ITMarshall
Book a fit call

Infrastructure & Security Advisory for SMBs (Toronto / Southern Ontario)

Independent infrastructure and security advisory for small and mid-sized businesses that already have IT support, but need senior judgment for high-stakes decisions. Fixed-scope, written deliverables, and a clean end to each engagement.

Built on hands-on work stabilizing production environments in finance, healthcare, and logistics under regulatory and audit scrutiny.

Book a fit callEmail

No obligation. If it's not a fit, I'll say so.

Fixed scope
Written deliverables
Clean handover

Who this is for

Typically engaged by owners, COOs, CFOs, and IT leaders in 30–150 person organizations that already spend on IT, but feel exposed or in the dark.

This service fits:

  • 30–150 employees
  • Internal IT or MSP mix
  • Environments that have grown through one-off fixes, vendor changes, or staff turnover—with no one sure how it all really fits together
  • Needs decisions, not tickets

Common trigger events:

  • MSP dissatisfaction or exit: You're frustrated with slow response, surprise invoices, or feeling "trapped" in a contract, but you're not sure how to safely take back control.
  • Hiring IT leadership: You're about to hire an internal IT lead and want a clear baseline before you hand them the keys.
  • Audit or insurance pressure: A regulator, auditor, or insurer is asking questions your current setup can't answer with confidence.
  • Growth exposing fragility: Recent growth, new offices, or remote work have stretched an originally "good enough" setup past its limit.
  • Inherited messy systems: You've stepped into a role where IT is a black box and you're accountable if something goes wrong.

Risk signals

If any of these sound familiar, you likely have unacknowledged infrastructure or ownership risk:

  • If a key staff member or vendor disappeared tomorrow, you're not sure you could access everything you're paying for.
  • You have backup software and reports, but no one has actually proven that a full restore works end-to-end.
  • Your Microsoft 365, Azure, or line-of-business systems are legally tied to your vendor's account structure, not yours.
  • One internal IT person or external tech "just knows how it all works," but nothing is documented in a way someone else could safely take over.
  • You've had plenty of break/fix or upgrade projects, but never a top-to-bottom view of infrastructure, identity, backup, and ownership.

If you checked two or more, you don't just have technical risk—you have ownership risk. A fixed-scope infrastructure audit is usually the fastest way to surface and contain that risk.

What you get

  • Time-boxed engagements with fixed scope. Scope is agreed up front and doesn't quietly expand during the work.
  • Senior judgment, not junior execution. You work directly with me, not through layers of junior staff. Most of the work is done quietly in the background; you see the decisions and the artifacts.
  • Clear, versionable documents—risk register, access maps, diagrams, and roadmaps—that your internal team or MSP can act on immediately.
  • Admin access, documentation, vendor relationships, and operational know-how move into your control, not mine.
  • Designed to end

What I don't do

  • No helpdesk or ticket systems
  • No on-call or managed services
  • No retainers or recurring billing
  • No "while you're here" scope creep
  • No ongoing IT support

If you're looking for someone to run your helpdesk, take tickets, or be permanently on call, you need a managed service provider. My role is to fix ownership and risk, not become another long-term dependency.

Engagements

Infrastructure Reality Audit & Ownership Risk Review

For: SMBs that need clarity on what they actually have and where the risk is

Timeline: 10–14 days

Deliverables:

  • Written risk register (plain language): A prioritized list of concrete risks in plain language—what could happen, how likely it is, and what it would cost you in downtime or disruption.
  • Ownership & access map: A single view of who controls what—from admin accounts and cloud tenants to on-premises systems and key third-party services.
  • Backup & recovery reality summary: Verification that at least one end-to-end restore path actually works, with a summary of how long recovery would take in practice versus expectations.
  • Single points of failure / fragility analysis: Identification of people, systems, or vendors that your business quietly depends on, and what would happen if they failed.
  • 30/90/180-day decision roadmap: A simple sequence of decisions to make and actions to commission over the next six months, sized for your actual capacity and budget.

Not included: remediation, monitoring, or ongoing support. You decide who implements the recommendations and on what timeline.

MSP Exit & Ownership Recovery

For: Organizations ending an MSP relationship and needing to regain full control of infrastructure, tenants, credentials, and documentation—without breaking production.

Timeline: 2–4 weeks

Deliverables:

  • Account & credential ownership inventory: A complete list of critical accounts and credentials, with clear indication of whether you or your vendor currently holds the keys.
  • Tenant/licensing/access normalization plan: A practical plan to move everything that should be under your legal and technical control into your own tenants and accounts, with minimal disruption.
  • Documentation reconstruction bundle: Recreated diagrams, procedures, and system notes where they're missing, so your environment can be understood and supported by someone new.
  • Vendor/MSP disentanglement checklist: Step-by-step checklist for shutting down, transferring, or re-negotiating vendor relationships safely.
  • Transition package usable by internal IT or new provider: A binder (digital) you can hand to any competent IT person or MSP and say, 'Here's how our world is put together and what we expect.'

Not included: becoming your new MSP. After handover, you choose your ongoing provider or internal hire.

Clean-Slate Infrastructure Build

For: New or restructured organizations that want their first real infrastructure to be boring, stable, and well-documented from day one.

Timeline: 2–4 weeks

Deliverables:

  • Identity & access architecture baseline: Clear separation of roles, admin vs standard users, and where accounts live (on-prem, Entra ID, hybrid).
  • Security baseline summary: Multi-factor authentication, privileged access boundaries, and minimum controls appropriate for your size and risk profile.
  • Backup & recovery design: Specific decisions about what gets backed up, how often, where it lives, and how a restore would work.
  • Infrastructure diagrams: Simple diagrams showing how your systems fit together—network, cloud services, key apps—so new people can understand the environment quickly.
  • Documentation + handover package: The full set of documents, credentials, and diagrams organized so you can hand them to an internal IT lead or chosen MSP and say, 'This is how we run.'

Not included: hardware, licenses, or ongoing administration. I help you decide and design; you or your vendors handle procurement and long-term operation.

How it works

1

15-minute fit call

Brief call to understand your situation, confirm it matches one of the engagement types, and make sure I can add meaningful value. If it's not a fit, I'll say so and, where possible, suggest alternatives.

2

Fixed-scope statement + invoice

You receive a short statement of work outlining: objectives, specific deliverables, required access, timeline, and fixed price. No variable hours, no surprise add-ons.

3

Delivery of documented artifacts

Most work happens asynchronously: I review your environment, ask targeted questions, and draft the written artifacts. You'll see intermediate check-ins and a final walkthrough of all documents.

4

Clean handover and exit

You receive the final documentation package and we walk through next steps. Any follow-on work (e.g., implementation support, another engagement) is a separate, clearly scoped decision.

Hardware & licensing policy

Hardware, licenses, and third-party services are not resold or bundled. You purchase directly from vendors using specs we agree on.

This keeps incentives clean and pricing transparent: I'm not paid to push particular tools.

About

Hi, I'm Robert.

I work with small and mid-sized businesses when their infrastructure has become fragile, unclear, or quietly risky — often after years of piecemeal changes, vendor churn, or deferred decisions.

My role isn't to sell tools or take over day-to-day IT. It's to step in, tell you the truth about what's actually going on, stabilize what matters, and leave you in a position where you're back in control — whether that's with your existing MSP, a new one, or an internal hire.

I work independently, on clearly scoped engagements, and I don't stay on for ongoing operations. When the work is done, it's done.

Recent work includes: leading ransomware recovery for a healthcare provider, migrating legacy virtualization platforms in a financial environment, and rebuilding documentation from scratch for MSP-served SMBs.

Clients tend to call me when they're embarrassed by how things look behind the scenes. That's normal. My job is not to judge—it's to get you from "I hope it's fine" to "we know where we stand and what to do next."

Common questions

How is this different from an MSP?

MSPs provide ongoing support, monitoring, and tickets. This is fixed-scope advisory work that ends with documented deliverables and clean handover. No retainers, no recurring billing, no on-call.

What happens after the engagement ends?

You own all documentation and can act on it with internal staff, a new provider, or by returning for a separate follow-on project. There is no lock-in and no expectation of ongoing relationship. You are not dependent on me to operate what's delivered. You're not tied to me. The whole point of the engagement is for you to be less dependent on any single person or vendor, including me.

Do I need to be technical to work with you?

No. Deliverables are written in plain language for business decision-makers. Technical depth is provided where needed, but the goal is clarity for leadership, not just IT staff.

What if we need ongoing support after?

This service does not include ongoing support. If you need managed services after the engagement, you hire an MSP or internal IT. The documentation package is designed to make that transition straightforward.

How do you handle confidential / regulated data?

Standard confidentiality practices apply. If you operate in a regulated environment (healthcare, finance, legal), I work within your existing compliance framework. No data leaves your control without explicit agreement.

What if something critical breaks during the engagement?

If a critical incident occurs, we pause the engagement and agree on next steps explicitly. This service is advisory and assessment-focused, not emergency response or on-call support. If you want me to lead incident response, we treat that as a separate emergency engagement with its own scope and rate, agreed upfront before work begins.

Ready to get clarity?

Book a 15-minute fit call to discuss your situation.

Book a fit callEmail

Service area: Toronto / Southern Ontario — Remote-first, onsite when required