Building IT From Zero

When I joined the company, "IT" was a shared Google Drive folder and everyone being admin on their own machines. No MDM. No SSO. No inventory. Just vibes and vulnerability.

Three years later, we have a fully managed fleet of 500+ devices, SSO across 50+ applications, automated onboarding, real-time compliance dashboards, and we've passed every HIPAA audit without findings.

Where to Start

Everyone wants to jump to the flashy stuff—automation, dashboards, AI tools. But foundations matter. I started with three things:

Identity. Before you can secure anything, you need to know who people are. We deployed Okta and made it the source of truth. Every app, every access decision, flows through identity.

Inventory. You can't protect what you can't see. Jamf gave us visibility into every device—what's installed, what's compliant, what's vulnerable.

Endpoints. Once you know who and what, you can start enforcing policy. Managed devices, required encryption, automatic updates.

The Hard Parts

Technology was the easy part. The hard parts were all human: convincing leadership to invest before there was a breach, getting employees to accept change, building processes that scale without building a bureaucracy.

Healthcare adds another layer. HIPAA isn't just a checklist—it's a mindset. Every decision has to consider: what if this device is lost? What if this employee leaves? What if we get audited tomorrow?

What I'd Do Differently

I'd document more from day one. When you're building fast, writing things down feels like a luxury. But two years later, trying to remember why you made a decision is painful.

I'd also push harder for automation earlier. Every manual process you create becomes technical debt. Build it right the first time, even if it takes longer.