Many companies share confidential data as part of business partnerships. A smartphone maker, for example, might provide device blueprints to a component supplier. If hackers breach the supplier, they can potentially gain access to the smartphone maker’s blueprints. Last week, consulting heavyweight Crowe LLP partnered with SecurityScorecard to help joint clients address such indirect cybersecurity risks. We caught up with Josh Reid, Crowe LLP’s cyber market principal, to get a closer look at the collaboration. We also heard from the CEO of Broadpin, a new consulting brand formed through the combination of four IT services firms. Plus, two updates from the world of SMB consultancies.

A new third-party risk management partnership. Crowe LLP is the U.S. affiliate of Crowe, a professional services network that generated $5.8 billion in revenue last year. SecurityScorecard, meanwhile, is a cybersecurity vendor that counts Intel and Alphabet as investors. Its software can scan a firm’s infrastructure for vulnerabilities such as remotely accessible databases. Furthermore, companies use the software to find weak points in their suppliers’ systems. That latter use case is the focus of the vendor’s new partnership with Crowe LLP.

SecurityScorecard’s platform is available in a managed version called SecurityScorecard MAX. Customers that purchase it can have the company scan their suppliers’ infrastructure for vulnerabilities on their behalf. Additionally, SecurityScorecard estimates the likelihood that the vulnerabilities it finds will lead to a breach. As part of the partnership with Crowe LLP, the vendor will combine SecurityScorecard MAX with professional services from the consulting heavyweight. The goal is to help joint clients address cybersecurity gaps in their supply chains faster.

Crowe LLP’s Reid told Boardroom Insight that there are quite a few reasons the firm’s clients are prioritizing third-party risk management. “We’re seeing a rapid increase in cyber-attack frequency and intensity due to threat actors leveraging AI-based toolsets more effectively,” Reid explained. ”Malware is being written more effectively, phishing emails are becoming more persuasive, and deep fake content is becoming more realistic. These are just a few examples of threats that not only impact our clients directly, but also the third-parties providing products and services for our clients.”

The risks posed by AI-powered hacking campaigns are drawing the attention of not only CISOs but also companies’ business-side leadership. “Board directors have taken on more oversight responsibility to help navigate these cyber risks, including third-party risk management,” Reid said. “Crowe LLP’s collaboration with SecurityScorecard strengthens board oversight of cyber risk management.”

Vulnerability detection is not the only task that SecurityScorecard MAX promises to ease for customers. If one of a company’s suppliers has a cybersecurity gap, SecurityScorecard can reach out to that supplier to help it fix the issue. Customers can track such interactions via a centralized monitoring dashboard. Crowe LLP will help joint clients interpret the cybersecurity data that SecurityScorecard surfaces. It will also find opportunities to automate manual risk management tasks. 

A Crowe LLP spokesperson elaborated that “Crowe helps companies transform their third-party risk management programs with enhanced automation to better manage the increasing volume of third-party relationships. SecurityScorecard’s continuous monitoring service is a key component of the automation improvements. Crowe also provides risk assessment services that factor SecurityScorecard’s data into the overall risk profile when assessing third parties on behalf of clients.”

A new consulting brand debuts at Oracle AI World 2025. Broadpin, as the consultancy is called, was known as International Technology Group until the conference. It provides technology consulting services focused on Oracle products. Broadpin’s current organizational structure is the fruit of four acquisitions that International Technology Group made over the past two years.

Two of the acquired firms, PROMATIS and PITTS, are based in Germany. The other two, Project Partners and Quistor, are headquartered in the U.S. and the Netherlands, respectively. Broadpin says that bringing together their capabilities under one roof will make it possible to deliver better service for customers. 

“As clients demand a single partner with global reach and full-stack Oracle expertise, Broadpin represents that evolution,” Broadpin chief executive officer Sebo Wijnberg told Boardroom Insight. “We’re not just combining names; we’re combining strengths to deliver measurable business outcomes.”

Quistor, which the company acquired about a year ago, was the largest Oracle Platinum Partner focused on providing JD Edwards services in Europe. JD Edwards an enterprise resource planning platform that comprises more than 80 different software tools. Those tools are used by companies for tasks such as paying suppliers and managing factory equipment. 

Broadpin’s focus extends beyond JD Edwards. PITSS, one of the two German consultancies it acquired, specializes in modernizing legacy Oracle environments. Broadpin also helps companies with other tasks such as integrating a newly deployed Oracle workload with existing systems and implementing AI software. 

A Broadpin spokesperson said the capabilities the firm gained through its recent acquisitions will enable it to compete more effectively in the Oracle partner ecosytem. “The move positions Broadpin as a differentiated player in a crowded market where many Oracle partners remain regional or narrowly specialized. By uniting global delivery, deep product knowledge, and proprietary solutions, Broadpin aims to accelerate transformation across the Oracle stack—from Fusion and OCI to APEX.”

Kicksaw acquires Northbound Consulting. Oregon-based Kicksaw is a Salesforce consultancy that can help companies deploy the cloud giant’s products and connect them to their other workloads. It’s also active in other areas. Kicksaw engineers can, for example, rewrite an AWS-hosted application to make it more scalable.

Northbound is a fellow Salesforce consultancy based in Denver. One of its main focus areas is contract life cycle management, or CLM. Salesforce provides a set of CLM features that enables companies to create a library of ready-to-use contract clauses. Employees can quickly turn those clauses into a sales contract when a new customer comes onboard. The CLM capabilities that Kicksaw has gained through the Kicksaw deal will enable it to play a bigger role in clients’ Salesforce projects. 

Doceo appoints a new vice president of operations. Juleen Bixler is joining the IT and marketing consultancy after nearly 15 years at Fraser Advanced Information Systems, where she held a similar role. Both Doceo and Fraser provide what’s known as a managed print service. They can offload the work involved in managing a company’s printers and copiers from its IT department. That work encompasses tasks such as buying ink, fending off cyberattacks and carrying out hardware maintenance. 

Doceo is also active in several other areas. It can help companies scan their IT infrastructure for vulnerabilities, set up Microsoft 365 environments and perform related tasks. Additionally, the company has a marketing services business. As vice president of operations, Bixler will be responsible for boosting the operational efficiency of Doceo’s marketing and IT teams. She will also help make the firm’s organizational structure more scalable to advance its growth plans. 

Photo courtesy of Crowe