How Quantum Health Saved over $700K (11x ROI) in Security Spend and Boosted Board Confidence with NetSPI Detective Controls Testing
Michael Morabito
+
Quantum Health is a leader in consumer healthcare navigation and care coordination
The Challenge
At Quantum Health, Information Security Officer Michael Morabito faced a critical challenge. With rising cybersecurity costs and an expanding set of tools, leadership and investors wanted proof these investments were worth it. Michael was tasked with defending a significant budget without the data or certainty to validate its impact. Traditional penetration tests repeatedly identified vulnerabilities but never answered one question that the leadership team was asking: were these costly controls actually protecting the business? This left Quantum Health facing mounting pressure, investing heavily in technology without the confidence or evidence to demonstrate meaningful ROI.
The Solution
To address this, NetSPI recommended Detective Controls Testing: A comprehensive approach designed to validate the effectiveness of security controls, tools and processes against real-world attack behaviors. This solution provided Quantum Health with a transparent and systematic evaluation of their cybersecurity controls. By blending AI-enabled technology with expert-driven attack simulations, the process revealed which tools could detect and respond to threats but also provided a clear assessment of their effectiveness, coverage, and detection speed. NetSPI identified that some advanced threat detection tools initially performed well but became less effective over time due to evolving attack techniques and configuration gaps. By comparing detection coverage and response times, the testing highlighted the most effective solutions, enabling Quantum Health to optimize their security stack, prioritize high-performing tools, and significantly reduce unnecessary security spending.
-
Detective Controls Testing -
Healthcare -
2,000 – 3,000 -
Dublin, Ohio -
Quantum-Health.com
The Results
By simulating real-world ransomware attacks, NetSPI Detective Controls Testing also strengthened Quantum Health’s defenses, validating their ability to detect threats earlier in the cyber kill chain based on attack behaviors, not just indicators of compromise (IoCs), and preventing full-scale attacks. This allowed Quantum Health to pinpoint gaps, such as password spraying vulnerabilities in their member call center and misconfigured controls that weren’t functioning as intended. Our security engineers worked together to fine-tune these controls, ensuring they operate effectively and aligned with the organization’s security goals.
11x Return On Investment
Data-driven clarity empowered Quantum Health to eliminate unnecessary vendor contracts, leading to $400k annually in technology savings. Two senior engineers were also able to redirect their efforts, adding another $300k in value – totaling $700k in annual savings.
Michael Morabito, Information Security Officer at Quantum Health, gives advice to peers interested in NetSPI’s Detective Controls Testing:
“You can’t truly know how effective your control spend is until you’ve done Detective Controls Testing.”
-
“Once you run these tests, you will uncover controls you thought were working but are not. Even if you don’t fix anything, this test gives you the financial leverage to prove that your spending has value.”
-
Through this partnership, Quantum Health not only gained peace of mind but also unlocked measurable business value, proving that the right collaboration can turn security investments into strategic advantages.
wwwwwqqqqs
Data Sheet 
Simulation Packs 
Solution Web Page “One of the things I loved about NetSPI’s approach was that it was entirely open. There was constant communication via slack where teams were very communicative about what was being tested and when and ensured that everything worked. NetSPI Detective Control Testing allowed me to eliminate unnecessary spend, acquire discounts for insurers, and give my board confidence to continue to invest in us”
![]()
Dramatic Time Savings
“If I asked an engineer to tackle these improvements without NetSPI’s Detective Controls Testing Framework they would stumble for a year to achieve what we did in a week.” This accelerated timeline also ensured faster implementation of critical security improvements.
![]()
Operational Efficiencies
Immediate, collaborative remediation and transparent communication helped strengthen response processes, from ensuring working alarms to closing advanced attack paths.
![]()
Additional NetSPI Solutions
“AI/ML Testing has been fantastic. We’ve identified 4-5 major gaps in planning that we didn’t have controls around. That’s just the threat model phase, not even the testing phase.”
![]()
Board & Investor Confidence
Robust reporting earned trust at the board and investor levels. Michael said, “That confidence at the board and investor level enables us to move more decisively and ultimately pursue our mission faster.”
![]()
Stronger Security Posture
Quantum Health achieved measurable reductions in internal threat footprint and gained clear visibility to focus investment where it mattered most.
![]()
Insurance Discounts
Enhanced security documentation enabled Quantum Health to negotiate insurance discounts typically only offered to organizations purchasing expensive new tools.
Explore More Success Stories
How NetSPI Helped Microsoft Build Trust in AI Security with a Framework That Delivers Results
Principal Security Assurance Engineer
“NetSPI has demonstrated the ability to listen and adapt as needed to emerging business requirements. They have consistently invested in ways that ensure their effectiveness in delivering the outcomes we need.”
Everywhen Partners with NetSPI to Elevate TLPT Standards and Build Unparalleled Trust
CISO, Everywhen
“NetSPI Red Team consultant’s transparency, attention to detail, and commitment to building strong relationships make them feel like an integral part of your internal team, not just an external vendor.”
EAB Global improves attack surface security within 15 seconds using NetSPI Attack Surface Visibility Solutions
CISO, EAB Global
“NetSPI Attack Surface Visibility has saved EAB Global time, money, and helped us mature our program by helping answer questions faster and more accurately.”