Win-Tech Inc., a small business and aerospace and defense manufacturer and government contractor in full growth mode recognized the need to improve its cybersecurity posture with the increase of regulatory compliance requirements, rise in cyber attacks, and noticeable constraints and across the board IT support.. An organization with fewer than 50 employees, Win-Tech lacked the resources for a full- time IT/Security department, along with a solid understanding of defense industry compliance requirements. An understanding of deep knowledge in compliance, IT and cybersecurity was needed, and the consideration of engaging a compliance-driven MSP became essential in strategically scaling for competitive contract bids.

Win-Tech sought to improve its cyber readiness and achieve compliance and implement modern cybersecurity tools to secure its data. In order to be able to continue to do business with the federal government, the company initially hired a commercial-focused MSP to help with the more substantial IT/security needs such as patching and system monitoring. It became apparent, however, that in strategic compliant conversations, commercial MSPs do not always focus on government contracting defense regulations, or command a full understanding thereof, when discussing compliance with frameworks such as CMMC.

The idea of changing MSPs and potentially making significant (and expensive)
enhancements to the company’s infrastructure was daunting with critical
considerations such as cash outlay and the impact to day-to-day business workflow of
particular concern.

The Beginning

After researching the government contracting community, and identifying several MSPs with deep experience and knowledge in the defense space, Sentinel Blue, a defense contractor focused MSP was identified to update and secure Win-Tech’s current IT environment, cybersecurity infrastructure, processes, plans and workflow, and to migrate to a Microsoft GCC-High environment. GCC-High was the right choice for Win-Tech for several reasons, including the enablement of making multi-factor authentication part of essential workflow and email security as a baseline.

“Sentinel Blue is a reliable, competent sounding board. I can go to Andy Sauer and say, ‘In the next 12-16 months, I may want to consider migrating to a cloud-based ERP. What are things I should consider when I’m shopping for that?’ Andy will tell me things I didn’t think to ask. He is a translator between business risk and security risk that is invaluable to a small business in the DIB.”


The Solution

Following the initial GCC-High migration, Sentinel Blue worked in partnership with Win- Tech’s existing MSP to begin transferring IT and security governance, and ultimately assumed ownership to serve as vCISO and full-service MSP.

In developing CMMC-compliance goals, Sentinel Blue performed a gap analysis, and then proposed a variety of solutions designed to scale with Win-Tech’s business operations, and to best and ranged in cost and implementation effort. Risks were documented and constantly analyzed, with immediate mitigation strategies implemented with the focus on progress and not immediate perfection. Steps were taken to allow Win-Tech to assimilate to architectural changes and mitigate potential disruption in workflow and product realization

Sentinel Blue stressed to Win-Tech that compliance did not drive security, but rather security driven by risk with compliance the documented result of appropriately implemented security processes and plans that demonstrate understanding of agile changes needed in cybersecurity planning. By taking this risk-based approach, the Win- Tech was able to prioritize what made sense for its business.

Supporting Win-Tech’s IT and Cybersecurity Maturity and day to day technical support included:

  • Replacement of old hardware: Major pieces of equipment, like network switches, were budgeted for and replaced. With Sentinel Blue’s industry expertise, Win-Tech was confident in the recommended choices the support provided.
  • Hardening flat networks: Redesigning networking developed over 30+ years, often pieced together along the way, and hardened for swift and direct implementation of wireless printers within the main network. Efforts were made to layer the network and mitigate risk in some areas and completely remove identified risk in others.
  • Creative solutions to mitigate risk: implementing specific, compliant solutions to secure workflows engrained in production operations for decades and enabling for flexible operational changes that do not impact business continuity and growth

For example, older industrial machines only communicate with workstations that host antiquated systems that longer supported versions of Windows operation systems. With the compounded complexity of many employees sharing a single workstation, simple practices such as data transfer, which may happen via USB flash drives between workstations and CNC machines created more layers of risk.

Sentinel Blue was able to support Win-Tech in creating and evolving security practices and ensuring compliance without significantly disrupting work and negatively affecting production

  • In-depth, on-going phishing training and reporting: along with developing training tools to help employees gain awareness on hacking techniques in the industry, Sentinel Blue implemented company-wide essential practices where employees at Win-Tech actively report phishing emails, thus allowing for the immediately blocking of nefarious senders, threats and proactive analysis of those threats.
  • Developing enterprise-grade resources to SMBs often reserved for businesses with larger budgets: Sentinel Blue provided cloud-based services that are generally reserved for enterprise clients, and monitored as part of the managed service practice offered to SMBs designed for minimal to no disruption to everyday business flow during the migration


The Sentinel Blue Difference

Sentinel Blue has been actively engaged in industry as a leading small business
practitioner and is, particularly in-tune with SMBs in the Defense Industry Base. With a
deep understanding of evolving compliance requirements and leading cybersecurity
practices, solutioning small business-specific challenges, Sentinel Blue always makes it
a point to stay engaged in the business needs, ongoing scaling and growth, that impact
the IT and cybersecurity integrity for its clients.

“During the migration to GCC-High, Sentinel Blue anticipated my employees’ reactions to changes in their environment, and helped to communicate and offer resources in advance. This type of planning ahead ensured that the migration ran as smoothly as possible.”


Ready to get to work? So are we.

Our cyber adversaries aren’t waiting and neither are we. We want to learn more about your IT and cybersecurity needs so let’s get the conversation started.