Cybersecurity Maturity Model Certification (1)

What is CMMC and How Much Will It Cost My Company?

If your company does business with the US Department of Defense (DoD), you will soon need to pass an independent assessment against Cybersecurity Maturity Model Certification (CMMC) requirements to bid on contracts.  This mandate impacts all suppliers at all tiers across the Defense Industrial Base (DIB), from prime contractors to SMB subcontractors, as well as commercial item contractors and foreign suppliers.

First released in January 2020, the CMMC is the DoD’s response to significant and ongoing exfiltration of sensitive defense information from suppliers’ systems. CMMC compliance will gradually be incorporated into Defense Federal Acquisition Regulation Supplement (DFARS) as a requirement for contract award, replacing the current NIST SP 800-171 cybersecurity guidance.

The CMMC’s purpose is to verify appropriate cybersecurity controls to ensure basic “cyber hygiene” for all DIB suppliers, and to protect Controlled Unclassified Information (CUI) on the systems of suppliers authorized to handle CUI. By defining five compliance levels to better match a supplier’s actual risk profile and the data it handles, the CMMC also “right-sizes” SMB cybersecurity requirements.

Why is CMMC important for Primes and Subcontractors?

The CMMC is vitally important to all DoD contractors for two major reasons:

  1. Your company will not be able to participate in DoD contracts that mandate CMMC compliance unless it is certified to the CMMC level specified in the DFARS associated with the contract. While the CMMC rollout will be gradual, starting in early 2021, many DoD suppliers will want to be “provably compliant”—if not formally certified—as soon as possible. Proactive CMMC compliance will confer significant competitive advantage as prime contractors will be looking very closely at partners’ security postures as they assemble capture teams.
  2. The DoD considers that a state of cyber warfare exists between the US and nation state adversaries. By compromising key systems and exfiltrating sensitive intellectual property, CUI, and other data, adversaries have significantly reduced US military-technical superiority on the battlefield. Thus, the extent to which the DIB can protect sensitive data directly impacts US national security and its warfighting capability.

CMMC framework overview

The DoD’s current cybersecurity regime, which allows suppliers to self-attest to compliance with the NIST SP 800-171 standard, has proven ineffective. This is why the CMMC requires DoD prime contractors and their subcontractors to undergo third-party assessments to verify compliance.  

The five CMMC levels go from Level 1 (Basic Cyber Hygiene—the minimum requirement for any firm participating in DoD contracts) up to Level 5 (Advanced, designed to protect high-value data from advanced persistent threats (APTs)). CMMC Level 3, “Good Cyber Hygiene,” parallels NIST 800-171 compliance but includes about 20 additional controls. 

Each of the five CMMC levels also defines a set of processes and practices that relate to all the CMMC domains (equivalent to “control families” in NIST 800-171) at that level. To successfully pass an assessment for certification at a given level, a supplier must show that it has operationalized the processes up to and including that level, and has also put into place the corresponding practices.

How Much Will CMMC Certification Cost?

CMMC assessment costs will vary with a range of factors, including:

  • The CMMC level specified in the contract(s) you want to pursue
  • The maturity of your current IT and cybersecurity infrastructure in relation to your desired CMMC level
  • The size and complexity of your organization (number of locations, etc.)
  • The volume and scope of the CUI you handle (how many people handle CUI, how much CUI you exchange with other DIB companies or government agencies, how many databases store CUI, etc.)
  • Any consulting costs and other hiring/outsourcing costs associated with preparing for the CMMC assessment
  • Expenses to meet specific CMMC requirements; e.g., the costs to make your email and file sharing systems CMMC compliant or move to “government cloud” versions
  • The cost of engaging a Certified Assessor, which will be driven largely by market forces

Of course, what the DoD considers “allowable expenses”—which could include the audit costs plus many of the above preparatory costs—will be a big factor in final costs. Allowable costs are expenses specified in a contract as being billable back to the DoD. Further, the Office of the Under Secretary of Defense for Acquisition & Sustainment has stated that “The cost of certification will be considered an allowable, reimbursable cost and will not be prohibitive.” This should include assessment and preparation services, remediation efforts, etc.

Based on well-informed estimates, a “typical 250-person engineering/manufacturing firm” that has “a reasonably mature, NIST SP 800-171 compliant” environment today and is pursuing CMMC Level 3 certification can expect to pay $15,000 to $35,000 in consulting costs for a CMMC gap/readiness assessment, plus up to $10,000 for gap remediation support. 

Hard costs to meet requirements can vary widely. For example, the cost to migrate from the commercial version of Office 365 to an Office 365 for Government plan could be $50,000 or more in consulting costs alone, while the cost to add end-to-end encryption to an existing O365 environment could be much less.

As noted above, market forces will effectively set audit costs. However, the DoD has asserted that it wants CMMC certification to be affordable to SMBs. An educated estimate on audit costs for a company similar to the above would be in the $20,000-$30,000 range.

Companies that have less mature environments and are further from NIST SP 800-171 compliance today will need to spend more on consulting and on investments to prepare for certification (e.g., multifactor authentication, mobile device management, log monitoring, security awareness training, etc.) Cost could vary widely, from $20,000 up to $60,000 or even $100,000. 

What Is Angler Phishing?

Many businesses and organizations emphasize the importance of cybersecurity because it can affect their brand, reputation, and credibility. That’s one of the reasons that phishing is such a major concern. 

As a refresher, phishing refers to a fraudulent attempt to collect sensitive data and personal information. These shady social media scammers often then use your financial information to make purchases or attempt to steal your money or identity.

The objective of phishing is simple: obtain passwords, financial information, 

or other personal information that could potentially be valuable to social media scammers. There are different phishing types, and one of the most popular forms of phishing is angler phishing. Angler phishing refers to the practice of pretending to be a customer service account to lure victims into handing over personal information. 

How Does It Work? 

Many businesses have disgruntled customers and often take to social media to complain about a product or service. Angler phishing involves reaching out to these customers and pretending to be involved with the company that they might be complaining about. If they are experienced in phishing, there will be a significant amount of effort to make their responses seem official. These social media scammers may even utilize the company’s graphics to convince customers.

 Social media scammers will often even have “alerts” to find out when customers are complaining about a specific company. These social media scammers use angler phishing to appear genuine and eager to help, but they are often just after your financial information. They will offer you a link, often to “chat with an agent’, but the link won’t be an official one.

Avoiding Social Media Scammers

Top Tips:

  • Make sure to verify any unknown users who contact you through social media.
  • Ask for the representative to send you an email from their business address.
  • Never send sensitive information through social media.

 You might be wondering how to avoid those involved in angler phishing, and there are a couple of things to consider. First, find out whether you are speaking to someone officially involved with a company. These accounts often will be “verified” in some way, depending on the social media platform that you use. Angler phishing is often most used when the social media scammers feel like the official customer service accounts are less active.

How does angler phishing remain effective? They are banking on the fact that you won’t take the time to verify that they are official representatives from a company, business, or organization. One way to avoid angler phishing is to contact the company directly through their website rather than dealing with a cybercriminal interested in phishing for information. 

About VelocIT

VelocIT’s unique managed service delivery model builds trust. Our goal is to help you grow your business through IT Leadership. From infrastructure to end-user support, VelocIT partners with you to meet the unique technology needs specific to your business. Our integrated approach to Information Technology Support consistently reduces operational costs while increasing end-user satisfaction for our partners.

Need to learn more?  Just contact us at info@v-msp.com

NOC vs. SOC: Everything You Need to Know

Network Operations Center (NOC) and Security Operations Center (SOC) services – companies and organizations need both to protect themselves against potential cybersecurity threats while keeping IT infrastructure fully operational.

The SOC and NOC help identify, analyze, prioritize, and resolve issues that may affect the availability and integrity of the information that organizations have. However, their roles are subtly but fundamentally different.

In this article, you’ll learn about the SOC and NOC, and how they complement each other’s functions.

What is NOC?

The NOC’s main job is to establish and maintain the health of an organization’s IT infrastructure, including servers, databases, websites, and virtual machines, and keep the networks up and running at peak efficiency. When there’s an application outage, for example, the NOC’s responsible for troubleshooting the problem to restore normal operations.

The NOC achieves this by keeping track of incidents that affect availability and performance. These incidents may arise as an organization manages, monitors, and controls the networks within their infrastructure to meet service-level agreements (SLAs).

Typically, organizations usually have a dedicated room set up to allow them to monitor and manage problems that may compromise the integrity of their IT infrastructure and lead to company downtime. Unplanned downtime can lead to loss of business but also hurt the reputation of the company.

An NOC is only as good as the personnel that run it. Staff trained in network, application, and systems engineering are required to run a successful NOC.

What is SOC?

Like people, many businesses constantly face the threat of cyber-attacks, such as ransomware, phishing, and spyware. Concerns over data loss and operational interference by criminal elements are legitimate and must be addressed before it’s too late.

Whereas the NOC focuses on performance and availability issues, the SOC concerns itself with incidents and alerts that may lead to loss of information assets and sensitive customer data. It achieves this by monitoring and managing the security health of an organization’s IT infrastructure, including firewalls, access controls, anti-virus, identity management, anti-virus, and more.

Besides monitoring security incidents and responding to them, SOC staff are also responsible for developing and enforcing security policies. These policies help to keep tabs on current and emerging security threats. It’s important to note that each organization is different, so there’s no such thing as the best SOC for all organizations. SOC must be tailored to suit the specific security issues that every organization faces.

NOC vs. SOC: Which is Superior?

Whereas the functions of the NOC and SOC are different, each plays an equally important part in protecting an organization against the possibility of cyber-attacks while keeping IT infrastructure sound and available for use.

Depending on your organization’s security needs, you can either merge these functions or execute them separately. Before choosing one approach over the other, make sure you review the pros and cons of each to determine the best choice for your situation. If you’re unsure about the best way to handle your NOC-SOC functions, talking to an expert in the field can help.

Looking to strengthen up your company’s online security?  Reach out to us today!

Disaster Recovery vs. Business Continuity

Disasters, whether operational or natural, can have serious ramifications for small businesses. Out of every ten small businesses that suffer a disaster, four to six of that figure never recover from the disaster, according to a report prepared by the Federal Emergency Management Agency (FEMA). These numbers underscore why every small business owner must have disaster recovery and business continuity plans in place.

The terms disaster recovery and business continuity are sometimes used interchangeably yet they’re entirely different strategies.

Read along to discover the differences between these two fundamentally different concepts and understand why both are essential for a business’s continued existence.

Business continuity

Many adverse events can disrupt normal business operations. A business continuity plan is a plan of action that a company must follow to survive such events. Before digging deeper into what the plan covers, it’s important to understand the concept of business continuity.

Disasters, such as fire, hurricanes, floods, terrorist attacks, or cyber-attacks are potential threats to normal business operations. When they strike, it’s important for businesses to intervene and quickly resume operations to avoid the risk of shutting down completely. Otherwise, they’ll risk losing customers, business partners, and key members of staff. Business continuity helps cushion against all these undesirable outcomes.

A business continuity plan identifies the critical assets and infrastructure of a business and lays out the strategies that will need to be deployed to protect those assets against damage or loss. Some of the most important items that may be covered include IT components like servers, databases, websites, phones, virtual machines.  It is important to note that non-IT components like human resources, physical assets and documents should be considered in a business continuity plan.

Any entrepreneur with a growth-mindset should have a business continuity plan in place.

Disaster recovery

There’s a general misconception among small business owners that disaster recovery and business continuity mean the same thing. While both help minimize downtime after a disruptive event, they have different purposes.

Disaster recovery mainly focuses on restoring critical information technology infrastructure and business support systems following a crisis. It’s a subcategory of business continuity planning. A disaster recovery plan is primarily concerned with maintaining the security health of a business’ hardware devices, such as desktops, laptops, and wireless devices, as well as software, data, and connectivity.  As with business continuity, every department should have a disaster recovery plan, not just IT.  

The disaster recovery team’s job is to restore operations within the shortest time possible to minimize business downtime. Priorities for recovery of technical operations should match the priorities for recovery of daily business processes and functions.

Disaster recovery and business continuity: Both are essential for business survival

Contrary to the common belief among small business owners that disaster recovery and business continuity are not interchangeable, they’re two different strategies that can be used to help businesses continue operating as a going concern. While disaster recovery is only a subset of business continuity, a business continuity plan is incomplete without it. That said, disasters are a harsh reality of today’s digital business landscape and entrepreneurs must be prepared to survive them when they happen.

Entrepreneurs can always consult industry experts if they need help with creating effective disaster recovery and business continuity plans for their businesses.

 

 

What is Phishing, and How Does it Affect Your Business?

Phishing has been a growing concern for companies over the years. VelocIT partnered with Webroot to host a Security Awareness Training this spring.

In the digital age, there’s a contingent of individuals that understand the nature of phishing. However, most people know the term is associated with email scams, but they don’t understand the nuts and bolts.

This blog will discuss the various nuances of phishing, the typical attributes of such a scam, and how it can hurt businesses.

Delving into Phishing

Phishing emails attempt to acquire sensitive information from recipients and are sent under the guise of being from an above-board organization.

Generally, these messages involve a phony link to the fake company’s “official website,” where the victim would fill in this information. Websites are usually convincing shams, acting as a direct funnel for the info as it travels right to these scammers.

The idea behind phishing is that these scam-artists are drawing in victims with a fake lure, akin to fishing. From there, if the bait is strong enough, the user bites and offers up things such as:

  • Credit card numbers
  • Account numbers
  • Passwords
  • Usernames
  • And more

Here’s what’s necessary to understand about phishing:

Even though most people think they’re too intelligent to fall for a phishing scam, “smarts” don’t have much to do with it. It can happen to anyone.

Who Falls for Phishing Scams?

Interestingly, 86% of Americans (for the most part, mistakenly) believe they know the difference between phishing and non-phishing messages.

Yet 62% of those US citizens have had their info breached and compromised.

Scammers know what they’re doing, preying on human emotions and their sense of urgency. These cybercriminals have a firm grasp of the subtle details needed to disguise emails and know their demographics better than any marketer.

The above fact is why these criminals can target their messaging. It’s a technique known as spear phishing, which establishes trust and familiarity, to fool victims.  

Have you ever been in a hurry and pen a message from your boss without even checking the subject?  The point is you can be tech-savvy and still fall for these ploys, they are created to resemble typical messages from your usual network. 

Phishers tap into the fact that 65% of Americans prioritize emails from their boss. Also, they know that 54% of US citizens look at emails from family or friends. Lastly, 33% will prioritize emails to confirm bank transactions.

How Much Can Phishing Scams Cost Businesses?

The above section discussed how phishing scammers leverage a recipient’s tendency to immediately open emails from their boss.

That’s an example of how phishing scams can harm businesses, and why cyberattacks cost small businesses $53,987, on average. It’s also why employees and leadership throughout organizations must remain eternally vigilant in preventing these crimes.

How VelocIT has vowed to help

We believe that educating users is the number one way to present data breaches.  User error accounts for up to 90% of successful breaches.  By ensuring that your team can recognize and avoid phishing scams you will greatly reduce the likelihood of a cyberattack.

This past month we partnered with Webroot to offer a free Security Awareness Training.   The short educational module provides your team with the tools to identify, stop and prevent phishing and other malicious activities.

“Our Security Awareness Training with Webroot was definitely well-received,” said Mike Bucciero, Vice President of Client Services at VelocIT,  “We’re always looking for ways to offer education and resources to our clients, with everyone stuck at home we figured it was perfect timing”

If your team is interested in beefing up their knowledge on phishing and the threat it poses to your organization, reach out to us and learn more about the Security Awareness Training HERE.

VelocIT Launches Virtual Office, Helps Companies Adapt During Pandemic and Beyond

Technology solution empowers remote teams to work more efficiently

CRANBURY TOWNSHIP, NJ (May 21, 2020) – The COVID-19 pandemic has introduced a new way of working for many teams.  Teams have adapted to working remotely with higher levels of efficiency than expected. As companies across the country adjust to the new normal, VelocIT Virtual Office, a new product from VelocIT, will give business leaders the freedom to quickly enable their mobile workforce with equipment, security, the latest software, and 24/7 IT Support that’s a click or phone call away.

With VelocIT Virtual Office, companies that were spending thousands of dollars in physical office space will now have the option to save money on rent, mortgage, and IT infrastructure by enabling their teams to work from anywhere while maintaining security and efficiency.

“Many companies have realized that their team is just as, if not more, productive working from home. For most of these companies, reducing or eliminating their square footage will save them money, which they can reinvest into their business,” said Darek Hahn, President and CEO of VelocIT. “We’ve taken best in class tools and combined them into VelocIT Virtual Office. It is a one-stop, fully supported, solution for companies that are looking to “unplug” from the traditional office setting.”

Virtual Office is a fully virtual technology solution that gives teams the ability to work from anywhere with no hardware beyond their end-user devices. The basic product bundle includes onboarding, help desk support, email management & security, Microsoft 365 for email, secure email & endpoint backup, antivirus, endpoint encryption, content management, patch management.  Additional services for remote users include, corporate home firewall to separate work from home traffic, Virtual Desktop & Server solutions, extended service hours, virtual phone services.  For those that need to keep a small office place for storage, meetings or touchdown places for employees can also add office network management. For any hardware needed VelocIT can work with a ‘Bring Your Own Device’ option or can setup lease or rent options for companies that do not want to own any hardware.

To learn more about Virtual Office, visit the VelocIT website at velocitmsp.com.

About VelocIT

VelocIT’s unique managed service delivery model builds trust. Our goal is to help you grow your business through IT Leadership. From infrastructure to end-user support, VelocIT partners with you to meet the unique technology needs specific to your business. Our integrated approach to Information Technology Support consistently reduces operational costs while increasing end-user satisfaction for our partners.

Microsoft Teams VS. Zoom

Read our latest White Paper on this Subject.

Both platforms have their unique advantages and disadvantages, and from our experiences and research we’ve determined for most of our clients it actually makes sense to use both.  

In the midst of a shutdown unlike anything we have seen before, video conferencing sites have exploded in popularity.

In the vertical of video conferencing platforms two have distanced themselves from the rest:  Microsoft Teams and Zoom.  It would be remiss not to mention Skype, Google Hangouts, Facetime or OoVoo – all of which are or were at one time popular video chatting services.  In terms of current applications within an American professional organization it is typically a coin flip between Microsoft Teams and Zoom, whose total users jumped from 10 million in December 2019 to 200 million in March 2020.

The two platforms have been thrust into “essential” level status as tools for workplaces and many business leaders aren’t entirely familiar with the options available.

Microsoft Teams comes included with MS Office 365 and integrates quite well within the system, making Teams a suitable option for in-office use and communication.  Microsoft Teams is optimized for secure, internal collaborations.  Calls with Teams can have up to 20 users on at once.  

Zoom, on the other hand, is more of a jack-of-all-trades video conferencing tool that can be used for both internal communication and external personal use.  It can handle up to 49 users on a single call as well as breakout rooms for users to split into smaller groups.  Zoom offers a free service with up to 100 participants however it is limited to 40 minutes per call.  For unlimited calls and webinars the pricing increases starting at $14.99 per host per month.

Zoom made headlines recently due to concerns of security.  Some Zoom encryption keys were generated in China which caused concerns for many users as to who had access to their data.

Another concern with Zoom was the prevalence of so-called “Zoombombers” entering private video conferences at will.  Zoom does in fact have ways to prevent that exact kind of malicious activity and always has; however the default privacy settings on Zoom are set to open instead of closed.  These can be adjusted to give meeting hosts the ability to set up passwords for meetings and review new guests in a waiting room before they are allowed on the call.   Zoom addressed these issues with software updates in April.  We recommend checking your settings in Zoom to make sure that the security measures are up to your company’s standards.  

A reason many organizations use Teams could be out of convenience, as the service comes free along with MS Office 365 and integrates smoothly into company calendars and email accounts which makes scheduling and sharing files a breeze.  Like Zoom, there are waiting rooms and passwords to keep out unwanted guests and keep your data safe.

Companies have unique challenges and needs so there is no blanket answer to which service is better.  If your company is already using MS 365 then you already have Teams to integrate into the rest of the Microsoft apps.  If you are looking to use video conferencing outside of work or are curious to see how Zoom performs then download the free version and give it a try.  At VelocIT we prefer to remain agnostic in regard to our video conferencing tools as our clients use several different platforms.  It’s very commonplace for companies to use Teams internally and Zoom for communicating with clients and vendors.   For the majority of our clients it does make sense to use both to their advantages as the two services compliment each other quite well.

Don’t forget to follow the VelocIT for more updates and other relevant tech laws.

How the EARN IT Act is Threatening End to End Encryption

In the wake of the COVID-19 crisis, anything that doesn’t have much to do with the virus isn’t making news. One such thing is the introduction of the EARN IT act.

So what exactly is the EARN IT act, and why is it such a threat to end-to-end encryption? Let’s take a look.

Before we get any further, let’s make sure we all understand end to end encryption.  End to end encryption is a way of protecting information from 3rd parties.  Simply put, end to end encryption scrambles data from one source or “end” and does not decrypt the message until it reaches the other end.  This protects companies and their data from malicious activity, but it also allows cybercriminals to store and share illegal files and data freely.  That is where the debate on end to end encryption begins, and why the EARN IT act has been proposed.

What is the EARN IT Act?

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, or EARN IT Act, is a bill designed to require tech businesses to take child sexual exploitation with more seriousness. Essentially, the act would create more incentives for businesses to earn liability protection for law violations that relate to online child sexual abuse material or CSAM. According to one of the legislators that introduced the bill, member Dianne Feinstein, companies “must do more to combat this growing problem on their online platforms. Our bill would allow individuals to sue tech companies that don’t take proper steps to prevent online child exploitation, and it’s an important step to protect the most vulnerable among us.”

So what bad could possibly come from this act? Unfortunately, many believe the bill is a thinly-veiled attempt to disrupt end-to-end encryption.

Why is the EARN IT Act Such a Threat?

The EARN IT Act New Jersey bill is a noble cause, but tech experts are wary that the bill could violate free speech and damage security protections on the internet.

The bill itself could be seen as an attempt to chip away at end-to-end encryption by targeting Section 230. Section 230 is a vital part of the Communications Decency Act of 1996, an act that protects free speech by giving tech leaders and companies immunity from liabilities that may be associated with content that is posted on their respective platforms.

The Justice Department has been saying for quite a while that end-to-end encryption presents a roadblock for investigators that need to gather evidence to catch internet criminals. With no compromise in sight, the EARN IT Act seems to be a way to force tech companies to take more responsibility for what is posted on their platforms. Section 230 essentially states that liability falls on individual users, rather than the owner of the platform that user content is posted on. The bill will make it possible to sue tech companies that aren’t taking more steps to prevent child exploitation– which could lead to a widespread end to end-to-end encryption so that tech platforms can protect themselves legally.

What do you think of the EARN IT Act? Do you believe it will help fight online child exploitation or break down end-to-end encryption and internet privacy?

Don’t forget to follow the VelocIT for more updates on the Earn It Act and other relevant tech laws.
Photo source: Pixabay

VelocIT Implements Online Chat and SMS Texting

VelocIT has adopted online “texting” and SMS texting to enhance their client communications

CRANBURY, NEW JERSEY — VelocIT, a New Jersey-based managed service provider and technology partner, announced today new communication methods for their customers.  Not only can customers use the traditional methods of picking up the phone or emailing to contact them for support, VelocIT has implemented Online Chat and SMS Texting to reach a live agent. Channels like online “texting” and SMS texting are great options to communicate with customers making it easier to obtain support.  There are 3.5 billion phones world wide, 96% of Americans currently own a cellphone of some kind and 81% text regularly.  This makes it an excellent option for better communicating with VelocIT clients.

“Obtaining IT support should be simple and quick.  This capability makes it simple and quick.” says Glenn Kupsch, Chief Operating Officer of VelocIT.

Over the course of the next several weeks, VelocIT will be communicating this new communication platform to their existing customers.

Mike Bucciero Promoted to Vice President of Client Services

CRANBURY, NEW JERSEY — VelocIT, a New Jersey-based managed service provider and technology partner, announced the promotion of senior team member, Mike Bucciero, to VP of Client Services. Bucciero joined the company more than 20 years ago as an intern and is excited to take on a new role and get back to more client-facing responsibilities. 

Bucciero started with the company on the ground floor when he joined as an  intern. Through the years he has moved into new roles within the company to  challenge him and force him to grow. As a seasoned professional and veteran employee, Bucciero has reached a level of success and a step on the corporate ladder that he feels will invite him to use his skills to help lead a team of professionals in reaching their potential. 

“I have been at this company for so long because I believe in our team and what we do,” commented Bucciero when asked about his promotion. “I am very excited to get back to playing a more advisory role and continue helping our clients make the best possible decisions when it comes to leveraging technology.”

In his new role, Bucciero will be a more client-facing asset, offering his skills and
expertise to guide clients and help them understand their technology integration
options.

CEO Darek Hahn spoke highly of Bucciero and his ongoing contributions to the
company: “We appreciate Mike’s long-term commitment to the company and all he has given us over the years. He is no stranger to putting in the hard work. And, we truly appreciate his growth and ability to lead internally and work directly with clients.” 

ABOUT VELOCIT

VelocIT’s unique managed service delivery model builds trust. Our goal is to help you grow your business through IT Leadership. From infrastructure to end-user support, VelocIT partners with you to meet the unique technology needs specific to your business. Our integrated approach to Information Technology Support consistently reduces operational costs while increasing end-user satisfaction for our partners.