The Day One Letter · Day One Field Notes · Vol. 01 No. 002

Exit security first: the TSA service to kill on Day One

Why cybersecurity is usually the first service a buyer should stand up standalone — and why most exit plans get the order exactly backwards.

Most TSA exit plans sequence by ease: kill the small, simple services first and save the hard ones for last. That instinct is wrong on one service in particular. Security should usually go first, not last.

Two reasons. First, control: as long as the seller runs your detection, identity, and endpoint protection, they hold the keys to your environment after they have sold the business. Every week of shared security is a week of shared blast radius. Second, leverage: security is a high-control, comparatively low-dependency service. You can stand it up without waiting for the ERP or the data migration to finish.

Common orderBuyer-side order
Exit cheap/simple services firstExit by control risk × monthly cost
Security last (it feels hard)Security first (highest control value)
ERP/data early (it feels urgent)ERP/data on their true dependency

On the representative nine-function estate in the TSA Exit Playbook, security exits in month 3 and NewCo shared ops in month 11 — the reverse of the intuitive order. The principle: sequence by what the seller still controls, not by what is easy to unplug.

The Day One Letter

Get the next issue in your inbox

One letter every two weeks. One tactic, one benchmark, one pattern. Short, signal heavy, buyer-side.

Subscribe free →