Build, Buy or Partner – Taking advantage of theCybersecurity
In this video, industry experts delve into the challenges and strategies of managed service providers (MSPs) in navigating cybersecurity and growth through mergers and acquisitions. They discuss the importance of having a robust internal security program, how to effectively communicate security needs and budgets to clients, and the balance between building, buying, or partnering for security services. The conversation also touches on the evolving landscape of cyber insurance and the need for proactive client engagement in identifying and addressing security vulnerabilities.<ul><li>The webinar discussed the importance of cybersecurity and how MSPs (Managed Service Providers) need to adapt to the evolving threats by incorporating comprehensive security measures in their services.</li><li>There was a focus on the decision-making process of whether to build, buy, or partner when developing new security solutions, emphasizing the importance of having control over the security offerings.</li><li>The conversation highlighted the growing role of private equity in the MSP landscape, particularly how it influences mergers and acquisitions and the strategic growth of these companies.</li></ul>
Guests
Video Transcript
All right. We are live and we lost Ryan. He must be searching for his dog. Oh, he's back. Oh, booze. Oh, welcome everybody. And we are at episode 80 and, uh, happy Monday to all of you. We had a balmy 39 here in Tampa, Florida. So, um, I know it's not, you know, in the zeros and negatives like the Midwest, but man, for, for Tampa West, we got a little chilly.
We, we did, you know, these Tampa folk that have these parkas and earmuffs and scarfs, which I don't even know how you can like, officially own that in Tampa. They, they definitely broke it out for the hour. Uh, yeah, we're back up to like 59 now. So, just saying, did you Say, speaking of, did you say park parka? Because, because it sounded, it sounded a little bit like, you know, kind of Boston ish, didn't it, Mike? I did.
I I didn't, I didn't think we were be referring to parkas in Florida, but here we are. Well, when I'm, when I'm dictator, it'll be illegal in Florida. If you own a parka, you're out. Alright. I want my parka to go. I wanna not need my parka. Yeah, very, very true. Okay, so, um, Gary, um, I'm gonna do one announcement and it's right of boom 'cause we're almost sold out. And give us a boom, gar, um, Boom. So, hey, um, we, you and I were on a call the other day.
Can you just maybe give a, a preview to your session? 'cause I think it's gonna be honestly one of the best ones that we do, aside from Ryan's, of course. Uh, but, uh, I'm excited about your subject. Yeah. So we're gonna have two MSPs that have experienced, uh, widespread breaches, uh, in the past, uh, few years. Uh, and it's interesting 'cause there were different breaches, right? For different reasons.
And so you can take kind of that part out of it, but kind of what they went through, what they learned, I think it's gonna be good for people in a live session to feel some of the emotion, um, that'll move you right. Towards action. And then what's different about them and their companies and their relationship with their customers and their teams. Uh, it's gonna be awesome. Two awesome people, uh, that you're gonna meet in Robert and Eric. They're really great. Yeah. Fantastic.
Okay, let me set the stage here. First off, there is a poll, so if you could take a look at that, fill that out. Um, uh, VM by the way, is vulnerability management, if you want to know that acronym. Um, this is a really cool, um, cyber call. Uh, there's a lot of nostalgia here.
And, and the reason there's nostalgia is, um, so Thrive Networks is really one of the oldest and original MSPs dating all the way back to Gary when this, you know, really, really started getting going in the, you know, 2 0 3, 2 0 4 timeframe where we started to move from being VARs and system integrators into the term managed service providers. Um, two big acquisitions happened. Uh, oh six Thrive got acquired by Staples, and oh 6 0 7, your company got acquired by mindshift.
And those were the, that was the beginning, actually, the m and a. And gosh, it's, it's certainly heated up since then, 15, 16 years later. But Yeah, I mean, at that time there was mind shift and then there was, uh, thrive then. Um, and there was, um, at that time, they were all covered. Was all bases covered. But that pretty much was it. That's right, that's right. Um, so, you know, kind of looking at, you know, what happened, Michael, Mike, great.
Our guests who are, who are gonna introduce momentarily. Um, a lot has changed, um, over that 16 years, Mike, you know, going from being, you know, a roll up inside a massive company like Staples to being pulled back out with private equity now doing multiple acquisitions. But I think the big story today is, um, going from zero to a multimillion dollar managed security practice in about four years. And, you know, the, a lot of the question comes up is, do I build buyer, partner?
And you guys have a, you know, really interesting story on talking about that journey. Um, the other thing, and, you know, I'm just gonna put it out there to Ryan putting him on the spot, but you know, he, he's done a, a great job with Wes and some of these, you know, webinars we've done, Michael, where we look at, you know, um, a matrix. Um, and this matrix comes from Optiv and you know, about your capabilities.
So maybe Ryan will throw a little bit of that in there if it's, if it's applicable. Okay. Mike, take it away. Tell us a little bit about yourself. Welcome to the show, and, uh, please share, uh, a little about your background. Well, first of all, thanks everybody for having me here. This is, uh, this is super cool for me. A lot of the events I do, um, are more for customers.
So to, uh, sit here and talk to my brethren, uh, or, or, or whoever you wanna, uh, frame everyone that's here for the, the MSPs that are, that are here on the call, this is pretty exciting to me. Um, you know, as, as Andrew mentioned, I, I'm coming up on 15 years here at the original Thrive Networks. Um, you know, we now refer to ourselves just as Thrive, but it's hard to drop that networks part of thing.
Um, you know, I just mentioned very quickly, uh, I started out as network engineer two at Thrive. Um, and, uh, it's been quite a journey. Uh, you know, Andrew, you and I were talking before we started that, um, you know, people, we got acquired by Staples. A lot of people lost track of us. It was very exciting. Put a lot of news out there and just lost track of us. Um, there's a million reasons why that happened.
Um, you know, we had a couple other, um, at least one other transaction, but really starting back in 2015, did, did things start to solidify, became, uh, had a new private equity sponsor, mc partners, and, and things really took off like a rocket ship from there. Yeah. Very, very cool. Um, and, uh, you know, we're excited that you guys are gonna be at, at write up Boom as well. And I know your CEO's got a, you know, I've, I've listened to him.
It's gonna be exciting to have Rob here who's a real, you know, prolific leader, uh, in the space. So, Gary, um, you've got a little background, uh, with Thrive. Let me, uh, let you take it over, and I'm sure you'll kind of pepper in how that works. Yeah, well, the short story is, so when, when my first MSP in Philly got acquired by Mindshift, uh, a year later they asked me to run sales operation in Boston. And that was, uh, Thrive's location.
So, um, after the Staples acquisition, you know, they helped me make my quota up there, right? So they were in that mode where, uh, there was some confusion and, uh, I'm an opportunist, right? So we took some of those, uh, uh, some of those customers. Um, I go back a long way with Jim Lippy, who's now the CEO of SaaS alerts, where I'm an investor. So, yeah, it's a real small world. Um, but it's been interesting to see what Thrive has done in these recent years.
And I want, I wanna talk about this from a couple different perspectives, uh, with you, Mike. Um, one, I I wanna start with how you looked at yourself and your own security, right? First, then how it got to what you do with customers and different than a single owner. MSPs don't always see what I'm about to say in the same way, but they should. I, I'm on the board of a couple PE companies and my message to them is, we get this right or we, it's such a systemic threat as investors, right?
That we don't have a choice Yep, yep. To get this and to move this forward. So, I wanna try to get through some of that as organized, but just start with, 'cause you've been there so long, you as patient zero, right? Like you as securing your MSP and a complicated situation 'cause you have these acquisitions. Yeah. So maybe you can start there. Yeah. Um, you know, I can certainly run through the history of security to thrive. You know, it's, it's such an interesting story.
Um, you know, just starting internally, the thing that I have always looked at and, and even just not, not security, is the understanding that I don't know everything. And just admitting that I don't know everything. There's more to learn. There's always smart people we can bring onto the team that know things that we don't know. Um, you know, and that's really where I, I kind of began with a lot of, at least to your point, um, you know, securing thrive internally. Yeah.
I would hope that the MSPs that we're acquiring have, um, a very high level security. But it's a lot of, um, you know, treating it like you treat your customers trust, but verify. Right? So I'm assuming that these things are here. Can you show them to me? Um, I also try and, you know, just read the people's, uh, uh, body language the way they're talking to me. Do they, do they sound confident? It's really not unlike a lot of, um, sales opportunities in my eyes.
Granted, I'm on the engineering side, but, but obviously we're all in sales sooner or later. Yeah, absolutely. And so along that way, you start to go through this and what it takes to secure yourself. Now you're doing acquisitions, you have to do due diligence on all those, and then at some point you need to start to go outwards to say, what's our strategy with customers? And, and I think a lot of MSPs struggled with that. It's one thing when they're trying to secure themselves and that's hard.
But now they have to decide what's gonna be our strategy with customers, and how are we gonna get out there and, and, and do that. Yeah. I think that one thing I've seen over the years and, and I, and again, I've met a lot of MSP leaders, um, not only from, you know, someone who I'm interacting with as an external party, and now they come into the family, right? Because that's the most interesting part of all this.
I heard what you told me, I've known you for years, but when we actually dig into the covers, oh, this is how it works. Um, you know, one thing I do know for sure that I've seen with a lot of MSPs is they're actually pretty good at predicting the future, right? They have one customer that's asking for SOC two reports. They have another customer that wants SIM monitoring and wants you Mr. Ms. P to deliver it.
And, you know, you start to get this, you know, I just call like a, like a sixth sense that all of a sudden, this sim monitoring thing, you know, years ago, this is gonna be something. Um, you know, we can all predict trends in the MSP business. We just gotta trust ourselves and, and frankly, take a little bit of a risk to go after it. Yep. You know, um, for sure. Well, one, one more thing I wanted to ask you before about m and a. You talked, you touched on it.
So now you, you're going to buy a company, you're doing security as part of it, due diligence. Has there ever been, uh, a deal that came, like you were looking at and based on maybe some security risks and how they were set up with their customers, you felt differently about it? Well, every time, um, you know, it's not, uh, every time I look at one, it, it's with a very, um, obviously, uh, questioning eye.
But what I will tell you is, um, the ones that I, I have discovered that there are more issues is where, um, there was overconfidence, right? The people that came in and said, this is what I'm doing. I know I could be doing more. Because by the way, everybody can be doing more when it comes to security. Nobody has it nailed down. Um, the other thing I always looked for a very simple question, who in your company is responsible for security? Give me a name.
Uh, I'll tell you what, you don't want to hear everybody. Right? Right, right. Well, you know, and often they'll, they'll, they'll default to one person. Um, you know, the, the thing I love is the CEO says, the buck stops with me. I'm not the one clicking the buttons or looking at the logs. You know, if there's a failing insecurity, it's on me. Those are the ones that I, I think always have the best posture. That would be a good poll question, Andrew.
How many people have could answer that question? We have someone who is ultimately responsible for security. That might be a good It It is. But we gave away the answer. So now it's kind of jaded or judged or biased. Yeah. I think our audience is, they're here because we're honest that we're all working in the right direction.
We're not all gonna give the right, we, we often don't give the right answers, you know, to a lot of these may, Maybe you change it from, uh, you know, the answer you put on the piece of paper when you get asked to like the, the truth. Do you really have someone whose responsibility it is. Right. Alright. Now I wanna answer the most important things. Okay. Um, and the things that I'm really most concerned about with MSPs and, and, and, and the industry and people that we coach.
Tell me, like go back pre covid and tell me like for new customers what your average seat price is, and tell me what it is today. Oh boy. Well, which I already know because some of your customers that you acquired in Philly, they send me your proposals. Sure, Sure, sure. Well, you know, obviously we, we offer a lot of different services and, um, you know, I'll, I'll just, I'll just sort of slice them into two pieces.
Um, you know, if you're, um, doing security plus help desk, um, which obviously there's, there's plenty of that, uh, to go around. It's well up over, you know, a hundred dollars per user per month. Um, we do have, uh, you know, sort of a pure security bundle, um, which is more towards 25 to $35 per user per month.
Um, you know, we're trying to, we, we always sort of look at it as we're trying to wrap services around that end user to get them everything they need, as opposed to, let's make sure we have a firewall. Let's make sure we, um, you know, have other security services that might, um, secure Azure or AWS or something like that. Yeah.
I mean, what I've see is the co, the ones I've looked at, um, with the security bundle, um, and full managed service offering, they've all been in the 200 to 2 75 range. Yep. Yep. Uh, is what I've seen them, uh, end up at. And so Well blend it. You go to Yeah. Yeah.
When you go to existing customers and you know, you're gonna add stuff on, like you're adding on MDR, you're adding on soine, you know, and probably in that bundle, like you said, you're, you're, you need to move the seat price, you know, between 20 and 40 bucks. Um, how, and you have all these, uh, you know, different offices, how do you get that messaging so that it can get out to all those customers? Yeah. Um, and, and, you know, make it sound like, have it sound like why you're doing it.
It's for them. It's not a price increase. Well, um, you know, I would say obviously we've inherited a lot of, uh, businesses over the years. Um, there is one very challenging question that, that does come up. Um, and I actually think it's a great question. I, and I, and I, I tell our people that's an opportunity and that question that comes back from the customer, they say, but I thought you were already doing this. Mm-Hmm. Uh, which, which can be, which I love that. What's your answer?
So what I tell them is, first and foremost, we need to be crystal clear about what I'm doing and what I'm not doing. Mm-Hmm. But security, we can't, we can't have vagueness, right? So let's talk through that. Um, one of the big things that I tell them is, look, security, uh, threats are advancing every day. Security controls are advancing every day. When we sold you in 20 17, 20 16, these tools were not available to me. And also the threats that are out there, were not there.
Um, you know, as far as an actual technique when it comes to, well, geez, you're increasing my spend by 30%, something like this, you know, I, I always say, look, take a step back. What is your budget for security in your company? Not your IT budget, not your application development budget? What's your security budget? And if they say, I don't have one, okay. That's where the conversation needs to start.
Because, you know, just like you have, um, you know, obviously you fund accounting teams, you fund HR teams, security is its own team. The fact of the matter is, most of its outsourced these days. Mike, that's really good. Uh, what's your security budget? So yeah, that probably in an hour or so that'll be mine. But thanks. Well, I knew this would be productive. This call. Yeah, I'll use that. So let me tell you, like, uh, well, let me use a Thrive example, right?
So, um, one of the friends I've had, they were with both of my MSPs and now they're Thrive, um, called me and said, Hey, these Thrive guys came out and they wanna raise our price by 40%. I'm like, oh, that doesn't sound too good. And like, you know, send it over. Let me, you know, I'll take a look at it. And it was security. It was basically, for the most part, all security. And, you know, he said to me, well, you know, most of our stuff is on our core app.
You know, our that's in, it's in the cloud. And, you know, like we're we, worst case scenario, we have Datto. Uh, I, I, if, um, you know, if something really bad happens, we'll just restore, you know? And I'm was like, well, that's good. I'm like, you don't know how long they've been there. What if your backups are bad? What if they exfiltrated your data? Uh, uh, and we talked it through, I'm like, do you really care about another 1400 bucks a month?
Like in, in, in thinking about what your risk is with? And in five minutes they were like, fine with it, right? Mm-Hmm. But I mean, I think that's where we are. And that's a good way to describe it. Like, Hey, that was your IT budget. This is like your security, uh, budget. So, um, You know, Gary, if you are interested in an agent agreement, I'm, I'm sure we can work something out. I certainly appreciate that.
No, I mean, well, I Bumped into Rob and asked him if I could get commission on it, but I'm sure we can figure something out. Um, you know, I, I think what happens is underestimating, you know, when you say, well, I'll just restore from the cloud, you're, you're underestimating the impact that will actually have Yeah. You're underestimating what losing a day of business or two days business actually looks like.
Um, you know, and there's a lot of, I I always encourage people to make sure that, you know, you, you almost did a very, uh, informal tabletop, you know? Right. Okay. Let's think through this for a moment, and let's think about, you know, all, all the things that could happen when that incident actually does occur. You know, you're actually about to close one of your largest deals on that very day that you get, um, ransom, for example. Yeah. What does that cost to your business?
Usually these trade offs. Usually when, when you can walk through these things with people, the answer becomes very clear and very logical. Yep. So, um, Andrew, um, I, I don't wanna take up too much more time, and I know you wanna talk about some buy and, you know, build stuff.
Um, but I mean, the one message I wanna make sure, and this is a great example here with, with Thrive, but the number one thing I hear all the time is MSPs saying like, my customers don't want to pay an extra 500, 1,015, whatever, whatever it is. And you see, like companies like Thrive, they have no choice. Like, this is where they have to go. Um, and I'm watching in every market, big and small. I, I, I'm watching people just change the change what they're doing.
In other words, they're not increasing prices and selling people. They're explaining something that already exists that has nothing to do with me, that they have the best solution for. Thank goodness that we're here. And, and in that strong fashion, and you'll hear that really strongly, write a boom when you hear two people that have been through a breach and how different the conversations and how much better relationships they have with prospects than customers.
But that is what we're trying to preach here, that you can get there. And there's all of this, all this baggage that we carry from years past about expectations about what customers should pay. And most of it is us. A lot less of it is those customers. Yeah. Well, Gary, we'll, we'll hand it over to, uh, we, but as I do, I mean, you know, I've known you for as long as you know, like oh six, and it's been the same message.
You know, like when, at back then, when you were at, I think probably like 1 30, 1 40, whatever a seat way back then. And when you started True methods, everybody was, well, we could never get that in our market. And, um, you know, it, it's the same thematic. It's, but it, it, it always has to do with us and our belief in ourselves. Right? The difference then was you could choose to believe it or not believe, right. And you just wouldn't grow as fast and you wouldn't make as much money.
Now your business and your customer's business, you're putting them both at risk. Very different this time. We gotta get past this. Yeah. Right? And so hundred percent agree. And that's why there's companies, listen, having companies like Thrive and others that are in multiple markets that are doing it is, is really good for all the other MSPs. It benefits, it benefits us. Yeah. Don't disagree. My point simply is the belief in that it's, it's capable, it's possible. Absolutely. Yeah.
Still with our, you got, someone's gotta run the four minute mile, right? Someone's gotta be Roger Banister. Right. Alright, Wes, speaking of Roger Banister, um, take it away. Uh, is it bad that I don't know who Roger Banister is? Yes. Yes. For real. I'm gonna have to go Google this person. He's the first person to break the four minute mile. Yeah. And then after he broke it, you know, you, you'll read how many other people broke it in the next year.
It was a mid, So the back of my car needs to say 0.0. Yeah. So much I know about running. You've seen those bumper stickers at the best. Yeah. 0.0. Mike, thanks for joining. Um, uh, before I ask, I've got a, a couple questions I want to kind of touch in on that. I've asked others before, but, but a couple things I wanna zoom in from Gary's conversation.
One is, can you, can you talk a little bit more about m and a, because, you know, m and a has vastly changed the security and just the overall MSP landscape. You know, now you have these larger PE funded, private equity funded MSPs that actually have the budget to go and buy. And they're typically looking for those like, you know, two to $5 million a RRR MSPs.
They're looking for certain operational kinds of things, looking to get into new markets instead of trying to grow, you know, what we call de novo out of nowhere. Can you give us some, like, what do you think about that? Is this good for the industry and MSPs that are listening today that may feel overwhelmed by that? Or even the size and scale of outside money coming in to grow the channel through these large MSP empires? Is that good? Is that bad? Is it meaner for the industry?
What do you think? Um, I, I, I think it's great as far as protecting people from threats, right? So, so first and foremost, the more people are talking about it, uh, good, bad, indifferent, you know, that's ultimately gonna raise awareness, which is first and foremost just, you know, as a security practitioner, um, let's get the conversation going, uh, and, and, and talk about where we can improve.
Now, that being said, um, a lot of, um, the MSPs that I've run into, um, over the past six or seven years, um, certainly around m and a, a lot of 'em, security was, well, my customer started asking me about it, so I had to do it. You know, they didn't have a choice. It was very reactive.
Um, the, the things that are really interesting is, um, that risk their people took and said, you know what, uh, my, one of my best senior engineers wants to get off the desk and become a full-time security person. Um, not only, you know, prioritizing a move like that, building a dedicated security team, and by the way, you do not need to go full 24 by seven on day one, make a plan, see what you're can accomplish in six months.
Um, it's still pretty rare actually that we come upon, um, true security teams inside of MSPs. Um, it's, it's certainly growing. Um, and, you know, we're actually able to take, uh, a lot of those people who we acquire and, um, build them up. You know, maybe they had one or two. Okay, great. Well, they can join our soc, they can help us launch into new areas. Um, but yeah, I think I can kind of, what Gary was talking about earlier is you don't know until you try, right?
Your, your senior tech, uh, you know, these senior people, they get bored, they're engineers, they're gonna go look for other stuff anyway, why don't you put it in front of them before they go start looking. Yeah. Okay. That, that's good feedback. And, you know, we're seeing this, uh, effect across the industry and, you know, I've had so many conversations with MSPs about it, those that are in the m and a acquisition tear, and they're looking to buy, buy, buy, those that have been bought.
Uh, those that are seeing this from the outside, maybe they're newer in their growth mode. Um, and, and you know, we're, I, I'm, I'm always asking that question 'cause I'm really curious. Um, another question I wanted to zoom into as well. You and Gary talked a little bit about budgets, and I liked how you started with that conversation. Like, do you have a budget? I'm sure that most SMBs, like the typical client that you talk to is like, no, I have no idea.
I just know what I pay my current MSP, you know, in the enterprise, you know, we've seen budgets go from like, you know, three to maybe 12% of the budget of it goes to security. I've even seen some new stuff in 2022 coming out, like closer to, I've seen as high as like 20 something, like mid 20% of IT budget now goes to security. Do you recommend off a percentage? Is that even possible for an MSP talking to clients to think about it as a percentage wise?
Or is that too difficult of a conversation? Well, uh, first of all, again, you're having the conversation. So you, you're halfway there. Um, if you're talking about security budgets, I think on the sub two 50, uh, sub one 50 employees, I think a, uh, percentage of per person spend, um, you know, 25% of our per person spend to our MSP goes towards security. So I can easily do the math, I like that.
And, and calculate, you know, I have noticed over the years that, um, you know, unless you're, uh, some sort of hyperscale consumer SaaS platform, you know, like, like, like a Netflix or, or, um, a box.com, the user count as far as security really does make a lot of sense for the, the, the demographic that we interact with, even on the enterprise side, right?
Um, the more employees you have, uh, the higher your security, uh, spend is gonna be purely because every single one of them needs, uh, some sort of mail filtering. You know, there's some basic stuff that everybody needs, and that's not, you don't wanna say, well, we're gonna do MFA on 149 of our 150 people. That makes no sense. So, um, yeah, I like to see on that, on that lower end, definitely, um, percentage of the user spend.
But, you know, the, the enterprises that we work with, um, you know, they are, they're building things in terms of their overall product margin. Uh, when it comes to, okay, well, you know what, whatever the slice is, um, that's coming back into the company, uh, of the product that they sell, what percentage of that goes to security? You know, and depending on their business is built, it could be, you know, 5% of the overall product goes right back into security. Okay.
And one thing I wanna mention here, I mean, I've always been a proponent of having a minimum MRR, so there's a minimum amount that every customer pays, no matter how many seats they have. Like, you don't go below that because I think, and over time now, and with security, I think that's one way you protect you, you raise that minimum MRR and that way because there's certain things we've agreed that are per seat, but there's also certain things you gotta do for every customer with security.
And so you can get, you know, and it might mean like, and again, seat price is a metric for us. It's, it's not really how you need to talk to your customers, especially in a sales cycle. It's like what you're, what they're spending per month. So that, you know, I've seen that Wes is one way you gotta protect, because that's where MSPs get hurt. They don't protect the, the bottom end of their customer base and it throws their averages, you know, all off.
And if you do, it'll really raise your average seat price no matter what you target, because they're gonna skew up on, on that end. And then don't discount too much on the high end because you gotta realize your costs don't go down with everything. Yep. Yep. That's solid advice. And, oh, Go ahead, Andrew.
Can I ask you a question, Wes, in, in the line of questioning you're doing with Mike right now, so Mike, like we've had, uh, Eric till on, you know, I was mentioning him earlier on to the former chief lead officer of Logic works with a lot of MSPs. Um, he brings up the legal side of, you know, the MSAs, you know, and, and what's included and what's not.
Who's responsible for MFA, who isn't it, it, how do you, or do you have a process, you know, as Wes talks about, you know, what's included and you've shared, has the landscapes change what we normally put in, et cetera? So the question being is, is the contract part of this as well? And how do you address that? Yeah, well two things.
So, um, we spend a lot of time, uh, we talked about assumptions earlier, uh, when we first got started, uh, on our scopes and what, what's there and what is, what is it. Um, I run into a lot of scopes that are, uh, three bullet points. We, you know, we will secure your office 365, uh, you know, we will deploy MFA, we will monitor MFA, what does that mean, right? And that's good to maybe at a high level pitch, uh, when, when you want to get in the front door.
But some real detail inside the, the contract is something that I'm relying on, on models. The daily, um, standpoint, by the way, the first step in our integration team integrating MSP, um, we, we have a couple of individuals. It was just one. Uh, his job is to read every line and every contract, um, and figure out what are we on the hook for from a contractual standpoint. 'cause that's where everything starts.
Um, the other thing we, we have developed, um, and, and, and more looking at the legal side of things is you're not gonna be able to get your customer to sign a waiver that says, I turn thrive down for security monitoring. So if I get a ransomware incident thrives off the hook, no one's gonna sign that. Um, it's really great in theory. It really, really is. And you can get a customer to sign it. I wish you the best of luck. Um, we, we talk more about acknowledgement.
Okay, I, I, I recommended MFA, you decided not to go with it. Will you just sign a document that you acknowledge it, reject our quote, what whatever it is, because obviously we have liability in that situation now as well. Um, so, you know, it's some pretty simple stuff by the way. The minute you ask anyone to sign something, it's very easy to ignore an email from, you know, from the MSP account manager to the customer. I never got that email.
Whatever it might be, to have them sign something that they acknowledge the risk is a very, very different experience. Yeah. Very cool. Wes, uh, Wes, can I butt in again? Of course. I'm sorry. But my, my mind's reeling right now 'cause we're in the middle of this weekend, next of our peer group. So I'm dealing with all this. One thing I wanna say, Andrew, kind of like you said, the the the legal side. But again, I want to go back to what we offer.
I'm still seeing MSPs that offer bronze, silver, gold pewter 10. And they have this big checklist and a lot of security stuff's on one side, includes, doesn't include includes what it's billable. Like we gotta decide, can't ask our customers of how we should secure them. Like we, we have to tell them, good god, man.
As I like to say, So Gary, it's so funny that you say that because, um, when we first, uh, started developing security services, by the way, in the early two thousands, thrive was built on a very simple, uh, the sales process built on a very simple concept. We do a health assessment, a network health assessment. We produce a document, we show them what's wrong, and then we deliver services on a recurring basis to fit those assessments. In.
In 2013, when, when really security, real security began to thrive beyond antivirus and firewalls, uh, we developed all of these different services. We, we developed some security monitoring. I mean, this is, this is the very, very beginning of all this stuff. Vulnerability management. And we had, we had a laundry list of things that we could sell the customer and our sales team very small at the time, said, this is great.
And they went out and tried to sell it for two months, and they did a complete crash and burn because our best salesperson, head and shoulders, probably the best, best MSB salespeople, uh, in the world. He said, the customer doesn't know what to buy and I don't know what to sell 'em. I don't know what any of this is. And we did two things.
Number one, we developed a security health assessment, which is no more than a discovery, um, you know, to develop, Hey, these are the things you have, these are the things you don't have. Here's high risk. Things like that. That was the first piece. And then I mentioned earlier our end user security bundle.
Um, the way that actually arrived, um, and if you guys know Rob, our CEO, uh, it was just after the holidays, you know, that week in between Christmas and New Year's, he called me into it, his office, uh, which is this little closet at Old Drive. Um, 'cause you're only there a couple days a week. 'cause it's a long drive. He said, Hey, look, you're gonna start at a new, just pretend for a moment. You're gonna start at a new company next week.
What are the four or five services that you're gonna, uh, add to that environment on day one? And I, I ran through the list. I'm like, well, I'd get, I'd get MFAI, I'd get, uh, Mimecast, I'd get advanced atory. And he's sitting there writing on a marker board. Well, that actually became our security bundle. And being prescriptive and not being reactive and saying, this is what you need. This is exactly what I think you need.
You're actually, um, that confidence is actually gonna be met with more confidence in you. Can I just put it in there? Chat, Mike, your end user security bundle. I think you did a really nice job in that short video. Can we let Wes ask a question now, Gary? Yeah, go ahead. I have more, but I'm gonna, I'm gonna wait. That was subtle, right? Well, let me, let me just say this. Um, as, as we move on to another topic, I, I'll just say this. So I, you know, I come out of banking.
In banking, you have call reports that come out every quarter. You can compare yourself to your peers and understand, you know, how much are all my peers spending in these certain areas. Like whether it's it operational costs, telecom costs where things are baked into security, you actually get the covers pulled off really easily in other industries and see what others are spending so you can stack yourself up.
I don't think we do that very much as MSPs for a lot of different reasons that we've talked about, and that makes some of this murky. But I think one thought exercise that would be important, it's kind of what you said, Gary, like, are we really approaching the stack that we offer is, you know, like you said, these, these tiers and we, we sometimes cut things out of the tiers.
Maybe a good thought exercise is to say, Hey, we're gonna sit down sometime this month and we're gonna take a look at everything that we offer offer and, and understand at least how much of this is going into cybersecurity, how much of this is going into, like, managed backups, how much of this is going into like, IT operation stuff? I know that we can't always assess costs when it comes to meat wear costs of like how much overhead there is and those sorts of things.
But I think it's good for us to understand at least some of our buckets because you might come outta that experience and being like, holy cow, like our base level offering, like less than 1% of that is dedicated to security. Do we really want to inherit that risk in serving that client? I had no idea.
So I, I would definitely go through that as a thought exercise if I were an MSP in 2022, just to understand where your buckets are, um, less about the vendor buckets and more about where they sort of align. Um, I think that'd be a healthy, healthy thing to do. So, um, we talked about this a little bit and you, you touched on this, Mike, but I did wanna switch into this one a little bit. Um, like objections, right? Um, they don't wanna do what you say, they, they don't have priority for it.
They don't see the, the need for it. They don't think they're a target. How do you guys navigate through that territory, both you and just the rest of your team? What, what, where have you seen success? Um, you, you know, the funniest thing is, uh, if we were gonna pitch security in 2016 to a, to a new prospect, I was in the room. We had just, you know, the past couple years it just been growing. It's been maturing. I would never let a salesperson talk about it alone.
And as, as a lot of people on this call, I, I'm sure, you know, can guess because they've done the same thing. I would walk in, I would do all the talking, I would present everything. Uh, and then the salesperson was there essentially to get them to sign the quote. Well, as our sales team grew, we had to figure out a way to teach these conversations to people who were not technical, um, to a salesperson that had plenty of it and MSP experience, but was not an engineer.
And I think over the years, that was one of the best things that helped me with the objection because, uh, teach them the objection. Because when I had objections there of, well, we are already using semantic and we just bought our license, that that's a very common one. Or I just made an investment in that firewall, so I don't want your firewall. Uh, that one was far and away the most common. And what I would say is, so you just put that firewall in, okay, are the security services turned on?
When was the last time it's firmware up? It's very simple things that we all do know to ask, but we don't. Um, you know, and then after a while, again, you, you have some confidence. It's actually built in you when you point out these things. Now moving forward, I can't believe I'm gonna say this, but our jobs actually are getting easier because the insurance companies have now caught up on the game that people are checking boxes and not actually doing the thing.
You know, they're taking the chance. I'll check the box and if something happens, no one's ever actually gonna come back and check. And I know MSP insurance has obviously gone through the roof. Um, that's no surprise to anyone on this call. Um, we actually compiled, um, a list of common insurance questions and said, look, it's not just me saying you need these things. It's not just me saying, um, you know, this ransomware situation is, is gonna hurt you someday.
The insurance company's saying the same thing, right? And I, I, I, you know, to some degree they are independent from the rest of us. I mean, obviously there are folks that work with, um, cyber insurance providers and things like that, but you know, between the, the government with, with additional regulations and uh, insurance companies, they're making the job just a little bit easier.
And I actually find there's more people saying, Hey, I actually want this advanced security control as opposed to waiting to get a pitch to them. That's good. You know, I've had, uh, literally hundreds of conversations with MSPs about security, you know, and I almost always open the conversation, open the Komodo of you folks. Um, I usually ask a very open-ended question, Hey, what are you guys doing for cybersecurity today?
And I ask it that way intentionally so they can go any direction that they choose to go. And one of my triggers that I often hear is when someone says, well, we've got, you know, Cisco a SA, and we've got, uh, we, we've got, you know, X, Y, Z and a, B, C, I don't mean to mention a bunch, it doesn't matter. But when they refer to their security program as these are the vendors I've put in place, I'm like, oh, here we go.
This is a very immature security shop because those are just the vendors that we're putting in place, which means very, very little in the scheme of things. And so it's a trigger for me to really understand assessment maturity. And my last question before I turn it over to Ryan, kind of loops right into what you just said, Mike, about insurance is waking up to this as well. You know, a lot of these form, you know, factor, uh, questionnaires we're all about Do you have this, do you have this?
Do you have this? Yes, yes. Sure. I have. I don't know, but yeah, I, I've got it. Whatever. And we're seeing that that is not a good way to assess good maturity. And so the, the insurance landscape is vastly changing. And so I guess my last question, Mike, is like, how do you guys at Thrive handle that? Are you getting involved and engaged in cyber insurance discussions with your clients?
Because I've been saying for the past, I don't know, at least since IT Nation secure, the time has come that MSPs need to get involved in those conversations. Like it or not, they don't have to be experts, but they need to get involved because they inherit the risk of security and bad or missing insurance. They're going to usually eat a lot of those costs of the, the aftermath of an incident, right? So, um, how do you guys jump into those insurance conversations with your clients?
Are you good at it? What, what, how is that working so far? Yeah, again, we, we, we, um, we're just trying to be proactive and we, um, like I said, we compiled a list of common insurance questions and gave them to our account management team and ultimately to our customers, Hey, what, these are the common questions that every insurance provider's asking. We boiled it down to, to seven to to 10 questions.
By the way, they're the same seven to 10 questions that you would ask a new prospect anyway. Um, it's, it's just, you know, the main thing I, I would tell people is that we want to, we are trying to change this from a sales conversation towards a consulting conversation. They say like, well, I'm not really a consultant. Like, yeah, but you are and you're helping somebody out with their business. So that is the very nature of consulting, um, in my eyes.
And I, you know, I'm sure this story will resonate with, with people, uh, that are on the call today. There are plenty of instances where your customer got ransomware and in, in August and everybody's, you know, I call it a, it's a plane crash because you're the, the plane crash. We're just trying to figure out who's alive, what happened, um, and trying to rescue everybody.
Well, inevitably there's, there's a account manager or sales person that said, well, you know, what, five months ago I told them to get, uh, EDR and MDR, and I told 'em to get all this stuff, and here's the email. Um, so, you know, I don't know why they're calling us. It's like, 'cause you're their m ms p, that's who they call. It doesn't matter. They're stuck. You're the person they call either way. So, and By the way, I'm saying it's their fault.
You didn't explain it to 'em in a way where they understood their risks or they would've done it. That's on you, not the customer. They don't know crap about security. Yeah, the email wasn't enough, Gary, at the end of the day. Um, but anyway, you know, I, I think it's, um, it's one of those situations where, uh, it's fine to look back and say, I told you so and everything else, you're gonna deal with it anyway. So either a, you can think about, well, how can I be ready for a plane crash?
You really can't. So let's talk about how planes crash in the beginning and let's try and avoid them. It's good. It's good advice. Um, Ryan, you off mute my friend? I think so. All right. You Are Okay, good. It's really confusing. Um, so, you know, being a kind of CISO at Datto, I like to think a lot about our security. And so I want, I want to kind reframe the conversation going back to your internal security program, how you approached your own internal security.
You know, you talked about, well, there's a baseline set of things that we wanna sell to customers, but what did you, how did you determine what the baseline level of security was for you as a company and what, you know, was that framework? Was that some sort of audit, like Yep. How did you walk that journey to getting your own house in order? Well, um, yeah, the first thing is we knew we were planning for massive growth. Um, we knew was time that we transformed.
Um, and, and I think, I think the biggest thing there is, uh, when we set upon, uh, getting our SOC two, uh, we realized the first thing we needed to do was build a program. So instead of just running towards this firewall or that firewall or signing up with, uh, you know, a large security monitoring, uh, third party, what's our program? What policies do we have? It's very boring. I wanna run towards the cool AI tools as, uh, machine learning.
You know, every, every catchphrase you can imagine, what's our program? How are we gonna deploy that program and how are we gonna, um, apply that program over time? Um, you know, and, and I'll say, uh, be the, be the beginnings of this started with SOC two for us, um, and really evolved. I mean, we, we started the program with NIST and we really started with everything I say on paper, obviously in Word, uh, before we, um, really deployed a single real security tool.
Um, obviously we had, we had pieces out there from being an MSP. The, the second piece to that is there was a realization that the way I've supply, the way I apply security to my customers is not the way I need to apply security to our organization. And that was a big wake up call just because that, um, that particular control is, is doing a great job at a 150 person, uh, management consulting customer of mine.
That does not mean it's the right fit for me when we changed our thinking around that and that our security needs to be on a completely different planet than what we do from our customers. It's okay to have like technology, your customers FortiGate, you have FortiGate, absolutely, but just stop trying to, uh, supply the same principles between yourself and your customers. So did you use a framework? So, uh, we were built on NIST from day one.
Um, and, uh, a lot of it was built so that we could meet, um, SOC two. We've now evolved, um, more into the CIS framework. Um, and, you know, things, things have taken a lot of, um, things have taken a quite a turn for us because we are in so many different verticals that the way I look at it is, well, we have to meet hipaa, we have to meet our SOC two audit. We have to meet everything that comes with CCPA and GDPR because our customers have to meet it.
And I'll, I'll often tell our engineers who may complain or have questions, I say like, look guys, we are not under really any legal requirement to do any of this stuff. We're not a financial organization in the state of Massa, uh, state of, uh, New York. I don't have to have a sim. Um, we, we want you to protect us and our customers. Yeah, great. And you said nist, just to clarify, was that CSF 801 71 or 853? Well, the bones of it were actually was actually 800, 1 71.
Um, because we had a customer sort of asking at the time. Um, so you know that we had a DOD customer that was asking, which obviously we're not a DOD org, but since that was the highest requirement of one of our customers, that's kind of where we started. Yeah, that's a, that's a big place to start. Uh, you know, looking back, I don't think I would've started there, but hey, that For you. Yeah, that's, that's phenomenal.
Um, so we, we talk about left of boom and right of boom, but more so in terms of assumed breach, right? Left of boom, you're doing things to prevent right of boom, a bad thing has happened, you need to recover. Um, beyond the prevention side, a lot of MSPs tend to focus on the left of boom.
Um, how does Thrive approach right of boom capabilities, and do you offer services in that kind of detect, respond, recover function, you know, just whether it's services, whether it's response capabilities, like what do you think your balance is between left and right of boom capabilities in your service offering? Well, um, obviously there's a, there's a ton of left and I think there's probably a lot of people that would, would answer that question the same way on the right.
Um, yeah, really we're offering that kind of instant response and remediation to people who are fully managed customers. You know, a lot of times I tell people, well, I can't really, um, remediate environment that I don't have access to. Um, and, and by the way, for organizations that are purely doing, let's just say security monitoring, they're, they're only, uh, um, in the security space and don't have that sort of traditional MSP, it's pretty hard to operationalize response.
Um, I'm sure there's a lot of folks here who, um, you know, we're, we're dealing with maybe a Verizon forensics division. Well, the first question they want is, can we have all the VMs? Can we have all the, it's an IT conversation on day one when the customer didn't have any, any logs. Uh, so the way I look at it, yeah, go ahead. Are you saying, are you saying inventories are important because I I just wanna make more's day here. Uh, I would say asset management, certainly important.
There you go. Uh, I think it's CIS control group one. Right? Well, how can you secure what you don't know? Like you don't know you have, right? It's pretty simple. Yeah. Don't encourage 'em poking fun at me. I I did not know I had someone so like-minded, you know, I, a friend of mine works at a, uh, an asset management, um, software company and he said, we're the Toyota Corolla of cybersecurity. We will absolutely get you to work every day. You will be there and you'll be able to work.
It's not sexy, but you need to do it. You need to get to work. Yeah, completely agree. Um, and just so I wanna back on that last question. I want to clarify something. You said you really provide those right of boom capabilities only to manage services customers? I, I guess what I would say is more included, so we certainly do, you know, typical right of boom services, um, the ones where we can bring the most value is where we're managing a much larger part of the estate. Okay.
Um, How would, how would the right of boom capabilities work if you're not a managed service customer? Is that then project based? Um, yeah, and, and, and I'll be honest with you, we don't really have a lot of them because a lot of people agree with us when it comes to, um, you know, we can't remediate things we can't put our hands on. Um, if, if the first part of the, the instant response phone call is, well, can you give me a log into your firewall? Right? It's not gonna be very efficient.
So we really do stay away from project-based instant response. Um, because at that point there's not really a lot of upside, but sure, we could charge a lot of money and our security team can get on the phone and help you. It's not gonna be a great experience for us or that customer. Okay. So I have a question here. Can you take us through your journey of build, buy and or partner? Sure. Uh, so the first piece is we decided to do security, um, you know, back in 20 13, 20 14.
So, uh, the decision to do something, build or buy, uh, you know, am I getting into this, uh, into this space? Uh, I'll be honest, we did actually partner, uh, early on and it was a good experience. In fact, it was a great experience. We noticed over time that we really didn't have a ton of control about what was happening upstream. And sometimes not having control upstream is not the worst thing in the world.
Um, but ultimately our customers were looking for more, and we found ourselves just being a middleman to the whole operation. Um, and, you know, a lot of people struggle with a, uh, attracting, uh, higher end, uh, technical talent. You know, obviously in this job market, it's, it's this job market. It's crazy. Well, it's a little bit different store if you want to attract someone, and all they're doing is middleman between, uh, your customer and the SOC as a service vendor.
It, it just found bumpy and, and there was a lot of friction for us. Um, so we, we charted a course to build on our own. Um, and I'm not saying just, you know, go out there and, and buy a sim and put it in and treat it the way we treated, uh, anti-virus 10 years ago. This is not just finding a Solu technical solution and putting it in. It's the people and the process that go alongside of it. That's it for me. So, so Mike, that was great.
Can we ask a few questions that we got from the audience for you? Sure. Um, I'm gonna go in reverse order. George, I like yours. Um, you know, I mean, and, and, and I'm assuming just based on the size of some of your companies, but George asks, have you found effective ways to reframe the conversation for co-managed clients that tend to have, you know, change rollback security, you know, like they're, they're much more mature.
You're probably dealing with, you know, IT teams, maybe even they could have a security team. But how, how are those conver kind of conversations handled, Mike? And do you have to get more involved in those, if you will, when you're dealing with the co-managed? You know, the biggest thing that, that I think, um, we've done as it pertains to that conversation is recognizing it, right?
Recognizing that just selling them the, the stack out of the box, um, you know, recognizing that they're much more technically savvy is the first thing. And, uh, you know, I always, I, I looked back a couple years ago and I said, we have to make sure that we're speaking the same language as that customer, right?
If, um, you know, you're gonna go in, if a Salesforce is gonna go in and pitch that customer as if they are, um, you know, A CFO or an opera, a non-technical operations person, don't even bother, you know, getting the deal. And I, I think this is basic sales stuff, right? Do you know who you're pitching to? Who's your audience? Um, and just treating them, uh, with, Hey, how can we work together as opposed to, how can I just deliver you some services that you need?
Um, you know, and that speaking the same language thing made a huge difference. Um, and, and I think, um, you know, we, we gained a lot of respect by just changing our message because we recognize that those people had had different needs. Um, it's not easy to have two messages, um, but it does make a big difference, um, in those situations. Yeah. Really good. Um, go ahead, Carrie. No, uh, I was gonna go back.
You made a comment that I wrote down about when Ryan asked about left and right of boom, you said, yeah, well, every, probably most MSPs would answer that the same way, right? We've come from, uh, from trying to protect our customers. And one thing, like last week in our true peer meetings, one of my main messages was now the hard work starts, we did the easy work. 'cause it was mainly technology. Now the hard and expensive work has to happen.
So we're talking about people who are trying to get their customers from where they were to where they need to be. At the same time, you better tell 'em about where you're going in the future. 'cause sometimes you raise a customer, you know, from 3000 to 4,000, they asked, well, are you gonna come back again? I'm like, yeah, absolutely. Yeah, yeah. I mean, don't ask me ask, you know, ask the bad guys. You know, like, yeah, I think I will be back again until the, until we're not.
Well, you know, there's a point at which we actually have to show people the Mitre framework of attacks, right? Which is, if you put that eye chart up in front of a customer, they're gonna be pretty overwhelmed. But when you show them all the attacks that are possible out there and how the, the Mitre Attack framework grows over time, um, you know, they, they sort of start to zoom out and get some perspective on just how big this whole thing is.
Um, you know, and, and, and mapping against the Mitre framework three or four years ago with a customer is something that I would've said, okay, that's just something for, you know, real, uh, cybersecurity purists. But we're at that point now, these, these tools are available where it is time to map against a Mitre or, or, or some similar framework. Um, and, you know, you're Saying you gotta use whatever you have to use to expl to be able to show them the landscape. Yep.
And stop making it about the you as the MSP Yep. And make it about them, their risks, their journey, the landscape. Yep. Yep. Absolutely. Michael, be, uh, since you brought that up, um, when it comes to Mitre and, you know, you're dealing with life sciences or, you know, some of the, you know, certainly organ verticals that are at attack are, are highly targeted. Are you guys doing threat modeling at all? Yep. Yeah, you are. That's very cool.
We've, we've been fortunate enough that, that the SIM platform that we use has, uh, MITRE attack mapping in it, um, at least as it pertains to its rules and things like that. And I've actually started to see that as an insurance question. Have you done a mapping? Um, you know, and then there's this, well, we have a, you know, technology providers starting to say, we have 80% coverage. We have, you know, 85. That's kind of silly to me.
It's more about the exercise than it is about what, which 80%. Yeah. Yeah. Yeah. Very cool. Um, we have a few minutes left. Um, Ryan, anything in closing that, you know, come, comes to your mind? I know you mentioned something in there about dfds. We're gonna be talking about that, right? Of boom. And again, by the way, I put the right of boom, URL underneath. Uh, if you, uh, have any questions, anything there, Ryan, that you wanna kind of close out with?
Yeah, I was just kind of reiterating that, you know, when he was saying, you know, going through threat model exercises, we, we went through a workshop with you a few months ago, several months ago, showing you how to do building the dfds. And then we talked about the value of doing threat modeling on top of that. That's, that's a way that you can show them in your unique environment, given what we've discovered. Uh, this is how we can apply this Mitre attack knowledge to your environment.
And I've, I've, I've done this exercise with MSPs that thought that they were safe and we put their, you know, we draw their entire environment up on a whiteboard and start threat modeling it. And you can start to see their, you know, their, their hearts sink into their stomach. Um, and, and it really is an eye-opener and like, but the thing is, you made it about them, right? You didn't, it wasn't, oh, the world of cyber crime is so big and scary.
It's, here's what I would do to you, given what I know about threat actors Yeah. And that, that really tends to open up in a whole different willingness to have the conversation. Yeah. Really cool. Wes, how about yourself? Yeah. Oh, well, I, I, I wanna ping into that. I had had, uh, dinner with a friend of mine in Armature works a couple nights ago. And, uh, he runs a multimillion dollar camper and RV business back in Kentucky. And he's like, can you, can we just talk about security?
He's like, he, he had to resign for, uh, cyber insurance. He had the policy in front of him. It's like, I'm a nerd, let's dive into it. So we did, and I did just what Ryan did, we threat modeled in front of him. And I asked him a couple questions. He had great ransomware coverage, um, basically nothing, very, very little on business, email compromise, wire fraud, all that kind of stuff. And he just started threat modeling through how his operations work. And you know, what we found out?
He uses, um, lightweight laptops for his point of sale for everything. Everything is in his cloud platform. Everything is in his online banking. So I'm like, so if, if I were to like, literally steal your computers tonight, what would you do? He is like, oh, we just log back in from a new computer. I'm like, okay. So ransomware is not a huge threat for you guys. It honestly isn't.
Yet you guys are not prepared at all in terms of how to protect those cloud systems, uh, what you're doing for business, email, compromise Protect, you know, all this stuff. And his, his eyes opened up and he's like, you're right. We, we need to address all that. Right? And so I, I think just as quick as I could to go through that, those, those kinds of things are, are vital and we've gotta get prepared for those kind of con uh, conversations with clients.
I just did it for practice and, um, it, it was really enlightening to see him open up and understand, um, where his own threat, uh, where his own threat, um, where his own vulnerabilities are. So I wanna, I wanna kind of piggyback, I wanna sandwich Gary conversation here, right? Ask them how much they're willing to spend on security, do this exercise with them, then ask them again how much they're willing to spend on security. Yeah. Every time I've done that, the answer at least doubles. Wow.
Wow. Wow. Hey, Mike, listen, I, I sold all these customers right in my first MSP, then I had a second MSP and my non-compete ran out. And, and then I sold, I brought all those customers and now they're Thrive customers. And I don't have a non-compete. Do you think Rob would be willing to pay me some type of an annual fee to keep me from buying another MSP in Philadelphia?
Well, I, you know, Gary, I, I think that, um, if you look at the total revenue from all those customers, it's gone up each time we've handed them back and forth. So it Has, I'll let you guys, I'm sure Work. Yeah. And Rob's a big fan of win-win, right? So I'm sure we can find something where both, uh, you win and thrive wins as well. Yep. Yeah. Awesome. Great job today, Mike. Thank you. This was a great call. It Was awesome. Awesome. Mike. Mike, thank you so much for coming on.
It was great to have you. Can't wait to see you in Florida next month, uh, along with your CEO, Ryan, Wes, Gary, and everybody out there, thank you so much for Thank you so much, guys. Have a great time. Awesome Session. Take care everybody.
Related Videos

The Vulnerability Crisis No One is Funding
The Vulnerability Crisis No One is Funding

The Vulnpocalypse Is Here & Your MSP Can Survive It
The Vulnpocalypse Is Here & Your MSP Can Survive It

The CyberCall: The 2026 Verizon DBIR Unpacked with Author Philippe Langlois
The CyberCall: The 2026 Verizon DBIR Unpacked with Author Philippe Langlois