Cybersecurity, Compliance & Managed IT — Built for Industry

TRNSFRM is a US-based cybersecurity, governance, and managed IT firm headquartered in Cleveland and Columbus, Ohio, serving manufacturers, construction firms, automotive dealerships, and healthcare organizations nationwide. Founded in 2008 by Jeff Dennis, we hold 176+ five-star Google reviews from clients who rely on us for compliance, uptime, and protection.

What we do

Industries we serve

Manufacturing (CMMC, ITAR, NIST), Construction (jobsite connectivity, bid protection), Automotive Dealers (FTC Safeguards, DMS security), and Healthcare (HIPAA, PHI protection).

The IT Resilience Framework™

Our proprietary 3-step process — Assess, Build, Transform — moves clients from reactive IT to a measurable, audit-ready security posture.

Locations

Offices in Cleveland, Ohio and Columbus, Ohio; clients across the United States.

Get started

Book a 30-minute discovery call, take our 47-point cyber assessment, or contact us at info@trnsfrm.tech.

    All case studies
    Construction NIST 800-171

    How a $150M+ Construction Firm Escaped VMware Licensing, Moved to a Microsoft Hybrid Cloud, and Hit NIST 800-171 Readiness for Government Contracts

    Commercial Construction Client(anonymized)
    Ohio

    A $150M+ commercial construction firm faced runaway VMware renewal costs and needed NIST 800-171 readiness to bid on federal and state government work. TRNSFRM migrated them off VMware to a Microsoft-based hybrid cloud and remediated their NIST gaps — opening a new revenue channel while cutting infrastructure spend.

    How a $150M+ Construction Firm Escaped VMware Licensing, Moved to a Microsoft Hybrid Cloud, and Hit NIST 800-171 Readiness for Government Contracts
    100%
    Workloads off VMware
    110
    NIST 800-171 controls assessed
    Hybrid
    Azure + on-prem Hyper-V
    New
    Government contract channel unlocked

    The Challenge

    Our client, a $150M+ commercial construction firm, was hit with two pressures at the same time: 1. VMware licensing costs spiked dramatically after the Broadcom acquisition, turning a predictable line item into a budget problem. 2. Leadership wanted to pursue federal and state government construction contracts — which required demonstrable alignment with NIST SP 800-171 and a credible security posture. Their existing environment was not ready for either move: • Production workloads ran on aging VMware hosts with renewal quotes that no longer made business sense • No formal gap assessment, SSP, or POA&M against NIST 800-171 • Identity, email, and file sharing were partially in Microsoft 365 but not configured to a controlled standard • Backups, DR, and access controls were inconsistent across job sites and the corporate office • No clear story to tell a contracting officer about how the company protected sensitive project data They needed a path that solved the cost problem and the compliance problem at the same time — without disrupting active job sites.

    Our Approach

    TRNSFRM ran the engagement using our IT Resilience Framework: Assess, Build, Transform. Assess • Full NIST SP 800-171 gap assessment across all 110 controls • Inventoried every VMware workload, its dependencies, and its real performance profile • Built the System Security Plan (SSP) and POA&M, prioritized by risk and contract requirements • Modeled total cost of ownership: status-quo VMware renewal vs. Microsoft hybrid cloud Build — Microsoft Hybrid Cloud • Designed a hybrid architecture using Azure for elastic and DR workloads, with right-sized on-prem Hyper-V for latency-sensitive systems • Migrated VMs off VMware in waves, with cutover windows scheduled around active project deliverables • Standardized identity on Microsoft Entra ID with conditional access, MFA, and privileged access workflows • Hardened Microsoft 365 (email, Teams, SharePoint, OneDrive) with DLP, data labeling, and retention aligned to NIST controls • Re-architected backup and DR with tested restore runbooks across both Azure and on-prem NIST 800-171 Remediation • Closed POA&M items across access control, audit/accountability, configuration management, incident response, and system/communications protection • Deployed centralized logging, EDR, and 24x7 monitoring tied to documented IR procedures • Wrote and rolled out the policy stack and user training required by the framework • Produced a defensible package — SSP, POA&M, evidence — to support contract bids and customer security questionnaires

    "TRNSFRM turned a VMware budget headache and a compliance gap into one project. We came out with lower infrastructure cost, a real security program, and the ability to bid on government work we couldn't touch before."

    — IT Leader, Commercial Construction Client

    The Outcome

    The client exited their VMware footprint, stood up a Microsoft hybrid cloud, and reached NIST 800-171 readiness without disrupting active construction projects. • 100% of VMware workloads migrated off the platform on schedule • Hybrid architecture deployed across Azure and on-prem Hyper-V, sized to actual workload demand • NIST SP 800-171 gap assessment completed and POA&M remediated to a contract-ready posture • Microsoft 365 hardened with conditional access, MFA, DLP, and centralized logging • Backup and DR rebuilt with tested, documented recovery procedures • Now eligible to bid on federal and state government construction work — opening a new revenue channel The firm replaced an unpredictable licensing problem and a compliance blind spot with infrastructure that supports growth into regulated markets.

    Services Delivered

    • Cybersecurity Operations
    • Governance & Compliance
    • Managed IT
    • vCIO

    Book Your Strategy Call Today

    No pressure. No sales pitch. Just a conversation with an expert to map out your risks, gaps, and next steps toward compliance and security.

    30 minutes. No NDA. No sales pitch. Walk away with a written risk snapshot — or we'll send you a $50 Amazon gift card.

    Not ready to book? — free, 2 minutes.

    Call Now