There’s a moment every fast-growing startup hits. You’ve got 20, 30, maybe 40 people. You’re hiring fast. The product is shipping. Investors are happy.
And then someone’s laptop dies the morning of a board meeting, a new hire shows up on their first day with no access to anything, or, worst case, you get a phishing email that half the company clicks on.
And everyone looks around and asks the same question: wait, who handles IT here?
The Honest Answer (That Nobody Wants to Give)
At most startups, the honest answer is: whoever gets stuck with it.
Sometimes it’s the ops manager who “seems tech-savvy.” Sometimes it’s an engineer who didn’t say no fast enough in a meeting. Sometimes it’s the CEO who set up everyone’s Google accounts back in the four-person days and never officially handed that off to anyone.
This is not a criticism. It’s the predictable result of building a company fast. When you’re pre-Series A, you figure it out. But at some point, usually somewhere between 15 and 50 employees, figuring it out stops working.
Here’s what that looks like in practice:
Your onboarding is broken. New hires wait three days for laptop access. IT setup is a Google Doc that someone wrote in 2022 and nobody’s updated since. The engineer who set up your Okta instance is now the CTO and doesn’t have time to provision user accounts.
Your offboarding is a liability. When someone leaves, there’s no clean process to revoke access, recover the device, or confirm that company data is actually gone. You assume it’s handled. It probably isn’t.
Security is held together with duct tape. You’ve got Google Workspace, Notion, Slack, GitHub, Figma, a password manager that three people actually use, and nobody has a clear picture of who has access to what. Your enterprise clients are starting to ask about SOC 2. You don’t love what the answer would be right now.
One person is quietly miserable. Somewhere in your org, there is a person who is handling IT tickets, resetting passwords, shipping laptops, and troubleshooting Wi-Fi, and that is not what they were hired to do. They are burning out. They are thinking about quitting.
Why “We’ll Hire an IT Person” Doesn’t Solve It
The instinct is to hire. Put up a job req, find an IT coordinator, problem solved.
But here’s the math: a competent IT hire in NYC runs $80,000–$100,000+ in fully-loaded salary. For that, you get one person who gets sick, goes on vacation, has a learning curve, and can only be in one place at a time. You’re also now responsible for managing, retaining, and upskilling someone in a role most startup leaders don’t have a background in.
And that one person still can’t do everything. Complex security issues, compliance preparation, device management, and identity infrastructure. These require specialized expertise that a single generalist IT hire typically doesn’t have.
You’re not solving the problem. You’re just owning more of it.
What Actually Works at This Stage
The companies that handle IT well at the 20–150 employee stage tend to share one trait: they outsource it to someone who does this for a living.
Not because they couldn’t figure it out eventually. Because their ops teams and engineers have better things to do, and because IT is actually a complex discipline with real best practices, real tooling, and real security implications.
Here’s what a managed IT setup looks like for a startup that’s figured this out:
Device management is automated. New hire starts Monday? Their laptop ships pre-configured, with all their apps installed, accounts provisioned, and security policies applied before they even touch it. No engineer involved. No waiting.
Onboarding and offboarding run like clockwork. Someone joins, they’re in Okta within the hour. Someone leaves, their access is revoked the same day, their device is retrieved within the week, and there’s a paper trail for your auditors.
There’s a real helpdesk. When something breaks, there’s a number to call and a human who picks up. Not a ticket that goes into a queue and gets triaged by whoever’s available. An actual support person who knows your environment.
Security isn’t a project, it’s a baseline. Endpoint protection, network monitoring, identity management — it’s all running in the background. You get visibility into your IT environment without anyone on your team having to build it.
You have someone thinking ahead. Not just reactive break/fix, but someone advising on what your IT stack should look like at 100 employees, what you need to do to pass a SOC 2 audit, what tools are redundant in your current stack.
The SOC 2 Thing Is Worth Mentioning Specifically
If you’re a B2B SaaS company, or if you’re selling to enterprise clients in any capacity, you are going to get asked about SOC 2. Probably sooner than you expect.
SOC 2 readiness is fundamentally an IT problem. It requires documented security policies, controlled access management, device management with audit trails, incident response procedures, and evidence collection over time.
None of that happens by accident. It requires a structured IT environment that’s been deliberately set up with compliance in mind. The companies that sail through a SOC 2 audit are the ones that have been running clean IT practices from the beginning, not the ones scrambling to build documentation three months before the auditor shows up.
This is one of the clearest reasons to get your IT in order early. It’s not just about laptops and Wi-Fi. It’s about building the foundation that enterprise deals require.
So Who Should Handle Your IT?
Ultimately, this is a question of what stage you’re at and what you can afford. But here’s a rough guide:
Under 15 employees: One person wearing multiple hats plus basic MDM tooling is probably fine. Automate what you can.
15–50 employees: This is the danger zone. You’re too big to wing it, too small to justify a full in-house team. An outsourced IT partner that can act as your IT department is usually the right answer.
50–150 employees: You need a managed services partner with real depth — device management expertise, identity management, compliance support, device logistics. This is where fractional IT typically pays for itself many times over.
150+ employees: You may want a hybrid like an in-house IT lead/generalist partnered with a managed services provider for depth and scale.
The through-line is the same at every stage: IT is not a thing you should be figuring out on the fly. It’s infrastructure. Treat it like infrastructure.
What This Looks Like When It’s Working
The best IT setup is one you barely think about. New hires get their laptops on day one. Departing employees are offboarded cleanly. Your security posture is solid enough that when a client asks, you can answer with confidence. When something breaks, someone fixes it fast.
Your ops team is focused on operations. Your engineers are focused on engineering. And nobody is quietly drowning in a job they never signed up for.
That’s the goal. It’s achievable and it doesn’t require a full in-house IT department to get there.
Advisory is a managed IT services provider based in New York City, specializing in hybrid enviroment startups and scale-ups. We’re an Apple Premium Technical Partner, Jamf Elite Partner, and SOC 2 Type 2 certified. If your IT setup is held together with duct tape and good intentions, let’s talk.
