What this feels like — in your words.
For UA Locals and JATCs
You manage member data, dispatch records, pension contributions, and apprentice records for hundreds — maybe thousands — of people. If that data leaks, it's not just a technology problem. It's a trust problem with members, contractors, and trustees. Your cyber insurance renewal just came back with new requirements you don't understand. You filled out the questionnaire by guessing.
For healthcare clinics
HIPAA used to feel like a checklist. It isn't anymore. The proposed 2026 Security Rule updates eliminate the difference between "required" and "addressable" safeguards — meaning everything becomes mandatory, including MFA, encryption, vulnerability scanning every six months, and annual penetration testing. Healthcare breach costs now average $10.9 million per incident. Small clinics have the highest violation rates because they lack dedicated compliance officers. You're a target — not because you're careless, but because attackers know you're under-resourced.
For construction contractors
Cybersecurity is the new entry ticket. Your general contractor's prequalification questionnaire now includes questions about MFA, EDR, and incident response plans. Your cyber insurer is asking the same questions. Field crews work from job trailers on public Wi-Fi. Project files move between subs, GCs, owners, and architects. One leaked plan set or one ransomware event can cost a project — and a relationship.
Security used to mean a firewall and an antivirus subscription. It hasn't been that for a long time. Now it means 24/7 monitoring, identity protection, real-time threat detection, and being able to prove to an insurer or an auditor that you're doing what you said you'd do.
We handle the technical side. Then we translate it into plain English for the people who need to sign off — your business agent, your office manager, your owner, your CFO, your trustees.
The actual deliverables.
- +24/7 monitoring with CrowdStrike Complete
- +Multi-factor authentication and identity protection across all systems
- +Email security and phishing defense
- +Vulnerability scanning every six months minimum, with remediation
- +Security awareness training for your team — short, regular, in plain language
- +Incident response when things go wrong, including coordination with your cyber insurer
- +Cyber insurance readiness review and renewal support
- +HIPAA Security Rule alignment for healthcare clients, with documentation that holds up to an OCR audit
- +NIST and CIS framework alignment for organizations that need it
- +Policy development and ongoing maintenance — not a binder on a shelf, a living practice
Anyone who's filled out a cyber insurance questionnaire and guessed at the answers. Anyone whose auditor or trust fund asked questions they couldn't answer. Anyone who got the email about the new HIPAA rules and quietly closed it.
Five more ways we show up.
Managed IT & Helpdesk
Stop yelling at your computer. Call us.
Infrastructure & Cloud
The plumbing nobody sees — until it leaks.
Strategic Advisory (vCIO & vCISO)
The CTO you can't afford to hire. On retainer.
AI & Vendor Advisory
Everyone's selling AI. We tell you which ones are worth buying.
VDC / BIM Management
We build your VDC from zero. Then we keep it running.
Want to see where you stand? Start free.
Kilik · talk@kilik.net · 415-523-1400