Level 3 Tech Support for Businesses Without an IT Team

There's a category of business problem that most SMB owners don't have words for. It's not "the website is broken" (you can call your web designer). It's not "I need a new laptop" (you can call a generalist IT person). It's the deeper thing — the email that's silently going to spam in customers' inboxes, the server that randomly crashes at 3am, the integration that's been "almost working" for six months, the DNS configuration nobody fully understands, the cloud bill that's quietly tripled without anyone noticing why.

These aren't problems your designer can solve. They're not problems your office IT person can solve either, because they require knowledge that's not in their job description. They're Level 3 problems, and they're sitting in nearly every SMB I've ever worked with — usually being silently ignored because there's no clear category of person to call.

This pillar is for the business owner who has one of these problems but doesn't know what to ask for. By the end you'll have language for the issue, a framework for whether you should fix it yourself or hire help, and clear criteria for what "fixed" looks like.

What "Level 3" actually means

The IT industry has a tiering convention that's well-known internally and totally opaque to most business owners. Briefly:

Level 1 (L1): First-line help. "Have you tried turning it off and on again?" Password resets, basic account questions, "this app won't open." Usually solved by following a documented checklist. Ranges from in-house help desk to call center support.

Level 2 (L2): Diagnostic. The L1 checklist didn't solve it; an experienced person now investigates. "Why is this user's email forwarding broken?" "Why is the printer offline?" Requires real understanding of the systems but works inside known patterns.

Level 3 (L3): Deep diagnostic and architectural. The problem has crossed system boundaries or requires understanding of how things work below the documented surface. "Our email is being marked as spam by Gmail but not by Outlook — why, and how do we fix it?" "Our server's CPU usage spiked 8 hours ago and stayed there — what changed?" "We're migrating from one cloud to another without downtime — how?" Requires senior judgment, not just experience.

Most SMBs are well-covered for L1 (their software vendors handle it) and partially covered for L2 (a generalist IT person, an MSP). L3 is the gap. It's where the silent business problems live — issues that don't trigger an obvious help-ticket but quietly cost money over months.

The seven L3 problems SMBs hit every year

In rough order of how often I see them in the wild:

1. Email deliverability silently degrading

Your invoices go to customers' spam folders. Your sales emails don't arrive. Your password reset emails get marked as phishing. You don't know any of this is happening because customers don't tell you — they just stop responding.

Causes: missing or misconfigured SPF, DKIM, and DMARC records on your domain. A poorly-warmed-up sending domain. Reputation damage from past spam complaints. Sending from a shared IP that someone else has burned.

Fix difficulty: medium. Once you know what to check, the fix is technical but bounded. Without that knowledge, you can spend months treating symptoms (different email tools, different copy) without addressing the cause.

2. Server or cloud bill creeping upward

Your AWS or Google Cloud bill was $400/month two years ago. Now it's $1,800/month. Nobody can explain why. Each individual service "looks normal." But the total has tripled.

Causes: orphaned resources (old servers, unused load balancers, unattached storage volumes still incurring charges). Logs and snapshots accumulating without retention policies. Auto-scaling that scaled up but never scaled back down. New services added but old ones never decommissioned.

Fix difficulty: medium. The investigation is straightforward for someone who knows where to look; finding the same answers without that knowledge is multi-day forensic work.

3. Domain expiry / DNS misconfiguration

Your website goes down because a domain expired. Or because a DNS record was changed and nobody remembered why. Or because the SSL certificate auto-renewal failed and nobody noticed for 6 hours.

Causes: domain registrar account belongs to someone who's left the company. SSL certs not on auto-renewal. DNS records changed without documentation. No monitoring alerting on expiry.

Fix difficulty: low to medium, depending on whether you have access to the right accounts. The fix is fast; the prevention requires setting up monitoring you probably don't have.

4. Backup that doesn't actually work

Your backup runs every night. The status emails say "backup successful." When you actually need the backup — because someone deleted a critical file, or the database got corrupted — the backup is unusable.

Causes: backup configured but never tested. Backing up the wrong things. Backing up to a location you no longer have access to. Backups completing successfully at the file system level but missing the actual data because the application was running during the backup.

Fix difficulty: low to medium. The fix is mostly procedural — backups need to be tested as part of normal operations, not just configured once and forgotten.

5. Integration that's "almost working"

You connect Quickbooks to Shopify and 95% of orders sync correctly. The other 5% fail silently. Over six months, that's hundreds of missing entries that finance has to manually reconcile.

Causes: integration vendor's edge case handling is poor. API changes that nobody notices. Webhook delivery failures with no retry. Data format mismatches that the integration handles "successfully" but produces wrong values.

Fix difficulty: medium to high. Diagnosing the failure pattern requires knowing the integration's internals, which the vendor often won't share.

6. Server randomly slow or unreachable

Your application is fine for hours, then becomes unusable for 20 minutes, then is fine again. Customers complain occasionally. Your developer says "it works for me."

Causes: noisy neighbour on shared hosting. Database query plans changing as tables grow. Memory leaks slowly consuming the server. External API rate limits hit unpredictably. CDN cache invalidation cascading.

Fix difficulty: medium to high. The "intermittent" nature of these problems makes them hard to debug — you can't reproduce them on demand.

7. Migration that needs to happen but nobody can plan it

You're moving from Shopify to a custom build. Or from one hosting provider to another. Or consolidating three Google Workspace tenants into one. The work is conceptually clear but the sequence — what depends on what, what can be done in advance, what causes downtime — is opaque.

Causes: complexity of dependencies. Lack of documentation about current state. No internal expertise on the destination platform. Risk-aversion that delays planning indefinitely.

Fix difficulty: high. Migration planning is genuinely hard work that benefits from someone who's done it before. The same migration done well takes weeks; done badly takes months and can cost customer trust.

When you can fix it yourself

Some of these problems are bounded enough that a non-technical owner can fix them. Specifically:

• Domain and SSL renewals: anyone can set up auto-renewal and monitoring. 30 minutes of work, prevents most domain-related disasters.
• Backup verification: anyone can test that a backup actually works by attempting a restore once a quarter. The discipline is the hard part, not the technical work.
• Basic email deliverability checks: tools like MXToolbox and Mail-Tester will tell you if SPF/DKIM/DMARC are configured. If they aren't, your email vendor has documentation for setting them up.
• Cloud bill review: AWS Cost Explorer and Google Cloud's billing dashboard show what's costing money. You can identify the top cost items even without deep AWS knowledge.
• My free tool: SEOCheck catches basic technical issues on your website — broken canonicals, missing meta tags, server errors. Useful as a regular health check.

For these, the right move is to set aside half a day per quarter to do the maintenance. You'll catch most problems before they become crises.

When you need L3 help

The problems that genuinely need someone with deep expertise:

• Email deliverability that's not solved by SPF/DKIM/DMARC alone. If those are configured and email still goes to spam, the problem is reputation, sending patterns, or content — and diagnosing it requires real expertise.
• Cloud cost optimisation beyond the obvious. Reserved instances, savings plans, architectural changes that lower costs. The 30% savings you can get from this is well beyond what a non-technical owner can identify.
• Server performance issues. Diagnosing why an application is slow requires knowing the application's architecture and the server's stack.
• Migrations of any non-trivial size. Don't try to plan a migration without expertise. The cost of a botched migration is much higher than the cost of getting help.
• Anything compliance-adjacent. SOC 2, HIPAA, PCI, GDPR. These require expertise you don't have time to develop.
• Integration debugging. The intermittent integration failure that's been going on for months — that's L3 work.

If you have a problem that's been "ongoing" for more than 3 months without resolution, you've found L3 work. The fact that it's lasted that long without being solved means it's not a problem your current resources can handle.

How to hire L3 help

Three categories of provider, each with different math:

Category 1: Managed Service Provider (MSP)

A traditional IT firm that handles your "everything" — desktops, networking, email, sometimes cloud. Most SMBs default to this if they hire IT help.

Pros: covers a wide range of routine problems. Has someone you can call. Typically priced as a per-user monthly fee.

Cons: most MSPs are competent at L1 and L2 but stretched thin at L3. The L3 problems often get escalated to a partner or specialist anyway, with the MSP adding markup. Their incentive is to spread their time across many small clients, not to dive deep on one.

When this is right: you have routine IT needs across desktops, email, basic infrastructure. The MSP handles 80% of what you need, you accept that L3 work might require a separate specialist.

Category 2: Specialist consultant

Someone who works specifically on the kind of problem you have. Cloud architect for cloud problems. Email deliverability specialist for email problems. Migration specialist for migrations.

Pros: deep expertise on the specific problem. Can solve things in hours that an MSP would spend days on (or fail to solve at all). Pricing is high per-hour but typically lower total cost.

Cons: hard to find. You need to know what kind of specialist you need before hiring. The matching problem is real.

When this is right: you have a clearly-identified L3 problem and you need it solved.

Category 3: Generalist L3 consultant (this is where I work)

Someone who handles a range of L3 problems — cloud, email, migration, performance — without being a deep specialist in any one. Trades depth for breadth and availability.

Pros: one person to call for most L3 work. No matching problem; you get to know them and they get to know your stack. Reasonable hourly rates because they're not specialised.

Cons: not the right person for genuinely deep specialist work (e.g. a complex SOC 2 audit). Will tell you when to bring in a specialist.

When this is right: you have ongoing L3 work that's varied in shape, you want a relationship rather than a one-off engagement, and you don't have problems specialised enough to need true experts.

This is what I do. The Lead Steer monthly retainer is the most common shape — $500/month for 10 hours of mixed dev / L3 tech / EA work. Most of my retainer clients use 3–5 of those hours on L3 tech work in a typical month, with the rest on dev or operational work.

The "should I migrate to a different platform" question

The single most common L3 question I get isn't a problem to fix — it's a strategic call: "Should we migrate from X to Y?" Common variants:

• "Should we move from shared hosting to a VPS / cloud?"
• "Should we migrate from Shopify to a custom-build?"
• "Should we move from G Suite to Microsoft 365 (or vice versa)?"
• "Should we consolidate our 3 Google accounts into one?"
• "Should we leave AWS for DigitalOcean to save money?"

The honest answer is almost always "less often than you think." Migrations are expensive, risky, and time-consuming. The savings or improvements you're imagining usually look smaller after the migration than they did before.

When migration is the right call:

• The current platform is causing direct customer-facing problems (slow loading, frequent outages, deliverability issues) and the platform's vendor can't fix them.
• The cost is dramatically higher than alternatives AND you've already done the obvious optimisations.
• You're outgrowing the platform's architecture (Bubble at 10,000 users, shared hosting at high traffic, etc).
• A regulatory or compliance requirement specifically mandates a different platform.

When migration is not the right call:

• "Everyone says we should be on AWS" — that's fashion, not a business case.
• "It would feel more professional" — not worth the cost.
• "I read that <competitor> migrated and it worked for them" — they might have had different reasons.
• "We could probably save 20% on hosting" — yes, you could, and you'll pay 5x that in migration cost.

How to set up monitoring you don't have

Most L3 disasters are detected late because nobody set up monitoring. The minimum any SMB should have:

• Uptime monitoring: UptimeRobot or similar pings your website every 5 minutes and emails you if it's down. Free tier is enough.
• Domain and SSL expiry monitoring: Let's Monitor or similar alerts you 30 days before any domain or cert expires.
• Email deliverability monitoring: a monthly review of your DMARC reports (most email providers can send these). Tools like Postmark's DMARC reporting make this readable.
• Cloud cost monitoring: budget alerts in your AWS or Google Cloud account that email you when monthly spend exceeds X. Set the threshold 20% above your normal monthly spend.
• Backup monitoring: a monthly automated check that backups are restorable. Most backup vendors offer this; nobody enables it.

Total cost: $0–$50/month for all of this. Total time to set up: half a day. Total prevention value: thousands per year in problems caught early.

What good L3 work looks like in practice

A specific example from a client engagement, anonymised:

A small e-commerce store on Shopify, doing ~$1.5M/year. Their challenges, all surfacing within a 6-month window:

• Site occasionally slow during peak traffic (10–15 minutes of poor performance per day)
• Order confirmation emails increasingly going to spam
• Reviews app conflicting with their loyalty app, occasionally missing data
• AWS bill (for ancillary services) up 40% over 12 months with no clear reason
• A developer they had hired and parted ways with had set up the AWS account in his name; they didn't have admin access

Engagement: 3 months on the Lead Steer retainer, about 12 hours/month on average. Outcomes:

• Performance issue diagnosed: a Shopify app firing 200 requests per page load. Replaced with a different app; performance issue gone.
• Email deliverability fixed: SPF, DKIM, and DMARC configured properly. New from-domain warmed up over 4 weeks. Spam folder problem resolved.
• App conflict diagnosed: a webhook race condition. Worked around with a small middleware service on Cloudflare Workers.
• AWS bill reduced 35%: identified orphaned resources, set retention policies on logs, removed an over-provisioned database.
• AWS account ownership transferred to client, with proper team-account structure and password manager integration.

Total cost: $1,500 across 3 months. Annual savings: ~$8k AWS + lost-customer revenue from spam emails reaching inboxes again. ROI: clear within the first month.

This is what L3 work looks like when it's working. Specific problems, specific fixes, measurable outcomes, and a relationship that pays off in compound ways over time.

What to do next

If you have an L3 problem and you're not sure where to start, the first call is free, 30 minutes, no PowerPoint. Bring whatever's on fire and I'll tell you whether I can help, who else might be a better fit, or whether you can fix it yourself.

The relevant service pages:

• L3 Tech for Shopify Plus — for Shopify-specific L3 work
• Lead Steer Monthly Retainer — for ongoing mixed L3 / dev / EA work
• WordPress to Custom Stack Migration — for one specific kind of migration

The supporting articles for this pillar are publishing through the next batch of work — each takes one of the seven common L3 problems and goes deep on it.

Send a request →

---

This is the pillar guide for the L3 Tech topic cluster. The related pillars are Offshore Hiring for Western SMBs for hiring guidance and Full-Stack Development for Solo Founders for software-build guidance.