Author Archives: Thrive

AI Policy Template

Be sure to establish Data Governance and Privacy Protocols.

Business and IT leaders must approach the integration of Copilot and similar AI solutions with extreme caution and foresight. The allure of enhanced productivity and innovation must be balanced against the inherent risks posed by these powerful tools.

Implement robust data governance policies and privacy protocols company-wide that make safeguarding sensitive information a priority. Preemptively ensure that only authorized personnel have access to critical data and that stringent security measures are in place to prevent unauthorized access.

Thrive AI Policy Template Cover

Disclaimer: This policy template is meant to provide general guidelines and should only be used as a reference. It is not a legal document. It may not take into account all relevant local, state, or federal laws. Thrive does not assume any legal liability that may arise from the use of this policy.

Thrive Spotlight: Ryan Goodwin, Architect, Public Cloud Services

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Ryan Goodwin, an Architect of Public Cloud Services, who focuses on defining and standardizing Thrive product offerings in Microsoft Azure. His role encompasses the product’s operational and technical aspects and manages the “Thrive Way” of operating the public Cloud space.

Ryan calls New York City home and enjoys spending time with family. His two children, a 3-year-old girl and an 11-month-old boy, keep him hopping. He also enjoys hitting the slopes and playing basketball when he has free time.

Hi Ryan! Can you tell us about your background and how you came to Thrive?

I started working for Precision IT when I got out of college. My primary responsibility then was to sort through client hardware orders and ensure they made it to the customer. I worked my way through the ranks, from helpdesk to field engineer and lead senior systems admin. At the time of our acquisition by Thrive, I was the CTO, focusing on our product development, technical standards and private Cloud.

Where did you go to school or get training?

I graduated from Syracuse University with a Bachelor of Science in Information Management and Technology. As I’ve been working, I’ve picked up several industry certifications. Plus, I’m a big fan of reading and always up for learning something new – my training is a never-ending story!

What do you most enjoy about working for Thrive?

One notable aspect is the significant professional growth opportunities that Thrive offers, which might be more limited in smaller organizations. Contributing to pivotal initiatives such as the design, development, and implementation of ServiceNow and leading projects related to new acquisitions underscores the diverse and impactful responsibilities I embrace in my role.

Are there any recent exciting projects at Thrive you can tell us about?

In the early stages of my current role, I successfully implemented Azure Lighthouse. This strategic deployment allows Thrive to monitor all Azure customers efficiently through a unified interface. The primary objective was to optimize operational and technical processes, promoting heightened efficiency. The experience of developing a solution that facilitates streamlined operations for our teams.


Are you interested in learning more about Thrive? Click here!

Don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

Navigating Smooth Waters: How Thrive Transformed Transmarine Navigation’s IT Landscape Download Now


Transmarine Navigation, part of the Horizon Group, specializes in providing port agency management services and addressing the requirements of shipping companies globally. This case study details how Thrive, a trusted technology partner, supported Transmarine Navigation in addressing a critical staffing gap, stabilizing its IT operations, and bolstering its cybersecurity resilience.

As a ship’s agency, Transmarine acts as a vital service provider for ships entering and exiting ports, ensuring seamless operations of cargo and port services throughout the maritime journey. However, an unexpected IT staffing departure caused waves in daily operations that could have had a destructive ripple effect across sea transport.

Why Thrive Was Chosen

“We decided to work with Thrive for our security and networking needs because we were impressed with its effectiveness and knowledge in these fields, which gave us confidence in its ability to deliver,” said Travis Sirmon, Director of Technology at Transmarine Navigation.

By partnering with Thrive, Transmarine avoided building internal teams and infrastructure for security and networking, opting for a plug-and-play solution instead. Thrive’s familiarity with Transmarine’s environment allowed it to seamlessly implement the necessary measures to ensure compliance on both the network and security fronts.

Thrive’s Strategic Deployment and Evolution

In the beginning, Thrive was instrumental in jumping in ASAP to handle Transmarine’s day-to-day service needs, helping solidify processes for the IT team and bolster our internal support operations. Thrive put together a support desk to give users a way to contact technical experts for help. Thrive also implemented the Microsoft 365 Admin Center to make it more efficient and effective. After stabilizing the internal support, Transmarine recognized Thrive had more to offer in terms of security and network management and opted to deepen the partnership. Transmarine tapped Thrive to optimize its IT infrastructure to make it more efficient and secure. Thrive then shifted into more of a 24/7 support partner for network and security, eventually passing the helpdesk back to the Transmarine team. “Thrive dove into our legacy equipment, guiding us through assessing our existing assets. They initiated firmware upgrades and enhancements, prompting us to entrust them to manage our hardware responsibilities,” added Sirmon.

Thrive’s Impact

Thrive’s impact on Transmarine Navigation extends far beyond mere technological enhancements. Thrive’s significant contribution was evident in Transmarine’s first Customer Satisfaction (CSAT) assessment, which showed remarkable improvement with triple the scores from the previous year. In an industry where security concerns loom large due to global vendor interactions with varying requirements, Thrive’s expertise in fortifying network infrastructure to protect Transmarine’s data and communications becomes indispensable.


Thrive’s partnership significantly alleviated the strain on Transmarine Navigation’s resources, allowing them to focus on serving their clients effectively. “Thrive’s unwavering support and effective communication underscore the importance of strong relationships in navigating IT obstacles, especially in higher-end networking and security,” said Jay Pearson, IT Support Specialist at Transmarine Navigation


Transmarine Logo Vert with tag

“Thrive’s significant contribution was evident in our first Customer Satisfaction (CSAT) assessment, where we saw a remarkable improvement, tripling our scores from the previous year. This surge in satisfaction directly reflects Thrive’s commitment to excellence and underscores their pivotal role in our vertical, particularly within the maritime and transportation sectors.” ~ Travis Sirmon, Director of Technology, Transmarine Navigation



About Thrive

Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at or follow us on LinkedIn.

Optimizing Operations for Portfolio Companies

As portfolio companies harness digital technologies to drive growth and innovation, they become increasingly reliant on cloud computing and interconnected systems to streamline operations and enhance productivity. However, with these opportunities come inherent risks, including cyber threats such as data breaches, ransomware attacks, and insider threats, which can have profound implications for the financial performance and reputation of portfolio companies – and their private equity backers.

The convergence of cybersecurity and cloud security is particularly relevant for portfolio companies, as they operate within the broader ecosystem of their parent investment firms. Any cybersecurity breach or data compromise within a portfolio company can not only impact its own operations but also reverberate throughout the investment portfolio, affecting investor confidence, valuation, and long-term strategic objectives.

optimizing operations for portfolio companies cover

The Risks of Neglect: Celebrating Identity Management Day

Since 2021, Identity Management Day has been celebrated annually as an event dedicated to raising awareness about the importance of protecting personal information online. Held on the second Tuesday of April, this day serves as a reminder for individuals and organizations alike to take proactive steps in safeguarding their digital identities as part of a comprehensive approach to cybersecurity.

Understanding the Importance of Identity Management

The significance of managing and securing online identities cannot be overstated. An online identity is not just a collection of usernames and passwords; it’s a digital representation of who a person is and their most confidential information. From sensitive financial data to personal communications, a breach of an online identity can have far-reaching consequences, including identity theft, financial loss, and reputational damage.

The Risks of Neglect

There are numerous ways hackers can exploit vulnerabilities in your team’s online identities, such as phishing scams and malware attacks. Without proper management and end-user security measures in place, anyone in your organization could easily fall victim to these threats.

Best Practices for Identity Management

So, what can you do to help protect the online identity of anyone in your company? Here are some best practices to keep in mind:

  • Use Strong, Unique Passwords: Avoid using the same password for multiple accounts, and opt for complex passwords that include a mix of letters, numbers, and special characters.
  • Enable Multi-Factor Authentication (MFA): Adding an extra layer of security with MFA can help prevent unauthorized access to your accounts, even if your password is compromised.
  • Regularly Update Software and Applications: Keep your operating system, web browsers, and applications up to date to patch any security vulnerabilities that hackers could exploit.
  • Be Mindful of Sharing Personal Information: Think twice before sharing sensitive information online, and be cautious of phishing attempts disguised as legitimate requests for personal data.
  • Monitor Your Accounts: Regularly review your online accounts for any suspicious activity, and report any unauthorized transactions or login attempts immediately.

Identity Management Day serves as a timely reminder of the importance of taking proactive steps to safeguard our personal information online. By following best practices for identity management and staying informed about emerging threats, we can minimize the risk of falling victim to cybercrime and protect our digital identities for years to come. For additional information on how to keep your information secure on Identity Management Day and every day, contact Thrive today!

Thrive Spotlight: Mark Lopshire – Strategic Account Executive, Private Equity Group

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Mark Lopshire, Strategic Account Executive, Private Equity Group.  In his position he manages a diverse portfolio comprising high-growth mid-sized, and emerging companies.  He works closely with these organizations leveraging his expertise to implement strategic measures that bolster their security framework and provide tailored solutions aligned with their unique business objectives.

Mark lives in Derry, New Hampshire and likes to spend as much time with his family as he can.

Hi Mark!  Can you tell us about your background and how you came to Thrive?

I have been in the technology industry for over 27 years and have been working for Thrive the past 17 years.  Previously, I have worked as a systems engineer, sales engineer, solutions architect, engineering director, consultant, vCIO, and have had several sales and account management roles.

Where did you go to school or get training?

I started school at Eastern Nazarene College on a pharmacy track through a partnership with Massachusetts College of Pharmacy.  In my second year, I discovered my passion for technology and decided to redirect my career path.  I enrolled in the Boston University’s Corporate Education program and obtained my MCSE certification.  Throughout my years within the industry, I have worked on various certifications to enhance my expertise and align with the evolving demands of the tech industry.

What do you most enjoy about working for Thrive?

Every day at Thrive is filled with excitement and growth as we continually evolve. I consider myself fortunate to work alongside individuals who share a strong work ethic and a deep commitment to putting our clients first.  Thrive encourages us to challenge the status quo and strive for continuous improvements in and processes and services.  It is a dynamic environment that fosters innovation and empowers employees to deliver the best possible results for our clients.

Are there any recent exciting projects at Thrive you can tell us about?

My clients consist of private equity-held companies that are in a phase of rapid growth. Our primary focus is on facilitating their continuous expansion by assisting with strategic acquisitions and ensuring seamless integration into platform organizations. Our approach emphasizes minimizing disruption while prioritizing the highest levels of security throughout the process.


Are you interested in learning more about Thrive? Click here!

Don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

The Change Healthcare cyberattack: lessons for data security

The effects of the Change Healthcare cyberattack have rippled through the health care sector over the past few months, leading to outages, payment delays, and even cancellation of patient appointments. Hospitals and other health care organizations are learning, sometimes the hard way, that their cyber resiliency needs to be improved.

Continuous Threat Exposure Management (CTEM) Explained

The evolution of cyber threats and the ingenuity of cyber criminals require organizations to address vulnerabilities before they can be exploited. However, it’s not realistic to patch every exposure and traditional approaches often miss the unpatchable attack surfaces like SaaS applications. Failure to address these security vulnerabilities can expose critical assets and operations to malicious actors. Continuous Threat Exposure Management (CTEM) has emerged as an approach to better validate and prioritize the vulnerabilities that have the most strategic impact to the organization. 

What Is Continuous Threat Exposure Management? 

CTEM goes beyond traditional vulnerability management by aligning exposure assessments with specific business risks and threat vectors, regardless of whether they are patchable or unpatchable. By aligning the scope of CTEM with business objectives, organizations can effectively communicate the relevance of security measures to senior leadership and key stakeholders. This alignment enhances the security posture and maximizes organizational success.

Because the typical attack surface extends far beyond what patch management can cover on its own, an effective CTEM program takes an attacker’s view to validate which vulnerabilities are actually exploitable and what the consequences of that exploit are from a business perspective. This helps organizations direct their attention to the most relevant exposures first. The more automated these assessments become, the more consistent and truly continuous the CTEM program can be.

Implementing CTEM with Thrive Managed Security Services

Thrive Managed Security Services offers comprehensive expert solutions to help organizations implement CTEM seamlessly. With quarterly or monthly testing options, Thrive’s team of experts ensures that your security posture remains resilient against evolving threats. For organizations embarking on their CTEM journey, Thrive offers a first-in-class tailored solution for your business, including:

  • Vulnerability Management: Building upon traditional vulnerability assessments, Thrive helps organizations identify and prioritize exposures based on their potential impact on critical operations.
  • Autonomous Penetration Testing: Through cyber attack simulations, Thrive assists in evaluating the exploitability of vulnerabilities within your network and security context, enabling informed decision-making.
  • Patch Management: Through structured and continuous patching processes, Thrive reduces the attack surface, allowing IT teams to focus on addressing complex vulnerabilities effectively.
  • Managed Detection & Response: Recognizing the expanding attack surface, Thrive monitors SaaS accounts like Microsoft 365 and Google Workspace, ensuring comprehensive security coverage.

CTEM represents a paradigm shift in cybersecurity with a key emphasis on aligning proactive risk mitigation with business imperatives. With Thrive as your partner, organizations can navigate the complexities of CTEM effectively, bolstering their defenses against emerging threats and safeguarding critical assets. Contact Thrive today to embrace CTEM to elevate your security posture and stay ahead of evolving cyber threats.

Learn About Gartner’s Approach to CTEM

Download your copy of the Gartner® Top Strategic Technology Trends for 2024: Continuous Threat Exposure Management (CTEM) report for insights into a modern, systemic approach to managing your organization’s attack surface and security posture in the face of evolving cyber threats.

Get your copy of the Gartner CTEM report today!

Safeguarding Your SME Business: Navigating the Rising Tide of Cyber Threats

Every day, the impact of cunning cyber attackers on small to medium sized enterprises like yours increases rapidly. From vulnerabilities in your supply chain to a potentially incomplete response plan, the possible weak spots in your company are endless in the eyes of a sophisticated hacker. More than ever, SMEs must seek expert security advice to navigate these treacherous waters and shield against ever-evolving threats. Don’t wait for legislation; act now.

According to the UK government’s own words, said legislation is likely not to arrive before 2025 (and most certainly won’t go into force until 2026 at the earliest).

Legislative Limbo

The UK government missed what is probably its last chance to update such laws before a general election this year, one year after prematurely declaring that the UK’s cyber laws had been “updated.” The King’s Speech, which marked the official start of Parliament in the United Kingdom in November 2023 and laid out the government’s complete legislative programme for the upcoming session, did not mention these laws being passed.

The NIS Regulations were initially passed in 2018 in response to a European Union directive. They set security standards for providers of critical infrastructure and key digital services and required reporting in the aftermath of disruptive assaults.

Due to the current legislative thresholds, many cyber attacks have yet to be recognised as NIS incidents. These limits are based on the impact of a cybersecurity incident on the delivery of critical services, such as whether an attack interrupted energy output at a power plant or whether a cyber attack stopped a rail company from operating services. Because the current standards need to assess the depth of the attackers’ computer network access or if the culprits have the potential to disrupt any critical services, they risk depriving government authorities of adequate visibility into how targeted their sectors are.

The amended laws will seriously raise the threshold for required reporting, with fines of up to £17 million for noncompliance. Why not get ahead of the game?

The threat of future fines for your business is not the only reason to act. According to the ICO, ransomware attacks in the UK have reached a record high, with 700+ organisations compromised. This directly affects the personal data of over 5.3 million individuals—for context, about the population of Nairobi or Melbourne.

Latest UK Attack Update

Late last year, even the Royal Family’s official website was targeted in a denial-of-service attack claimed by the Russian group Killnet, proving that even the most highly protected websites can be affected. We also saw cyber breaches in the least expected places in the same period. St Augustine Academy, a Maidstone secondary school, saw their pupil and parental data seized and encrypted in September. This left parents uncertain about the safety of their personal information and showed us that similar attacks can occur anywhere. Highgate Wood school was also targeted in the same month – forcing it to close – alongside several schools in Suffolk, Wiltshire and elsewhere in Britain.

The UK’s Department for Science, Innovation & Technology (DSIT) states higher education institutions (HEIs) are “more severely affected” than schools, with 60 per cent of those attacked experiencing financial loss or data compromise – a stark comparison to just 24 per cent of average businesses. 45 per cent report having breached accounts weaponised for illegal purposes, which incurs a much more substantial problem for universities than other large entities. In light of this, according to the chair of UCISA (the member-led professional body for practitioners within education), HEIs are also much better informed and, overall, more aware of the risks than other education sector members.

Unveiling the Dark Reality of Cyber Assaults

These attacks may look superficial but illuminate a genuine and sinister threat. Companies that store our most sensitive data are bombarded with attacks daily, even data as personal as our DNA. On October 6, 2023, 23andMe revealed it had fallen victim to a data breach.

The attack targeted 1 million users with Ashkenazi Jewish heritage, selling phenotype information, personal photographs, links to hundreds of potential relatives, and, most devastatingly, raw data profiles.

The hacking group Golem claimed that among the data were “the wealthiest people in the US and Western Europe,” such as the Royals, Rockefellers, and Rothschilds—a claim that has yet to be confirmed. This delicate data was sold for a meagre sum, often for no more than ten US dollars, depending on the data a buyer purchased. This catastrophic incident has forced DNA companies to employ multi-factor authentication logins as a default.

Closer to home, KNP Logistics, one of Britain’s largest privately-owned logistics companies, declared itself insolvent in September 2023. The culprit? A ransomware attack back in June left 730 redundant employees in its wake. KNP could not secure the urgent investment needed to bounce back, and investor trust was severely eroded due to the compromised financial information and critical operating systems. The firm has been added to the long list of the Akira ransomware gang’s helpless victims, making a public example of the threat that the NCSC describes as “one of the most significant cyber threats facing the UK.”

Crafting a Robust Defence Strategy

Keeping you and your team updated on emerging attacks targeting businesses your size is paramount for protection. These recent attacks and statistics underscore the pressing need for SMEs to have a comprehensive response plan and understand the diverse array of daily attacks threatening businesses.

At Thrive, we have extensive experience working with SMEs to help them raise barriers and protect themselves from the most determined cyber attacks. Get in touch with Thrive now and secure your business’s future today.

Thrive Named Middle Market Dealmaker of the Year by Boston Business Journal

“Many middle market companies are struggling with the complexity of technology, cybersecurity, and work from home issues since the pandemic and need a true partner to help them augment their overtaxed IT staffs,” said Rob Stephenson, CEO of Thrive.