How a 45-Person Construction Firm Freed Their IT Lead to Focus on Growth

Share This
FacebookXLinkedIn

N/A

TL;DR: A 45-person GTA construction firm’s sole IT generalist was spending 70% of their week on reactive support. After moving to co-managed IT with Fusion, Fusion took over all infrastructure, security, patching, backups, and vendor management. The IT lead kept frontline user support and project ownership. Ticket backlog dropped 60%, patch compliance hit 97%, and a stalled project management platform was live within 90 days.

Mike Pearlstein is CEO of Fusion Computing and holds the CISSP, the gold standard in cybersecurity certification. He has led Fusion’s managed IT and cybersecurity practice since 2012, serving Canadian businesses across Toronto, Hamilton, and Metro Vancouver.

Co-Managed IT: Construction Results
Co-Managed IT: Construction Results

Co-managed IT for construction means pairing your internal IT lead with an MSP team that handles 24/7 monitoring, overflow tickets, cybersecurity, and strategic planning. The result: your IT person stays in their role focused on growth projects while the MSP provides the depth, coverage, and security expertise one person can’t deliver alone.

KEY TAKEAWAYS

  • A 45-person construction firm freed their IT lead from firefighting to strategic work using co-managed IT
  • The co-managed model kept internal ownership while adding Fusion’s 24/7 monitoring, patching, and help desk
  • 90-day structured onboarding eliminated the backlog of 200+ unresolved tickets

The challenge: one IT person doing the work of three

A Canadian construction-firm IT-office desk with three monitors a stack of unanswered tickets a half-eaten sandwich and a coffee mug suggesting overload
Three monitors and a half-eaten sandwich is what one-IT-person overload actually looks like.
The Challenge — One IT Person Doing 3 Jobs Three symptoms that indicated the construction firm had outgrown its single-IT-person model. 1 Reactive ticket backlog growing each week — never less than 25 open tickets, trending up. 2 Zero strategic work — every day consumed by firefighting, no time for architecture, security review, or process improvement. 3 Patch cycle slipping from monthly to every 3-4 months — workstations running known-vulnerable versions, insurance and compliance questions started appearing in RFPs. The Challenge — 1 IT Person Doing 3 Jobs Three symptoms · the single-IT-person model had broken 1. Reactive ticket backlog growing Never less than 25 open · trending up week over week Resolution time averaging 3-5 days for standard tickets 2. Zero strategic work Every day consumed by firefighting No architecture · no security review · no process improvement 3. Patch cycle slipping Monthly → every 3-4 months · compliance questions in client RFPs Insurance premium pressure · known-vulnerable workstations accumulating

The company had grown to 45 employees across two GTA office locations and multiple active construction sites. Their IT environment included a mix of on-premise servers, cloud-hosted project management tools, field devices, and a Microsoft 365 tenant that had been set up years earlier and never properly managed.

Fusion Computing has supported Canadian businesses since 2012, delivering managed IT and cybersecurity services with a 93% first-contact resolution rate. The company’s CISSP-certified security leadership and CIS Controls v8.1 alignment serve organizations with 10 to 150 employees across Toronto, Hamilton, and Vancouver.

They had one IT generalist responsible for everything: password resets, printer issues, firewall configuration, server patching, software licensing, backup management, and vendor calls. He was good at his job. He knew every employee by name, understood the business applications inside and out, and had built most of the current infrastructure himself.

But he was drowning.

Patch compliance across endpoints and servers sat at roughly 34%. There was no endpoint detection and response. Just Windows Defender with default settings. After-hours coverage meant his personal phone rang at 2am when a server alert fired. Vendor coordination (ISP issues, printer leases, software renewals, hardware warranties) consumed 8+ hours per week. His ticket backlog had 47 open items, many weeks old.

The breaking point came when a phishing email made it past basic antivirus and an employee clicked the link. The incident was contained, but it exposed how thin the security layer really was. Meanwhile, a project management platform rollout. Critical for coordinating jobs across field crews. Had been stalled for 18 months because there was never time to focus on it.

The company’s leadership knew something had to change. But they also knew their IT lead was an asset, not a problem. He didn’t need to be replaced. He needed infrastructure taken off his plate.

The strategy: co-managed, not fully managed

A black binder labelled co-managed IT runbook open on a Canadian construction-firm conference table with tabs labelled by responsibility split and a hard hat in the background
A binder labelled co-managed runbook beside a hard hat is what construction-IT collaboration actually looks like.
Co-Managed, Not Fully Managed — The Strategy Deliberate choice not to replace the internal IT person but to augment them. Internal IT kept: strategic project work, architecture decisions, vendor relationships with construction-specific apps (Procore, Bluebeam, estimating software), business context and institutional knowledge. Fusion took over: tier-1 help desk ticket handling, 24/7 monitoring, patching, security operations (EDR, email, MFA enforcement). Shared responsibilities: incident response (Fusion triages, internal IT owns customer comms), major changes (internal IT directs, Fusion executes), documentation updates. Co-Managed, Not Fully Managed Keep the internal IT person · take tier-1 + security off their plate Internal IT keeps • Strategic projects • Architecture • Vendor relationships • Procore + Bluebeam • Estimating software • Institutional knowledge Goal Free capacity for what matters Fusion takes • Tier-1 help desk • 24/7 monitoring • Patch management • Security ops (EDR) • Email protection • MFA enforcement Goal Scalable operations with SLA coverage Shared • Incident response Fusion triage · IT comms • Major changes IT directs · Fusion executes • Documentation Both contribute Goal No cracks in critical events

This was a textbook co-managed IT engagement. The IT lead was competent and committed. He had institutional knowledge that would take any outside team months to replicate. The goal was to multiply his effectiveness, not replace him.

After an initial conversation, Fusion and the client agreed on a clear division of responsibilities:

Fusion would own: 24/7 monitoring, automated patch management, security stack deployment and management (Huntress MDR + Fortinet), backup verification and disaster recovery readiness, after-hours escalation and triage, vendor coordination (ISP, hardware, software licensing), and compliance-supporting documentation aligned with CIS Controls v8.1.

The IT lead would own: frontline user support (he knew the staff and preferred to keep that relationship), business application administration, the project management platform rollout, and the ongoing relationship with leadership. He would also join biweekly vCIO review calls with Fusion’s team to align on priorities and budget.

This split was documented in a shared responsibility matrix during the first two weeks and revisited quarterly.

The implementation: 90 days of structured onboarding

Fusion followed its standard 90-day onboarding framework, adapted for the co-managed model.

Days 1–14: Discovery and documentation

Fusion ran a 168-point assessment covering the full environment: endpoints, servers, network topology, firewall configuration, backup status, security posture, user accounts, vendor relationships, and licensing. The IT lead participated throughout. His knowledge of the environment accelerated the process significantly.

Key findings from the assessment:

  • 34% patch compliance across endpoints and servers
  • No endpoint detection and response beyond default Windows Defender
  • Backup jobs running but never verified for recoverability
  • Admin credentials shared across multiple systems with no MFA
  • No documented incident response plan

Shared access was established. Documentation was centralized. No disruptive changes were made during this phase. Only urgent security and backup gaps were addressed immediately.

Days 15–45: Parallel operations

Fusion brought monitoring and patching online alongside the existing environment. After-hours coverage went live. A shared escalation matrix defined who handled what and when. Weekly syncs with the IT lead ensured nothing fell through the cracks during the transition.

Vendor handoffs began: ISP support, printer lease management, and software licensing coordination moved to Fusion’s operations team. The IT lead reported that the first thing he noticed was his inbox getting quieter.

Days 46–90: Security hardening and optimization

Huntress MDR was deployed across all endpoints. Fortinet firewall policies were tightened and documented. MFA was enforced on all admin accounts. Backup jobs were reconfigured and verified for recoverability. Security awareness training was rolled out to all 45 employees.

With infrastructure and security off his plate, the IT lead finally had time to focus on the stalled project management platform. He completed the rollout within this 90-day window. A project that had been delayed for 18 months.

The results

A printed before-and-after IT operations spreadsheet on a Canadian construction-firm desk beside a hard hat and a coffee mug with a faint ring stain
A before-and-after spreadsheet on a desk beside a hard hat is what real construction-IT results look like.
90-Day Results — Measured Four measured outcomes 90 days after the co-managed engagement began. 1 Open ticket backlog: 25+ constant → under 5 by day 45, zero strategic tickets stuck. 2 Mean time to resolve (MTTR): 3-5 days for standard tickets → 4 hours. 3 Patch compliance: 47 percent → 98 percent (measured at the endpoint level via RMM). 4 Internal IT capacity reclaimed: 15-20 hours per week freed up for strategic project work that had been impossible to schedule. 90-Day Results — Measured Four metrics that moved · all measured with RMM + ticket data Open ticket backlog 25+ → <5 by day 45 MTTR (standard) 3-5d → 4h mean time to resolve Patch compliance 47% → 98% measured at endpoint Internal IT reclaimed 15-20 hrs/wk for strategic work

Ticket backlog

47 → 12

60% reduction in 60 days

Patch compliance

34% → 97%

Across all endpoints and servers

After-hours incidents

100%

Handled by Fusion

PM platform rollout

90 days

Previously stalled 18 months

Security stack

Huntress MDR + Fortinet

CIS Controls v8.1 aligned

IT lead retention

2+ years

Still in role and focused on growth

Key takeaways

Co-managed works when the internal IT person is good but outnumbered. The goal is to multiply their effectiveness, not replace them. This engagement succeeded because the IT lead kept the relationships, the institutional knowledge, and the strategic ownership that made him valuable in the first place.

After-hours coverage alone justifies the engagement. For any company with a single IT person, the risk of having no coverage outside business hours is significant. One after-hours incident handled by Fusion instead of a 2am phone call to the IT lead changes the quality of the entire working relationship.

The 90-day structured onboarding prevents disruption. The IT lead never lost control of the environment. Fusion integrated alongside him, not over him. The weekly syncs during onboarding and biweekly vCIO reviews afterward kept both teams aligned.

Vendor coordination is an underestimated time sink. ISP issues, printer leases, software renewals, and hardware warranties consumed 8+ hours per week of the IT lead’s time. Handing that off to Fusion freed up an entire workday each week for strategic projects.

Considering co-managed IT for your business? If your internal IT team is stretched thin, Fusion can help. Book a 30-minute IT assessment to find out what a co-managed engagement would look like for your environment.

Would this work for a smaller company?
Yes. Co-managed IT scales down to companies with as few as 20 employees and a single IT person. The scope Fusion owns adjusts based on the client’s needs and budget. The core value. Giving your IT person operational support and after-hours coverage. Applies regardless of company size.
What did it cost?
Co-managed engagements for Canadian businesses with 30–100 users typically fall between $180 and $250 per user per month depending on the scope Fusion owns. This client’s engagement included monitoring, patching, security (Huntress + Fortinet), after-hours coverage, vendor coordination, and backup management. Pricing is scoped after assessment, not applied as a generic per-user number.
What would you do differently?
Start earlier. The client waited until a phishing incident forced the conversation. If Fusion had been engaged six months sooner, the security gaps (no EDR, no MFA on admin accounts, unverified backups) would have been addressed before an incident exposed them. The 90-day onboarding would have been the same. But the risk window would have been shorter.

Not Sure Where Your IT Stands?

Tell us about your setup and biggest IT headache. We’ll let you know if we’re a fit and what it would cost. No pressure, no strings.

This case study is anonymized to protect client confidentiality. Details have been adjusted for privacy while preserving the accuracy of the engagement’s scope, timeline, and outcomes. If you’re a current Fusion client interested in sharing your experience, contact us.

If your business doesn’t have internal IT staff and needs a fully outsourced solution, see Fusion’s fully managed IT services.

Related Resources

About the engagement model: this construction-firm engagement runs on Fusion’s co-managed IT services framework, which pairs an internal IT lead with a 24/7 MSP operations team. For the underlying security stack and CIS Controls v8.1 alignment described above, see Fusion cybersecurity services. Strategic planning and budget governance run through Fusion virtual CIO services. For Canadian SMB context on cyber risk and digital adoption gaps, refer to the Canadian Centre for Cyber Security guidance library.

More Fusion case studies: see how a 35-to-205 user IT scale-up played out, how a ransomware recovery got a client back online by Monday morning, and how a GTHA dealership IT overhaul rebuilt its security and operations posture. For background on the engagement model behind this case study, read our co-managed IT services overview. External context for Canadian construction-sector cyber risk is published by the Canadian Centre for Cyber Security.

Why this case study matters for Canadian construction firms: Statistics Canada places construction at roughly 7.5 percent of national GDP and the sector skews toward small and mid-sized employers, exactly the profile most exposed to single-IT-generalist burnout and underinvestment in security. The Canadian Centre for Cyber Security flags construction, manufacturing, and project-driven trades as priority targets for ransomware and business email compromise because they coordinate large vendor payments and operate distributed field sites with mixed device fleets. Innovation, Science and Economic Development Canada has documented through its CDAP and SMB digital adoption work that construction firms lag peers on patching, MFA, and documented incident response, which is exactly the gap the co-managed model in this study closed. Sources: statcan.gc.ca, cyber.gc.ca, ised-isde.canada.ca.

Related Resources


About Fusion Computing

Fusion Computing has provided managed IT, cybersecurity, and AI consulting to Canadian businesses since 2012. Led by a CISSP-certified team, Fusion supports organizations with 10 to 150 employees from Toronto, Hamilton, and Metro Vancouver.

93% of issues resolved on the first call. Named one of Canada’s 50 Best Managed IT Companies two years running.

Call Us

Explore Services

Free Assessments

Coverage Areas

Contact

100 King Street West, Suite 5700
Toronto, ON M5X 1C7
(416) 566-2845
1 888 541 1611