The Voice Note and the Discovery

Step 1: Set up the project

Open a terminal, navigate to your development directory, and start Claude Code.

cd ~/dev

claude

Paste this setup prompt:

Create the folder ~/dev/cybersecurity/p7. Download the project materials from https://learnbydirectingai.dev/materials/cybersecurity/p7/materials.zip and extract them into that folder. Read CLAUDE.md -- it's the project governance file. Then start the Docker environment with docker compose up -d from the docker directory.

Claude creates the folder, downloads the materials, reads the governance file, and brings up the Docker containers. The environment simulates a coffee cooperative's digital infrastructure -- export tracking, farmer member portal, fermentation monitoring, payment processing, and the monitoring stack.

Step 2: Verify the environment

Once the containers are running, confirm all services are up.

docker compose ps

You should see at least seven services: export-tracker on port 3000, member-portal on port 5000, fermentation-api on port 8080, shipping-api on port 4000, payment-processor on port 6000, grafana on port 3001, loki on port 3100, and alloy. All running.

Open http://localhost:3001 in your browser. This is Grafana. Navigate to the Explore view, select the Loki data source, and run a broad query to confirm logs are flowing from the cooperative's services. Logs arriving means the monitoring stack is collecting data across the infrastructure.

Take a moment with materials/docker/docker-compose.yml. Notice how the services connect. The export tracker, member portal, fermentation API, payment processor, and shipping API are all application services. Grafana, Loki, and Alloy form the monitoring stack. This is the cooperative's entire digital footprint -- built over three years without security oversight.

Step 3: Read Andres's voice note

Open the living client interface. Andres sent a WhatsApp voice note at 6:42 AM.

He describes his situation: a Portland roaster representing 30% of the cooperative's export volume just told him all origin partners need to demonstrate cybersecurity due diligence. A competitor had a breach that exposed buyer pricing across their supply chain. Now everyone is auditing.

Andres does not know what systems he has. He knows there is an export tracking platform, a farmer member portal, fermentation monitoring sensors, and "other things the developer set up." The developer is in Caracas and communication is unreliable.

Notice what the voice note gives you and what it does not. Andres names some systems from memory, but he is not a technical person. He describes the business problem -- the Portland buyer -- clearly. The technical inventory is incomplete. That gap between what the client knows and what actually exists is where the assessment starts.

Step 4: Run client discovery

This is the first project where scope comes from conversation, not from a provided brief. Nobody hands you a network diagram or an asset inventory. You ask questions, and the answers become your scope.

Start asking Andres about his systems. He is warm and talkative -- he will explain his coffee business in detail, describe the Portland buyer relationship, and tell you what he remembers about the technology. But he will not volunteer everything. Some things he does not think to mention. Some things he does not know.

Pursue at least three lines of questioning:

• What systems exist. Andres mentioned a few. Are there others? What about payment processing? How do shipments get tracked once they leave the cooperative?
• Who has access. How many people use these systems? Has anyone left the cooperative? Are their accounts still active?
• How things connect. Are the fermentation sensors on their own network, or do they share the office connection? Does anything connect to external services?

Each question thread may reveal something Andres had not thought about. The cooperative's real attack surface is larger than what he described in the voice note. Your job is to discover the difference.

AI can help you structure the conversation -- suggest follow-up questions, organize responses into categories. But AI commonly misses implicit information in conversational responses. When Andres says "some people have left," AI may not connect that to active credentials. When he describes the shipping process, AI may not flag that an external API integration exists. Read the responses yourself and decide which threads to pursue deeper.

Step 5: Start the scope document

Open materials/scope-document-template.md. The Rules of Engagement section is pre-filled. Everything else is empty.

Based on what the discovery conversation revealed, begin filling in the scope. List the in-scope targets -- at least four systems or services that the assessment will cover. For each target, note what you know about it and what you still need to discover through technical reconnaissance.

The scope document is a living artifact. It will grow as you learn more about the infrastructure in the next unit. For now, capture what Andres told you and what your questions uncovered. The gap between this initial scope and the full attack surface you will map next is exactly the value of doing technical reconnaissance after client discovery.

Open materials/CLAUDE.md to confirm the project governance file reflects the engagement. The work breakdown, tools, and verification targets should align with what you are about to assess.