Author Archives: Sydney Pujadas

The IT Partnership That Grows with Your Portfolio Company

For private equity-backed portfolio companies, IT is more than infrastructure, it’s a growth engine. Outdated systems, fragmented processes, and reactive IT can slow expansion, create risk, and limit operational efficiency.

Our eBook shows how PortCos can implement future-ready IT strategies that scale securely, streamline operations, and drive long-term value creation. Learn how to partner with IT teams that evolve with your business, turning technology into a competitive advantage.

Download the eBook and discover how your portfolio company can build an IT foundation that grows with it.

Tackle Technical Debt Before It Tackles You

For private equity firms, technical debt isn’t just an IT problem; it’s a drag on portfolio value. Legacy systems, patchwork solutions, and unchecked risk can erode returns and stall growth. But when managed strategically, eliminating technical debt creates technical equity, a stronger foundation that accelerates innovation, efficiency, and scale across investments.

Our eBook breaks down how PE leaders can identify and measure technical debt, prioritize remediation, and implement portfolio-wide strategies that transform hidden liabilities into competitive advantage.

Download the eBook and discover how to unlock lasting value by turning technical debt into technical equity.

Any Chief Information Security Officer worth their salt has three primary goals:

1. Brand and Reputation Protection: keep the organization out of news headlines. Keep all employees, executives, and stakeholders safe from reputational damage.
2. Data Protection: Keep important data where it belongs. Keep the data available to those who are supposed to see it, delete, modify it. etc.
3. IT Dollar Spend Optimization: Identify a required feature or function, acquire it, implement it, and do not spend the following year’s budget acquiring a new tool that performs the same tasks, but rather, enable new features on the existing technology.

There’s always the latest Swiss army knife of cybersecurity technology that will solve all of an organization’s problems, replace the old broken stuff in its environment, and make your organization feel secure, allowing you to sleep peacefully at night.

It’s not just cybersecurity technology. There are typically three distinct stages of tech evolution:

• Stage 1 is usually big and clunky with parts cobbled together and sort of functional.
• Stage 2 shows some demonstrable integration for purpose-built functionality.
• Stage 3 will show remarkable rightsizing, increased functionality, and remarkable simplification.

Sort of Moore’s law, but sort of not. Think of the original remotes for Amazon’s Fire TV – there used to be lots of buttons, now it’s approximately 8, Microsoft Zune – yes, it’s a thing, and worth a google if you’re not familiar, versus Apple’s iPod. Power and functionality are always increasing, but the trick is to actually adopt the technology in meaningful fashion.

When “commercial-off-the-shelf” turns into “stays-on-the-shelf”, we have all missed the boat. But there’s always the next shiny new thing in the cybersecurity world.

Removing all the fluff and nonsense, there are a handful of simple steps that can improve your overall posture dramatically:

MFA Everywhere

Multi-Factor Authentication (MFA). The single biggest point of risk to any computer environment is where a human being touches the keyboard. Ensuring that the human being in question is who they say they are increases trust and allows for improved accountability. MFA (two factor authentication (2FA), one time password (OTP), and so on, generate a specific time-bounded authentication step helping to ensure that the human is who they say they are, and is doing what they’re supposed to be doing. Ensuring the identity of the user (or entity – think service accounts) may be the single more important control point we have.

MDR Everywhere

Managed Detection and Response. Emphasis on Managed. Having persistent eyes-on information generation, such as where data is created, manipulated, etc., an Endpoint Detection and Response (EDR) platform increases the value exponentially. Visibility into endpoint activities and potential threats may be the single most important control point we have.

MDM Everywhere

Mobile Device Management. As mentioned earlier, if the “edge” is truly shrinking (, the spread of mobile computing is prolific. When a computer device sits behind corporate technical security controls, it’s easier – not easy, but easier – to manage access to, manipulation of, and movement of potentially sensitive information. Mobile devices – primarily iOS and Android, but this can and should extend to laptops as well – make controlling and monitoring the access to and flow of data much more challenging. A well-implemented MDM solution should allow for visibility and control of company-owned information assets. Controlling information flow on mobile devices may be the single most important control point we have.

Vulnerability Management

Vulnerability management can be simplified into vulnerability scanning and patch management. Pick a tool that can scan the entirety of the computer environment (on-premises, cloud, remote, etc.) and identify where vulnerabilities may lie. Correlate that data, prioritize it based on the potential impact of someone exploiting it, and apply the appropriate patches. Knowing what’s vulnerable and working to reduce or remove those vulnerabilities may be the single most important control point we have.

SIEM (Monitoring, Logging, Notification) on Everything

Security Information and Event Management (SIEM). Collecting logs from devices for use in forensic investigation is fun, valuable, and a bit of closing the barn doors after the horse runs out. SIEM does that, but properly tuned, it also can give real-time information on potential bad things, disruptive things, or just interesting things that you may want to look into to prevent actual badness from happening. Collecting logs, correlating that data enterprise-wide, and acting on that information may be the single most important control point we have.

Encryption

Encryption in motion and Encryption at rest. Historically, the single largest offender for HIPAA (Health Insurance Portability and Accountability Act) data breaches was lost or stolen laptops. This data should be encrypted. Make it difficult if not impossible to log on to that device and make it impossible to gain access to that data via full-disk encryption.

Aside: I’m not sure why anyone would be walking around with millions of healthcare records on their laptop, but there you have it.

No Internet-Based Open RDP

Remote Desktop Protocol (RDP) over the internet. Don’t. Just don’t. There are a lot of ways to accomplish the end goal, and they should be wrapped up in the things already mentioned. Not allowing Internet-based RDP may be the single most important control point we have.

Build a Program

Have a measurable, monitorable, repeatable set of policies and procedures that define how and why you’re doing something in the information security space. There are a lot of options to choose from, and even more that may be mandatory based on your specific line of business (HIPAA, PCI (Payment Card Industry), etc.), but pick one. Maybe two. And stick to it. Define and test that cybersecurity incident response Plan. A well defined and cared-for program may be the single most important control point we have.

Obviously, it’s not that simple. There is a lot of work to be done in each of these categories. There is a significant amount of overlap and integration in these categories. Understanding that this is by no means a comprehensive list, but getting back to the basics.

The old adage about “How do you eat an elephant? One bite at a time.” is meant to simplify tackling any large and complex process. Cybersecurity is never a static point-in-time solution. Cybersecurity is ever evolving based on new threats, new applications, new this and new that. Every journey begins with a single step, so point your feet in a direction and start the march by focusing on the basics. Think about that poor elephant wishing people would just get it over with and stop with that tedious one-bite-at-a-time silliness.

You may also have noticed that each item is “the single most important control point we have”.

Get it? Stay tuned for Chapter Two tentatively titled “Wait… you clicked on what?!?”

Every organization is talking about AI. Many are experimenting with it. But few have taken the crucial step Gartner® now recommends: defining a clear AI ambition.

According to Gartner®’s AI Ambition research, organizations can’t treat AI as “just another technology.” AI is a strategic force. It shapes brand perception, customer experience, and future competitiveness. That’s why Thrive is helping organizations go beyond opportunistic pilots to build AI strategies that are deliberate, aligned, and impactful.

What Is AI Ambition?

AI ambition is a shared, enterprise-wide intention for how your organization plans to use AI, ranging from internal teams, systems, and customer experiences.

It’s about answering questions like:

• Do we want AI to just improve efficiency, or do we expect it to drive transformation?
• Should AI stay behind the scenes, powering operations, or take center stage in customer interactions?
• What are our boundaries? Are there areas we won’t allow AI to touch?

This clarity matters with AI. Without having defined guardrails around usage and implementation, AI initiatives may conflict, lose support, or stall when risks arise.

Why Defining AI Ambition Is Essential for Organizations

It’s perfectly reasonable to start your AI journey with small, opportunistic projects. Pilot programs and quick wins can reveal valuable insights for your organization, allowing it to take the next steps towards its AI ambitions. But, because AI influences far more than just technology, touching everything from operations to brand perception, organizations must adopt a cohesive, strategic approach. That’s where defining an AI ambition becomes crucial. It creates structure, sets expectations, and ensures AI initiatives are aligned across all departments.

AI ambition also clarifies whether the organization is focused solely on driving internal productivity or seeking customer-facing innovation that changes the game in their industry. To help identify where AI can deliver the most value, the Gartner® AI Opportunity Radar framework encourages organizations to explore use cases across four areas:

• Products and services
• Core capabilities
• Customer experience/front office
• Back office/operations

With this lens, leaders can prioritize opportunities based on business value and readiness, while avoiding scattershot experimentation.

How to Start Building an AI Strategy That Works For You

The best place to begin is by letting teams keep experimenting with intention. Besides the pilot programs and early-stage projects, begin actively tracking how customers and partners respond to your AI touchpoints. Whether they’re engaging with a chatbot or AI-generated content, public trust and brand reputation will be shaped by those interactions.

Next, senior decision-makers should define where AI supports long-term business goals, which areas are off-limits, and what level of risk is acceptable. As AI becomes more integrated into critical workflows and customer experiences, it demands top-level accountability. This isn’t just a tech issue; it’s an organization-wide priority with real consequences for growth, perception, and resource allocation.

Thrive’s Take: AI Strategy That Scales with Confidence

At Thrive, we help organizations build smart, secure AI strategies grounded in business outcomes. Our approach ensures you can build AI strategies that are aligned and scalable, starting with a clear understanding of where you are today, where AI can drive the most value, and how to move forward with the right balance of quick wins, long-term impact, and trusted governance.

Whether you’re automating back-office workflows or preparing to launch AI-powered customer experiences, Thrive can help you align every initiative with your mission, your risk appetite, and your brand.

Download the Gartner® AI Opportunity Radar: Set Your Enterprise’s AI Ambition Report Today

Why IT Integration Can Make or Break Portfolio Performance

Acquisitions often move fast, especially in private equity. But once the ink is dry, the real work begins and IT is one of the most critical functions to address. Overlooking this in the early stages can introduce unnecessary risk, slow value creation, and complicate integration into the portfolio.

At Thrive, we help organizations prioritize the right IT moves post-acquisition to stabilize operations, uncover opportunities, and lay the groundwork for growth. Whether you’re onboarding a carve-out, consolidating overlapping infrastructure, or unifying disparate systems across a roll-up, here are the first three IT actions every organization should take post-acquisition:

1. Assess and Secure the Current Environment

Before building anything new, it’s critical to understand what you’ve inherited. That includes legacy systems, shadow IT, out-of-date software, and (often) significant cybersecurity risks.

Start with a comprehensive IT and security assessment:

• Inventory all assets, including hardware, software, endpoints, and access controls
• Audit security posture to check if there are vulnerabilities, unpatched systems, or other compliance gaps in the system
• Map out dependencies in the acquired system, such as what’s business-critical and what can be retired
• Identify all data stores and what kind of data is stored where

Partnering with Thrive can help PE firms uncover potential gaps in their PortCos. The cybersecurity risk assessment, for example, helps IT leaders and operating partners uncover potential red flags and prioritize remediation. In many cases, just a few quick wins, like MFA enforcement, DNS filtering, or email security controls, can significantly reduce risk while more complex work gets underway.

2. Standardize Core Infrastructure

M&A often results in a patchwork of systems and providers. Disparate email tenants, different backup strategies, overlapping applications all add costs and complexity. Standardization helps streamline IT operations, enhance security, and improve the user experience.

Early moves to consider:

• Consolidate Microsoft 365 or Google Workspace tenants for unified collaboration and identity management
• Establish a central backup and disaster recovery strategy
• Evaluate endpoint protection and remote monitoring tools across all acquired locations or business units

Where standardization isn’t immediately possible, Thrive can support interim solutions to stabilize operations while planning a broader integration roadmap.

3. Build a Scalable IT Roadmap

Once the environment is secure and standardized, it’s time to look ahead. Your PortCo’s IT strategy should align with the investment thesis, whether it’s organic growth, bolt-ons, or operational improvement. That means defining what “scalable” looks like for the business and designing technology to match.

Key considerations:

• Cloud migration and infrastructure planning
• Automating manual processes and modernizing core business applications
• Ensuring compliance readiness for future audits or exit

Working with an experienced partner like Thrive means you don’t have to do it alone. We support post-acquisition planning, ongoing IT management, and scalable modernization, so you can stay focused on accelerating value.

Start Strong. Scale Fast.

Every day post-acquisition matters. By prioritizing these three IT moves: assessment and security, infrastructure standardization, and long-term roadmap planning, you’ll give the business a stronger foundation and the portfolio a faster path to value.

Contact Thrive today to learn more about how we can help your firm and portfolio companies navigate IT complexity with speed, precision, and purpose.

Download your complimentary copy of the Gartner® AI Opportunity Radar: Set Your Enterprise’s AI Ambition report to learn how to move beyond tactical AI projects and set a clear, enterprise-wide ambition.

Gartner outlines how mid-sized businesses can use a structured framework to identify and commit to AI opportunities across products, capabilities, customer experience, and operations. Learn why setting an “AI ambition” is essential and how aligning experimentation with strategic goals can unlock competitive advantage, shape brand perception, and drive long-term value.

Download the Gartner report today!

Gartner AI Opportunity Radar: Set Your Enterprise’s AI Ambition, Hung LeHong, Brook Selassie, Jeff Cribbs, Mary Mesaglio, Don Scheibenreif 6 February 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Today’s businesses face an endless stream of cyber threats, such as ransomware, phishing, and data breaches. Staying secure takes more than a firewall or antivirus software; it requires a proactive, strategic approach to cybersecurity. That’s why many organizations turn to a managed security services provider (MSSP) to protect their systems and data.

Comprehensive Security Offerings

Cybersecurity isn’t one-size-fits-all. Look for an MSSP that provides a full suite of services, including:

• 24×7 monitoring and threat detection
• Endpoint protection and patch management
• Vulnerability assessments and penetration testing
• Email and DNS filtering
• Incident response and remediation
• Information security framework support (HIPAA, PCI, Cyber Essentials, etc.)

An MSSP with a broad portfolio can tailor solutions to your needs and scale with you as your business grows.

Proven Expertise and a Dedicated SOC

Your MSSP should have a security operations center (SOC) staffed by experienced analysts who monitor your environment around the clock. Ask about:

Certifications and accreditations (such as ISO 27001, SOC 2)
The technologies they leverage (like EDR and automation platforms)
How quickly they can detect and respond to threats

An MSSP with a robust SOC isn’t just watching alerts–they’re actively hunting for threats and responding to incidents to minimize impact.

Clear, Actionable Reporting

Security metrics shouldn’t be a mystery. A good MSSP will provide transparent, meaningful reporting on your environment, with insights you can actually use. This means:

• Dashboards and regular executive summaries
• Compliance and audit-ready documentation
• Recommendations for strengthening your security posture

You should always know where you stand and what’s being done to keep your business secure.

Alignment With Your Business Goals

Not all MSSPs take the time to understand your industry, operations, and risk tolerance. The right partner will work closely with you to create a security strategy that:

• Supports your business objectives
• Prioritizes your most critical assets
• Meets regulatory or insurance requirements

They should feel like an extension of your team, not just an outsourced vendor.

A Strong Reputation and References

Finally, look for an MSSP that has a track record of success. Check references, review case studies, and see who they’re already protecting. An MSSP that serves clients in similar industries to yours can bring invaluable experience and tailored insights.

How Thrive Can Help

At Thrive, we’re more than your typical MSSP. We take a proactive, consultative approach to cybersecurity, combining next-gen tools with expert human oversight through our 24x7x365 SOC. We build layered defenses that align with your business needs, helping you stay ahead of threats, achieve compliance, and meet evolving cyber insurance standards.

Whether you need help with endpoint protection, vulnerability management, or a virtual CISO to guide your overall strategy, contact Thrive to make sure your business stays secure, resilient, and ready for what’s next.

As cyber threats grow more sophisticated, having strong cybersecurity leadership is no longer optional. It’s essential. But for many organizations, especially in the mid-market, hiring a full-time chief information security officer (CISO) may not be feasible. That’s where the concept of a virtual CISO (vCISO) comes in.

What is a CISO?

A CISO is a dedicated, in-house executive responsible for an organization’s information security strategy. They oversee everything from risk assessments and compliance to incident response and employee security training.

Benefits of a full-time CISO include:

• On-site leadership: They’re embedded in your culture and available for day-to-day decisions.
• Deep institutional knowledge: They build long-term security roadmaps tied to your business goals.
• Executive presence: They often report directly to the CEO or board, shaping strategic direction.

However, hiring a full-time CISO can be expensive. Salaries exceed six figures plus benefits, bonuses, and the cost of building out a security team. This is a major investment that not all mid-sized companies are ready to make.

What is a vCISO?

A vCISO is a flexible, outsourced solution that provides access to seasoned cybersecurity leadership without the overhead of a full-time hire. With a vCISO, your organization gets an expert (or a team of experts) who serves as your security advisor and leader on a fractional basis.

Benefits of a vCISO include:

• Cost-effective expertise: Pay for what you need, when you need it.
• Breadth of experience: vCISOs often serve multiple organizations, giving them a wider view of threats and industry best practices.
• Scalable engagement: From setting up security controls according to compliance requirements to managing audits or responding to incidents, you can tailor the scope of the vCISO’s role.
• Immediate impact: They bring frameworks, tools, and proven processes to hit the ground running.

How Thrive’s vCISO services help

At Thrive, our vCISO services give you direct access to credentialed security experts who understand the evolving threat landscape and your unique business needs. We help organizations:

• Develop and implement robust security strategies
• Navigate complex information security frameworks (like HIPAA, PCI, or Cyber Essentials)
• Prepare for and respond to incidents
• Guide board-level discussions on risk and investments
• Build a roadmap to strengthen your overall security posture

Our vCISOs also work hand-in-hand with our security operations center (SOC) team to provide a seamless layer of protection, keeping your business secure 24x7x365.

Whether you’re considering a full-time CISO or exploring the flexibility of a vCISO, contact Thrive to help you assess your needs and build a plan that keeps your business secure and resilient.

For many mid-market companies, building and maintaining an in-house IT team with the right mix of skills, tools, and availability is a growing challenge. That’s why more organizations are turning to managed IT services. Partnering with a managed services provider (MSP) like Thrive gives you more than outsourced support. It gives you a strategic edge, helping you modernize systems, strengthen cybersecurity, and scale operations without overloading internal teams or blowing the budget.

Here are the core benefits organizations gain by turning to managed IT services.

1. 24×7 Monitoring and Proactive Support

Reactive support isn’t enough. Today’s IT environments demand constant oversight to detect issues before they escalate. Thrive delivers 24x7x365 monitoring and management, ensuring your systems stay secure and optimized at all times. From patch management to performance tuning, our proactive approach helps prevent costly downtime and data loss.

2. Predictable Costs and Scalable Services

Managing an internal IT department often comes with unpredictable costs, from emergency repairs to hiring and training staff. Thrive’s managed IT services offer the flexibility to scale up as your business evolves. That means you get enterprise-grade solutions without the enterprise-sized budget.

3. Stronger Cybersecurity Posture

Cyber threats continue to grow in frequency and sophistication. Thrive helps businesses stay ahead with a layered security approach that includes endpoint protection, firewalls, vulnerability management, email security, DNS filtering, and more. Our dedicated security operations center (SOC) monitors your environment around the clock to detect and respond to threats in real time. We also ensure your systems meet the cybersecurity standards required for compliance and cyber insurance.

4. Access to a Team of Experts

Even the most skilled internal IT teams can’t specialize in everything. With Thrive, you gain access to a deep bench of certified experts across cloud, networking, security, compliance, and user support. Whether you need guidance on a complex project or help troubleshooting an issue, our team brings the knowledge and experience to solve it fast.

5. Reduced Risk and Improved Business Continuity

System outages, ransomware attacks, and data breaches can bring IT operations to a screeching halt. Thrive reduces that risk by building a resilient IT stack with disaster recovery and backup solutions, secure remote access, and endpoint protection. In the event of an incident, we help you recover quickly and minimize disruption.

6. Enhanced End User Experience

Your employees rely on technology to get work done. When IT is slow, unresponsive, or broken, productivity suffers. Thrive’s US-based help desk and end user support staff give your team fast, friendly assistance so they can stay focused on work instead of waiting for fixes.

7. A Strategic Partner for Growth

Managed IT services are not just about managing tickets. They are about helping you grow. Thrive works as an extension of your team to align technology with your goals. Whether you’re expanding locations, migrating systems, or preparing for an acquisition, we bring the tools and guidance to make it seamless.

Managed IT Services with Thrive: Built for the Mid-Market

Thrive is built to meet the unique needs of mid-market businesses. We combine next-gen technology with hands-on, personalized support that makes a real impact. When you partner with Thrive, you’re not just getting IT services. You’re gaining a partner invested in your success. Contact Thrive today to learn more about how managed IT services can help your business grow.

Cyber threats don’t take days off. Ransomware, zero-day exploits, and insider threats continue to change and become more sophisticated, targeting organizations of all sizes. For mid-market businesses, the stakes are higher than ever, and internal security teams are often stretched thin. That’s why many organizations are turning to managed detection and response (MDR) providers to improve their security posture without overextending their resources.

With so many MDR providers to choose from, how do you know which one is the right fit?

Here’s what to look for when evaluating MDR vendors and how Thrive delivers an enterprise-grade solution designed for the mid-market.

What Makes a Great MDR Provider?

• 24×7 Threat Detection and Response: Cyberattacks can happen at any time, not just during business hours. Strong MDR solutions combine always-on monitoring with real-time detection, triage, and response, helping to stop threats before they spread.
• Security Operations Center (SOC) Expertise: Leading MDR providers run their own Security Operations Centers staffed with experienced analysts. These professionals deliver context-rich analysis and hands-on responses that automated systems alone can’t match.
• Fast Time to Value: Look for providers that offer quick onboarding, strong integration capabilities, and immediate visibility into your environment. The right partner should help you move quickly without sacrificing quality.
• Compliance and Reporting Support: Your MDR solution should make it easier to meet compliance requirements and demonstrate cybersecurity readiness. Built-in reporting, audit logs, and response documentation are essential.

Why Mid-Market Organizations Choose Thrive

Thrive’s MDR services are purpose-built for mid-market businesses that need strong, reliable protection without the overhead of building and maintaining a 24×7 security operation in-house.

Here’s how Thrive stands out:

• 24x7x365 SOC Coverage: Thrive’s security operations centers provide continuous monitoring, alerting, and response. Our team actively manages your environment and isolates threats in real time.
• Threat Detection Powered by Next-Gen Tools: We combine machine learning, behavioral analytics, and threat intelligence to quickly identify and contain malicious activity. Thrive’s MDR integrates with leading EDR and SIEM platforms, helping you get more value from the tools you already use.
• Proactive Response, Not Just Alerting: Many MDR providers simply alert you to threats and leave the response to your team. Thrive takes action. In conjunction with Thrive’s managed services and incident response and remediation services, we isolate compromised endpoints, contain active threats, and provide clear next steps so your team can focus on recovery.
• Cyber Insurance-Ready: Thrive’s MDR solution aligns with leading security frameworks such as NIST, HIPAA, and the CIS Controls. We also help you meet the evolving security requirements often required for cyber insurance eligibility.
• Built for the Mid-Market: Thrive understands the needs of mid-sized organizations. Our MDR offering is built to scale, delivering advanced threat protection and measurable security outcomes without overburdening your internal resources.

Go Beyond Basic Security Monitoring

Threats are becoming faster, more sophisticated, and more frequent. Relying on traditional monitoring or standalone endpoint protection is no longer enough.

The best MDR providers bring together people, process, and technology to deliver real-time protection, expert-led response, and continuous improvement. Thrive delivers all of this with a focus on clear outcomes and long-term partnership.

Contact Thrive to learn how we can help your organization detect, respond to, and recover from cyber threats with confidence.