Financial Services · Student-Lending Fintech
Six engagements. Three years. One call at a time.
A national student-lending fintech never signed a big transformation contract with us. Instead, they called six times over three years — network resilience, edge security, endpoint modernization, directory migration, cloud backup assurance — and we delivered each as a tight, fixed-scope project. That's the model working as intended.
Each fixed-scope, each earning the next call
After the HA redesign — failover tested, not assumed
Right-sized $6K–$10K efforts, not padded programs
The challenge
Where things stood
A lean fintech IT team serving a national lending operation had classic scale-up debt: a production network with multiple single points of failure, an internet edge without hardened WAF policy, workstation patching that consumed staff time, and an Active Directory structure that no longer matched the business.
What they didn't want was a consultancy that turns every gap into a six-month program. They wanted specific problems fixed, at fixed prices, by people who show up already competent.
What we did
The engagement
Network resilience
Full HA redesign of the production edge: Meraki MX95 high-availability pair, new switching, ISPs separated into isolated broadcast domains, inbound/outbound failover configured and — the part that matters — actually tested, including IPSEC tunnel re-establishment to the colocation facility.
Edge hardening
Cloudflare configuration matured to OWASP-aligned WAF rulesets with bot mitigation tuned to block malicious automation while preserving legitimate crawlers — plus a risk-landscape roadmap for what comes next.
Endpoint modernization
Intune Windows Autopatch tuned with clear feature/quality-update processes, a managed Windows 10→11 upgrade path, and third-party patching automated via Patch My PC — removing a recurring manual burden.
Directory & cloud foundations
Active Directory subdomain migration executed with Entra ID sync preserved and post-migration support; a CIS Controls review closing runbook and process gaps; and an Azure + AWS backup strategy assessment verifying recovery would actually work under regulatory expectations.
The outcome
Where things landed
- The production network survived failover testing with zero single points of failure — resilience proven rather than diagrammed.
- Each engagement stayed inside its fixed scope and price; the relationship compounded because nothing was oversold.
- Three years on, the pattern holds: when something new comes up, the call comes to us first.
Client identity withheld by design — the same confidentiality we extend to every engagement. Scope, figures, and outcomes are drawn directly from the delivered statements of work.
Want an outcome like this one?
Every engagement starts with a 45-minute scoping call. Straight questions, no pitch deck.