Acme Co.

What we found

Your db.m5.2xlarge runs at 4–8% CPU, 35% memory across 90 days. Connections peak at 47 of 1,000 available.

Why it matters

Right-sizing to db.t4g.large (Graviton/ARM) gives 2× headroom on every dimension while cutting cost.

Impact

$1,180/mo savings · $14,160/yr · 8-min reboot window.

What we found

i-0a1b2c3d4 (m5.large), i-0e5f6g7h8 (c5.xlarge), i-0i9j0k1l2 (r5.large) show <1% CPU and zero network egress since Feb 2026.

Why it matters

These look like leftover staging boxes from the Q1 platform migration. No traffic touches them.

Impact

$540/mo savings · $6,480/yr · zero risk.

What we found

100% on-demand pricing across compute and RDS. RI coverage on stable workloads = 0%.

Why it matters

Identified $84k/yr of compute that has run continuously for 18+ months — the textbook 1-yr no-upfront RI candidate.

Impact

$1,950/mo savings · $23,400/yr · zero technical risk, just a billing change.

What we found

2.4 TB of objects in 6 buckets last accessed 12+ months ago, still on Standard.

Why it matters

Lifecycle policies to Glacier Instant Retrieval keep millisecond access while cutting storage cost 68%.

Impact

$380/mo savings · $4,560/yr · zero application change.

What we found

14 log groups have no retention policy; 870 GB of logs retained indefinitely, growing 22 GB/mo.

Why it matters

Most log groups need 30–90 day retention for debugging and compliance.

Impact

$150/mo savings · $1,800/yr.

What we found

Your primary database accepts connections from 0.0.0.0/0 on port 5432. Master username is the default 'postgres'.

Why it matters

A misconfigured security group is the #1 cause of database breaches in startups. This one is one nmap away from being in someone's leak DB.

Impact

Move RDS into a private subnet, route the API through a NAT or VPC endpoint. ~4 hours of work. Eliminates the largest single-point-of-failure in your stack.

What we found

2 of 4 services run Node 14, which stopped receiving security patches 3 years ago. 11 known unpatched CVEs apply to your dependency tree.

Why it matters

Each month on EOL Node compounds risk. The newest Node 14 patch is from 2023; nothing new lands.

Impact

Migrate to Node 20 LTS. With your code surface, the lift is ~2–3 days. Compliance auditors flag EOL runtimes as a hard fail.

What we found

STRIPE_SECRET_KEY, AWS_SECRET_ACCESS_KEY, and SENDGRID_API_KEY are committed to your sharemeister-crm-api manifest in plaintext.

Why it matters

Anyone with read access to the cluster — including ex-employees with stale kubeconfigs — can read these. They're also in your git history.

Impact

Move to AWS Secrets Manager + K8s External Secrets Operator. ~6 hours. Rotate all three keys after migration.

What we found

The root account has been used 3× in the last 90 days for billing changes, with no MFA device attached.

Why it matters

Root compromise = total cloud takeover. AWS treats this as the single highest-priority security finding.

Impact

Attach a hardware key (YubiKey ~$50) to root, lock the credentials in a safe, do everything else as IAM users. 15 minutes.

What we found

Of 14 human IAM users, 9 haven't logged in since January. 6 have admin policies attached.

Why it matters

Stale admin accounts are the second most common breach vector after exposed databases.

Impact

Disable the 9 unused users. Move active users to SSO via AWS IAM Identity Center. ~2 hours.

What we found

Your leads exist in three places: HubSpot contacts, Mailchimp subscribers, and Stripe customers. No single source of truth. Sales reps manually reconcile before every call.

Why it matters

A unified customer record with automated sync eliminates the reconciliation step and surfaces purchase history, open emails, and last activity in one view.

Impact

~8 hrs/week saved across the sales team. ~$18k/yr in reclaimed labour. Eliminates ~12% of deals lost to stale contact data.

What we found

New customer onboarding requires 6 manual steps across 3 people: welcome email, account setup, Slack invite, billing confirmation, kickoff scheduling, and doc access.

Why it matters

All 6 steps can be triggered automatically off a single Stripe webhook. Zero human involvement for 80% of standard signups.

Impact

~15 hrs/week returned to the team. Eliminates the 3-day average delay between payment and first-touch.

What we found

Weekly revenue and usage reports are manually assembled in Google Sheets every Monday. Data pulled from 4 sources by hand.

Why it matters

A single reporting view pulling from your Postgres database replaces the assembly process entirely and runs in real time.

Impact

~8 hrs/week saved. Report latency drops from 48 hrs to live.

What we found

Users who sign up for a free trial receive one welcome email and nothing else. 58% never return after day 3.

Why it matters

A 5-step email sequence over 14 days — timed to usage signals, not just calendar days — is the industry standard recovery mechanism.

Impact

+6% cohort recovery at current volume = ~$41k/yr. ~2 days to build.

What we found

All 22,000 contacts receive the same broadcast email. No segments by plan, usage, industry, or lifecycle stage.

Why it matters

Segmenting by at minimum: trial vs. paid vs. churned, and by plan tier, lifts open rates 2–3× and conversion 40–60%.

Impact

Conservative +$43k/yr revenue lift from improved conversion. No additional list growth required.

What we found

Every demo request and contact form submission lands in the same queue regardless of company size, plan interest, or engagement signals.

Why it matters

Basic lead scoring on firmographic data (company size, domain) and behavioural signals (pages visited, emails opened) lets sales prioritise the top 20% that close at 3× the rate.

Impact

~30% increase in sales efficiency. Estimated +$84k first-year revenue uplift at current close rates.

What we found

There is no uptime monitor, error rate alert, or on-call rotation. The last three production incidents were reported by customers via support chat, not by internal tooling.

Why it matters

A $95/mo Grafana Cloud setup with a 5-minute Slack alert on error rate + uptime would have caught all three incidents within 2 minutes instead of 45.

Impact

~45-min average detection-to-alert improvement. Eliminates customer-reported downtime as the primary detection path.

What we found

You have 14 active SaaS subscriptions. Based on seat counts and plan tiers, 6 of them are priced for teams 4× your current headcount.

Why it matters

Downsizing to headcount-appropriate plans — or consolidating where overlapping tools exist — cuts SaaS spend significantly without losing capability.

Impact

Estimated $28,800/yr in unnecessary seat costs based on your current tool list.

What we found

Engineering runbooks, deployment procedures, and API credentials exist only in Slack threads and individual memory. Three key processes have no written record.

Why it matters

A lightweight internal wiki (Notion or a self-hosted Outline) with 3 core runbooks eliminates bus-factor risk and cuts new-hire ramp time.

Impact

~2 days to document. Estimated 3-week reduction in new engineer ramp time per hire.

What we found

Your purchase funnel is Cart → Account → Address → Payment → Confirm. Industry benchmark for SaaS-style purchases: 2 steps.

Why it matters

Stripe Checkout (which you already use elsewhere) handles all 4 steps in one hosted page with Apple Pay/Link prefill.

Impact

Conservative 18% conversion lift on $1.1M ARR-pace funnel = +$198k/yr. ~3 days of work.

What we found

42% of free-trial signups never complete onboarding. Zero touches go to that 42% after day-1.

Why it matters

A 3-email sequence over 14 days at industry-median open/conversion would recover ~6% of that cohort.

Impact

Estimated +$3.4k MRR / +$41k/yr. ~2 days of work + 30 min/wk to maintain.

What we found

Cumulative Layout Shift on mobile is 3× the 'good' threshold. Hero image arrives last and pushes everything down.

Why it matters

Google Search Console shows organic mobile CTR is 28% below desktop — the layout shift is correlated with above-the-fold abandonment.

Impact

Set image width/height attributes + preload hero. ~2 hours. Industry data suggests +1–3% organic conversion.