, entirely unresourced, needs RACI + squad before any work
SMK Deployments — 7 planned deployments across Deloitte, each with environment-specific issues
Training Program — LMS build, video production, pilot session, live training coordination
Ongoing Triage — Every call surfaces new bugs, config questions, and feature requests (6 new items from today alone)

Effective Capacity Demand

~2 FTE allocated ~6–7 FTE needed

The math doesn't work at current capacity. Every Deloitte meeting — Office Hours, Cyber Weekly, ad hoc calls — generates new bugs, configuration requests, and feature asks. With ~2 FTE against 6–7 active groups of work, the engagement is in sustained triage mode rather than proactive solution development.

Two paths forward: (1) Deloitte assigns a dedicated program manager to centralize request flow and prioritization across their teams, or (2) Kindo's agentic system connects to Deloitte's Microsoft Teams to manage triage, routing, and status tracking programmatically. Either way — someone or something needs to own the coordination layer. The current ad-hoc model cannot scale to 7 SMK deployments.

Kindo can scale the delivery capacity up to 25 people via the agentic development pipeline. But the methodology, system design, and management expertise that make this possible cannot be replicated by adding headcount alone — it took decades of leadership experience to build.

🔍 Key Health Questions Reporting Period: Mar 23, 2026

▼

Question	Status	Explanation
Is the team behind schedule?	⚠️ Possible	Cyber workstream most active with 28 open items. Task worker reliability is URGENT. +6 new items from today's call.
Problems preventing cycle goal?	🟢 Mitigated	Jira DC auth and ThreatConnect validation issues are now resolved and operational.
Tasks added or deleted this cycle?	⚠️ Yes	+6 new issues from Mar 23 Office Hours. +2 done: ThreatConnect integration, SMK v1.0.3.1 released. Okta write tools moved to Agency team. MITRE ATT&CK canceled.
Foresee issues for next period?	⚠️ Possible	RSA Conference this week will reduce engineering bandwidth. In-person review session tomorrow (Mon Mar 24).
Unscheduled tasks this cycle?	⚠️ Some	SMK 1.0.3.1 release prep unplanned. Jira DC + ThreatConnect debugging (now resolved) consumed cycles.
Have any estimates changed?	⚠️ Yes	T&C baseline estimates produced for surviving Promise + Stretch items: 160h Promise (4 sprints), 59h Stretch.
Technical problems encountered?	🟢 Resolved	Jira DC auth flow and ThreatConnect MCP parameter validation — both fixed and deployed.
Resource problems?	⚠️ Possible	Meta Global Ops fully unresourced (10 backlog items, 0 assigned). RSA week reduces available engineering.

🧭 Strategic Priorities for Portfolio Stakeholders

▼

Decision Required1. Canvas: Tactical Fixes vs. Strategic Rebuild

Canvas is the #1 request category and is blocking SOC production deployment. Three paths: tactical fixes (URL params, navigation), Kindo API (Deloitte builds custom UIs), or generative UI (~90 days R&D).

Alignment Needed2. Agent Reliability: Timeline & Expectations

Deloitte expects agents that run for hours reliably. Currently at 15% progress — first drops end of March, full reliability mid-April+.

Input Requested3. Integration Priority Ranking

Remaining integration streams: ServiceNow + SAP (not started), SailPoint & Okta (bugs). Stakeholder input needed to sequence.

Not Started4. Meta Global Ops: Resource Allocation

10-issue QA testing platform for Meta via Deloitte — entirely unresourced. Decision: priority vs. existing workstreams?

✅ Accomplishments This Period

▼

Accomplishment	Owner	Status
SMK system upgrade to v1.0.3.0 — deployed to Deloitte hosted + self-managed instances	Engineering	✅ Complete
Dashboard/Canvas agent cleanup — auto-created agents now hidden from main list, new "Dashboard Agents" filter tab live	Aashman	✅ Complete
DLP data scrubbing fix — customer PII was being incorrectly scrubbed; resolved	Engineering	✅ Complete
Feature flag management decoupled — SMK feature flags separated from deployment-specific configuration	Engineering	✅ Complete
Command Center now live — visible in hosted instance and v1.0.3.0 SMK	Engineering	✅ Complete
Jira Data Center auth fix — basic auth vs API token mismatch resolved for self-hosted Jira DC	Engineering	✅ Complete
ThreatConnect MCP parameter fix — validation errors causing retry loops now resolved	Engineering	✅ Complete

🔺 Active Risks

▼

ID	Impact	Trend	Description	Mitigation
R1	Low	📉	RSA readiness — Jira DC resolved. Jira DC integration is now operational. ThreatConnect also fixed. RSA in-person review Monday.	Jira DC and ThreatConnect fixes deployed. SMK v1.0.3.1 release in progress for pre-RSA.
R3	Med	📈	Agent reliability below Deloitte expectations. Agents quit during long tasks. Timeout Band-Aids applied; root cause fix at 15%.	Phase 1 drops end of March. Context compaction + retries + better error reporting.
R4	Med	➡️	Meta Global Ops fully unresourced. 10 backlog items, 4 high-priority, zero squad allocated.	Defer until post-RSA. Allocate squad in next Program Planning cycle.

Most Recent Meeting Office Hours — Mar 23, 2026

3 Urgent 4 Action Items ▼

Kindo

Tony Wong, Marcos Pagnucco, Mo Nezarati, Bryan Vann, Mathew Varghese, Chriwong

Deloitte

Ram (Hvajrapu), Nate (Naellis), Dbrignardello, Prudhvi Yendluri, Masarma, Adkaza, Troy Presley

🚨 Task Worker Failure — Lost heartbeat, silently stopped. Second occurrence. Known bug. Kindo: "This is the highest priority now." Patch being coordinated.

📊 No Application Logging — Audit logs ≠ app logs. Zero permanent storage. CloudWatch Logs needed via K8s add-on.

🖼️ Logo Not Rendering — S3-hosted logo, suspected CORS. Fix call scheduled Marcos + Nate 1:30 PM today.

💬 Chat Disclaimer — Env var provided for configurable message below chat bar.

📊 Grafana Dashboards — Marcos demoed platform overview. Will share JSON. OTEL → Prometheus → Grafana.

📦 Simplified Install — Deloitte excited. New environment may have fewer guardrails. Turnkey close to complete.

🏢 Org Management — Can't create new orgs via UI. Need meeting with Kindo IAM engineer. Resource isolation is shared (backlog).