Client work, real outcomes

Case studies

Seven Canadian businesses tell the same story in different words: the operating model was the problem, not the tools. These are the engagements where Fusion Computing rebuilt the foundation underneath ransomware response, multi-site expansion, AI rollout, and 6x headcount growth — without the IT spend being the thing that broke.

CISSP-led · Canadian-owned since 2012 · 93% first-contact resolution

Sort by outcome

Find the case study closest to your situation

Jump straight to a peer engagement by the trigger, the company size, or the outcome metric that matters most to you. Each filter scrolls you to a specific card below.

By industry

Construction
Automotive retail
Financial services
Marketing agency
Cannabis retail
Design studio
Industrial supply

By company size

35–50 users
35–50 users
35–50 users
Scaling 35 → 205
Multi-site mid-market
Multi-location retail
Mid-market agency

By outcome type

Ransomware recovery
Post-incident rebuild
Co-managed IT lift
Scale without bottleneck
Strategic IT overhaul
Multi-site rollout
AI deployment with guardrails

How to read this page

Pattern first, technology second

Most engagements start with one of three triggers. An incident — ransomware, a phishing breach, a service-delivery outage — that forces an honest look at what the operating model has been quietly hiding. A growth plan — new hires, new locations, an acquisition, a regulator’s deadline — that exposes the limits of how IT is currently delivered. Or a single internal IT person who has run out of capacity but should not be replaced, only supported. The triggers feel different from the inside. From a distance, they are variations of the same story: an operating model that has stopped fitting the business.

Seven client stories, seven different triggers

Every Fusion engagement starts with a different problem. The pattern underneath, once you look past the industry detail, is almost always the same: an operating model that has stopped fitting the business.

Ransomware recovery: back online by Monday morning

Industry: industrial supply
Size: 45 employees
Location: Mississauga
Outcome: incident response

The situation. A 45-employee industrial supplier in Mississauga was hit with ransomware on a Friday evening. Every server, file share, and workstation was showing a ransom demand by the time leadership understood the scope. A six-figure ransom and an indefinite shutdown were both on the table, and an earlier Fusion assessment had already flagged the backup posture as unreliable.

The work. Fusion isolated the affected hosts within minutes of the EDR alert, mapped the scope across endpoints and servers, and rebuilt from verified air-gapped recovery points through Saturday and Sunday. Credentials were rotated, devices reimaged, and the recovery plan stayed tight enough to keep Monday from turning into a customer-facing shutdown.

Monday 8am
Full production restored from Friday evening attack — zero data loss, zero ransom paid.

Read the full case study →

How a marketing agency turned a cyber crisis into a recovery success

Industry: marketing agency
Size: mid-market
Location: Ontario
Outcome: post-incident rebuild
24–48 hrs
Critical-system recovery window achieved post-rebuild — against weeks of exposure under the previous setup.

Read the full case study →

A strategic IT overhaul for a GTHA dealership

Industry: automotive retail
Size: multi-site
Location: GTHA
Outcome: strategic IT overhaul

The situation. A multi-location car dealership in the Greater Toronto and Hamilton Area was running on 8-year-old network hardware, separate logins for the DMS, CRM, parts, and accounting systems, an untested backup with no offsite copy, and a widening gap against the OEM’s annual cybersecurity requirements. Intermittent outages were starting to land on the sales floor and the service bays.

The work. Fusion ran a 6-month four-phase transformation: network refresh with VLAN segmentation (month 1), Entra ID SSO across every business system (months 2–3), immutable Azure backup with a tested restore cadence (months 3–4), and control-by-control alignment to the OEM cybersecurity baseline (months 5–6). The dealership then moved onto a structured managed IT agreement.

>70%
Reduction in critical incident rate within the first 90 days of the structured managed IT model.

Read the full case study →

Securing growth in the cannabis retail sector

Industry: cannabis retail
Size: multi-location startup
Location: Toronto + Ontario
Outcome: scalable rollout
Multi-site
Repeatable, compliant rollout template — new locations open without inconsistency, downtime, or security gaps.

Read the full case study →

AI for a 40-person firm: from hype to real results

Industry: financial planning
Size: 40 employees
Location: Toronto
Outcome: governed AI deployment

The situation. A 40-person Toronto financial planning firm wanted real AI productivity gains — without gambling with client portfolios, PIPEDA exposure, or a six-figure experiment. Staff were already pasting client data into free ChatGPT, three vendor pitches had led nowhere, and the partners needed a deployment they could defend to clients, auditors, and the CFO.

15–20 hrs/wk
Time saved across the firm on month-end reporting, client-meeting prep, and quarterly compliance review.

Read the full case study →

Freeing a construction firm’s IT lead to focus on growth

Industry: construction
Size: 45 employees
Location: GTA + multi-site
Outcome: co-managed lift

The situation. A 45-person GTA construction firm with two office locations and multiple active job sites had one capable IT generalist doing the work of three: a 47-ticket backlog, patch compliance sitting at 34 percent, default Windows Defender as the entire security layer, 2am alerts going to his personal phone, and a stalled project management platform that had been delayed 18 months. A phishing email forced the conversation.

34% → 97%
Patch compliance across endpoints and servers — ticket backlog dropped 60% in 60 days; stalled PM platform live in 90.

Read the full case study →

A Toronto design studio scaled from 35 to 205 users without IT becoming the bottleneck

Industry: creative / design studio
Size: 35 → 205 users
Location: Toronto
Outcome: scale-stage co-managed

The situation. A 35-person Toronto design firm had taken its fourth production-hour outage in two months, had signed work pushing it past 60 staff by year-end, and had one IT lead already at the bottleneck. The CEO said, “I don’t think we’re going to make it through this year if I don’t fix IT now.” The infrastructure had been built around 35 users and could not carry six times that load without a rebuild.

35 → 205 users
About 6x headcount in under 4 years — zero material security incidents across 3 years post-build, FCR 62% to 91%, onboarding 4–8 hours to 45 minutes.

Read the full case study →

“If you read these seven stories side by side, the technology is the least interesting part. The pattern is the same every time: a Canadian business hits the limit of an operating model that used to fit and no longer does. Sometimes a Friday-night ransomware demand makes it obvious. Sometimes it’s a hiring plan, a multi-site rollout, or a single IT person quietly burning out. Our job is to read the trigger correctly, get the foundation rebuilt — identity, backup, EDR, MFA, monitoring — and then design the support model the business is actually going to live inside. That sequence is what these case studies have in common.”

— Mike Pearlstein, CEO of Fusion Computing, CISSP. Leading Fusion’s managed IT and cybersecurity practice since 2012, serving Canadian businesses across Toronto, Hamilton, and Metro Vancouver.

The common thread

What our case studies have in common

Seven different industries, seven different triggers, seven different outcome metrics. Underneath all of them, the same six structural moves keep showing up — in roughly the same order. The pattern is the playbook.

01 · CISSP-led architecture

Every engagement is run under the same CISSP-led security leadership and the CIS Controls v8.1 baseline. The control catalogue does not change because the industry changes — the regulator mapping does, the controls do not.

02 · Identity is the foundation

SSO through Entra ID, MFA on every account that touches client data, named service accounts, and quarterly access review. Every other layer leaks if identity is skipped — so identity goes first, on every engagement.

03 · Backup that has been tested

Verified, recoverable, immutable, offsite. A backup nobody has restored is not a backup. Two of the seven engagements turned on this single point — backups existed, recovery had never been tested, and the assumption did not survive contact with reality.

04 · 24/7 monitoring and EDR

EDR on every endpoint, MDR monitoring against the CIS baseline, and a SOC that catches the events an in-house team is asleep for. In the ransomware case study, the gap between detection and containment was 3 minutes — that is what this layer buys.

05 · First-contact resolution discipline

93% first-contact resolution is not a marketing number — it is the operating model behind the help desk. The design studio engagement moved FCR from 62% to 91%; the construction engagement cut MTTR from 3–5 days to 4 hours. Same discipline, different starting point.

06 · Services restored within 72 hours

When the trigger is an incident, the target is critical-system recovery inside 24–72 hours with no ransom paid and no data loss. The Mississauga industrial supplier was back online before Monday morning from a Friday attack. That is the standard.

Underneath those six moves is the same sequence: stabilize, secure, then optimize. We do not lead with optimization because clients who lead with optimization end up rebuilding under pressure later. The case studies above are seven different starting points landing on the same operating model.

Industry coverage

Industries we serve

If your industry is regulated, multi-site, or running production hours that don’t leave room for downtime, there is probably an adjacent Fusion engagement that maps to yours. Start at the industry hub closest to your sector — each one inherits the same CISSP-led control catalogue described above.

Legal & professional services

PIPEDA confidentiality, LSO Technology Practice Management obligations, and audit-ready documentation.

Legal IT hub →

Financial services & wealth management

OSFI E-21, FSRA, and regulated client-data controls for advisory firms and brokerages.

Wealth management IT →

Healthcare clinics

PHIPA s. 12 and s. 13 obligations, IPC of Ontario reporting thresholds, and clinic deployment controls.

Healthcare IT hub →

Construction & field operations

Multi-site office and jobsite IT, Procore and Bluebeam admin, and co-managed depth for one-IT-person teams.

Industries we serve →

Retail & multi-location

POS isolation, PCI-aware segmentation, and the repeatable rollout template the cannabis case study above describes.

Full industries hub →

Creative & design studios

GPU-class workstations, large-asset network design, and infrastructure built to scale through 6x hiring without a rebuild.

All industries →

Don’t see your sector? Most engagements still match one of the seven patterns above. Talk to us and we’ll tell you which case study is closest to your situation.

Common questions about these engagements

Frequently asked questions

Why are these case studies anonymized?

Most of our clients are 10-to-150-employee Canadian businesses operating in regulated or competitive sectors, and naming a client publicly can expose them to copy-cat targeting, vendor poaching, or simply unwanted attention from competitors. We anonymize at the client’s request as standard practice. Where leadership has approved a named quote, the name appears in the case study. Where it has not, sector, headcount, and metro region are accurate, with identifying detail generalized for privacy. The scope, timeline, and outcome numbers are real.

Can Fusion share more references for a specific industry?
Do you have a case study in my industry?

Probably yes, and probably not the one you’d guess. We serve Canadian SMBs across legal, financial services, healthcare, construction, retail, creative, professional services, and industrial supply — and the engagement closest to yours is almost always identified by trigger and operating model rather than by NAICS code. A 40-person law firm planning a Copilot rollout has more in common with the financial planning case study above than with another law firm. Tell us the trigger and we’ll match you to the closest pattern.

How quickly can Fusion respond to an active incident?

Fusion runs a 1-hour SLA for critical incidents under managed contracts, and our EDR platform isolates affected hosts in minutes from first detection. In the Mississauga ransomware case study, the SOC isolated the affected endpoint within 3 minutes of the alert, contained the scope inside 12 minutes, and had Monday-morning operations fully restored from a Friday evening attack — zero data loss, zero ransom paid. If you are mid-incident now, do not wait. Reach Fusion immediately for incident-response triage.

What does an engagement like these typically cost?

Your turn

Need an outcome like one of these?

If your team is dealing with a recent incident, a stalled IT project, recurring outages, a support model that no longer fits the business, or a growth plan that IT can’t carry — we can tell you which of the seven case studies above looks most like your situation, and what the next move usually is. The first conversation is 30 minutes. No proposal pressure.

CISSP-led · Canadian-owned since 2012 · 93% first-contact resolution · 1-hour critical SLA

Related

Useful next reads

vCISO Services →

Virtual CISO — security strategy, board reporting, IR retainer, compliance roadmap.

Ransomware Recovery Playbook →

12-page PDF: the 5-phase playbook a CISSP-led MSP runs when ransomware lands.

Copilot Readiness Checklist →

8-page PDF: 30-question pre-Copilot audit mapped to PIPEDA + CIS Controls v8.1.

Cyber Insurance Cheat Sheet →

6-page PDF: insurer questionnaires mapped to CIS Controls v8.1.

Updated