The unglamorous discipline that compounds.
Security is a posture, not an event. Most breaches at SMBs are not technically novel — they happen because a baseline drifted, a patch slipped, an admin account stayed standing, a privacy policy stopped matching what the business actually does. The whedo.it cadence is built around catching that drift before it costs anything: monthly tenant review, quarterly Secure Score uplift, twice-yearly phishing simulation, annual full security audit. Plus light-touch user training in the format clients actually consume — short, scenario-based, in the flow of normal work.
The threat at this layer isn't a specific exploit — it's slow drift. Patches get deferred. A new SaaS app gets connected without a tenant review. A staff member shares a credential. A privacy policy stops matching what the business actually does. None of these are dramatic; all of them are how environments quietly become breach-ready.
Monthly 30-minute client review — tenant health, Secure Score movement, patching cadence, audit log anomalies, any policy drift. Quarterly business review at Silver and Gold tiers — bigger-picture posture, architecture decisions, planned changes. Twice-yearly phishing simulation campaigns benchmark response and identify users who'd benefit from a quick conversation. Short scenario-based training delivered in the flow of normal work (5-minute videos, not 90-minute LMS courses).
Documentation of every client environment lives in whedo.it runbook system — baselines, exceptions, change history, dependency maps. Onboarding includes the documentation baseline so handover from your previous provider doesn't lose context. Annual security audit produces a one-page posture summary the business owner can hand to insurers, regulators, or enterprise customers.
Each of the six topics covers a layer of the security stack. They work together — phishing defence assumes good identity, identity assumes endpoint compliance, endpoint compliance assumes the tenant is locked down properly.
30 minutes, your environment, no deck. Warren walks the training & monthly reviews surface with you and tells you what it would take to lock it down properly. No follow-up unless you ask.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director