Case study

BCM One transforms the way IT and security view automation


  • Use cases for IT management, ChatOps, and employee offboarding
  • 55% decrease in vulnerabilities
  • 50K daily story events

“We used the tools we’ve bought, from CrowdStrike to RunZero, much more effectively because we have Tines.”

About BCM One 

BCM One provides comprehensive, managed technology solutions to help businesses streamline their network, making communications, collaboration, and connectivity simple and cost-effective. 

Executive summary 

In the wake of a malware outbreak and insufficient Endpoint Detection Response (EDR), BCM One faced the daunting challenge of reconstructing its entire security program from the ground up. Dan Rubins assumed the VP of IT and Information Security role, and his first task was building the program from scratch. He started to put the pieces together – EDR, asset inventory, device management, and more. While other platforms required Python, which Dan was more than capable of using, Tines offered a scalable way to hold everything together. He found he could do more through our user-friendly, drag-and-drop interface, which proved much more flexible than other platforms BCM One had considered. 

The challenge 

BCM One’s predicament extended beyond merely revamping its security program. The team is inundated with vulnerabilities, alerts, and overwhelming operational noise. The volume of vulnerabilities had reached an unmanageable level, causing severe downstream impacts on their infrastructure and overall scalability. 

Through BCM One’s implementation of CrowdStrike, they discovered a high volume of vulnerabilities (1.1M) and a patching program that frequently missed SLA targets. They were starting to believe they’d never get through them.

Dan knew they needed a system that could: 

  • Take the information from critical systems and apply it to other systems (like CrowdStrike tagging)

  • Notify owners when action is required (such as upgrading versions)

  • Reduce the alert fatigue and duplicate efforts of their team

Why Tines?  

Dan discovered Tines through the Risky Business podcast. “Tines has been transformative for us,” he says. In the first few months of using Tines, BCM One has already built 12 automations with 50k events daily, and decreased vulnerabilities by 55%.

A few use cases they’re incredibly proud of:

  • IT maintenance

  • ChatOps

  • Employee offboarding

  • Email response

One of their stories involves building a notification system based on CrowdStrike tags. The way the team built the tagging structure is highly specific to their policies. They're adapting this structure to follow these steps:

  1.  Tag assets

  2. Send an email to all server owners who have an app vulnerability or a software vulnerability

  3. That notification will include an action for the owner to take, such as upgrading to a specific patch version

Before Tines, BCM One was tracking over 1.1M vulnerabilities. They’ve reduced this to 504K and will continue to use Tines to decrease this to a more manageable number, allowing them to make consistent progress against SLA windows.

While Tines started as their solution for security, it soon became a valuable resource for their IT team. 

Tines was originally our security automation tool, and now we’re using it for general IT automation as well.

Dan Rubins, VP of IT and Information Security

Top workflows 

Employee offboarding  

Employee offboarding is a challenge for many customers, including BCM One, as it brings a great deal of risk if not done correctly. In their journey to optimize onboarding effectiveness, BCM One faced an added complication - they needed their offboarding story to interact with their on-prem and Tines environment. With the Tines tunnel, they were able to do this without issue. 

“The Tines tunnel solved a huge problem for us. We can now run Powershell against our on-prem Azure Directory and make changes there.” Dan shared that this was huge for them in assisting with employee offboarding. For example, they can make a change in BambooHR and have that flow through and deactivate a user’s account smoothly and consistently. 

“It’s such a simple concept, but actually making that happen, in most enterprise systems, most enterprise environments, it’s really tough. And we did that without a whole bunch of extra tooling. We used the tools we’ve bought, from CrowdStrike to RunZero to others, much more effectively because we have Tines.


ChatOps revolutionized their response to malicious phishing emails, centralizing alerts and improving threat hunting. When BCM One receives a malicious email or has a user report one, they can centralize alerts and hunt in Office365 to find threats that wouldn’t have been caught before. With this workflow, BCM One has reduced the number of phishing clicks from an average of 13 per month to zero.

We didn’t have any concept of doing that before. We’re doing things like this with Tines that wasn’t even on our list of possibilities; didn’t think we’d be able to do that.

Dan Rubins, VP of IT and Information Security

IT maintenance 

Dan prototyped an IT service desk, something else that wasn’t even on their radar when they started using Tines. In just 12 hours, they built a way to capture data out of existing systems and into Jira service management. With the overhead of performing low-value manual tasks like Microsoft Entra updates and group changes eliminated through automation and ChatOps, the IT team can now focus on high-value work resulting in greatly improved employee experience.

Junk email filtering 

Junk emails and spam are an irritation across teams at BCM One, as is the case with most companies. It creates a lot of noise, and the company receives around 1M of them per month across all employee inboxes. Dan and three colleagues are developing a system for filtering those emails because, as they discovered, not all of them are junk. This way, the noise dies down, and people can focus on emails that matter. Once their pilot is completed, they’ll roll it out to the rest of the company, resulting in a massive quality-of-life improvement. 

What’s next? 

Following telecom fraud attacks earlier this year, BCM One is laser-focused on reducing the risk of those types of attacks and responding to them with increased speed and accuracy. Part of that is bringing their cyber threat intelligence provider and disparate telecom systems into Tines. Integrating these systems will enable them to build workflows to share intelligence about telecom fraud more effectively, block IPs or ASNs, and manage customer password changes when necessary.

BCM One recently announced its ninth acquisition, which presents a unique opportunity to leverage Tines. Their objective is to swiftly assimilate acquired companies into their environment and establish seamless business processes, including migrating IT help desk operations, which could be done in a few weeks with API calls in Tines. 

Dan says he’s been inspired by the Friday Flows video series by Blake Coolidge, Head of Sales Development at Tines, and will be adding some of these Tines  workflows to his own large backlog of ideas

It's safe to say that the team at BCM One is using Tines to reinforce their security posture and better position themselves against future threats. 

More case studies

Built by you, powered by Tines

Talk to one of our experts to learn the unique ways your business can leverage Tines.