Founder, SerenIT — Former MSP Professional & vCIO Consultant
Thomas spent years inside managed IT service providers and as a virtual CIO advisor before founding SerenIT. He watched businesses routinely overpay, under-negotiate, and get locked into providers that weren't equipped for their industry — not because they were uninformed, but because the information they needed to make good decisions simply wasn't available to them. SerenIT is his attempt to fix that.
Background
Thomas's background spans both sides of the MSP relationship — operational work inside managed IT service providers, and strategic consulting as a virtual CIO for businesses evaluating and managing IT vendors. That dual perspective shaped SerenIT's core premise: the IT industry's information asymmetry is a structural problem, not just a sales problem.
On the MSP side, he worked across service delivery, account management, and compliance program development — including hands-on work with HIPAA risk assessments, NIST 800-171 implementation for defense contractors, and GLBA Safeguards Rule compliance for financial services firms and CPA practices. He's seen what separates MSPs who can genuinely support regulated industries from those who can't — and how hard it is for businesses to tell the difference from the outside.
As a vCIO, he worked directly with business owners and leadership teams to structure IT vendor relationships, evaluate RFP responses, and make technology investment decisions. The most common frustration wasn't technical — it was that clients couldn't evaluate what they were being sold. They didn't know which questions to ask, what a fair price looked like, or how to tell if their provider was doing the job.
SerenIT was built to close that gap. Every tool, guide, and piece of content on this site is written from the perspective of someone who has sat on both sides of the table — and who knows exactly what information a business owner needs to make a good decision.
Areas of Expertise
BAA requirements, PHI encryption, audit logging, risk assessment methodology, and EHR-specific IT controls for healthcare organizations.
Written ISP requirements, MFA implementation, encryption standards, risk assessment, and FTC audit readiness for financial firms and CPA practices.
NIST SP 800-171 control implementation, System Security Plan documentation, CUI handling, and GCC High migration for defense contractors.
How to evaluate provider proposals, identify red flags in IT contracts, benchmark pricing, and structure RFPs for managed IT services.
Per-user cost benchmarking, total cost of ownership analysis, and IT investment prioritization for businesses at 10–250 employees.
Technology roadmap development, vendor management, board-level IT reporting, and IT governance frameworks for growing businesses.
Published Guides & Resources
View all articles and guides on the SerenIT blog →
About SerenIT
SerenIT is a free IT advisory and provider matching platform for small and mid-sized businesses. The tools, guides, and matching service are built around a single premise: business owners shouldn't need to trust a salesperson to know whether their IT setup is reasonable, whether their pricing is fair, or whether their provider is qualified for their industry.
Every tool on SerenIT is free with no registration required. The matching service connects businesses with vetted MSPs based on industry, size, and compliance requirements — not which provider paid the most for placement.
13 free tools to help you evaluate your IT setup, benchmark pricing, and find the right provider.