The managed IT and security shop built, by ex-Microsoft engineers, for the businesses too small to hire a CISO.
Redmond, Washington. A navy-blue mark on a white square, sitting nine miles from the Microsoft campus whose cloud it defends. The whole company fits inside one email attachment and 500-plus contracts.
Here is a thing that is true and slightly annoying: almost every small business in America runs on Microsoft 365, and almost none of them have anyone whose actual job is to keep it from getting hacked. This is a gap. Gaps in security are, from the point of view of the person exploiting them, opportunities. From the point of view of the person running a 30-employee dental practice, they are the reason you wake up at 3 a.m.
BEMO exists in that gap. It is a managed IT and security provider in Redmond, Washington, which is to say it sits about nine miles from the Microsoft campus and builds its entire business on top of the Microsoft security stack. That is either a very clever place to build a company or a slightly nervous one, depending on how you feel about depending on a $3-trillion landlord. BEMO seems to feel fine about it. Microsoft, for its part, gave BEMO a $500,000 interest-free loan, which is the corporate equivalent of a landlord slipping you the rent money.
The pitch is unglamorous, which is the point. Small and mid-sized businesses - roughly 10 to 500 employees - need cybersecurity, and they increasingly need compliance: SOC 2 so they can sell to bigger customers, HIPAA if they touch health data, CMMC if they want to bid on defense contracts. Each of these is an alphabet-soup ordeal involving auditors, questionnaires, and a great deal of documentation nobody enjoys producing. BEMO does the ordeal for you, on a monthly subscription, and hands you the certificate at the end.
The genius, to the extent there is one, is that anxiety recurs. A SOC 2 report expires. CMMC keeps adding levels. AI showed up at work and now there is an ISO standard for governing that, too. The compliance treadmill never stops, and a company that runs alongside you on it forever is a company with very durable revenue. BEMO has made the Inc. 5000 four years in a row, which is the kind of quiet compounding that boring problems reliably produce.
BEMO was founded in 2010 by two people who knew the platform from the inside, then walked out to serve everyone using it who couldn't afford to understand it.
Spent roughly 17 years at Microsoft across multiple divisions and product teams before starting BEMO. His diagnosis was simple: the SMB market had enterprise-grade tools and hobbyist-grade security, and nobody was packaging the two together for operators. He now runs the company and, tidily, also serves as its Chief Information Security Officer.
Brings more than 25 years in regulatory compliance and has built compliance programs across a range of companies. If Lecoq is the security half of the thesis, Lachance is the compliance half - the person who turns a terrifying audit checklist into something a small business can actually finish.
BEMO packages its work into four lanes, then tiers them so a small clinic and a defense subcontractor can buy from the same menu.
Audit-ready programs for SOC 2, ISO 27001, CMMC Levels 1 & 2, NIST 800-171, and AI compliance (ISO 42001) - coordinated with GRC platforms and third-party auditors so you finish, not just start.
Three tiers on the Microsoft security stack: Silver for fundamental protection, Diamond for a Zero Trust foundation, Platinum for compliance-readiness. Threat detection and monitoring included.
Shadow AI monitoring and Microsoft Copilot security, because employees started using generative AI whether or not IT approved it, and someone has to govern that new door.
Managed helpdesk, managed Azure, Microsoft 365 migrations, and device management and procurement - the unglamorous plumbing that keeps a small team running.
In May 2022 BEMO closed a $3 million seed round to turn its services into software - and got a rare vote of confidence from the platform it builds on.
| Round | Amount | Date | Lead / Backers |
|---|---|---|---|
| Seed | $3.0M | May 2022 | Gula Tech Adventures (lead), Revolution's Rise of the Rest, SaaS Venture Capital, Pleiade Venture |
| Microsoft loan | $500K | May 2022 | Microsoft (0% interest) |
Bruno Lecoq and Joel Lachance, both ex-Microsoft, found BEMO to secure SMBs on the Microsoft cloud.
Closes a $3M seed round led by Gula Tech Adventures, plus a $500K interest-free loan from Microsoft.
Wins Microsoft US Partner of the Year in the Social Impact and Community Response category.
Achieves SOC 2 Type 2 compliance; sets targets for ISO 27001 and CMMC 2.0 Level 2.
Named to the Inc. 5000 four consecutive years (No. 1430, 1178, 1604, 2376).
Interviews, product walk-throughs, and the cybersecurity blog where the team argues about acronyms in public.
BEMO is a Redmond, Washington-based managed IT and security service provider built specifically for small and mid-sized businesses that run on Microsoft 365 and Azure. Founded in 2010 by ex-Microsoft veterans Bruno Lecoq and Joel Lachance, the fully remote company bundles cybersecurity, compliance (SOC 2, ISO 27001, CMMC, NIST 800-171), managed helpdesk, and AI/Copilot security into packaged tiers so 10-to-500-person organizations can meet audit requirements without hiring an in-house security team. BEMO is a repeat Microsoft US Partner of the Year and a four-time Inc. 5000 honoree.
Last updated: