ZTP-prem Investor Deck — Security Reel Slide Specification¶

Companion to: TLSStress-Art-Investor-Deck-philosophy.md ("Schematic Cinema") Asset target: TLSStress-Art-Investor-Deck-2026-05-10.pptx — security reel insertion Authoring discipline: Cyan Schematic, single-thought-per-slide, ≤30 words per panel Brand tokens: canvas #000018 · cyan #00D8FC · electric blue #0054FC · type white

How to use this document¶

Each section below specifies one slide in the security reel. The sections appear in narrative order. The reel runs 7 frames and should slot between the product-architecture reel and the patent-posture reel in the deck.

For each frame the spec provides:

Frame title (display type, slide title)
Section tag (mono type, section number / chapter break)
Body line (≤30 words, the single thought)
Visual (the one composition element the slide hangs on)
Speaker notes (what the founder says while the slide is up)
Provenance (where in the codebase / memo the claim is anchored — so a fact-check round can be performed quickly)

The designer should treat the spec as binding on content and provenance but free on typographic detail as long as the Schematic Cinema doctrine holds.

Frame 1 — The threat model¶

Section tag: 01 / 07 · SECURITY POSTURE Title (display): Zero-Trust-on-Premises Body line: Built against the only adversary a Fortune-500 audit officer cares about — the operator with kubectl and root. Visual: A single horizontal rule in cyan, full-bleed across the lower third of the canvas. Above the rule: the body line. Below the rule: nothing. The negative space is the slide. Speaker notes: "Our threat model starts where most stop. The adversary we design against is not the kid in a basement. It is the person with valid credentials inside the operator's own organisation. That is also the person the auditor asks about. Twelve composed layers answer that question." Provenance: project_ztp_prem_posture_locked_2026_05_11.md (FOUNDATIONAL)

Frame 2 — The twelve layers (overview)¶

Section tag: 02 / 07 · TWELVE LAYERS Title (display): Composed defence Body line: Each layer closes one specific adversary capability. None of them is a checkbox. Visual: A 4-column × 3-row grid of 12 cells. Each cell carries: - layer number in mono (01–12) top-left - layer name in display type, single line - a thin cyan rule under the layer name - no body inside the cell The grid is the slide.

01 Cloud HSM custody           02 Confidential Computing    03 TPM measured boot           04 Sealed audit log
05 K8s admission webhook       06 Anti-debug runtime         07 Tier A/B partition          08 UTXO token vault
09 Tier B obfuscation          10 DLP egress monitor         11 Behavioural anomaly         12 Separation of duties

Speaker notes: "Twelve layers. Each one has a specific adversary capability it closes. I will not walk through all twelve. I will walk through the ones whose presence is unusual in the market." Provenance: project_ztp_prem_posture_locked_2026_05_11.md Camadas 1-12; cross-ref to live code in pkg/ztp-prem-{detect,admission,signctl,tpm}/, dashboard/src/lib/{license,ztp-prem,dlp}/

Frame 3 — Differentiated layers (the unusual ones)¶

Section tag: 03 / 07 · WHAT IS NEW Title (display): Three are not in the market. Body line: Cross-language signing contract. UTXO token model. Admission policy bridged to a sealed hash-chain. Visual: Three rectangular panels stacked vertically with generous gutter. Each panel: - layer number in mono top-left - panel header in display type - one body line (≤25 words) in body grotesque - no decoration

┌──────────────────────────────────────────────────────────┐
│ 07  Cross-language signing contract (Patent #18)         │
│     Go and Node produce byte-identical canonical         │
│     signatures, including post-quantum primitives.       │
├──────────────────────────────────────────────────────────┤
│ 08  UTXO token vault                                     │
│     Notes, not balances. Each test consumes a            │
│     tamper-evident note. No negative-balance attack.     │
├──────────────────────────────────────────────────────────┤
│ 10  Admission ↔ sealed audit cross-correlation           │
│     Webhook decisions enter the hash-chain. Pod restart  │
│     does not erase evidence. Tampering is provable.      │
└──────────────────────────────────────────────────────────┘

Speaker notes: "These three are not in the comparable products. Each is in production today. Each is in the patent filings. The comparison grid in two frames will make this concrete." Provenance: - Patent #18 — pkg/ztp-prem-signctl/canonical.go + dashboard/src/lib/license/envelope.ts (PR #626) - UTXO — dashboard/src/lib/license/utxo.ts + schema tokens_notes (no balance column) (PR #610) - Cross-correlation — dashboard/src/lib/ztp-prem/admission-correlate.ts (PR #634)

Frame 4 — The auditor's question¶

Section tag: 04 / 07 · PROOF Title (display): The auditor asks one question. Body line: "Prove a past test run was not tampered with." Visual: A pulled quotation card. Off-white inset frame on the navy canvas. The quote in display italic, large enough to dominate the upper half of the frame. Below the quote, in mono small: — Fortune-500 Risk Officer, simulated diligence call, 2026. Speaker notes: "This is the exact question. The product answers it by linking to the sealed-audit replay verifier on the same dashboard the operator uses to launch runs. Same primitive does both — operator use and auditor proof." Provenance: dashboard/src/components/SealedAuditReplayCard.tsx (PR #621) — replay verifier UI; dashboard/src/lib/license/sealed-audit.ts sealedVerify() function.

Frame 5 — Competitive grid¶

Section tag: 05 / 07 · POSITION Title (display): A strict comparison, no editorialising. Body line: (no body line — the grid is the body) Visual: Four-column × ten-row grid. Cells are ● (present), ◐ (partial), ○ (absent) — never tick marks, never checkmarks, never colour. Type colour stays white. Layout below.

                                Vault Ent.  Snowflake  Cisco SmartLic  TLSStress.Art
Sealed audit hash-chain             ●          ●             ◐              ●
Cross-language signing (PQ-ready)   ○          —             ○              ●
UTXO token model                    ○          ○             ○              ●
K8s admission enforcement           ○          —             ○              ●
Break-glass with audit trail        ●          ●             ◐              ●
DLP egress monitor in-app           ○          ◐             ○              ●
TPM-sealed runtime                  ●          ●             ○              ◐
Cloud HSM custody                   ●          ●             ◐              ●
PQ-ready signing                    ◐          ◐             ○              ●
Confidential Computing              ●          ●             ○              ◐

Speaker notes: "Two cells are partial on the TLSStress.Art column — TPM and Confidential Computing. The TPM probe ships today; the measurement step is scheduled. Confidential Computing detection ships today; the enforcement step is scheduled. The three rows where TLSStress.Art is the only column with a filled circle are not on any competitor's public roadmap. We invite verification." Provenance: project_ztp_prem_marketing_investor_deck_2026_05_12.md competitive table; cross-verify each row against public docs of comparable products before pitch.

Frame 6 — Patent #18, demonstrated¶

Section tag: 06 / 07 · PATENT POSTURE Title (display): Two implementations. One byte. Body line: Cross-language canonical envelope signing. Go and Node produce a 295-byte signature with identical hash. Visual: A code-card style mockup. Two narrow columns side by side, each in mono type. Left column header: Go (pkg/ztp-prem-signctl). Right column header: Node (dashboard/src/lib/license). Each column shows a six-line excerpt of the canonical encoder output — the same hex string in both. At the bottom of both columns, in a single line of mono: SHA-256 = e3b0c44298fc1c14... Speaker notes: "Byte-identical. Different runtimes. Different teams could maintain them independently. Patent #18 covers the contract. This is the level of work that does not appear in competitor filings because they have not been thinking at this level." Provenance: PR #626 (Go signctl) + PR #613 (Node verifier). Real byte-match was confirmed during Wave 7 — 295 bytes, identical SHA-256.

Frame 7 — The operator's day¶

Section tag: 07 / 07 · IN THE PRODUCT Title (display): The trust posture is not a separate product. Body line: Seven cards on one admin page. Operator sees it. Auditor sees it. Same view. Visual: A stylised dashboard mockup. Dark navy frame. Inside the frame, a 2-column × 4-row grid of card mockups (one cell empty for breathing room). Each card stub shows: - card title in display small - one mock metric in mono - hairline border in cyan - microtype MOCKUP at extreme top-right corner of the frame

┌─────────────────────────────────────────────┐
│  CC status            Tier policy           │
│  Trusted              19 modules classified │
│                                             │
│  License summary      Envelope import       │
│  Valid · 4d remaining (form fields)         │
│                                             │
│  Sealed audit replay  DLP egress            │
│  Chain OK · 12,847    0 incidents 24h       │
│                                             │
│  Admission audit                            │
│  Mode: ENFORCE · 0 denials                  │
└─────────────────────────────────────────────┘                                  MOCKUP

Speaker notes: "Same page. The operator launches a test plan from here. The auditor opens the same URL and validates the chain from here. We did not build a separate compliance view. The compliance view IS the operator view. That is the brand argument extended into the security argument." Provenance: dashboard/src/app/admin/ztp-prem/page.tsx — renders all 7 cards listed; each card has its own source file in dashboard/src/components/. The mockup must match real card titles 1:1.

Reel-closing convention¶

After Frame 7 the deck transitions out of the security reel via a single chapter-break slide carrying nothing but the mono section tag END · SECURITY POSTURE at the bottom-left of the canvas. The next reel begins on the following slide; the chapter-break is the held frame that lets the audience exhale.

What this spec deliberately omits¶

Pricing. The security reel does not mention price. Pricing is a separate reel; mixing the two dilutes both arguments.
Customer logos. No logos in the security reel. The argument is architectural, not social-proof-driven.
Roadmap dates. No quarters / years / version numbers other than the two ◐ markers in Frame 5 that disclose roadmap items. Dates invite scrutiny on calendar slip; the security reel earns authority through what ships today, not what ships in Q3.
Code excerpts beyond Frame 6. Frame 6 is the only place code appears in the security reel. Showing more code would lower the rhetorical register — the deck is for executives reading at altitude, not engineers reading at the keyboard.

How to fact-check before delivery¶

Each Frame's Provenance line points to a code file or memo. Before the pitch, run:

git log --oneline -1 -- dashboard/src/components/SealedAuditReplayCard.tsx
git log --oneline -1 -- pkg/ztp-prem-signctl/canonical.go
git log --oneline -1 -- dashboard/src/lib/license/utxo.ts

— confirms the asset still exists at the cited path and surfaces the most recent commit (so the speaker can answer "when did this ship" without leaving the room). If any path no longer exists, the relevant Frame's body line must be rewritten before that pitch.