The IT director of a regional food manufacturer was used to wearing every hat from help desk to cybersecurity. With no team to fall back on, every alert, every incident, and every configuration landed on his desk. While the business hadn’t suffered a significant breach, earlier incidents revealed just how stretched his tools and time had become.
Looking for a way to strengthen his defenses without adding headcount, he partnered with VLCM. The focus: prioritize the most targeted areas first and build a security strategy that makes sense for a one-person team with a tight budget.
“When we meet with a client, we start by understanding the tools they already have and the nature of their business: what they do, who depends on them, and what kinds of data or operations are at risk,” says Jamie Maxfield, a Cybersecurity Solutions Architect at VLCM, “From there we assess where they fall on the cybersecurity maturity scale - factoring in staffing, budget, and time.”
Jamie wanted to start by reinforcing the most frequently targeted layers: email, access, and end-user behavior.
VLCM recommended Barracuda to strengthen the organization’s email security and simplify threat management. The platform inspects incoming messages, analyzing links, attachments, and sender reputation to detect phishing attempts, malware, and impersonation. Integrated with Microsoft 365, it also ensures that email data is backed up and easily recoverable in the event of accidental deletion or a targeted attack. For the IT director, Barracuda offers a more manageable alert system and greater visibility into email activity, making it easier to maintain a secure and resilient communication channel.
VLCM also recommended KnowBe4 to strengthen the organization’s resilience against social engineering. The platform delivers simulated phishing campaigns and ongoing security awareness training, helping employees recognize and report malicious messages. Integrated reporting tools enable users to flag suspicious emails directly from their inboxes, providing the IT director with visibility into emerging threats and user behavior. As training becomes part of the routine, security turns into a shared responsibility, reducing risk without adding complexity.
Already operating in a Microsoft environment, the organization needed stronger controls around user access. VLCM suggested Microsoft Entra ID P1 (formerly Azure Active Directory P1), which introduced Multi-Factor Authentication (MFA) to protect user credentials. Instead of relying solely on passwords, users now had to verify their identity through a second factor, such as a phone prompt or verification code. Beyond MFA, Entra ID P1 also enables conditional access policies, allowing the IT director to set rules around who can log in, from where, and under what conditions. This reduces the risk of compromised credentials being used to access sensitive data, without adding unnecessary friction for legitimate users.
With email, user credentials, and employee awareness fortified, VLCM turned its focus to one of the IT director’s most persistent concerns: the lack of centralized visibility. Even with stronger individual layers in place, there was no easy way to see the full picture or confirm whether those tools were catching everything. That uncertainty made it difficult to feel confident in the organization’s overall security posture.
“He always felt like there could be a gap, something that was missing,” says Drew Grundberg, an Account Manager at VLCM, “Visibility was a big issue because he's just a team of one. He didn’t want to chase ghosts, and if the tools he had in place were leaving a gap, he was nervous about that.”
Jamie suggested that the food manufacturer should look into a Security Information and Event Management Tool (SIEM) that collects and analyzes log data from across an organization’s systems, applications, and infrastructure. It would give the IT director a single pane of view to monitor what's happening across their environment, and help answer questions like:
Who logged in where and when?
Was there a suspicious login from another country?
Did someone try to access sensitive data?
Jamie also recommended adding a Managed Detection and Response (MDR) service to supplement the client’s limited internal resources. With only one person managing IT, the MDR would provide 24/7 threat monitoring and response from a team of expert security professionals. “You’re going to want to take your nights off and enjoy your holidays and vacations,” says Jamie. Augmenting with MDR can give lean IT teams peace of mind without sacrificing visibility or speed.
“We wanted to get him working with a SIEM that was easy to use and didn’t require a big learning curve - something that would deliver value from day one,” explains Jamie. He identified Adlumin as the right fit. The platform combines SIEM and MDR capabilities, giving the client both a centralized view of security events and around-the-clock support from a managed response team. Unlike traditional SIEMs that often require custom queries and familiarity with search languages, Jamie says, “Adlumin is easy to use and easy to understand, so there isn’t a big learning curve.” Its built-in SOAR features, like automated account lockouts and password resets, further reduced the burden of manual response, making it a practical solution for the IT director.
Not long after these solutions were in place, the manufacturer was targeted by a sophisticated phishing attack. An email from a trusted vendor included a seemingly benign link to download a file. After clicking, users were prompted to log in with their Microsoft 365 credentials—a clever attempt at credential harvesting.
“I’m not sure how any spam filter would have caught this,” explains the IT Director, “One of the addresses was whitelisted, and both emails came from companies we do regular business with. This is how the layered security strategy worked together: My team let me know we might have a problem, which was a result of the KnowBe4 training. Barracuda helped me determine it was a phishing attack and confirmed there was no malicious code trying to infect our systems. Multi-Factor Authentication prevented the attackers from accessing the Office 365 account. And Adlumin reported the incident, verified that access wasn’t granted, and was poised to take further action. The whole situation reinforced the value of the solutions we put in place with VLCM.”
The cybersecurity strategy was carefully built around the client’s environment, challenges, and daily operations. Each layer, from email filtering and user training to identity protection and centralized visibility, was carefully selected to work together and support the business and its IT team's functions. In Jamie’s words, “Because we take a vendor-agnostic approach, we’re able to offer more tailored recommendations. If we were a single manufacturer, we’d be forced to make that round peg fit into a square hole, and the relationship might end there. VLCM has always prided itself on building long-term relationships by being flexible in the products and services that we offer to our clients, so that we are ultimately trying to fit the needs of our clients, as opposed to fitting our products into our clients' environments.”
Know you need to be more cyber secure, but don’t know where to start? VLCM’s cybersecurity assessments include a detailed Risk Mitigation Plan and a prioritized roadmap, giving you clear next steps to strengthen your security posture and reduce risk exposure. Connect with one of our cybersecurity architects at www.vlcm.com/cybersecurity/assessment.
To learn more about how VLCM helps its customers Get IT Right, please visit our Customer Success Story Library at www.vlcm.com/success-stories.
Our client is a small food manufacturer. We have happily accommodated their request to anonymize their name.
Purpose: Email security and backup.
Capabilities:
Inspects links, attachments, sender reputation.
Detects phishing, malware, impersonation.
Integrates with Microsoft 365 for data backup and recovery.
Provides a manageable alert system and enhanced visibility into email activity.
Purpose: Security awareness training and simulated phishing.
Capabilities:
Simulates phishing attacks.
Provides ongoing training.
Includes integrated reporting for flagged messages.
Helps turn users into a security asset.
Purpose: Identity protection and access management.
Capabilities:
Multi-Factor Authentication (MFA).
Conditional access policies.
Prevents unauthorized access to Microsoft 365.
Strengthens login security without complicating user experience.
Purpose: Centralized visibility, SIEM, and MDR.
Capabilities:
Combines SIEM (Security Information and Event Management) with MDR (Managed Detection and Response).
Provides a single-pane-of-glass for monitoring events.
Built-in SOAR features (automated lockouts, password resets).
Delivers 24/7 threat monitoring and response.
Easy to use with a low learning curve—ideal for small IT teams.
Get a personalized roadmap to close vulnerabilities, reduce alert fatigue, and improve response time. Fill out the form to get in touch with a VLCM Representative, or call us at 1-800-817-1504 to get started.
Following the form submission, you will receive a confirmation email from VLCM with your request. A VLCM representative will contact you within 1 to 2 business days.
"I am very impressed with VLCM and their commitment to getting the solutions we request and suggesting solutions that will help our company grow. They make it easy to get new technology. They are easy to work with and very flexible. We have used them for years and I will continue to come back because they care about me and my company."
"I've been a customer of VLCM for about 9 years while I've been with 2 separate companies. They have consistently provided great service for all of our technology needs that have arisen during this time. As the lone IT person at my current company it is comforting knowing that I can lean on the resources that VLCM has available to assist me when problems arise. VLCM was instrumental in helping to implement a virtual environment that would have taken me months to complete by myself. On every project that I have worked on with them they have always had someone with a high degree of expertise that has been involved. I would definitely recommend them as a technology partner for businesses large or small."
"I have worked with VLCM more years then I can remember. They have always been there with fair pricing, outstanding consulting, and amazing customer support. The staff at VLCM has earned my trust and deep respect. They are always willing to go the extra mile both before and after the sale. On top of that they have made me look good to my various bosses over the years by making sure that projects are almost always under budget and on time. I can not think of a better partner for my IT needs at Alpine School District, Access Data and now at Nelson Labs."
Copyright VLCM | All Rights Reserved | Privacy
.jpg "shutterstock_2133827717 (1)")