How a Mid-Size Energy Infrastructure Company Achieved 95%+ Security Score and Peace of Mind
When Chris joined the IT leadership team in 2019, the modern risks facing an energy company had changed and his organization needed to change as well.
"We didn't have a SOC," Chris recalls. "We were very on-premises, legacy. We were late bloomers to get into the SOC game."
They faced several interconnected challenges:
With a lean IT team of just over a dozen people supporting 600+ users across 35 locations, having a focused internal security team wasn’t feasible. "We were using some in-house tool sets within those platforms, but didn't really have constant eyes on glass to fully monitor external threats," Chris explains.
The team relied on basic defense mechanisms embedded in their firewalls and email filtration, but lacked any automated or human element to actively monitor and respond to threats.
"We did feel like we were running blind," Chris admits. "Not having the time and the resources that you want to review everything certainly provides a lot of discomfort and sleepless nights."
The team would receive some intelligence from their systems, but reviewing and remediating was a challenge.
The new leadership team wasn't just trying to maintain the status quo—they were remaking the entire infrastructure from the ground up. This included:
"A lot of these things can't happen overnight," Chris explains. "I was thinking it would take maybe two or three years, but it ended up taking more like four or five to get to where we are today, due to the level of modernization the business needed."
The stakes continue to be high given the industry. "Being in the energy sector, last I checked, we're still number two as far as targets for cybersecurity attacks after healthcare," Chris notes. The Colonial Pipeline incident in 2021 served as a stark reminder of the risks facing energy infrastructure companies.
In late 2021, as part of their broader infrastructure modernization initiative, the organization decided to address the security gap head-on by partnering with Recon InfoSec for 24/7 Managed Security Operations.
Chris describes the transformation as moving from point defenses to actual security operations: "It's great to have an awesome SD-WAN environment physically, and multiple geographically diverse data centers, but if you don't have the people driving that, watching that, maintaining that… you're not going to see the majority of your threat landscape."
The decision to partner with Recon wasn't just about adding another tool—it was about fundamentally changing their security posture. "It takes an active partnership where you've got not just best-in-breed hardware and a very strong defensive posture, but also the human element; the eyes on glass, the responsiveness, the communications, the alerts."
The partnership with Recon fit naturally into the broader infrastructure transformation. "We were building a new infrastructure from the ground up, and wanted to make sure we had security fundamentally managed from the get-go," Chris explains.
Rather than trying to retrofit security onto legacy systems, the team was able to build a modern, secure environment from Layer 1 up, with Recon's Managed Security Operations providing the continuous oversight and expertise they couldn't staff internally.
For Chris, the value of the partnership goes beyond technical capabilities. "We've got a fairly small group. We're able to leverage MSPs like Recon to be extensions of the IT team and give us that deep well of resources for areas we don’t have in-house silos for."
The organization's business leadership understood and supported this approach, recognizing that strategic partnerships could multiply the effectiveness of their lean IT team.
As part of their Managed Security Operations, the organization also gained access to the ReconAI Investigator, which quickly became essential to their daily workflow. "It's really become our first go-to," Chris explains. "If we're curious about something or anything questionable in the environment, we'll dig into the ReconAI Investigator first and see what kind of data we can find there."
The team now uses ReconAI daily for running queries and checking logs. What impresses Chris most is the combination of speed and intelligence: "It's a really robust data set and able to glean solid intel quickly. It's a very fast responder."
The ReconAI Investigator provides on-demand security expertise. "It really helps us feel as if we've got that security engineer at the next desk over that we can prompt, and that resource is always there, providing good, relevant, and valuable info. That's been a really good tool in our toolbox that we're using more and more every week."
Importantly, the AI capability doesn't replace human expertise—it augments it. "I like that button at the top where my team and I can always reach out and actually connect with a real person too," Chris points out. ReconAI extends the team's investigative capabilities while maintaining access to Recon's security analysts 24/7.
The partnership with Recon enabled the organization to achieve security outcomes that would have been challenging to produce with internal resources alone.
The organization's security posture improved dramatically across multiple dimensions.
"Today, our Microsoft security score is 95% plus. I like to always see it at that rate or above, and we are able to consistently maintain that," Chris reports proudly. "Implementing the right tools and teams to remove barriers and enable us to have a lower-risk security profile has been the greatest success of all. The business certainly operates in greater confidence as a result."
Managed Security Operations also directly enabled the organization to obtain and maintain cyber insurance coverage. "I think we would be very difficult to insure affordably if we didn't have some of the partnerships in place that we do," Chris notes.
Perhaps the most significant benefit has been giving the IT team time back to focus on strategic improvements rather than drowning in security alerts.
"Just knowing that a lot of the alerts we see coming in are handled, they're already being looked at, and we'll get an acknowledgment afterwards or have an alarm raised if it's really something that we need to work on as a team, is really valuable," Chris explains. "That really has allowed us to be able to focus on other projects."
Without Recon's filtering and expertise, Chris believes the team would be overwhelmed. "If we just had a full-on fire hose of alerts going without the systems in place that a team of experts like a SOC offers, we would be covered up in that all day, every day, and most nights."
"The pace of all the other projects we've completed since would not have come to fruition as quickly if we didn't have that burden lifted off of us and optimized by Recon," Chris reflects.
For an IT team of just over a dozen people supporting 600+ users across 35 locations in three time zones, Recon's Managed Security Operations serves as what Chris calls "a force multiplier for our group."
"It allows our IT team to operate with more strength than it appears by headcount," Chris explains. "Certainly from a security standpoint, Recon has become a crucial player amongst our partners. They help keep our front line protected and allow us to better operate and do what we do every day for the American energy sector."
The value of the partnership extends up to the executive level. "From our director's standpoint, it's some of the best money that we spend out of our operational budget, anything security and defense related," Chris shares. "It's peace of mind that, for a team as small as us which operates in the realm that we do, makes our mission sustainable day-to-day."
Three years into the partnership, the organization continues to strengthen its security posture while supporting an ambitious IT modernization agenda. The team maintains high security scores, operates with confidence despite being in a highly targeted industry, and has the bandwidth to focus on strategic initiatives rather than firefighting.
"We're very thankful for the partnership," Chris reflects. "Recon's been exactly what we needed as a security-focused extension of our IT team."