Deloitte × Kindo — Portfolio Management

Program Status

YELLOW

Apr 1, 2026

Executive Overview

60% complete — 56 of 94 active items delivered across 6 workstreams. 1 items actively in development or review. 6 Canvas-related requests open (highest priority area).

Cyber / Adelina workstream most active with 24 open items. 14 high-priority items across all workstreams. 10+ items completed in the last 30 days.

🚧 Key Strategic Blockers

🔥

Task Worker / Sandbox Stability Crisis CRITICAL

Task worker and sandbox services consume excessive resources and require daily manual restarts. Sandbox tools create persistent volume claims without disconnecting old ones, crashing K8s nodes. Fix addressing Hatchet reconnection being pushed today (Brandon/Marco). Sandbox resource issues may persist post-fix.

🛡️

Cyber / SaaS — Canvas Solution Under Development IN PROGRESS

Canvas remains a top priority with 6 open items. Dashboard URL parameters for drill-down navigation currently in review. Architecture discussions ongoing for production SOC deployment.

🎯 3 Main Priorities

🔧

Task Worker Stability Fix DEPLOYING TODAY

Critical fix for heartbeat bug between chat and task worker. Addresses Hatchet reconnection issue causing resource consumption and daily restarts. Brandon and Marco pushing fix today. Resolution of sandbox volume claim issues expected in coming days.

🖼️

Feature Pipeline — Canvas, Integrations & More → 24 OPEN

24 open feature requests across 3 workstreams. Canvas is #1 — strategic path under discussion. View all requests and status.

🎓

Training Program — Pilot April 8 → ON TRACK

LMS targeting 75+ engineers. Pilot April 8 led by Bryan Vann with ~25 attendees. Kindo SaaS platform with mock MCP for hands-on exercises. View full training plan.

Dashboards

Each dashboard tracks a different class of work across the Deloitte engagement.

● On Track

Training

Platform training program for Deloitte teams — pilot session, LMS, video content, and live trainer coordination.

Bug Fixes & Info Requests

Active bugs, configuration issues, and operational requests from Deloitte teams requiring engineering response.

Platform enhancements, new integrations, and capability requests surfaced through Deloitte engagement calls.

Open Items

High Priority

Workstreams

Engagement Information Flow

Full mind map showing all request sources, classifications, and resolution paths across the Deloitte engagement.

🗺️ View Full Engagement Mind Map

Request sources → Requests → Classification (Bug / Training / Feature) → Resolution paths. Interactive — click to explore.

→

🔍 Key Health Questions Reporting Period: Apr 1, 2026

▼

Question	Status	Explanation
Is the team behind schedule?	⚠️ Possible	Cyber / Adelina workstream most active with 24 open items. 14 high-priority items across all workstreams. 10+ items completed recently.
Problems preventing cycle goal?	🟢 Mitigated	Jira DC auth and ThreatConnect validation issues are now resolved and operational.
Tasks added or deleted this cycle?	⚠️ Yes	Recent changes: ThreatConnect and Jira DC integrations delivered. SMK white-label logo CORS fix and disclaimer config docs completed. Dashboard URL parameters in review. Helm E2E consolidation and TTM off embedded Postgres in progress.
Foresee issues for next period?	⚠️ Possible	Training pilot April 8 requires preparation. 24 high-priority items need attention across workstreams.
Unscheduled tasks this cycle?	⚠️ Some	SMK 1.0.3.1 release prep unplanned. Jira DC + ThreatConnect debugging (now resolved) consumed cycles.
Have any estimates changed?	⚠️ Yes	Baseline estimates produced for surviving Promise + Stretch items: 160h Promise (4 sprints), 59h Stretch.
Technical problems encountered?	🟢 Resolved	Jira DC auth flow and ThreatConnect MCP parameter validation — both fixed and deployed.
Resource problems?	⚠️ Possible	Meta Global Ops has 10 open items. Resource allocation being monitored across workstreams.

🧭 Strategic Priorities for Portfolio Stakeholders

▼

Decision Required1. Canvas: Tactical Fixes vs. Strategic Rebuild

Canvas remains the #1 priority with 6 active items. URL parameter drill-down currently in review. Three strategic paths under discussion: tactical fixes, Kindo API, or generative UI. Critical for SOC production deployment.

Alignment Needed2. Platform Stability: Task Worker & Sandbox

Task worker and sandbox services require daily manual restarts. Fix being deployed today (Hatchet reconnection). Sandbox resource consumption causing K8s node crashes. Operational stability is the top priority.

Input Requested3. Integration Priority Ranking

SAP/Oracle integration in progress. SailPoint and Workday need custom MCP development. Integration deep-dive sessions being scheduled. Stakeholder input needed to prioritize across 6+ integration requests.

Not Started4. Meta Global Ops: Resource Allocation

10 open items, zero squad allocated. Decision needed: allocate resources vs. defer? No progress possible without dedicated assignment.

✅ Accomplishments This Period

▼

Accomplishment	Owner	Status
SMK system upgrade to v1.0.3.0 — deployed to Deloitte hosted + self-managed instances	Engineering	✅ Complete
Dashboard/Canvas agent cleanup — auto-created agents now hidden from main list, new "Dashboard Agents" filter tab live	Aashman	✅ Complete
DLP data scrubbing fix — customer PII was being incorrectly scrubbed; resolved	Engineering	✅ Complete
Feature flag management decoupled — SMK feature flags separated from deployment-specific configuration	Engineering	✅ Complete
Command Center now live — visible in hosted instance and v1.0.3.0 SMK	Engineering	✅ Complete
Jira Data Center auth fix — basic auth vs API token mismatch resolved for self-hosted Jira DC	Engineering	✅ Complete
ThreatConnect MCP parameter fix — validation errors causing retry loops now resolved	Engineering	✅ Complete
Heartbeat bug diagnosis complete — root cause identified between chat and task worker; Hatchet reconnection fix developed and being deployed	Marcos / Brandon	✅ Complete
SMK white-label logo CORS fix — resolved CORS issues with custom logo assets on whitelabelled deployments (ENG-8921)	Marcos Pagnucco	✅ Complete
Disclaimer config documentation — documented configurable disclaimer message below chat input for SMK deployments (ENG-8922)	Marcos Pagnucco	✅ Complete
Jira DC auth fix — resolved authentication issues with Jira Data Center self-hosted instances (ENG-8858)	Yash Kothari	✅ Complete
Okta disconnected state fix — resolved issue where Okta integration showed disconnected state incorrectly (TEK-60)	Engineering	✅ Complete
SMK integration validation — end-to-end integration validation for SMK deployments completed (ENG-8594)	Brandon C	✅ Complete
SAP/Oracle integration in progress — SAP JCo/RFC connectivity work underway; Oracle integration questions from Friday being addressed	Engineering	⚠️ In Progress
Preflight script near completion — Marcos and Brandon finalizing; Wednesday call with Adelina to review	Marcos / Brandon	⚠️ In Progress

🔺 Active Risks

▼

ID	Impact	Trend	Description	Mitigation
R1	High	📈	Task Worker / Sandbox Stability. Services require daily manual restarts. Sandbox volume claims crash K8s nodes. Full-time ops burden currently.	Fix by Brandon/Marco being deployed (Hatchet reconnection). Sandbox resource issues may persist post-fix.
R2	Med	➡️	Canvas architecture decision pending. 6 active Canvas items. URL parameter drill-down in review. Strategic path for SOC production not finalized.	Tactical fixes proceeding. Strategic decision between Kindo API and generative UI under discussion.
R3	Med	📈	SMK deployment scalability. Each deployment requires live engineering. Preflight script in progress. 7 planned deployments.	Preflight script near completion. Manual checklist + Terraform automation in development. Deployment #3 will validate.
R4	Med	➡️	Meta Global Ops unresourced. 10 open items, zero squad allocated.	Resource allocation under review. Prioritization aligned with workstream needs.
R5	Med	➡️	Integration gaps. SAP/Oracle in progress. SailPoint, Workday not started. Custom MCP development needed.	SAP work underway. Integration deep-dive sessions being scheduled.

Most Recent Meetings Cyber Weekly (Mar 31) + Office Hours (Mar 30)

1 Critical 5 Action Items ▼

🛡️ Cyber Weekly — Mar 31, 2026

🔥 Task Worker / Sandbox Resource Crisis — Services require daily manual restarts. Sandbox tools create volume claims but don't disconnect old ones, crashing K8s nodes. Fix being pushed today by Brandon/Marco addressing Hatchet reconnection. Sandbox resource issues likely persist post-fix.

📋 PM Process Enhancement — Tony Wong leading initiative for April: unified ticket system, consolidated dashboard, and better cross-team visibility.

🔗 SAP/Oracle Integration — Questions from Friday email being addressed. Work in progress on both integration tracks.

📞 Office Hours — Mar 30, 2026

🔧 Heartbeat Bug Diagnosis — Root cause identified between chat and task worker. Marcos finalizing solution; resolution expected in coming days.

📜 Preflight Script — Near completion by Marcos and Brandon. Wednesday call with Adelina to review and validate.

🔗 SAP/Oracle Issues — Integration issues from Friday email being handled. Progress ongoing.

📦 SMK Installs — Deployment Progress

2 Complete 1 Planned 3 Blockers ▼

Key deployment status and improvement initiatives from Lessons Learned (Mar 27), Office Hours (Mar 30), and Cyber Weekly (Mar 31).

Deployment Status

Deployment	Status	Key Issues
Deployment #1	✅ Complete	Security group/connectivity issues discovered during install
Deployment #2	✅ Complete	Calico CNI vs VPC CNI caused ingress automation failure
Deployment #3 (Digital Identity)	🔵 Planned	Bastion host access being requested, same environment challenges expected

Key Improvements In Progress

Initiative	Status	Details
Preflight Script (Helm chart)	⚠️ In Progress	Initial version exists, catches connectivity issues pre-install. Being expanded. Runs from within K8s cluster, CI/CD compatible.
Manual Deployment Checklist	⚠️ In Progress	For enterprise teams with multiple departments involved in provisioning and access.
Infrastructure Automation (Terraform)	⚠️ In Progress	Turnkey AWS provisioning, handed to Deloitte infra team for testing.
Script Migration to Helm Charts	⚠️ In Progress	Moving bastion host scripts into cluster, reducing external dependencies.

Current Blockers

Blocker	Severity	Mitigation
Task worker / Hatchet instability	🔴 High	Requires 24h resets, patch ready but needs validation.
No observability configured	⚠️ Medium	Deployed instances lack OpenTelemetry/Grafana monitoring.
Enterprise AWS guardrails	⚠️ Medium	IAM roles, network subnets will be a challenge for every customer deployment.

🏛️ Deloitte Portfolio & Program Management