Cybersecurity Compliance & IT Modernization
Took a multi-location dealer group from zero security posture to full FTC Safeguards Rule compliance in six months.
The Problem
A multi-location dealer group had no functioning IT operation. The previous IT manager had been let go, and in roughly a year on the job had lost all documentation inherited from his predecessor, who had held the role for over two decades with no formal IT background.
The result was exactly what you'd expect: flat network architecture with no segmentation, a minimal Active Directory with no group policies, no hybrid cloud presence, no security policies, no endpoint management, no documentation. Two decades of ad-hoc decisions stacked on top of each other with no one qualified steering it.
As a dealership group handling customer financial data, the FTC Safeguards Rule was about to take effect, and the organization met effectively none of its requirements. They needed full compliance within six months.
What We Did
Assessment & Baseline
Conducted a full environment assessment across all 9 locations: endpoints, servers, network infrastructure, and security controls. The assessment confirmed what was already obvious: there was no foundation to build on. Everything had to be built from scratch.
Network Overhaul
Executed a complete network refresh across all 9 sites: new firewalls, proper VLAN segmentation, and the network isolation required for both compliance and basic operational security. Replaced a flat architecture where everything talked to everything with a properly segmented environment. This was the prerequisite for everything else. You can't enforce security policies on a flat network.
Identity & Access Management
Rebuilt Active Directory from the ground up with proper OU structure, group policies, and access controls where essentially none had existed. Migrated the environment to a hybrid Azure AD setup and rolled out MFA organization-wide. Took the company from shared credentials and no access controls to a modern identity foundation that could actually scale.
Security Posture & Policy
Deployed ConnectWise Automate for centralized endpoint management, patching, and monitoring across all sites, giving the organization its first real-time view of ~300 endpoints. Implemented endpoint protection, email security with phishing protection and spam filtering, and a security awareness training program that achieved a 98% pass rate.
Built the IT policy framework, backup and disaster recovery plans, and incident response plan from scratch, all based on ISO and SANS standards. Worked with vendors to verify compliance eligibility and bridge gaps where needed. Documented all infrastructure, procedures, and policies from scratch.