Author Archives: Sydney Pujadas

Executives across industries are under pressure to determine how AI fits into their growth strategies, competitive positioning, and long-term value creation. Yet, for many mid-market organizations, the challenge isn’t why AI matters, it’s how to start planning effectively.

At Thrive, we see too many businesses rushing into AI without a clear strategy, only to waste resources or introduce risk. Instead, the first steps toward AI adoption should be deliberate and business-driven; research has shown that 95% of AI projects fail to hit any cost savings or revenue generation.

1. Start with Strategic Objectives

AI is a means to an end, not the end itself. Before considering tools or platforms, identify the outcomes that matter most to your business, such as:

• Improving profitability by reducing operational inefficiencies.
• Enhancing customer retention through personalized experiences.
• Strengthening resilience by predicting and mitigating risks.

Framing AI use in terms of measurable business objectives can make sure that every initiative contributes to growth or stability, not just experimentation.

2. Evaluate Organizational Readiness

AI success isn’t just about data or algorithms, it’s about whether your business is prepared to integrate new capabilities. Key business-focused questions to ask:

• Do you have leadership buy-in for AI initiatives?
• Who will lead this AI initiative?
• Are your teams aligned on where AI can deliver value?
• Do you have a plan for risk management, governance, and compliance?

An AI readiness assessment prevents wasted effort and helps prioritize realistic organizational initiatives.

3. Identify High-Value, Low-Risk Use Cases

The best AI strategies begin with targeted wins. Instead of trying to transform your organization overnight, focus on initiatives that are impactful yet manageable. For example:

• Streamlining back-office operations to reduce costs
• Enhancing customer support with AI-driven insights
• Leveraging predictive analytics to improve decision-making

These focused, smaller projects prove value, generate momentum, and help build internal trust and executive buy-in for AI.

4. Establish Guardrails Early

AI introduces new risks for organizations, such as bias, misinformation, compliance gaps, and security vulnerabilities. Leaders should define governance policies before scaling adoption. This means setting clear standards for:

• Responsible data usage
• Alignment with regulatory requirements
• Transparency and accountability in automated decision-making

By putting governance first, businesses avoid reputational risk and maintain stakeholder confidence.

5. Invest in People and Change Management

AI won’t succeed in isolation. Leaders of organizations must equip their teams with the knowledge, training, and confidence to use AI effectively. More importantly, they need to foster a culture where AI is seen as a tool to enhance decision-making and efficiency, not replace jobs. Successful AI strategies balance technological investment with organizational alignment.

An AI strategy is not a technology roadmap, but a business roadmap powered by technology. By starting with strategic objectives, aligning your organization, selecting the right use cases, embedding governance, and supporting your people, you can create a foundation for sustainable, value-driven AI adoption.

Thrive helps mid-market businesses take their first steps with AI the right way: focused on outcomes, compliance, and long-term growth. Contact Thrive today to learn more about how AI fits into your business strategy, from planning to execution.

Email has always been a key tool for businesses to communicate internally and with customers. However, as reliance on email continues, cybersecurity risks have become more frequent and sophisticated. Phishing, spoofing, and other email-based attacks have continued to evolve, posing a significant threat to organizations. Thrive’s DMARC (Domain-based Message Authentication, Reporting, and Conformance) solution addresses these challenges, offering a powerful tool to enhance email security and deliverability while meeting regulatory compliance requirements across industries.

What Is DMARC?

DMARC is an email authentication protocol designed to protect domain owners from unauthorized use of their domains, such as spoofing or phishing attacks. It ensures that legitimate emails reach their intended recipients while blocking potentially harmful emails from landing in employee and customer inboxes. DMARC builds upon the email validation systems SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) which help identify illegitimate emails. DMARC delivers policy-based directives on what email systems should do with flagged messages so that they are quarantined, rejected or delivered in real-time. By using DMARC, businesses can improve email deliverability and reinforce trust in their communications.

Thrive’s DMARC Solution: Simplified Management and Unmatched Value

Thrive’s DMARC solution is more than just a security enhancement—it’s a streamlined, cost-effective service that integrates seamlessly into Thrive’s broader platform. Here’s why it stands out:

1. Platform-Agnostic and Independent
Thrive’s DMARC solution works across all email platforms—whether you use Microsoft 365, Google Workspace, or another hosting service. It is also independent of your existing email security system. No matter if your organization is using Proofpoint, Mimecast, Avanan, Microsoft Defender, or any other system, the Thrive DMARC solution is compatible.

2. Centralized Reporting for Better Analysis
The solution collects the DMARC reports sent back by your email recipients, and centralizes the data in one place for analysis. Easy-to-read reports will highlight undelivered email with recommendations for how to correct any potential misconfigurations. Once security controls are tuned, the service will provide guidance for implementing stricter settings to prevent email spoofing.

3. Regulatory Compliance Made Simple
With growing regulatory requirements, such as PCI DSS, and policy changes by email providers like Google and Yahoo, implementing DMARC has become essential for businesses. Thrive’s solution helps businesses stay ahead of these requirements, ensuring compliance and maintaining a competitive edge.

Who Benefits from Thrive’s DMARC Solution?

This service is tailored for organizations at any stage of DMARC implementation:

• No Setup: Businesses that haven’t implemented DMARC and need expert guidance.
• Incorrect Setup: Those who attempted setup but left gaps that compromise effectiveness.
• Monitor Mode: Organizations that set DMARC in monitoring mode but haven’t moved to full enforcement.
• Fully Set Up: Companies with DMARC fully deployed who need ongoing management and reporting.

Why Act Now?

Failing to implement or properly manage DMARC can significantly impair your business’s ability to communicate effectively internally and externally. Emails not reaching their destinations can lead to missed opportunities, diminished customer trust, and potentially harm your organization’s reputation. By deploying Thrive’s DMARC solution, you:

• Enhance email security
• Achieve better email deliverability
• Ensure compliance with evolving standards
• Gain peace of mind with expert management

Thrive’s Role in Your Email Security Strategy

Thrive’s DMARC solution is not just about protecting your domain from misuse—it’s about empowering your business. With centralized management and expert support, Thrive ensures that your DMARC setup is optimized, compliant, and continuously monitored.

Start safeguarding your email communications today. Contact Thrive to learn more about how our DMARC solution can secure your domain, improve deliverability, and keep your business running smoothly.

At Thrive, we believe technology should create real business value. That’s why we built Thrive NextGen, our differentiated MSSP platform and partnership model designed to help organizations transform their IT into a competitive advantage.

Leadership in Technology and Innovation

The Thrive NextGen platform is powered by ServiceNow, the gold standard for enterprise technology service providers. This foundation enables us to deliver advanced solutions with unmatched scale, visibility, and efficiency.

Our platform integrates the latest technologies, including AI, automation, and digital experience monitoring (DEX), to enhance security, ensure efficient operations, and create exceptional user experiences.

We are also one of the few MSSPs aligned with Gartner’s Cybersecurity Mesh Architecture (CSMA), providing comprehensive security, intelligence, and effectiveness. With Thrive, customers are protected from all angles.

Industry Experience That Makes the Difference

Our “secret sauce” is our people. The Thrive team combines deep technical expertise across AI, cybersecurity, cloud, compliance, and managed services with decades of industry experience.
We serve clients across every vertical, such as finance, healthcare, education, legal, and more, each with its own unique set of challenges. That’s why we offer specialized advisory services, including vCISO and vCIO consulting, risk assessments, and compliance support, to help every customer build a strategy that fits their business.

Next-Level Onboarding and Support

Customer success starts on day one with us. That’s why Thrive’s onboarding process includes our signature “hypercare” program, a 90-day deep-dive designed to accelerate ROI with:

• In-depth support and training
• Faster resolution times
• Hands-on guidance to ensure smooth adoption

Beyond onboarding, our client portal offers easy access to communications tools, case management, and personalized insights. And with 24x7x365 SOC and NOC coverage, customers know we’re always there to help.

A Strategic Mindset for Long-Term Growth

We don’t just deliver technology services; we build partnerships for the long haul. Thrive continuously expands its expertise and reach through strategic acquisitions. Since our founding, we’ve acquired and fully integrated 26 companies into the Thrive family, ensuring clients gain access to the most advanced solutions and talent in the industry without disruption.

This integration success has positioned Thrive as the most mature and experienced partner in MSSP platform integration.

At the same time, Thrive invests in its people. Operation Rising Tide, our internal growth initiative, provides new opportunities for team members to expand their skills and careers. Today, nearly 50% of our team members joined Thrive through acquisition, strengthening our culture and expertise.

Why Thrive?

In a crowded market, Thrive stands apart as a trusted partner with the technology, talent, and strategy to deliver results. With Thrive NextGen, clients gain:

• A secure, modern IT foundation powered by ServiceNow and CSMA principles
• Industry expertise and advisory services tailored to their needs
• Proactive onboarding and continuous support for lasting success
• A proven, strategic partner with a track record of growth and integration

At Thrive, we don’t just manage IT, we help businesses transform and thrive. Contact us today to learn more about how we can be the strategic business partner you need.

For organizations working with the Department of Defense (DoD), achieving Cybersecurity Maturity Model Certification (CMMC) compliance is a regulatory obligation, as well as a strategic requirement that impacts your ability to win contracts and protect sensitive defense data. But navigating the CMMC framework can be complex, and a one-size-fits-all approach rarely works. That’s where Thrive comes in.

What Is CMMC Compliance?

CMMC is a cybersecurity framework designed so that organizations handling controlled unclassified information (CUI) meet robust security standards. The model includes multiple maturity levels, each with specific practices and processes required to secure sensitive data. CMMC compliance isn’t just about checking a box, it’s about demonstrating that an organization working with the DoD can reliably protect sensitive information while operating efficiently.

Why Tailored Compliance Matters

Every organization has unique systems, workflows, and business objectives. A rigid, generic approach to CMMC can lead to unnecessary complexity or missed risks. Compliance should align with your operations so that security controls not only meet regulatory requirements but also support business goals, improve operational efficiency, and reduce risk exposure.

How Thrive Helps You Achieve CMMC Compliance

The DoD works with a range of contractors who may have to handle CUI – not just the defense contractors you would traditionally think of. Thrive works with these myriad organizations to simplify CMMC compliance while creating a tailored security program that fits your business:

• Gap Assessments: Identify which CMMC practices are already in place and which need attention.
• Policy and Procedure Development: Create documentation that reflects both CMMC requirements and your internal workflows.
• Employee Training and Awareness: Ensure your team understands their role in maintaining compliance.
• Ongoing Monitoring and Support: Maintain readiness for audits, adapt to changing regulations, and keep your systems secure.

Compliance as a Strategic Asset

With Thrive’s approach, CMMC compliance is not just a hurdle to get over – it presents a unique strategic security opportunity. By aligning security with your business objectives, you reduce risk, strengthen trust with the DoD, and position your organization for growth. Contact Thrive today to learn more about how we can support your compliance journey.

In today’s business environment, demonstrating strong cybersecurity practices is essential for regulatory compliance and earning the trust of customers, partners, and investors. For service organizations, achieving SOC 2 compliance is a way to show that your security systems and processes protect sensitive data effectively. SOC 2 compliance is one of the most recognized ways for service providers to build that trust.

As a SOC 2-compliant partner, Thrive not only meets these requirements internally but also helps organizations simplify the path to their own compliance needs. That means organizations can run their business with the confidence that their IT and security programs align with industry-leading standards.

What is SOC 2 Compliance?

SOC 2 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) that evaluates how service organizations manage data based on five Trust Service Criteria:

• Security
• Availability
• Processing integrity
• Confidentiality
• Privacy

Passing a SOC 2 audit demonstrates that your organization has the proper controls in place to protect sensitive customer information.

Why SOC 2 Compliance Matters

For service-based businesses, SOC 2 is more than a regulatory checkbox—it’s proof that your organization prioritizes customer data protection. Achieving compliance can:

• Build trust with clients and partners who require assurances of strong security practices.
• Enable growth by meeting contractual and regulatory requirements for new business opportunities.
• Reduce risk by ensuring security controls are tested, documented, and continually improved.
• Strengthen your reputation by showing your commitment to protecting sensitive data.

Turning Compliance into a Business Advantage

Thrive is a SOC 2-compliant Managed Services Provider (MSP), meaning we hold ourselves to the same high standards we help our clients achieve. By choosing Thrive, you gain a partner that not only understands SOC 2 requirements but also lives them every day.

We work closely with organizations across industries to ensure their IT environments are secure, resilient, and aligned with compliance goals. Contact Thrive today to ensure your compliance program is customized, sustainable, and aligned with your organizational goals.

Cybersecurity threats are growing more advanced every day. Now, attackers are becoming skilled at hiding within networks, often blending in with legitimate traffic to avoid detection. Traditional security tools, such as firewalls and antivirus software, remain important, but they’re not always enough to catch more sophisticated threats. That’s where network detection and response (NDR) comes in.

Defining NDR

NDR is a security technology that monitors network traffic in real time to identify, investigate, and respond to suspicious activity. Unlike security tools that focus on endpoints or specific applications, NDR takes a network-wide view, analyzing the traffic flowing between all connected systems and with external systems.

This broader perspective allows NDR to spot anomalies, like unusual access patterns, hidden lateral movements, or abnormal data transfers, that might indicate a security breach in progress. By detecting behavioral patterns that can slip past other defenses, NDR strengthens your organization’s overall security posture.

Why NDR Matters

Cybercriminals often exploit blind spots left by traditional security monitoring tools. They may compromise a single endpoint and then quietly move across the network, escalating privileges or exfiltrating data before anyone internally notices.

With NDR, organizations gain:

• Comprehensive visibility: Real-time monitoring of all network traffic, not just individual endpoints.
• Early threat detection: Identification of suspicious behaviors that may indicate attacks in progress.
• Faster response times: Built-in tools for investigating anomalies and containing threats.

How NDR Fits into a Security Strategy

NDR is most effective when combined with other security solutions such as endpoint detection and response (EDR) and security information and event management (SIEM). Together, these tools create a layered defense:

• EDR protects individual devices.
• SIEM aggregates logs and alerts from across the IT stack.
• NDR provides visibility into the traffic connecting everything.

By working together, these technologies provide a faster, more complete picture of your environment, improving your time to detection and helping you stay ahead of modern threats.

Thrive’s Approach to NDR

At Thrive, we help mid-market organizations integrate next-generation NDR solutions into their security stack. Our services provide:

• 24×7 monitoring and alerting by our security operations center (SOC).
• Advanced analytics and machine learning to detect abnormal traffic patterns.
• Expert incident response services to contain threats quickly and effectively.

With Thrive as your partner, NDR doesn’t just detect threats, it becomes a proactive tool for building resilience, maintaining compliance, and ensuring business continuity.

A Stronger Defense with NDR

Network detection and response is quickly becoming a key piece in a modern cybersecurity strategy. By providing visibility into every corner of your network, NDR helps you catch the threats others miss and respond before damage can be done.

Contact Thrive today to learn more about adopting and operationalizing NDR, ensuring it supports not only your security goals, but also your organization’s broader business objectives.

Unlock your path to AI success.

Every organization has AI ambition, but turning that ambition into measurable business results requires more than just tools. It starts with clarity of purpose, alignment with strategy, and a roadmap to execution.

Our playbook shows how organizations can align AI to business goals, assess readiness, and create a roadmap that drives measurable outcomes. Learn how to move from ambition to action with a strategy that balances innovation, scalability, and long-term impact.

Download the playbook and discover how your organization can build a purpose-driven AI foundation for sustainable growth.

The IT Partnership That Grows with Your Portfolio Company

For private equity-backed portfolio companies, IT is more than infrastructure, it’s a growth engine. Outdated systems, fragmented processes, and reactive IT can slow expansion, create risk, and limit operational efficiency.

Our eBook shows how PortCos can implement future-ready IT strategies that scale securely, streamline operations, and drive long-term value creation. Learn how to partner with IT teams that evolve with your business, turning technology into a competitive advantage.

Download the eBook and discover how your portfolio company can build an IT foundation that grows with it.

Tackle Technical Debt Before It Tackles You

For private equity firms, technical debt isn’t just an IT problem; it’s a drag on portfolio value. Legacy systems, patchwork solutions, and unchecked risk can erode returns and stall growth. But when managed strategically, eliminating technical debt creates technical equity, a stronger foundation that accelerates innovation, efficiency, and scale across investments.

Our eBook breaks down how PE leaders can identify and measure technical debt, prioritize remediation, and implement portfolio-wide strategies that transform hidden liabilities into competitive advantage.

Download the eBook and discover how to unlock lasting value by turning technical debt into technical equity.

Any Chief Information Security Officer worth their salt has three primary goals:

1. Brand and Reputation Protection: keep the organization out of news headlines. Keep all employees, executives, and stakeholders safe from reputational damage.
2. Data Protection: Keep important data where it belongs. Keep the data available to those who are supposed to see it, delete, modify it. etc.
3. IT Dollar Spend Optimization: Identify a required feature or function, acquire it, implement it, and do not spend the following year’s budget acquiring a new tool that performs the same tasks, but rather, enable new features on the existing technology.

There’s always the latest Swiss army knife of cybersecurity technology that will solve all of an organization’s problems, replace the old broken stuff in its environment, and make your organization feel secure, allowing you to sleep peacefully at night.

It’s not just cybersecurity technology. There are typically three distinct stages of tech evolution:

• Stage 1 is usually big and clunky with parts cobbled together and sort of functional.
• Stage 2 shows some demonstrable integration for purpose-built functionality.
• Stage 3 will show remarkable rightsizing, increased functionality, and remarkable simplification.

Sort of Moore’s law, but sort of not. Think of the original remotes for Amazon’s Fire TV – there used to be lots of buttons, now it’s approximately 8, Microsoft Zune – yes, it’s a thing, and worth a google if you’re not familiar, versus Apple’s iPod. Power and functionality are always increasing, but the trick is to actually adopt the technology in meaningful fashion.

When “commercial-off-the-shelf” turns into “stays-on-the-shelf”, we have all missed the boat. But there’s always the next shiny new thing in the cybersecurity world.

Removing all the fluff and nonsense, there are a handful of simple steps that can improve your overall posture dramatically:

MFA Everywhere

Multi-Factor Authentication (MFA). The single biggest point of risk to any computer environment is where a human being touches the keyboard. Ensuring that the human being in question is who they say they are increases trust and allows for improved accountability. MFA (two factor authentication (2FA), one time password (OTP), and so on, generate a specific time-bounded authentication step helping to ensure that the human is who they say they are, and is doing what they’re supposed to be doing. Ensuring the identity of the user (or entity – think service accounts) may be the single more important control point we have.

MDR Everywhere

Managed Detection and Response. Emphasis on Managed. Having persistent eyes-on information generation, such as where data is created, manipulated, etc., an Endpoint Detection and Response (EDR) platform increases the value exponentially. Visibility into endpoint activities and potential threats may be the single most important control point we have.

MDM Everywhere

Mobile Device Management. As mentioned earlier, if the “edge” is truly shrinking (, the spread of mobile computing is prolific. When a computer device sits behind corporate technical security controls, it’s easier – not easy, but easier – to manage access to, manipulation of, and movement of potentially sensitive information. Mobile devices – primarily iOS and Android, but this can and should extend to laptops as well – make controlling and monitoring the access to and flow of data much more challenging. A well-implemented MDM solution should allow for visibility and control of company-owned information assets. Controlling information flow on mobile devices may be the single most important control point we have.

Vulnerability Management

Vulnerability management can be simplified into vulnerability scanning and patch management. Pick a tool that can scan the entirety of the computer environment (on-premises, cloud, remote, etc.) and identify where vulnerabilities may lie. Correlate that data, prioritize it based on the potential impact of someone exploiting it, and apply the appropriate patches. Knowing what’s vulnerable and working to reduce or remove those vulnerabilities may be the single most important control point we have.

SIEM (Monitoring, Logging, Notification) on Everything

Security Information and Event Management (SIEM). Collecting logs from devices for use in forensic investigation is fun, valuable, and a bit of closing the barn doors after the horse runs out. SIEM does that, but properly tuned, it also can give real-time information on potential bad things, disruptive things, or just interesting things that you may want to look into to prevent actual badness from happening. Collecting logs, correlating that data enterprise-wide, and acting on that information may be the single most important control point we have.

Encryption

Encryption in motion and Encryption at rest. Historically, the single largest offender for HIPAA (Health Insurance Portability and Accountability Act) data breaches was lost or stolen laptops. This data should be encrypted. Make it difficult if not impossible to log on to that device and make it impossible to gain access to that data via full-disk encryption.

Aside: I’m not sure why anyone would be walking around with millions of healthcare records on their laptop, but there you have it.

No Internet-Based Open RDP

Remote Desktop Protocol (RDP) over the internet. Don’t. Just don’t. There are a lot of ways to accomplish the end goal, and they should be wrapped up in the things already mentioned. Not allowing Internet-based RDP may be the single most important control point we have.

Build a Program

Have a measurable, monitorable, repeatable set of policies and procedures that define how and why you’re doing something in the information security space. There are a lot of options to choose from, and even more that may be mandatory based on your specific line of business (HIPAA, PCI (Payment Card Industry), etc.), but pick one. Maybe two. And stick to it. Define and test that cybersecurity incident response Plan. A well defined and cared-for program may be the single most important control point we have.

Obviously, it’s not that simple. There is a lot of work to be done in each of these categories. There is a significant amount of overlap and integration in these categories. Understanding that this is by no means a comprehensive list, but getting back to the basics.

The old adage about “How do you eat an elephant? One bite at a time.” is meant to simplify tackling any large and complex process. Cybersecurity is never a static point-in-time solution. Cybersecurity is ever evolving based on new threats, new applications, new this and new that. Every journey begins with a single step, so point your feet in a direction and start the march by focusing on the basics. Think about that poor elephant wishing people would just get it over with and stop with that tedious one-bite-at-a-time silliness.

You may also have noticed that each item is “the single most important control point we have”.

Get it? Stay tuned for Chapter Two tentatively titled “Wait… you clicked on what?!?”