diff --git a/security-guide/source/introduction/introduction-to-case-studies.rst b/security-guide/source/introduction/introduction-to-case-studies.rst
index fe3cf402..8ea57fed 100644
--- a/security-guide/source/introduction/introduction-to-case-studies.rst
+++ b/security-guide/source/introduction/introduction-to-case-studies.rst
@@ -30,9 +30,18 @@ and correlation rules to better monitor the state of her cloud.
 Case study: Bob, the public cloud provider
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Bob is a lead architect for a company that deploys a large greenfield
-public cloud. This cloud provides IaaS for the masses and enables any
-consumer with a valid credit card access to utility computing and
-storage, but the primary focus is enterprise customers. Data privacy
-concerns are a big priority for Bob as they are seen as a major barrier
-to large-scale adoption of the cloud by organizations.
+Bob is the lead architect for a company deploying a new public cloud,
+focused on Infrastructure as a Service (IaaS). While this cloud will be
+open for any consumer with a valid credit card to have access to utility
+computing and storage, the primary focus will be enterprise customers.
+This means Bob's primary certification concern is PCI compliance, and
+his tooling will be developed around the auditing and reporting there,
+as well as the specific domains included in the PCI audit. As Bob's team
+is technically skilled in the Linux domain, he will be utilizing LDAP
+for federation. With plans to scale the cloud rapidly, Bob selects an
+open source log management deployment built for large-volumes of events
+with a highly customizable view. Data privacy and security concerns are
+the top barrier to adoption of the cloud, so Bob will also implement
+strict internal processes and two-factor authentication around
+sensitive assets, as well as allowing customers to leverage this for
+logins as well.