A guide to applying the cowork kit you already have to your next flagship event. This is not theory. The April 29 workshop generated real ad sets, real PowerPoint decks, real email copy, and a live published landing page in 120 minutes. You can do the same for IC2 starting today.
What this is: a guided walkthrough that turns the April 29 workshop's pattern (real assets shipped through Cowork in 120 minutes) into a repeatable chain you can run for October IC2 today. How to use it: start with the orange kickoff box below — paste two prompts into Cowork and point at one Monday subitem. Drop into the deeper stages (L1 → 5) only when you need the why behind a step. Every claim has a Monday Doc link (↗) for one-click verification.
Don't read the whole guide first. Open Cowork, paste two prompts, point at one Monday subitem you own. The chain produces real assets — emails, ads, landing pages, decks — and writes them back to the subitem with a Voice Pass record attached. Esty reviews in <2 minutes. Same pattern that produced the SANS suite. Same pattern for IC2.
The April 29 workshop demoed the cowork kit. The recap surfaced that the materials were hard to absorb. This guide makes them usable: it walks the SANS Spring CSF pattern (real worked instance, all 7 slots produced live, landing page actually published) and shows what changes for October IC2 (with explicit slots for what Esty & Brittany fill in).
All voice rules, proof points, role-holders, SOPs, and asset specs are already canonicalized in Monday Docs in the AI Integration workspace. Click any monospace path with ↗ to open the canonical doc. All links open in a new tab.
Three layers, two prompts, one chain — six Standard Works.
GTM Foundations
Reconciled ICP · Buyer Personas · Positioning. Authored by the L1a Auto-GTM Commission, reconciled against workshop GTM Foundations work, promoted to canonical Monday Docs in the Layer 1: Foundations folder. See Stage L1 below.
Campaign frame
Campaign Execution Plan · Campaign Bill of Materials · Messaging Playbook · Measurement Framework. New for each campaign — SANS has its set; IC2 needs its own.
Event instance
Strategic brief (SW-01) · JSONB data files · per-asset hydrated specs. SANS lives in kit/data/sans_*.jsonin zip + the workspace’s SANS 2026-05-05 Instance Index; IC2 needs its own data files.
The cowork kit (regscale-webinar-cowork-kit.zip) is what a Cowork session needs in-hand to execute. The full governance lives canonically in Monday:
Master SOP · SOP - Webinar Lifecycle (master) (v1.2, production-ready) — pipeline overview, 6 Standard Works, 6 Quality Gates (QG-0 through QG-5), Webinar BOM Template (v0.3, 14 assets), Quality Rubric.
Sibling SOP suites · SOP — Brand Voice Stewardship (style gate) · GTM Messaging Book (substance gate) · SOP — Campaign Brief to Multi-Asset · SOP — Asset Specification Library · SOP — Board Creation & Schema Management · Codification Framework — Concepts.
Heuristic: the kit is what the team carries; Monday is the canonical reference. The Cowork Session Orientation is the entry point that loads everything else.
Pre-loaded grounding for the IC2 brief. Canonical Monday Docs in the Layer 1: Foundations folder.
When Esty/R3 authors the IC2 strategic brief, these are the menus to pick from — not new analysis to commission. Pick the ICP IC2 targets (likely Federal given the “flagship” framing). Pick 1–2 primary personas (likely CISO + Compliance/Audit Manager for a federal compliance event). Pick 1–2 messaging pillars (likely P1 Speed + P2 Real-Time Visibility). Use the locked positioning verbatim. The brief becomes a fill-in exercise rather than a strategy exercise.
A complete pre-cooked worked example of the chain end-to-end, sitting in Monday for both human reference + Cowork pull.
A second event already walks the entire chain — to be read by humans and Cowork alike.
The April 27 capability test took the FS-ISAC FY27 webinar (a flagship financial-services compliance event) all the way through the 6-SW chain in sandbox. Strategic brief, BOM Layer 1, asset bundle manifest, landing page copy, T-7 promotion email, day-of execution trace notes, post-session recap email, paired-gate review record, post-event Report & Review — every artifact a working campaign produces, sitting in Monday at canonical structure. The team can open any one of these to see the shape it should take for IC2. Cowork can pull these as worked examples when generating IC2’s analogs.
Why it’s valuable: the SANS instance focused on Movement 2 (asset production for one webinar). The FS-ISAC sandbox covers the full lifecycle — SW-00 commitment through SW-05 follow-up — so when IC2 needs a SW-04 day-of kit or a post-event Report & Review template, this is the canonical analog to mirror.
Real data from kit/data/sans_webinar.json + the workspace’s SANS instance index. Test run — pipeline test, not approved marketing. Outputs were generated April 29 in workshop.
“Watch how engineering teams clear FedRAMP authorization in 90 days, not 18 months — without slowing engineering velocity.”
James Bond
RegScale platform lead
FedRAMP authorization architect
Travis Howerton
CEO/Founder, RegScale
Former CTO at U.S. NSA · Former federal CIO
Canonical Monday reference: SANS — SW-01 Strategic Brief · SANS — Webinar BOM · SANS — SW-00 Commitment Applied
The April 29 Workshop Sandbox board produced these tangible work products through Cowork. Every asset linked below was authored by Cowork running against a Monday subitem, voice-passed by Esty, and committed to Monday. Live assets are publicly addressable URLs.
Subject: “FedRAMP in 90 days. Join us May 5.”
Full email body authored by Cowork, drafted by Field Marketing Operations role (Amanda's slot). Voice-Pass / Approved. CCM term used canonically; 3 verbatim Register entries. Pre-header: “Continuous monitoring is architecture, not a feature. See it live.”
Open Slot 2 in Monday12 SVG ad variants + LinkedIn body
300×250 + 12 IAB sizes (160×600, 728×90, 970×250, 1080×1080, 1200×627, etc.) + full LinkedIn paid post. Voice-Pass / Approved. CCM term verbatim; full Travis NSA/CIO heritage cited. Live ad set gallery deployed to Cloudflare Pages.
Open Slot 3 in MondaySANS-Spring-CSF-2026-Speaker-Deck.pptx
Slide 9 (Why Us · Proof) authored by Cowork — section label, headline (“We run on what we ship”), Travis verbatim heritage citation, FedRAMP High Authorized callout. PPTX file attached to Monday subitem. SVG thumbnail + JSONB instance + speaker notes also produced.
Open Slot 4 in MondayRun-of-show + dial-in + backup tech
Six-section operational document: T-30 to T+45 timeline, dual-platform backup (Zoom failover with 1Password vault credentials), recording verification, exit criteria. Voice-Pass / Approved (partial-scope: participant-facing portions only).
Open Slot 5 in MondayPost-event PoC follow-up artifact
3 verbatim Register proof cards (90 days · 60% · 8x), three-pillar differentiation (practitioner heritage / headless middleware / system-specific). Advanced-track gate sequence (SW-02 substance gate THEN SW-01 voice review). Audience: BDR Josh's qualified PoC leads.
Open Slot 6 in MondaySANS landing page · publicly addressable URL
Movement 3 capstone. Self-contained HTML landing page hydrated entirely from canonical kit sources (sans_brief.json + sans_webinar.json + proof-points-register.md + M2 voice-passed content). Deployed to Cloudflare Pages. HTTP 200 verified. Zero new copy — every word voice-passed in Movement 2.
regscale-workshop-2026-04-29.pages.devThe point: these aren’t demos or sketches. The PPTX file opens in PowerPoint. The 12 SVGs render in any browser. The landing page is live on Cloudflare. The email body would send. This is what 120 minutes of Cowork against a 6-slot Monday board produces. Same chain — same prompts, same kit, same SOPs — runs against IC2’s subitems and produces IC2’s assets.
Federal contractors face a familiar dilemma: ship engineering work or clear compliance gates. The traditional path treats these as a trade-off.
FedRAMP 20x kicks off 2026–2027 — explicitly built around continuous monitoring. Gartner 2026 recognized continuous monitoring as a distinct category.
On May 5, we’ll cover Continuous Controls Monitoring (CCM) architecture, customer proof, AI’s role, and DevSecOps integration. Architecture note: RegScale is true middleware — most users never log in.
Sessions are part of the SANS Spring Cyber Solutions Fest 2026. Register through SANS to attend live or get the recording.
14 entries total in the canonical Proof Points Register. Never paraphrase — auto-fail at SW-01 voice gate.
Side-by-side: what stays vs. what swaps. Brittany & Esty fill the right column.
| Element | Stays the same | Changes for IC2 |
|---|---|---|
| Layer 1 foundations ICP, Personas, Positioning, Pillars (canonical) | SAME — canonical in Layer 1: Foundations folder; menu in Stage L1 | SAME — pick from menu; no new analysis |
| Voice rules 5 principles + forbidden words + CCM gate | SAME — SOP — Brand Voice Stewardship | SAME — no new voice work needed |
| Proof points 14 verbatim metrics | SAME — Proof Points Register | SAME — subset selected per asset, never paraphrased |
| Asset specs & Webinar BOM Schema + 14-asset canonical inventory | SAME — SOP — Asset Specs + Webinar BOM Template | SAME — same shape; subset per IC2 format |
| SOPs Webinar Lifecycle (6 SWs) + foundational | SAME — SOP — Webinar Lifecycle + sibling suites | SAME — same procedure, all 6 quality gates |
| Role-holders + gatekeeper | SAME — Role Holders FY26; VP of Marketing Esty is gate; Morgan backup | SAME — same review chain |
| Strategic brief (SW-01) why-anything / why-now / why-us | NEW — SANS SW-01 brief + FS-ISAC FY27 brief | NEW — Esty/R3 authors IC2’s brief; same shape; pick from L1 menus |
| Campaign-level JSONB title, dates, speakers, hero offer, KPIs | NEW — sans_webinar.json | NEW — ic2_event.json with IC2 facts |
| Per-asset JSONB subject, body blocks, proof selection | NEW — sans_email_*.json × 4 | NEW — ic2_email_*.json hydrated by Brittany |
| Monday board + subitems parent + slots for the cowork chain | NEW — Workshop Sandbox board (with all 7 slots produced) | NEW — IC2 item on Active Marketing Programs (or new sandbox); use SOP — Board Creation & Schema Mgmt |
Six rows stay; three rows change. The three changes are the per-event work that always needs doing for any new campaign.
Two prompts copy-pasted. One Monday subitem you own. Real assets attached to that subitem in 15 minutes.
kit/prompts/01-orientation-chain.md. Copy its full contents. Paste into Cowork chat. Cowork loads Layer 1 (foundations) → Layer 2 (campaign frame) → Layer 3 (event instance) and confirms each layer before advancing per the Cowork Session Orientation. ~5 minutes.kit/prompts/02-pull-and-execute.md. Copy. Paste. Cowork pulls the role-holder’s assigned subitem from Monday — for IC2, this would be a subitem the team creates on the Active Marketing Programs board. For the workshop, slot subitems were on the Workshop Sandbox board. Cowork reads the linked SOP, executes the procedure.Asset Draft column gets the body content, Asset Files gets the rendered file (PPTX, SVG, etc.), SPA Preview URL gets the suite-demo route, Workshop Status = Ready for Review. You can verify this happened by looking at Slot 2 (T-14 Email) in the Workshop Sandbox subitem board — every column populated by Cowork on April 29.@Esty — Slot N ready for SW-01 Voice Review. Substance review (Messaging Book SW-02) precedes style review (Brand Voice SW-01) per the Brand Voice SOP Key Rule.gate Slot N. The Voice Review Quick-Scan runs in ≤2 minutes (anti-pattern check + 5-principle scoring). Status updates to Voice-Pass / Approved, Drafting (conditional), or Blocked (show-stopper). Backup gatekeeper if Esty is occupied: Morgan. The April 29 workshop produced 7 Voice Pass records across 4 gate sweeps in <2 minutes per asset — see Slot 1’s gate sweep record.Same two prompts work for every future campaign. Different board ID. Different campaign. Same chain. Today, you could open a Monday subitem you own — say a real promotional email task or a real landing page draft task — paste these prompts into Cowork, and have the asset back in your Monday subitem within 15 minutes.
Canonical text from SOP — RegScale Brand Voice Stewardship (v2.0).
Uses Continuous Controls Monitoring (CCM) as the category language. Positions CCM per the Messaging Book Differentiation file as a “structural difference, not a feature comparison” and as a “foundation, not a feature.” Critical: do not drift to Continuous Compliance Monitoring — the canonical RegScale term is Continuous Controls Monitoring.
RegScale’s voice cites practitioner heritage as the source of authority. “Built and run by industry veterans,” “founder served as CTO of a U.S. National Security Agency,” “Chief Product Officer built the AWS compliance programs from scratch.” Generic industry-leading voice that doesn’t cite practitioner depth is off-voice.
Every speed, efficiency, or scale claim uses the verbatim numbers from the Proof Points Register, not paraphrased ones. “FedRAMP High in 90 days vs. 12–18 months” — not fast FedRAMP. “1M+ assets actively managed” — not many customers. The 14-entry Register is enforced as schema enum on proof_points_used_verbatim.
RegScale’s product narrative organizes around customer systems, not around frameworks. Voice that frames RegScale as we do SOC 2 + FedRAMP + ISO misses the positioning. Voice that frames it as “compliance ties to your actual systems across all frameworks” is on-voice.
RegScale’s adoption narrative is “most users never log into RegScale at all — they simply work in their existing tools while RegScale operates in the background.” Voice that frames it as “true middleware” integrating with CrowdStrike / GitLab / Snyk / Jira is on-voice.
Any draft using Continuous Compliance Monitoring fails the SW-01 anti-pattern gate at ≤30 seconds and routes back to drafting. Hard substitution. Common AI drift — expect it; gate it.
leverage (verb)transformativesynergizeunlock valueseamlessbest-in-classnext-generationholisticLearn more
holistic is OK only when followed by an enumeration of what’s included. Generic CTAs like Learn more always fail.
Roles + gate authority for every campaign. Source: Role Holders FY26 (Canonical).
| Slot | Role | FY26 holder | Owns · Workshop subitem |
|---|---|---|---|
| Slot 1 | VP of Marketing · Brand Gatekeeper | Esty Peskowitz | SW-01 Quick-Scan reviewer · brand gatekeeper · backup: Morgan. April 29: Slot 1 cascade demo + 4 gate sweeps |
| Slot 2 | Field Marketing Operations | Amanda Greenspan-D’Souza | Landing page copy + email drafts · ~81% of board activity. April 29: Slot 2 T-14 email body draft |
| Slot 3 | Paid Media Contractor | Elyse Hoekstra | LinkedIn paid + Google Ads + IAB ad set. April 29: Slot 3 ad set + LinkedIn paid post |
| Slot 4 | Brand & Design Lead | Morgan Johnson | Deck design + visual assets. Backup gatekeeper. April 29: Slot 4 deck slide 9 (Why Us proof) |
| Slot 5 | Field Marketing Lead | Brittany Gleason | Owned-event execution + commitment + tier classification. April 29: Slot 5 SW-04 Day-of Execution Kit |
| Slot 6 | PMM Lead | Alex White | Product marketing · positioning · one-pagers. April 29: Slot 6 SW-05 analyst one-pager |
| Role | FY26 holder | Owns |
|---|---|---|
| CEO/Founder | Travis Howerton | Executive concept input on Federal/PS opportunities. Speaker pattern. Voice principle 2 anchor: former CTO at U.S. NSA, former federal CIO. |
| Marketing Operations Lead | Jon Collette | HubSpot, Salesforce, WPEngine ops. Recording processing. Off-hours WPEngine push owner. |
| Web Implementation Partner | Hong Diaz | WPEngine staging→prod builds. Design execution support. |
| Federal/PS Technical SME | Dave Waltermire | Policy & Compliance Messaging Book section technical adjudication. |
| Social/Content Lead | Gabrielle Hovendon | Social calendar, newsletter, LinkedIn cadence, clip publishing. |
| Engagement Lead (Elynox) | Daniel @ Elynox | Workshop facilitation, SOP codification. Maintenance owner for the Role Holders doc. |
Three new authoring jobs. The rest of the kit + Monday Docs apply as-is.
ic2_brief.json) — same shape as sans_brief.json or FS-ISAC FY27 brief: campaign name, audience segment (pick ICP from Stage L1), persona distribution (pick 1–2 personas), why-anything / why-now / why-us, channel commitments, cross-asset consistency commitments. Author per SOP — Campaign Brief to Multi-Asset; pick messaging pillar from Stage L1 (P1–P5).ic2_event.json + ic2_email_*.json etc.) — hydrated by Brittany from the brief and the asset specs library. Same shape as the SANS files in the kit. Reference the Webinar BOM Template (v0.3, 14 assets) to scope which assets IC2 needs. Authoring procedure: SOP — Asset Specification Library.Asset Draft column. Use SOP — Board Creation & Schema Management for column schema.QG-5 (post-event Report & Review) is non-negotiable.
The most instructive moment in the SANS lineage isn’t a success — it’s a failure. The FedRAMP 20x in Motion Webinar (Nov 19, 2025, Carahsoft co-marketed; Monday item 9257948251) executed all six phases through follow-up. The Report & Review subitem was scheduled for T+33 (Dec 22, 2025) and was cancelled in March 2026. That cancellation is the single failure mode the entire Webinar Lifecycle SOP exists to prevent.
QG-5 (the gate that closes a webinar) requires the Report & Review filed. The webinar Monday item cannot move to Closed without it. Status Update Cadence weekly checkpoint surfaces drift if R&R subitem ages past T+30. For IC2: the chain doesn’t close on the day of the event. It closes when the lessons are filed and the next campaign benefits from them. Default R&R owner per FedRAMP 20x pattern: Marketing Operations Lead [Jon Collette]. The Chain 1 Sandbox includes a Post-event Report & Review template for FS-ISAC FY27 — the canonical analog for IC2’s eventual R&R.