A 60-person professional services firm headquartered in the Strip District called us on a Tuesday. Their internal "IT guy" had given two weeks' notice, their cyber insurance renewal was 45 days out, and the carrier had returned the questionnaire with hard requirements they couldn't honestly check: MFA on all admin accounts, EDR on every endpoint, documented backup testing, and a written incident response plan. The partners had been quoted a six-figure premium increase if those controls weren't in place by renewal.
They didn't need a sales pitch. They needed a Pittsburgh IT support company that could walk in, take inventory, and have the environment defensible inside six weeks — without breaking the billing system the firm runs on every day.
The challenge
The environment was typical of a Pittsburgh mid-market business that had grown faster than its IT had: a mix of on-prem file servers in a Green Tree office closet, Microsoft 365 with legacy licensing, two line-of-business apps hosted by separate vendors, and roughly 70 endpoints split across the main office, a satellite in Cranberry, and remote staff scattered from Mt. Lebanon to Morgantown.
The specific gaps the insurance carrier flagged:
- No EDR — just legacy AV that hadn't been reviewed in three years.
- MFA on email, but not on the VPN or the on-prem admin accounts.
- Backups running, but never test-restored. Nobody could say with confidence the backups would actually come back.
- No written IR plan, no tabletop, no documented vendor list.
- Several former employees still had active accounts in at least one SaaS tool.
Compounding the technical work: the firm handles matters that touch HIPAA-covered clients and a handful of defense-adjacent contractors, which meant CMMC Level 1 was on the horizon whether the partners wanted to think about it or not.
The renewal questionnaire wasn't really an insurance form — it was a security audit the firm had 45 days to pass.
How it was solved
We scoped the engagement as a 30-day stabilization followed by a 90-day hardening track, with the insurance deadline as the forcing function for week six.
Week 1 — discovery and triage. Full asset inventory, identity audit across Microsoft 365 and the two LOB platforms, and a backup restore test against a non-production VM. The restore test failed on the first attempt, which is exactly why we run it. Backup configuration was corrected and re-tested successfully by Friday.
Weeks 2–3 — identity and endpoint. Conditional Access policies deployed in Entra ID, MFA enforced on VPN and privileged accounts, and a managed EDR agent rolled out to all 70 endpoints with 24/7 SOC monitoring. Dormant accounts disabled; offboarding checklist documented and handed to HR.
Weeks 4–5 — documentation and policy. Written incident response plan, vendor inventory, data classification summary, and an acceptable use policy the partners actually read before signing. We ran a 90-minute tabletop exercise with the managing partner and office administrator walking through a simulated business email compromise.
Week 6 — renewal submission. Every "yes" on the questionnaire was backed by a screenshot, a policy document, or a configuration export. The carrier accepted the submission without follow-up questions.
Outcomes
The firm renewed at a premium increase in the single digits rather than the six-figure jump originally quoted. EDR caught and quarantined a credential-stealer dropper on a paralegal's laptop in month two — the kind of event that, pre-engagement, would likely have gone unnoticed until it surfaced as a wire fraud attempt.
TL;DR: A defensible security posture isn't a product you buy — it's a sequence of controls, evidence, and documented process that a Pittsburgh IT support company should be able to stand up on a fixed timeline.
Just as important: the firm now has a monthly operating rhythm. Patch reports, backup test results, and identity reviews land in the managing partner's inbox on the first Monday of each month. There's no "IT guy" single point of failure. When the office administrator has a question, she opens a ticket and gets a response from a Pittsburgh-based engineer, not a queue in another time zone.
Takeaway — and how this applies to your firm
If you're searching for a Pittsburgh IT support company, the trigger is rarely curiosity. It's a renewal, a resignation, an audit letter, or an incident. The work that matters in the first 60 days is unglamorous: identity hardening, endpoint visibility, backup verification, and documentation that survives contact with an auditor or a carrier.
Who this is for
We work best with Pittsburgh-area organizations between roughly 20 and 250 employees — law firms, healthcare practices, manufacturers, financial advisors, and nonprofits — operating within about 75 miles of 15220, including Cranberry, Wexford, Monroeville, Robinson, Washington, and into the Mon Valley. If you're subject to HIPAA, PCI, or moving toward CMMC, that's squarely in our lane.
What's included in our IT support
Co-managed or fully managed engagements typically cover: 24/7 helpdesk staffed in Pittsburgh, managed EDR with SOC monitoring, Microsoft 365 and Entra administration, patch and vulnerability management, backup and disaster recovery with quarterly restore tests, vCIO planning, and a growing AI-enablement practice helping clients deploy Copilot and custom workflow automations safely — with data governance reviewed before, not after, rollout.
Why PGH Networks
We're local. Engineers live in the same ZIP codes as the people they support, which matters when a server room in Robinson needs hands on a Saturday. We document everything we touch, so if you ever leave us, you leave with a runbook — not a hostage situation. And our compliance work is hands-on: we'll sit at the table for your insurance call, your HIPAA risk assessment, or your CMMC readiness review.
Next step
If something in the scenario above sounds uncomfortably familiar, the next step is a 30-minute scoping call. We'll ask about your renewal date, your current stack, and where the documentation gaps are. If we're a fit, we'll propose a fixed-timeline stabilization plan. If we're not, we'll tell you that too. Call us or request a consultation through pghnetworks.com.