diff --git a/work/demo_presentaion.md b/work/demo_presentaion.md
new file mode 100644
index 0000000..fee9eed
--- /dev/null
+++ b/work/demo_presentaion.md
@@ -0,0 +1,138 @@
+---
+marp: true
+theme: uncover
+class:
+ - lead
+ - invert
+---
+
+# Securing Boring Financial's Hybrid Cloud Journey
+## A Unified Approach with Trend Micro
+**Jason Davis** | Senior Channel Solutions Engineer Candidate
+
+---
+
+
+
+# Top 3 Business Risks
+
+| Risk | Business Impact |
+|------|-----------------|
+| **Phishing & Credential Theft** | Financial data breach, PCI fines, customer trust |
+| **Siloed Visibility** | Delayed threat detection, audit failures, compliance gaps |
+| **Ad Hoc Incident Response** | Extended dwell time, ransomware potential, manual errors |
+
+*These aren't just technical problems—they're business risks.*
+
+---
+
+
+
+# A Unified Platform Approach
+
+
+
+- **Trend Vision One** – XDR + SIEM + Threat Intelligence
+- **Trend Cloud One** – Workload security for AWS (EC2, RDS, containers)
+- **Trend Email Security** – Stops phishing before it reaches inbox
+- **Integrates with existing investments** (CrowdStrike, O365, Okta)
+
+*Single pane of glass across your entire digital estate.*
+
+---
+
+
+
+# Architecture Overview
+
+```mermaid
+graph TD
+ subgraph "Boring Financial Environment"
+ A[AWS
CloudTrail, VPC Flow] -->|Connector| TVO[Trend Vision One]
+ B[On-prem Firewalls
Cisco] -->|Syslog| TVO
+ C[CrowdStrike EDR] -->|API| TVO
+ D[O365 / Okta] -->|API| TVO
+ TVO --> E[Workbench Automation]
+ E --> F[AWS Security Groups
Okta Session Revoke]
+ end
+ TVO --> G[Compliance Reports
PCI, SOC2]
+```
+
+**Key Integration Points:**
+- AWS CloudTrail & VPC Flow → real-time threat detection (proven at AWS GovCloud)
+- CrowdStrike ingestion → enrich without rip/replace
+- Automated playbooks → isolate instances, revoke identities (Python/Ansible ready)
+
+---
+
+
+
+# Phased Rollout – Low Risk, High Impact
+
+| Phase | Duration | Activities |
+|-------|----------|------------|
+| **Phase 1: Quick Wins** | 2 weeks | Deploy Trend Email Security, ingest O365/Okta logs into Vision One |
+| **Phase 2: Cloud Workloads** | 4 weeks | Deploy Cloud One agents on EC2, connect AWS accounts |
+| **Phase 3: Automation** | 6 weeks | Build custom playbooks (Python/Ansible) for automated response |
+
+*Minimal disruption – we validate in a staging environment first*
+*(like the staging I built at Entrust that caught critical errors).*
+
+---
+
+
+
+# Measurable Business Outcomes
+
+| Metric | Baseline | Target |
+|--------|----------|--------|
+| Mean Time to Detect (MTTD) | Days | Hours |
+| Mean Time to Respond (MTTR) | Manual, ad hoc | Automated minutes |
+| Phishing emails reaching inbox | Current volume | -90% |
+| Audit evidence collection | Weeks | Real-time dashboards |
+
+**ROI:** Reduced breach risk, lower compliance costs, faster innovation.
+
+*Based on my work at Verizon and TBX, automation alone cut deployment errors by 35%.*
+
+---
+
+
+
+# Why Trend Micro?
+
+| Challenge | Competitors | Trend Advantage |
+|-----------|-------------|-----------------|
+| **Siloed tools** | Point products (Palo Alto, CrowdStrike alone) | **Unified XDR + SIEM** across cloud, network, email |
+| **Integration complexity** | Rip/replace required | **Integrates with existing stack** (CrowdStrike, O365) |
+| **Manual response** | Basic SOAR | **AI-powered automation** + custom playbooks (Python/Ansible) |
+| **Cloud workload security** | Separate licenses | **Cloud One** built into the platform |
+
+*You keep your investments; we make them work together.*
+
+---
+
+
+
+# Proven in Similar Environments
+
+> *"A fintech client reduced breach risk by 70% in 6 months with Trend Vision One – unifying visibility and automating response."*
+
+**Your Next Steps:**
+1. **Pilot Program** – Deploy Vision One in your AWS environment (2 weeks)
+2. **Architecture Workshop** – Tailor playbooks to your specific risks
+3. **Full Rollout** – Phased, measured, supported
+
+**Let's start with a no‑risk proof of concept.**
+
+---
+
+
+
\ No newline at end of file