Revenue & Service Line Map

Kindo × Deloitte Cyber Operate — Strategic Revenue Architecture
Source: May 7, 2026 in-person session + May 19, 2026 scope call (Tony × Joana) · Scope matrix: 42 items, 5 categories
1 Revenue Classification
Contracted scope (table stakes) vs. Alliance revenue (net new growth T&C creates)
Contracted Scope
$5.5M
Annual license — table stakes. No net new revenue. Higher cost to deliver because institutional knowledge must be built to enable value capture.
  • A.1Threat MonitoringIK LOW✅ PROD
  • A.2Threat IntelIK LOW✅ PROD
  • A.3Threat HuntIK LOW✅ PROD
  • A.4Detection EngineeringIK LOW✅ PROD
  • A.5CTEMIK LOW🔨 BUILT
Alliance Revenue — Net New
$1–2M+
Growth that only T&C can create. Deloitte goes from $5.5M/yr to $6.5–7M+. T&C gets a share because T&C is the only entity discovering, designing, and delivering this expansion.
  • A.6Vitals DashboardIK HIGH📋 PLANNED
  • A.7Quality Audit AgentIK HIGH📋 PLANNED
  • A.8Cloud Security AgentIK HIGH📋 PLANNED
  • A.9IR AgentIK HIGH📋 PLANNED
  • A.10IoT/OT MonitorIK HIGH📋 PLANNED
  • A.11Custom Client AgentsIK HIGH📋 PLANNED
  • A.12Identity Agent → IdaaSIK HIGH📋 PLANNED
  • A.13GRC Agent → GRC aaSIK HIGH📋 PLANNED
Revenue trajectory — Annual
$5.5M contracted
$1–2M+ new
$5–12M+ upside (2–3× expansion)
Contracted (A.1–A.5) Alliance net new (A.6–A.13) Full expansion potential (service lines + Mythos + clients)
The growth thesis: A.1–A.5 is the foundation — building institutional knowledge into the platform while delivering the contracted scope. A.6–A.13 is the return on that investment: net new revenue that emerges as agent coverage expands across service lines and into client deployments. Kush and Krishna are aligned on this growth — every new agent drives EBITDA gains for Deloitte and revenue opportunity for Kindo.
2 Service Line Expansion Map
Kush's 6 service lines under Cyber Operate — current agent coverage vs. whitespace opportunity
ACTIVE
D&RaaS
Krishna · Kero (front office) · Adelina (back office)
4 in production + 1 built + 6–8 on roadmap
Rahul (TM Lead) · Zun Huang (Eng) · Matt (SDM)
70%
Scope items: A.1A.2A.3A.4A.5A.6A.7A.8A.9A.10A.11
WHITESPACE
Identity aaS
Tim Corder + Ravi
0 agents — no coverage
Gateway to IAM institutional knowledge
T&C relationship needed with Tim Corder
0%
Scope items: A.12
WHITESPACE
App Security aaS
TBD Leader
0 agents — no coverage
No scope items assigned yet
No relationship established
0%
No scope items — pure greenfield
EARLY
CaaS
Nathan Ellis
0 agents — relationship established
"Equally if not more important" — Kush
Critical for first 5–7 client deployments (with Harish)
5%
Scope items: A.11 (custom agents) · Deployment readiness
WHITESPACE
GRC aaS
Nathan Ellis (cross-role)
0 agents — planned Phase 4
GRC compliance domain
Meta demo interest (Krishna cross-role)
0%
Scope items: A.13
EARLY
Cloud + Infra Security
TBD Leader · Bhargav (India)
0 agents on Kindo — early signal
Bhargav already moved firewall provisioning to Kindo at insurance company
Proof of organic adoption
8%
Scope items: A.8 (Cloud Security Agent)
"Every agent for me is a net new revenue goal. Either it brings new revenue dollars, or it drives better profit margins."
— Krishna, May 7, 2026
Blue Ocean Territory: 5 of 6 service lines have zero or near-zero agent coverage. D&RaaS is the beachhead — proven model, proven agents, proven team. Each new service line follows the same pattern: relationship → institutional knowledge capture → agent design → deployment → EBITDA proof → expand. The expansion playbook from D&RaaS becomes the template for every other line.
3 Agent Packaging Framework
From Kush (May 7): "Packages of agents deployed per service line or per discipline" — three-tier model
Tier 1 — Core Package
Standard Agent Set
Out-of-the-box agents that ship with every MXDR deployment. Contracted scope. Template configurations.
  • Threat Monitoring (A.1)
  • Threat Intel (A.2)
  • Threat Hunt (A.3)
  • Detection Engineering (A.4)
  • CTEM (A.5)
  • Vitals Dashboard (A.6)
Revenue: Built into $5.5M license
Tier 2 — Service Line Package
Discipline-Specific Agents
Packages tailored per service line. Built once from IK capture, deployed to multiple clients. This is where the "build once, sell many" model kicks in.
  • Quality Audit (A.7)
  • Cloud Security (A.8)
  • IR Agent (A.9)
  • IoT/OT Monitor (A.10)
  • Identity Agent (A.12)
  • GRC Agent (A.13)
Revenue: $1–2M+ alliance net new
Tier 3 — Bespoke Client Package
Custom Agent Development
"Bespoke for billions" — per-client custom agents for F50/F100 dedicated MSS. Complex orchestration workflows, unique environments. The highest-margin work.
  • Custom Client Agents (A.11)
  • Account Reset Orchestration (Krishna ex.)
  • Client-specific response playbooks
  • Environment-specific integrations
  • Custom MCP servers (private)
Revenue: Per-client, high margin, recurring
Why packaging is the revenue multiplier: Krishna (May 7): "When we go to a client, we'll say — out of the box you get these 6 agents. But every client, especially the big ones, the shared MSS and dedicated MSS models — 'I need you to solve a bunch of these other problems. Build custom agents for me.' And that's a much faster pace for us." Each tier compounds: Tier 1 earns the right to sell Tier 2. Tier 2 creates the patterns for Tier 3. All IK flows back into the flywheel.
4 The Operating System Flywheel
Why T&C is the indispensable growth engine — the loop Ron needs to see
🤝
Tony × Service Lines
Relationships across all 6 lines
🧠
IK Capture
Domain knowledge from each line
Agent Design + Build
Team + Warren at speed
📊
EBITDA Proof
Track gains per agent
📈
Upsell Justification
Deloitte → Client → More revenue
"The pace you'll see accelerate in a significant manner once we do a couple of client engagements. Because on those engagements, while our scope might be this, we always do continuous improvement. We always start to show more — and that's how we expand."
— Kush, May 7, 2026
Kindo × Deloitte — Revenue & Service Line Map · T&C Confidential Generated 2026-05-23 · Sources: May 7 in-person (82p), May 19 scope call, scope matrix (42 items)