Skip to main content
Digital TransformationAI-Augmented DevelopmentCybersecurity

From Wix to Enterprise — In 48 Hours

How ThinkOpen rebuilt its entire digital presence and created a custom support platform using AI-augmented engineering

April 2026

The Problem

Why We Had to Move

ThinkOpen is a cybersecurity firm that serves regulated industries and SMBs with security audits, managed IT, and AI-driven solutions. But our own digital infrastructure didn't reflect that caliber.

We were running on Wix — a single-page landing site with no subpages, no client portal, no service pages, and no multilingual support. Our ticketing system was HelpSpot — functional but limited: no M365 SSO, no SLA tracking, no auto-assignment, no internal notes.

As a security company advising clients to take control of their data and infrastructure, having our own critical business tools on third-party platforms with no control over security posture was the definition of the "Security Guesswork Trap" — the exact problem we solve for our clients.

We were telling clients to own their security while renting ours from platforms we couldn't audit, couldn't customize, and couldn't secure to our standards.

The Decision

Build vs Buy vs Stay

OptionCostTimelineSecurityControl
Wix + HelpSpot$1,300/yrInstantLowNone
WordPress + Zendesk$5K + $575/mo4 – 6 weeksMediumPartial
Squarespace + Freshdesk$2K + $245/mo2 – 4 weeksLowMinimal
Build Custom (AI)~$3,0002 daysMaximumFull

Phase 1 — Day 1

The Website Rebuild

In a single 8-hour session, we replaced the Wix landing page with a full-scale enterprise website:

  • 22 marketing pages — Services hub with 6 sub-pages, Solutions, About, Contact, Resources
  • Full bilingual support — English + Spanish with 846 translation keys per language
  • Apple-palette design system — frosted glass navigation, semantic color tokens, responsive layouts
  • Client portal — NextAuth magic link authentication, no passwords to manage
  • Security findings dashboard — severity scoring, remediation tracking, evidence management
  • Report delivery system — HTML upload with SHA-256 hashing, time-limited signed URLs
  • Organization management — multi-org support with role-based access control
  • Deployed on Vercel — auto-SSL, edge network, zero-downtime deployments
22
Pages
846
i18n Keys
2
Languages
0
Downtime

Phase 2 — Day 2

The Custom Ticketing System

HelpSpot was replaced with a custom support portal at support.thinkopen.net — built in ~9 hours:

  • Microsoft Entra ID SSO — engineers sign in with their M365 credentials
  • Magic link authentication — clients sign in via email, no passwords
  • Domain-based auto-org linking — user@clientdomain.com auto-links to the correct organization
  • Atomic ticket numbering — YYYYMMDD-NNNNNN format, race-condition-safe
  • RBAC — Admin / Engineer / Viewer with scoped views per organization
  • Auto-assignment — routes tickets to the least-loaded engineer per org
  • SLA tracking — response + resolution time targets per priority level
  • Internal notes + internal file uploads — hidden from clients, builds knowledge base
  • Contact card — name, email, formatted phone, org tag
  • Daily digest email — 7am Pacific, personalized per engineer, SLA breach alerts
  • Satisfaction prompt — thumbs up/down on resolved tickets
  • Take Over workflow — engineer ticket transfer with full audit trail
  • Reporting — org stats, engineer performance, resolution times by priority
  • Settings — editable SLA targets, organization tags, system status
13
DB Tables
15
Actions
5
Email Templates
8
Security Layers

Phase 3 — Day 3

Platform Hardening & Growth Features

With the core system live, we added operational features, mobile optimization, client engagement tools, and published our first case study:

  • Daily digest email — automated 7am Pacific delivery via Vercel Cron, personalized SLA breach alerts per engineer
  • Admin settings page — editable SLA targets, organization tag management, system status dashboard
  • Global ticket search — search by number, subject, org, or engineer with status filtering
  • Ticket satisfaction prompt — thumbs up/down on resolved tickets, feeds into reporting
  • Mobile responsive overhaul — touch device detection, dynamic viewport height, stacked layouts
  • Quo SMS chat widget — desktop form (name + phone + message) + mobile native SMS link
  • Chat widget i18n — fully bilingual EN/ES with locale toggle
  • First case study published — live at thinkopen.net/resources/case-studies
  • Supabase RLS hardening — deny-all policies on all 14 tables, function search path secured
  • Product strategy documented — pricing tiers, multi-tenant architecture, go-to-market sequence
1
Cron Jobs
70+
New i18n Keys
14
RLS Policies
1
Case Study Live

Security

Defense-in-Depth — 8 Layers

1
Vercel Edge
SSL/TLS termination, DDoS protection, CDN
2
Next.js Proxy
Subdomain routing, rate limiting
3
NextAuth v5
Session management, M365 SSO, magic link, CSRF
4
Application RBAC
Role hierarchy enforcement, org-scoped access gates
5
Zod Validation
Input sanitization, HTML stripping, type safety
6
Supabase RLS
Deny-all policies for anon/authenticated roles
7
Storage Security
Private buckets, signed URLs, MIME validation
8
Audit Trail
Immutable log, actor/action/timestamp, IP capture

The Transformation

Before vs After

Pre-transformation state

Before

  • Pages1
  • SSONone
  • SLANone
  • Live ChatNone
  • Audit LogNone
  • Cost$1,300/yr
  • Security Layers0
Now Live
Live today

After

  • Pages43
  • SSOM365 + Magic Link
  • SLABuilt-in + Daily Alerts
  • Live ChatQuo SMS
  • Audit LogImmutable
  • Cost$0 – $240/yr
  • Security Layers8 Layers

ROI Analysis

Cost Comparison

Traditional Agency

Outsourced build
$62K – $130K
First-year all-in
  • Website (22 pages + portal)$40K – $80K
  • Ticketing System$40K – $79K
  • Platform + Chat + Case Study$15K – $30K
  • Monthly Infrastructure$575 – $1,000/mo
Recommended

ThinkOpen

AI-Augmented
$4,615
First-year all-in
  • Website (22 pages + portal)$1,400
  • Ticketing System$1,575
  • Platform + Chat + Case Study$1,400
  • Monthly Infrastructure$0 – $20/mo

Your Savings

Delivered
93 – 96%
Versus outsourced
  • Website (22 pages + portal)96 – 98%
  • Ticketing System96 – 98%
  • Platform + Chat + Case Study91 – 95%
  • Monthly Infrastructure97 – 100%

* Figures reflect ThinkOpen's internal build using AI-augmented engineering. Client engagements are scoped individually based on requirements, integrations, compliance needs, and infrastructure complexity. Contact us for a custom assessment and quote.

Technology

Stack

TechnologyVersionPurpose
Next.js16.2.2App Router, Server Components, Server Actions
React19.2.4UI rendering
TypeScript5.xType safety
Tailwind CSSv4Utility-first styling + design tokens
Drizzle ORM0.45.2Type-safe database queries
SupabasePostgreSQLDatabase + Storage + RLS
NextAuthv5 betaAuthentication framework
Microsoft Entra IDM365 SSO provider
Resendv6.10Transactional email
VercelDeployment + Edge + Cron
Zodv4.3Schema validation

The Approach

AI-Augmented Engineering

ThinkOpen uses AI as a force multiplier, not a replacement. Every architecture decision, security control, and feature specification is made by a human engineer. The AI handles implementation velocity.

This model enables what was previously impossible: enterprise-grade solutions at SMB-accessible pricing. A custom ticketing system with 8 security layers, M365 SSO, SLA tracking, and RBAC — delivered in one day instead of three months.

The moat isn't the code. The moat is ThinkOpen's security-first positioning + client relationships + the speed at which you can customize. No offshore shop can match that combination.

Security Standards

Framework-Aligned by Design

NIST CSF 2.0
Govern · Identify · Protect · Detect · Respond · Recover
CIS Controls v8
Implementation Groups IG1 / IG2 / IG3
MITRE ATT&CK
Threat modeling & TTP mapping

Ready to transform your digital infrastructure?

See what AI-augmented, security-first IT looks like for your business.

Get Your Free Assessment

424.437.8173 · info@thinkopen.net