A shop-floor minute of downtime is rarely just a minute. A CNC controller that loses the network at 10am is a half-day of running by hand and a customer phone call by Thursday. An ERP that drops at month-end is two days of accounting overtime. An OT segment that gets hit by ransomware is a problem that does not stay on the shop floor. Ghosxt runs the IT, cybersecurity, and OT/IT plumbing for machine shops, fabricators, contract manufacturers, medical device makers, and small aerospace and defense suppliers across the Central Coast and the South Bay. DoD-cleared engineering, transparent pricing, no outsourced helpdesk.
Rated 5.0 across 24 Google reviews — trusted by 30+ businesses from Silicon Valley to the Salinas Valley and beyond.
Transparent managed IT pricing is published upfront, so you know the range before booking.
Manufacturing IT splits along a clean line: there is the office, and there is the shop floor. They do not have the same problems, they do not run on the same operating systems, and they should not run on the same network. Below is the work, written for owners and shop-floor managers, not for procurement decks.
24/7 monitoring, helpdesk, patching, and a real engineer who answers the phone when the controller stops talking to the network mid-shift. Coverage is shaped around shop hours, not nine-to-five tickets.
Learn moreDedicated OT VLANs, explicit allow rules at the boundary, no broad SMB or RDP across the line, and monitoring on both sides. The goal is straightforward: a compromise on the shop floor stays on the shop floor, and a compromise in the office never reaches a controller.
Learn moreNetSuite, Epicor, IQMS/DELMIAworks, ProShop, Global Shop, JobBoss, Fishbowl, SolidWorks PDM, Autodesk Vault. We do not resell them. We run the infrastructure, backups, integrations, and the network plumbing that keeps office and floor in sync.
Learn moreIndustrial Ethernet, ruggedized cabling, wifi designed for handhelds and barcode scanners in metal-lined buildings, redundant uplinks. Networks that survive a contractor unplugging the wrong switch and a forklift running over a conduit.
Learn moreFor shops bidding on defense subcontracts. NIST SP 800-171 controls, System Security Plan and POA&M, evidence collection, and assessment readiness for Levels 1 through 3. A DoD-cleared engineer who has built the documentation that survives a real review.
Learn morePDM hubs with replicated read caches at satellite sites, version control that actually works, locked-down access for ITAR or EAR-controlled designs, and large-file workflows that do not choke a 100 Mbps uplink during a release.
Learn moreA small machine shop can be inside four or five overlapping compliance programs at once: defense supply chain, export controls, quality management, payment card handling, and OT-side security guidance. We are not auditors, but we run the IT for every one of these every day.
If you sell into the DoD as a prime or a subcontractor, CMMC is now the gate. Level 1 covers basic safeguarding of FCI. Level 2 is the heavier work: 110 controls aligned to NIST SP 800-171, a written System Security Plan, an active POA&M, and either self-assessment or third-party C3PAO assessment depending on the contract value. We build the program, deploy the controls, and produce the artifacts that pass review.
If your shop handles defense articles, dual-use items, or technical data under the ITAR or EAR, every CAD file, drawing, and email containing technical data has to live behind controls that prevent foreign-person access. We architect the storage, identity, and email systems so a U.S.-only access policy is enforceable, not aspirational, and we keep the audit trail an export compliance officer expects to find.
Document control, training records, supplier records, nonconformance tracking, internal audit logs. The IT side of ISO 9001 is making sure the right people can find the right document version, the wrong people cannot edit it, and the trail survives an external surveillance audit. We have run those systems on SharePoint, Greenlight Guru, MasterControl, and home-grown setups; we know what the auditors actually look at.
If you take credit card payments directly (web orders, phone orders, in-person terminals at a will-call counter), PCI-DSS applies. The smart move is usually to design the environment so card data never touches your systems at all, but where it must, we lock down the segments, the access, and the logging to keep the merchant account healthy and the assessor satisfied.
The federal guidance for industrial control system security. Most small shops do not need to formally conform to 800-82, but the practices in it (network segmentation, control-system inventory, change management, monitored remote access for vendors) are what we deploy by default. The OT side of a manufacturing operation is the most likely target and the slowest to recover. We design for that asymmetry.
A DoD-cleared engineering background brings the documentation and audit discipline these programs actually require. The same controls that pass a federal contracting audit pass a CMMC assessment, an ITAR record review, an ISO surveillance audit, and a customer-driven supplier qualification, with the paper trail intact.
Four anonymized examples from real client work at Central Coast and South Bay shops. Names, locations, and machine types are removed; the patterns are exactly what we run into.
A small shop had a CNC controller running an unsupported Windows version sitting on the same flat network as the office. A phishing click in accounting led to lateral movement and an encryption attempt that took the controller offline mid-job. We rebuilt the affected machines, isolated every controller into a dedicated OT VLAN with a hardware firewall at the boundary, locked outbound traffic to a short allowlist, and put monitoring on the segment. The controller still runs the old OS; the blast radius is now a single port.
An engineering team's CAD/PDM server died three days before a major release deliverable. The most recent backup was two weeks old because the backup target had been silently full for a month. Recovery would have meant losing every check-in since. We extracted what we could from the failed disks, restored partial work, and put together an emergency PDM rebuild that hit the deadline by 30 minutes. We then redesigned the backup chain with monitored health checks, immutable off-account snapshots, and an alert that fires before the silent failure can ever happen again.
A growing fabricator was running its receiving and inventory cycle on handhelds, but the wifi had been deployed three years earlier without an RF survey of the steel-roofed building. Half the floor had dead spots. Crews were falling back to paper, then keying data in at end of shift, which broke the inventory. We ran a proper site survey, repositioned access points, added a second SSID isolated from the office network for the handhelds, and built a monitoring view that shows the dead spots before they become a worker complaint.
An offboarding mid-year missed the VPN profile and the PLM account for a departing engineer. Three months later a log review showed downloads of two project folders from an unfamiliar IP. We rotated credentials, audited recent PLM access across the company, and rebuilt the offboarding checklist around a single role-state in payroll: when payroll says exit, scripted automation revokes VPN, PLM, email, SSO, and badge access in the same minute. The audit found no evidence the engineer's downloads had landed at a competitor, but the door is now closed.
"Ulises and Ghosxt have been our IT for years. Response is fast, the work is documented, and the security side has come a long way from where we started. When something on the shop floor goes sideways, he is the first call and almost always the last one."
Manufacturing client, multi-year Ghosxt partner
If you have run a shop for any length of time, none of these are new. If you are the office manager or the controller who inherited the IT side, this is the short version.
Our home base is Salinas. We work with manufacturers across the Central Coast, the South Bay, and inland into San Benito County. On-site response is fast because most of our shops are within an hour of us.
If you run a shop, you probably also run trucks for finished goods, and you may have food-side processes if you make food or beverage equipment. Two related pages worth a read.
30 minutes with a DoD-cleared engineer. Walk away with a clear picture of where your IT and OT posture stand, plus a written punch list of what to fix first. No sales script, no obligation.
Book your free assessment