The Assessment Before the Contract
That assessment took senior engineer time. We looked at their Mimecast configuration, their Office 365 tenant setup, mail flows, rules, and security posture, their workstations and antivirus coverage, and their internet-facing exposure. What we found was a business whose security posture had never been properly hardened. The incident they had experienced had not been properly remediated, and nobody had sat down with them afterwards to explain what had happened, why it happened, or what needed to change to prevent it happening again.
We wrote up everything we found. Then we shared the report with their existing provider and told them what needed to be fixed.
Eight to Sixteen Months: The Ordinary Rhythm of a Significant Decision
The journey between those two points was not dramatic. It was the ordinary rhythm of a significant business decision: pricing discussions, internal reviews, consideration of whether the timing was right, and the reality of a long-standing relationship with an existing provider that nobody wanted to end abruptly. MSP sales cycles in this space typically run between eight and sixteen months. This one was no different.
Throughout that period, the approach did not change. When they had questions, we answered them with care. When the financials needed reworking, we reworked them. When they were uncertain about including endpoint detection and response in the initial scope because of the cost, we removed it, had the conversation with the CEO, and added it back once they understood the value. When they considered managing their own connectivity to avoid being dependent on a provider they were still evaluating, we explained what that would mean in practice. When a connectivity issue arises and the infrastructure is split across suppliers, the question of whose problem it is becomes a negotiation. We handle everything, monitor everything, and there is one number to call. They decided to keep the connectivity with us.
What Actually Builds Confidence
Nicholas Broderick, who managed this engagement, described the approach plainly:
“Instead of wining and dining, we tried to show value right off the bat with doing actual work rather than just talking.”
The CFO told us, more than once over those ten months, that he could clearly see we knew what we were doing. That confidence did not come from a brochure.
Part of what built it was patience. The business leaders involved are not IT specialists, and explaining complex security findings in a way that genuinely lands — rather than simply conveying competence — requires sitting with people through the confusion rather than moving on. The client appreciated that. Their CEO was explicit about what he expects from a service provider: a personal relationship, the ability to pick up the phone and speak to someone who knows their environment. That is not a concession we made to win the business. It is how we work.
What This Approach Produces
From May, they will be an Si Futures client in full, with virtual machines, identity and threat protection, endpoint detection and response, Microsoft 365, connectivity, and end-user support all moving across. The priority is ensuring that by the time their current contract ends, nothing critical depends on a provider they no longer have a relationship with.
The approach that produced this outcome is not fast. It requires senior time, patience, and a willingness to demonstrate value before there is any guarantee of return. What it produces, when it works, is a client relationship built on evidence rather than expectation.
A security assessment is not a sales tool. It is the clearest way we know to demonstrate whether a business’s current posture is protecting them — and whether anyone has been honest with them about it.
Is Your Current IT Provider Having the Right Conversations With You?
If you are reviewing your current IT provider relationship and wondering whether you are getting the level of security consultancy your business requires, a Si Futures managed cyber security assessment is where most of our conversations begin. Contact our team to arrange one.
