The Challenge
A regional utility company was evaluating MFA solutions for their corporate IT environment. Three vendors, including us, were in the evaluation. But during discovery, I uncovered a much larger problem: their operational technology environment — SCADA systems, ICS controllers, and field devices — had no authentication controls whatsoever. Technicians used shared credentials on post-it notes.
The Approach
While the other vendors focused on the stated IT MFA requirement, I expanded the conversation to include OT authentication. I brought in our OT security specialist for a workshop with the utility's operations team, demonstrating how our hardware security keys could work in industrial environments — no smartphone required, ruggedized form factors, and offline capability for remote substations.
I also connected the OT security gap to their NERC CIP compliance obligations, showing that inadequate authentication on CUI systems could result in regulatory penalties. This elevated the conversation from an IT security project to an enterprise compliance initiative, which attracted executive attention and budget.
The Result
The deal expanded from a $120K IT MFA project to a $420K enterprise authentication deployment covering both IT and OT environments. We were the only vendor in the evaluation with OT authentication capabilities, which eliminated the competition entirely. The utility became our first critical infrastructure reference customer.
Key Takeaway
The biggest deals often come from problems the customer has not yet articulated. Deep discovery that extends beyond the stated requirement can uncover hidden scope that expands the deal and eliminates competition. In this case, asking about OT turned a commodity IT deal into a sole-source enterprise win.
Get new posts in your inbox
No noise. Tactical field notes when something worth sharing comes up.