Selected Case Studies | THORVIZ Consulting

Engagement 01

Zero Trust Strategy

Enterprise · Hybrid Cloud Modernization

Translate Design Strategize Transform

From VPN-anchored access to identity-first Zero Trust across hybrid cloud.

A mid-sized enterprise operating across AWS and on-premises had outgrown its security model after rapid cloud adoption. VPN-anchored access remained the primary control, producing overly broad access, limited visibility, and growing pressure to align with NIST 800-207. The engagement scope was a Zero Trust strategy and proof-of-concept that could be executed within a bounded delivery window.

Working through Translate, Design, Strategize, and Transform phases of the Cyber Value Arc, we reframed Zero Trust as a business-justified modernization initiative bounded by capacity, timeline, and PoC budget. We architected an identity-first target state (Entra ID, Conditional Access, ZTNA replacing VPN) and weighed the trade-off between proving value across all in-scope domains and demonstrating depth in a focused subset. The engagement closed with a validated architectural model and phased adoption roadmap, providing a defensible foundation for incremental Zero Trust adoption without disruptive infrastructure replacement.

Engagement 02

Identity-Driven Network Access

Enterprise · Multi-Site Operations

Translate Design Strategize Transform Transition

Reducing attack surface across the enterprise wireless network through identity-driven access.

A large multisite enterprise needed to modernize its wireless security posture after outgrowing a shared WPA2-PSK model that provided no user accountability and limited control over network access. The exposure created lateral-movement risk and compliance concerns, but the engagement also faced organizational realities: capacity constraints, multi-stakeholder coordination, and a clear ceiling on concurrent change.

Working through all five phases of the Cyber Value Arc, we reframed wireless security as a foundational governance concern, not a Wi-Fi configuration issue. The architecture centered on IEEE 802.1X with Cisco ISE as the policy engine, Active Directory as the authoritative identity source, and certificate-based authentication that eliminated reliance on shared credentials. We weighed the architecture's full reach against what the organization could absorb and selected a bounded core deployment with extension points preserved for follow-on work, repositioning the network from static, location-based trust to a dynamic, identity-driven control plane.

Engagement 03

Network Segmentation Strategy

Enterprise · Zero Trust Initiative

Translate Design Strategize

Reframing network segmentation as a Zero Trust capability, strengthening lateral-movement containment through policy-driven architectural design.

A small enterprise preparing for a Zero Trust initiative sought a structured assessment of its network segmentation posture. Years of organic growth had produced flat VLAN sprawl with no documented strategy, generating lateral-movement risk, change and audit complexity, and an inability to enforce policy at the network layer. The client recognized a problem but had underestimated its scope.

Working through Translate, Design, and Strategize phases of the Cyber Value Arc, we reframed segmentation as a foundational Zero Trust capability rather than network housekeeping. We designed a hybrid macro and micro segmentation architecture with trust zones defined by business function, making policy intent legible to non-technical stakeholders. We weighed maximum architectural scope against what the client could realistically absorb and delivered a phased implementation roadmap with extension points designed in for identity-driven segmentation and full workload-level micro-segmentation as future workstreams.