Skip to main content
🧠Educational6 min read

Year in Review: M Square 2025 Wins & Lessons

Reflecting on M Square LLC's first year: what we accomplished, what we learned, and where we're headed in 2026.

company newsyear in reviewreflection
Share:𝕏in

Year in Review: M Square 2025 Wins & Lessons

As 2025 comes to a close, I want to reflect on M Square LLC's first full year. The wins, the challenges, and what we've learned along the way.

By the Numbers

Clients Served

  • 47 security assessments completed
  • 23 penetration tests delivered
  • 12 vCISO engagements active
  • 150+ employees trained

Industries Helped

  • Healthcare: 35%
  • Professional Services: 25%
  • Technology: 20%
  • Manufacturing: 10%
  • Other: 10%

Impact

  • $0 client ransom payments (knock on wood)
  • 3 incidents detected and contained early
  • 100% compliance audit pass rate for prepared clients
  • Zero breaches among active clients

Major Wins

Win 1: Healthcare Focus Validated

Our bet on specializing in healthcare security paid off. Medical practices face unique challenges:

  • HIPAA requirements
  • Legacy medical systems
  • Limited IT budgets
  • High-value data

We developed specialized offerings that address these challenges practically.

Highlight: Helped a 12-physician practice achieve HIPAA compliance and pass an insurance audit, preventing $50K+ in potential fines.

Win 2: vCISO Program Success

When we launched the vCISO service, we weren't sure how it would be received. Turns out, there's significant demand.

Small businesses want strategic guidance, not just technical services. They want a trusted advisor who understands security AND business.

Highlight: One vCISO client closed $500K in enterprise deals that were previously blocked by security questionnaires.

Win 3: Community Building

We published 50+ blog posts this year, all freely available:

  • Educational content for business owners
  • Technical tutorials for practitioners
  • Thought leadership on industry trends
  • Practical guides and templates

Traffic growth: 15x from launch

Win 4: Speaking and Teaching

Presented at:

  • DEF CON 32 (Small Business Village)
  • Local healthcare association events
  • Chamber of commerce security sessions
  • Multiple webinars

Teaching helps us learn and gives back to the community that taught us.

Win 5: Client Relationships

The most meaningful win: clients who trust us as partners.

Client feedback highlights:

"Finally, a security company that speaks our language."

"You actually listened to our constraints instead of just selling us stuff."

"Best investment we made this year."

These relationships are why we do this work.

Honest Challenges

Challenge 1: Saying No

We had to turn down work that wasn't the right fit:

  • Enterprise clients better served by larger firms
  • Clients looking for checkbox compliance (not real security)
  • Projects outside our expertise

Saying no is hard when you're growing, but necessary for quality.

Challenge 2: Scope Management

Early engagements sometimes grew beyond original scope as we discovered more issues. Learning to:

  • Set clearer boundaries upfront
  • Communicate scope changes proactively
  • Balance thoroughness with economics

Challenge 3: Scaling Personal Touch

Our strength is personalized service. As we grow:

  • How do we maintain quality?
  • When do we hire?
  • What can be systematized vs. must be personal?

Still figuring this out.

Challenge 4: Market Education

Many potential clients don't know they need help until something goes wrong. Educating the market is slow work.

Our content strategy is a long-term investment in awareness.

What We Learned

Lesson 1: Simple Wins

The most impactful recommendations were often the simplest:

  • Enable MFA
  • Test your backups
  • Train your people
  • Review access permissions

Fancy isn't always better.

Lesson 2: Relationships Over Transactions

Clients who see us as partners get better outcomes than those who see us as vendors.

We've shifted toward longer-term relationships and away from one-time engagements.

Lesson 3: Communication Matters More Than Technical Skill

The best technical findings don't matter if clients don't understand them.

We've invested heavily in how we communicate:

  • Clearer reports
  • Executive summaries that make sense
  • Visual explanations
  • Follow-up to ensure understanding

Lesson 4: You Can't Help Everyone

Not every business is ready for security improvement. Some:

  • Don't see the value
  • Won't invest appropriately
  • Expect magic solutions
  • Have cultural issues that prevent change

Better to focus energy on clients who will act on recommendations.

Lesson 5: Community Is Everything

The security community has been incredibly supportive:

  • Fellow consultants sharing knowledge
  • Clients providing referrals
  • Readers sharing our content
  • Conference organizers giving us a platform

We try to give back as much as we receive.

Looking Ahead to 2026

Goal 1: Expand Healthcare Offerings

Develop specialized packages for:

  • Dental practices
  • Mental health providers
  • Specialty clinics
  • Healthcare startups

Goal 2: Launch Training Programs

Formalized security training:

  • Security awareness programs
  • Technical training for IT staff
  • Executive education

Goal 3: Build the Team

We've operated lean. Time to grow:

  • Additional consultants
  • Support staff
  • Possibly a junior analyst program

Goal 4: Increase Free Resources

More content, more tools, more community support:

  • Monthly newsletter
  • Expanded blog coverage
  • Open-source templates and tools
  • Quarterly webinars

Goal 5: Measure Impact Better

Develop better metrics for:

  • Client security improvement over time
  • ROI of security investments
  • Community impact

Thank You

To everyone who made 2025 possible:

Our clients: Thank you for trusting us with your security. We don't take that responsibility lightly.

Our referral partners: Your confidence in recommending us means everything.

Our readers: Your engagement drives us to create more valuable content.

The security community: For the endless knowledge sharing and support.

Family and friends: For putting up with me talking about security at every gathering.

One Request

If you've found value in our work this year—whether as a client, reader, or community member—I have one request:

Share the word.

Small businesses need to know that security help exists at their level. If you know a business owner who's worried about security, send them our way for a conversation.

That's how we grow our impact.

Here's to a secure 2026. Let's talk: m1k3@msquarellc.net

Found this helpful? Share it:

Share:𝕏in

Need Help With This?

Have questions about implementing these security practices? Let's discuss your specific needs.

Get in Touch

More in Educational

Explore more articles in this category.

Browse 🧠 Educational

Related Articles