Harness · Day Six · Week 2 · 2026‑06‑22

This week,
you run a business.

A real project · from the first email to the signed proposal
Harness · A two‑week AI bootcamp
01 / 18
The morning read

First, the Rundown.

Week 2. You read this fluently now. Pull anything new — then we get to work, because today the work is real.

Classroom · to ~10:30
02 / 18
Recap · Friday's build

You built a game — and an agent to play it.

  • A working Risk engine on a Cloudflare Worker, live on the screen.
  • Your own agent — markdown mind, TypeScript hands — playing it.
  • You felt the full agent lifecycle: write the logic, build the tools, iterate on what wins.

That was the craft. This week, you point that craft at a real paying project.

Classroom · to ~10:30
03 / 18
WEEK 2 · THE REAL ENGAGEMENT

An actual client.
An actual security test.

No more sandboxes. This week you take a real application-security engagement from the very first email all the way to a delivered, professional product — and you do it the way it actually happens: building the thing as you sell it.

Classroom · to ~10:30
04 / 18
Today's objective

Learn to run a business — AI-native from the start.

Most people bolt AI onto an old way of working: traditional → augmented → AI-native, one painful step at a time. You get to skip straight to native. You've never done this the old way, so you have nothing to unlearn. Every part of the business — finding work, pricing it, building it, delivering it — gets designed as an AI-native system from day one.

Classroom · to ~10:30
05 / 18
It always starts the same way · an email

Friday, 9:25 AM. Your inbox lights up.

Frank Schipani <fschipani@optimalnetworks.com>
to: you · subject: Web application pen test
"Do you do pen tests of web applications? I have a client that just needs a test of a client-facing application. The app runs on IIS / Windows / SQL. The front end is here: eiccms.gnarusllc.com"
— Frank, a referral partner. Not the client. The door.

Discussion: it's a slow Friday, you're not a salesperson, and this is money on the table. What do you actually do with this?

The prospecting story
06 / 18
SIT WITH THE DISCOMFORT

You don't know how
to sell.

That's the point. Sales is friction — the right tone, the right price, the right next move, all under uncertainty. When you feel that friction, the move isn't to fake confidence. It's to reach for AI — and reaching for it means building a repeatable method, not a one-off lucky reply. That's the whole game this week.

The prospecting story
07 / 18
AI-augmented prospecting · read the room before you reply

Who's actually on the other side?

Eric Kirschner
Principal · your contact
A firm Principal who personally built and maintains the app you'd test. Replies at 8:47 PM, terse — "Thx much." Match that energy.
Jessica Horewitz, Ph.D.
President
The company President, CC'd from the first email. Leadership is watching. This is not a side project.
Annie Dizon
Operations
Likely ops / vendor management — the one who handles scheduling and contracts.

An AI dug all of this out of public sources in minutes. And the tell: Frank called yours a "competing proposal" — there's already a price anchor on the table.

The prospecting story
08 / 18
Frank's question: "what do you need to put together a proposal?"

Give a range. Don't flinch. Don't discount.

The scope
Windows / IIS / SQL · ~25 main pages + ~40 child pages · authenticated test
The math
~25–30 hours × $250/hr (incl. 20% partner commission)
What you quote
$6,000–$7,500 — a range, not an hourly rate. No sticker shock for the intermediary.
The posture
"As early as next week." Available, not desperate. Methodology differentiates, not price.
The prospecting story
09 / 18
NOW THE WALL YOU'LL HIT

You can't write the proposal.
You don't have a scope.

You can't price a project without boundaries, and you can't draw boundaries without knowing the cost — in time and tooling. And here's the twist: you don't have a finished product sitting on a shelf. You're building it as you sell it. So before any proposal exists, you have to come find me — and learn the requirements.

The prospecting story
10 / 18
The reality of almost every real project

Scope → cost → price. In that order.

I do this on nearly every project. The difference is I have tradecraft and similar past projects to fall back on. You don't — yet. So you'll feel the gap, and you'll close it the AI-native way: discover the requirements, estimate the cost, then price.

No step can be skipped
Scope what's in, what's out
Cost hours + tooling
Price only now is it honest
A proposal without boundaries or cost is a guess. Guesses lose money.
The prospecting story
11 / 18
A lesson that has nothing to do with the test itself

Your client cannot open a markdown file.

You're AI-natives. Your clients are not. A business client expects security, professionalism, and a deliverable they can actually consume:

For the team

Detailed PDF

The full findings, formatted, branded, defensible.

For the leaders

Executive PDF

The higher-level read for Jessica and the principals.

For the record

Evidence + a presentation

Proof of every finding, walked through in person.

Delivering the product
12 / 18
The move that sets you apart

…and one deliverable the client can't even read yet.

Alongside the PDFs, ship a machine-readable deliverable: a structured tree of folders, markdown files, and an index that an LLM can be pointed at and consume directly — no human reading the PDF required.

  • It's where deliverables are heading within a year. You'd be early.
  • It marks you as an AI-native implementer — exactly the edge on projects where AI is the service.
Delivering the product
13 / 18
The product itself · more facets than you'd think

A test is the easy part. Delivering is the craft.

We're not building the perfect app-sec methodology this week. The point is to feel how many facets go into delivering any real product:

  • A methodology for running the test — repeatable, defensible. (Outside → Inside → Compliance — that's Day 7.)
  • A comprehensive report that holds up to business standards.
  • Lessons learned → a white paper that compounds your reputation.
  • Mitigation levels and the obligation question: do you offer retesting, and at what tier?
Delivering the product
14 / 18
RUNNING THE WHOLE TIME · IN PARALLEL

Every step makes the
next project easier.

Prospecting, proposal, product, delivery — underneath all of it runs one continuous loop: capture what worked as a reusable method. The prospecting reply becomes an agent. The proposal becomes a template. The report becomes a house style. That's how I leveled up my own game right before this exact project — and it's the habit you've been banking all week.

The parallel process
15 / 18
Where AI augments the business · this is your build list

Eight systems, not one lucky email.

01
Prospecting agent
Reads the room, mines for leverage, learns each time.
02
Proposal maker
Scope + cost → a priced proposal, fast.
03
House style
The look the proposal maker and reports inherit.
04
Contract framework
Negotiables vs. deal-breakers — delegated to an AI agent.
05
Product + method
The test and the way you deliver it.
06
Quality standards
What "good enough to ship" actually means.
07
Non-AI tools
Office 365 & SharePoint — clients live here.
08
Reusability
Make the whole thing run again, better.
What you'll build
16 / 18
How today runs

Talk now. Then sell, scope, and price.

Now → ~10:30

Classroom

This discussion — the friction, the story, the facets.

→ Lunch

Mock prospecting

Run the back-and-forth. Hit the wall. Come learn the requirements from me and pin the scope.

Afternoon

Proposal + logistics

Write the proposal we'll mock-execute, set up the project plan, share it all with me. App-sec method if time allows.

What you'll build
17 / 18
GO

The email's in your inbox.
Reply like a business.

You can't sell yet — so build the method that lets you. Reach for AI, hit the wall on scope, and come find me for the requirements. By the end of today you'll have a real proposal for a real project. Log your time in Harvest.

Harness · Day Six
18 / 18