Executive Summary

One view of IT health β€” security, infrastructure, and service delivery Β· 8,014 managed assets
Portfolio demo Β· simulated data
92/100
IT Health Score
β–² +4 vs last period
96.2%
SLA Attainment
β–² +1.8 pts
4.6/5
CSAT (30-day)
β–² +0.2
14
Critical Vulnerabilities
β–Ό -9 this month
98.6%
EDR Coverage
β€” stable
$128k
Monthly Cloud Spend
β–Ό -6.4% (optimized)

Risk & Service Trend open critical+high vulns vs SLA attainment

IT Health Composition

92
Composite
Security posture Β· 90
Infrastructure Β· 94
Service delivery Β· 93
Asset hygiene Β· 89
Weighted composite of 22 signals

AI Executive Assessmentgenerated from live telemetry

Attention Required auto-prioritized

ItemDomainOwnerAgePriority
CVE-2026-30187 β€” Ivanti EPMM RCE on 3 mobile-mgmt serversVulnerabilityInfra2dCritical
Ransomware behavior blocked β€” LAPTOP-4821, contained by EDREDRSecurity6hCritical
SLA breach risk β€” 7 P2 tickets >80% of resolution windowITSMService Desk1dHigh
Orphaned Azure resources β€” 41 unattached disks ($3.1k/mo)CloudInfra5dMedium
SAN latency degradation β€” AUS storage array, NOC ack’d (PagerDuty)MonitoringNOC18mHigh
388 endpoints exit hardware warranty within 90 daysAssetsIT Opsβ€”Medium

Ask the Command Centernatural-language queries across every connected system

β€Ί

EDR & Endpoint Protection

SentinelOne telemetry Β· agents, detections, containment
Connector: SentinelOne API
7,902
Agents Deployed
98.6% of fleet
3
Active Threats (contained)
β–Ό from 11
1,284
Threats Blocked Β· 30d
auto-remediated 94%
112
Agents Outdated
rollout in progress

Detections by Day malware Β· PUA Β· behavioral Β· ransomware

Agent Coverage by Platform

Recent High-Severity Detections

EndpointDetectionClassificationActionStatus
LAPTOP-4821Behavioral: mass file encryption attemptRansomwareKill + quarantine + isolateContained
WKS-AUS-0233Cobalt Strike beacon signatureC2Kill + network isolateContained
MAC-VAN-1107Unsigned kernel extension loadSuspiciousBlockedResolved
SRV-DC-04Credential dumping attempt (LSASS)CredTheftKill + alert SOCInvestigating

Vulnerability Management

Tenable β†’ ServiceNow VR pipeline Β· NIST CSF / CIS aligned Β· AI-assisted prioritization
Tenable.io
ServiceNow VR
14
Critical Open
β–Ό -9 MoM
97
High Open
β–Ό -31 MoM
11.4d
Mean Time to Remediate (crit)
β–Ό 3.2 days faster
-27%
Backlog vs Q1
automation-driven

Backlog Burn-Down open vulns by severity Β· 6 months

Open by Severity

Top Open Vulnerabilities click a row β†’ AI assessment

CVEAffectedCVSSExposureSeverity
CVE-2026-30187Ivanti EPMM Β· 3 servers9.8
Critical
CVE-2026-21412Windows SmartScreen Β· 214 endpoints8.1
High
CVE-2025-52799Chrome (V8) Β· 1,893 endpoints8.8
High
CVE-2026-0281OpenSSL 3.2 Β· 47 servers7.4
Medium
CVE-2025-48991Adobe Acrobat Β· 622 endpoints7.8
Medium

AI Vulnerability Assessmentcontextual risk Β· blast radius Β· action

Cloud Assets

Azure + AWS Β· inventory, spend, and hygiene in one place
Azure Resource Graph
AWS Config
AZ
Microsoft Azure
1,842 resources Β· 3 subscriptions Β· 2 regions
$74.2kmonthly spend
AWS
Amazon Web Services
1,204 resources Β· 4 accounts Β· 3 regions
$53.8kmonthly spend

Spend Trend & Optimization 6 months Β· combined

Cloud Hygiene Flags

FindingCountEst. WastePriority
Unattached managed disks (Azure)41$3.1k/moMedium
Idle EC2 instances <3% CPU 30d17$4.8k/moMedium
Public S3 buckets (non-static-site)2β€”Critical
Untagged resources (no owner/cost-center)203β€”Low
Snapshots >180 days96$1.2k/moLow

Asset Inventory

Lansweeper discovery Β· lifecycle, warranty, and hygiene across 8,014 assets
Lansweeper API
8,014
Total Managed Assets
endpoints + servers + mobile
96.8%
Inventory Accuracy (CMDB)
β–² reconciliation automated
388
Warranty Expiring ≀90d
refresh plan drafted
214
OS End-of-Support
β–Ό migration wave 3 of 4

Fleet Composition by type & OS

Hardware Age Distribution

Lifecycle Watchlist

SegmentCountStatePlan
MacBook Pro 2021 fleet1,240Entering year 5 FY27Phased refresh Β· budget submitted
Windows 10 holdouts214EOLWin11 wave 3 in progress
Conference room systems86Mixed vendorsStandardization RFP
Lab / build servers312On-premCloud-migration assessment

Monitoring & NOC

Checkmk infrastructure monitoring Β· PagerDuty incident response & on-call
Checkmk
PagerDuty
1,214
Hosts Monitored Β· 18.4k checks
Checkmk distributed
99.96%
Infra Availability (30d)
β–² target 99.9%
6
Active Alerts Β· 2 critical
both acknowledged
4m 12s
MTTA Β· PagerDuty
β–Ό 38s faster
38m
MTTR Β· P1/P2 (30d)
β–Ό from 51m

Incident Flow β€” PagerDuty weekly Β· triggered vs resolved Β· by urgency

Host States β€” Checkmk

Current Service Problems Checkmk Β· live board

HostServiceStateDurationHandled
SAN-AUS-01Datastore latency > 25msCRIT18mAck β€” NOC investigating
FW-VAN-02HA sync degradedCRIT42mAck β€” vendor case open
SRV-BLD-07CPU load 15-min > 90%WARN2h 10mBuild queue β€” expected
UPS-LV-01Battery runtime < 12 minWARN6hReplacement scheduled
ESX-AUS-11Host unreachable (ping)UNREACH9mAck β€” remote hands dispatched

NOC On-Call β€” PagerDuty follow-the-sun rotation

TierOn call nowRegionUntil
PrimaryNOC β€” R. AlvarezAUS08:00 CT
SecondaryNOC β€” D. ChoVAN08:00 CT
EscalationInfra Lead β€” M. OkaforAUSMon
ExecutiveDirector, IT β€” T. Abbassiβ€”standing
Escalation policy:  5m β†’ secondary Β· 15m β†’ lead Incidents this month:  31 Β·  0 SLA breaches

ITSM & Service Delivery

ServiceNow Β· ~2,000 tickets/month Β· SLA, aging, and experience
ServiceNow ITSM
241
Open Tickets
β–Ό -12% WoW
96.2%
SLA Attainment (30d)
β–² +1.8 pts
3.4h
Median First Response
target 4h
4.6/5
CSAT Β· 1,182 surveys
β–² +0.2
31%
Auto-Resolved / Deflected
β–² AI + self-service

Ticket Volume & Deflection weekly Β· created vs auto-resolved

Open Ticket Aging

SLA Watch β€” At-Risk Tickets >80% of resolution window consumed

TicketSummaryPriorityOpenSLA Used
INC0048112VPN auth failures β€” Vancouver officeP21d 21h
INC0048096Shared drive permissions β€” FinanceP21d 14h
REQ0031877Contractor onboarding β€” badge + accountsP33d 2h
INC0048071Conference AV failure β€” HQ boardroomP32d 6h

CSAT Trend & Drivers

Top praise:  speed of resolution Top friction:  hardware turnaround

First 90 Days

How I'd approach the function β€” listen, stabilize, then build
Illustrative plan Β· concept

Phased Plan

Days
1–30

Listen & assess

Understand the environment before changing it. Earn the team's trust first.
  • β–Έ1:1s with every member of the IT team β€” what works, what's broken, what they'd fix first.
  • β–ΈMeet the business stakeholders β€” Security, People, Finance, Legal, Engineering β€” and ask how IT is failing them.
  • β–ΈBaseline the numbers: ticket volume, SLA attainment, CSAT, open vulnerabilities, asset accuracy, spend.
  • β–ΈInventory the stack and the contracts β€” what we own, what we pay for, what overlaps.
  • β–ΈDeliver a written current-state assessment to the President with a recommended 90-day plan.
Days
31–60

Stabilize & make it visible

Fix what's on fire, then put IT on a measured footing so leadership can see it.
  • β–ΈClose the critical security gaps found in week one β€” patch, MFA coverage, offboarding hygiene.
  • β–ΈStand up SLAs and a reporting cadence β€” this dashboard, reviewed monthly with leadership.
  • β–ΈFix the top 3 employee pain points identified in the listening tour (usually onboarding, hardware, access).
  • β–ΈEstablish change management β€” a lightweight CAB so we stop breaking things accidentally.
  • β–ΈStart the SaaS/vendor rationalization pass β€” find the overlap and the shelfware.
Days
61–90

Build & automate

Scale the function through systems, not headcount. Make IT quiet.
  • β–ΈShip automated onboarding/offboarding β€” HRIS β†’ identity β†’ access β†’ device, hands-off.
  • β–ΈLaunch AI-assisted support β€” deflect the repetitive tickets so the team works on higher-value problems.
  • β–ΈPublish the 12-month roadmap and budget β€” with the government-contract security requirements sequenced in.
  • β–ΈDefine the team's growth plan β€” who's ready for more, where we need to hire.
  • β–ΈReport against the day-1 baseline. Show the delta.

Success Metrics baseline β†’ 90-day target

SLA attainmentbaseline→95%+
CSATbaseline→4.5+
Critical vulnerabilitiesbaseline→zero >30d
Onboarding time-to-productivemanual→day one
Ticket deflectionβ€”β†’measured & rising
Tool spendbaseline→rationalized

Operating Principles

Make technology quiet. When IT is done right, nobody thinks about it β€” people open their laptop and do their best work. Automate before you hire. Headcount should go to hard problems, not repetitive ones. Measure everything, report honestly. Leadership can't support what it can't see β€” including the bad news. IT is a partner, not a gate. Security and speed aren't opposites if the controls are designed well. Build the team, not just the systems. The function outlives any one project.