Security-first systems for sensitive-data small businesses.

Mid-sized PNW law firm

Four-hour document load latency was eroding billable time across the firm.

work

• Root-caused the issue to ISP-level congestion on legacy DSL service
• Provisioned business fiber and cut over without downtime
• Migrated an end-of-life server environment to a supported platform

Document load times recovered from minutes to under five seconds. The firm moved onto a supported, more durable infrastructure stack.

Multi-venue restaurant group

Consumer-grade email, inconsistent Wi-Fi across locations, no identity policy.

work

• Migrated all staff to Microsoft 365 on the company domain
• Upgraded Windows 11 Home to Pro on back-of-house endpoints
• Planned VLAN and WPA3 rollout across venues for unified staff roaming

One identity, one network across every location. Endpoints current, standardized, and easier to manage.

Professional services office

No MFA, shared passwords, no incident playbook, rising phishing volume.

work

• Rolled out MFA across Microsoft 365 and line-of-business apps
• Deployed a password manager and retired shared-credential workflows
• Drafted a one-page breach response playbook tailored to the firm

MFA adopted firm-wide within 60 days. Staff have a practiced playbook and know how to use it.

Individual client

Multi-vector identity theft: banking account takeover, suspected SIM swap on the cellular line, and account and document access disrupted for months before the scope was recognized.

work

• Reconstructed the fraud timeline from bank statements, fraud-claim records, and carrier correspondence
• Coordinated directly with bank fraud personnel and the fraud liaison center to formally document each disputed transaction
• Hardened identity posture going forward with hardware MFA keys, encrypted mail, device-encryption verification, and a written travel-device protocol

Roughly 90% of stolen funds recovered through the formal dispute process. Identity and account-access posture rebuilt with hardware-key MFA and a documented evidentiary trail for any future claim or dispute.

Specialty medical practice

AI use spreading quietly among clinical staff (note-drafting, intake summaries) with protected health information landing in public cloud prompts. No policy, no audit trail, and growing HIPAA exposure on a workflow staff had come to rely on.

work

• Audited current AI use across the practice: who, what tools, what data classes, what prompts
• Deployed a local LLM stack for the workloads involving patient data, sized to the practice load
• Wrote a one-page AI use policy distinguishing local-only workflows from approved cloud workflows, plus staff training on the distinction

Patient information stopped leaving the practice network. The productivity gains staff had already discovered were preserved, on infrastructure aligned with HIPAA obligations rather than working around them.

Boutique law firm

Partners wanted AI for drafting and research, but some attorneys had already started running matter-adjacent content through public AI tools without redaction. No policy, no audit trail, no read on vendor data terms.

work

• Audited current AI use across the firm: tools, matters touched, prompts in and content out, plus vendor terms (retention, training opt-out, audit posture) for each tool already in play
• Designed a dual-track adoption pattern: local LLM for first-pass draft work involving matter content, vetted cloud APIs for non-matter tasks
• Trained associates and staff on the distinction with worked examples specific to the firm

Productivity benefit of AI without sending matter content to cloud vendors whose terms or audit posture did not meet the confidentiality bar. The dual-track pattern is documented and survives staff turnover.