Skip to main content
Right of Boom
January 30, 2025

Security Automation Trends in MSP & MSSPs

In this video, Wes Spencer, Tim, James, and Michael discuss the evolving role of robotic process automation (RPA) in managed service providers (MSPs) and its impact on improving security and efficiency. They explore how automation can handle high-volume repetitive tasks, like phishing email analysis, to free up human resources for more complex work, ultimately enhancing service delivery. The conversation emphasizes the importance of having well-documented processes to identify automation opportunities, making the case that RPA is crucial for MSPs looking to stay ahead in an increasingly complex IT landscape.<ul><li>Automation is becoming essential in the MSP space, extending beyond traditional RMM tasks to include more complex integrations and processes.</li><li>Identifying high-volume, repetitive tasks, like phishing email management, can lead to significant efficiency gains when automated.</li><li>MSPs need to document and understand their processes thoroughly to identify automation opportunities and ensure successful implementation.</li></ul>

Guests

Andrew Morgan

Video Transcript

All right. Welcome everybody. Live and recording. It says right in front of me here on the Crowdcast platform. And, uh, we've got a great, great show today. First off, um, it's like really peer driven, which is a lot of fun. Tim, um, went to the dark side, no kidding around. Tim was one of your peers for 16 years. Um, former CISO of Rader, and I'll do intros momentarily, but, um, just a few housekeeping items. Uh, both Gary, um, and Phyllis are outta office, so we'll have them back next week.

Um, so it's the Wes Spencer show today. I'll turn off, see if we can deliver here. Yeah. Oh, you, yeah. Well, come on, Wes. We know, we know you can. I apologize for all the background dings and Dons, I'll shut all that stuff down momentarily. Um, just, uh, a few things. I have one pull up. I'm gonna add another one, but if you can just take a look at that poll, I'd love it if you guys could give a yay or nay on that. It really helps the conversation flow.

Um, and then, um, way up at the top as well as in the call to action. Uh, John Strand is having his getting started in Mitre attack and BHIS. Um, this is a four day instructor led four day, four hour, um, course. And, um, literally, uh, Wes, I dunno that you and Tim, you've done a lot of John Strand stuff. I would honestly say this is a must for any resource, technical resource in your organization, period. Bar none.

Um, absolutely this course, and especially it's, you know, it's a, he has a, a pay what you can model. And by the way, it's not like giving $10. It's really meant to help people that don't have funding. Um, but there's different things. Anyway, enough about that. Um, so let's get right on into it. Um, and I'm gonna set the stage and we'll do some intros. Wes, um, lots of chatter over this past year, you know, maybe year, year and a half on robotic process automation, RPAs automation.

We've heard a lot about automation over the years in MSP, mainly RMM driven, right? I mean, and there's, you know, some phenomenal, uh, automation folks in our community. Um, guys like Jason SLA will come right to me, you know, right to the top of my, my head here. Maybe he's in there. Well, he'll, he'll certainly chime up and let us know if he is. Um, but so automation is starting to take what it make its way beyond, you know, RMM into, um, our, our ecosystem.

Um, and then I saw something posted by the folks at Roost, um, on something Michael and, and James, his team did, who I'll introduce shortly. And this is something I think a lot of MSPs can relate to, at least certainly the ones that I've talked to over the years. And that is, Hey, do you have your customers, um, sending you suspicious phishing emails, like to a mailbox for you guys to investigate?

Like part of this, Michael, I'd love for you when you, when we get to you, but it kind of becomes almost like a secondary junk or spam filter sometimes too, which is, uh, unfortunately how sometimes people use it. But you guys did in a really cool video. I'll post it in chat, I put it in all of the LinkedIn and stuff like that, and I was just like, wow, what you've done to, um, help automate, you know, the thousands of emails you guys get every single month. It was like, really cool.

So I wanted to, you know, bring on Tim James and, and Michael here to talk a little bit about this. Um, so that's the thesis of today, what's happening in automation for MSPs in security and, and other, uh, repetitive tasks. So with that, why don't we start off, um, James, we'll start off with our, our, our, with your organization. I've known you guys, James, I think about 16, 15 years now. Back in the day I looked, it was, I think it was 2005 where Arnie Bellini sold us ConnectWise.

Yeah, yeah. Yeah. Crazy. Yeah, yeah, yeah. Well, I was actually, uh, I'm just going to, I'm just gonna be a little upset here. It was me and Arne Freeman, uh, your, your CEO, right? I'm kidding. Yeah. All, all the way back Forth. I think both Arne's were involved at The time. Yeah, yeah, yeah, yeah. So anyway, James, tell us a little bit about yourself. Yeah, certainly.

So, I mean, obviously that long history and, you know, even with, uh, with Wes at Perch and then Tim, uh, met, met with Tim a couple times during those per early Peric cons and, uh, different events. But, um, yeah, you know, we've been business, uh, quite a while. We've made the journey from a bar to an MSP to, you know, whatever an MSP is evolving to next. And, and, uh, you know, it's been a, it's been a great ride.

I've been with the company for a long time, and, you know, just, I guess the latest evolution is having a dedicated, uh, security team at this point. Michael's leading that team, and so we've had lots of great conversations and lots of great, you know, strategy and, and collaboration with many vendors. Um, and, and, you know, Bruce is of the latest and, you know, we're, we're excited to see where this goes. Very cool.

Um, and it's cool to see James, you're one of the partners in the organization, so it starts, security starts with leadership, and Absolutely. You know, not, not all organizations can say that. So it's really cool to see, you know, you guys have invested in staff in a SOC training. Um, so, uh, cool on, um, Michael, a little bit about yourself, who, you're the one that have had that hands on keyboard, actually building automation. So tell us a little bit about yourself and your role in soc.

Yeah. Um, over the past three years, I've been building and leading the security operations center here at CPI. Um, so we provide detection and response capability for a hundred plus or so, uh, small and medium sized businesses. Awesome. Thanks for, for, uh, for the intro. Um, and, uh, Tim, no, stranger to the MSP world, uh, a little bit about what you did for 16 years and what you're doing now. Yeah, so, um, uh, definitely a veteran in this space.

Been had an MSP, uh, well, I guess about 16 years until I started over at Roost. And, and the reason I did was just my passion for automation. So even before being at atsp, I was a Linux guy, so always, uh, wanting to script everything I do. Uh, I did work for an e-commerce, uh, platform. And, uh, this is before the days of CICD, so you had to write on your own scripts to, to move code from development to staging to production, and I did not want to do that by hand. Yeah.

So I read scripts to do it. And so with the MSP space, uh, moved over there and same thing, I did not want to do the same manual task more than more or twice. And so, uh, I've always been a huge, uh, automation fan, uh, because I'm lazy and I'm over here ru and I get to help other people be lazy. So it's great. Very cool. You sound like Aaron Hernan, uh, in your story.

Um, Wes, um, you are the sole co-host today, but Tim's gonna ask some questions, but I'm really excited, you know, a lot about this space, so, um, I think it's gonna be really, uh, inter interesting your questions and, uh, your positioning and, and how you see all this going. So lemme turn it over to you. Yeah, You got it. And, uh, Michael, I can't help but think that, uh, you win the background award.

I think your goal is to automate yourself out of a job to you're snoozing on a tree like Calvin and Hobbes up there. That's so cool. I have, it's one of my favorite comics on planet Earth, so kudos to the amazing background you got there. Heck yeah. So, uh, yeah. You know, here's where I think we should start the conversation is this evolution in the MSP pathway, right? One thing I learned at Perch was typically MSPs are about five years, seven years behind where enterprise is going.

And this is not because MSPs are like not smart enough to keep up. It's because the things that happen in enterprise eventually filter down in their own unique ways into the channel. Uh, and we can ex you, you give example after example of this. You combine that with MSPs have always been leaders in automation, because you can't be a profitable MSP in this day and age without being automation first. And so that's awesome.

You look at where RMMs are at today, and there's still a pivotal piece in your technology stack that I would argue you can't live without. But we're starting to see gaps. We're starting to see areas where, uh, they, they struggle. And it's not because they're poor choices, it's because they're not designed to do some of the things that we're moving in towards, like APIs and, you know, cloud automation, those sorts of things, or integrations between different SaaS platforms.

And so now we're seeing this evolution into like, whoa, we're at a new level for automation. Right. And Tim, I want you to kind of take that beginning and describe a little bit for us what RPA is and isn't so that we can kind of make sure we're all in a level playing field, if you would. Yeah. Um, so it's, I guess we'll start with what isn't. It's not a tool that will solve all your problems without putting work into it.

Um, you know, even as we're working with multiple MSPs, uh, people do things different ways. They sell their, their products and services different ways. Uh, they use different distributors, different platforms. Uh, so one of the first things that we try to do is to, uh, integrate with all those platforms. Um, and there are a lot, but the, you know, we look at the similarities and differences between them in order to build an automation that can basically ride that line between all of them.

Uh, so far, I mean, for RPAs, you know, aspects, um, there's a, and there's a lot to unpack, but also what we try to do is try to solve the small problems first, uh, and, you know, take small steps to build into larger automations. Okay. Yeah. Um, so I think a good, uh, next step then, Tim, is give us some use case examples of this, right? So I think people are like, okay, I'm, I'm following. That makes sense, but gimme some examples.

So throw out a few, maybe some complex ones and some simple ones, just so we can have some level playing field again. Yeah. So one of the first things we ask people is, Hey, what's taking you guys time? And a lot of times they'll jump to the most complex thing they can think of, like, uh, user on board. Uh, there's a lot of steps, a lot of moving parts in that, you know, especially nowadays where things are not necessarily a hundred percent on-prem.

So RMMs are great at running a, a PowerShell script to create an, uh, a user on premise. Uh, they're not so great at reaching out to 365 or to, uh, a third party, you know, licensed distributor or even some third party, uh, uh, line of business application for our customer. So we're able to leverage that RMM and then integrate with all these other things to create a full on user onboard process.

But a lot of the quick wins that we get are, are simple things that, uh, may not take a lot of time, you know, if you're doing it once a day, but if you're doing something 10, 20, 30 times a day, uh, look and see where you can save some time on that. You know, if you have a task that requires you to go do some research on IP addresses that you're seeing, uh, see what you can do to, to automate that.

And so some of the, the really cool use cases, the the ones that I really love are the ones that are really simple, but save somebody a ton of time because they're doing it over and over and over again. Often you do that, the more likely you are to make a mistake doing that, right? So, uh, take those things, make them wins, make someone's job a little bit more fun because they're not clicking the same buttons over and over again all day long. Yeah, okay. That, that makes sense.

And, and we're gonna dive into like some examples that in a minute, Michael will kind of share like one thing they've built that's really been a game changer. And what's crazy is, Tim, it goes back to what you said is sometimes little tiny, small five second wins that are iterative processes done thousands of times a week are massive colossal game changing wins for the MSP. And so, um, that's a good way to think about it, is it's not always like, what's the most difficult thing to solve?

What's the moonshot? It's oftentimes, you know, what's noisy for us? What's aggravating, what takes a lot of time and a lot of people's work and interaction, even if it's one little small piece of something broader that you can automate away that really, um, is, is helpful. And so, um, I understand that like roost at, at roost, Tim, what you're spending your time in is building a lot of these automations. But what's really cool, I think, is letting MSPs get their hands in the game, right?

Um, and letting them say, Hey, you put some hands on the wheel here and see where the car goes. Can have there been some examples of that, Tim, where you've just kind of like come back and be like, man, that's, that's really cool. That's a, that's a, that's awesome. Can you gimme some examples of that? Yeah, absolutely. So we've had some, some guys, uh, build stuff that we never thought of.

And, and that's one of the reasons why we have Michael on, on, on the call today because he's one of one of those great examples. But, uh, so many, uh, of these small wins where people are just, you know, looking at the tickets that they get, um, and whether it be a password reset or some sort of a report, you know, about spam or phishing or whatever, and, uh, finding that quick win. You know, what is, you know, what are the steps that someone's taking manually?

How can I take those steps and build those if I can't, you know, close a ticket automatically? And in some cases, you can, um, at least give the person who's going to be assigned that ticket, all the tools, all the information, put that in their face so that they can close something much more quickly.

And, uh, and a lot of times we've gotten some, you know, some really interesting wins because, uh, we're able to, you know, close the, the round trip time of a legitimate, you know, uh, security concern.

You know, say there's a, uh, impossible travel alert, uh, you know, if we can look at someone's calendar and see if they're on vacation, that that's a huge amount of information that, uh, that the technician may not have had and may not, you know, be able to get without, you know, a 10 minute process.

Hey, Wes, just one thing that, you know, popped in my mind, I, I hear Gary Pika in my head, even though you know that, that that's what happens after the ghost of Gary Pika pointing your relationship with somebody. Um, but I, I'm gonna ask this to James. Um, you know, James, I remember Gary always, you know, would preach about RMM. He's like, you know, early on people were like, how can I monetize my RMM? You know what I mean? Because they were trying to, you know, how do I sell it?

And he's like, guys, RMM is for you. It's to automate your, you know, your tasks to make your more, your customers should never even know about it in theory. Yep. Is, is this different? And what I mean by that, or could this be different? So as you go through and see tasks that you can automate, do you see potential monetization like, oh man, my client, they do this over and over and over and over and over. Is, is this pos possibly different? Could there be a revenue side to this?

Yeah, I, I, I certainly think so. I mean, I think as it, it's kind of a, a compounding, um, initiative within the environment. As Michael starts writing some automation, then another engineer sees it. And, and then as it gets to the field engineers, right? Some of us are knock and soc we're, we're, we're in-house, we're automating internal procedures.

But I think as, as field engineers and professional services engineers see this automation and what's happening, they're engaging with clients and they're, they're seeing what the clients are, are the problems they're having internally in those operations. Um, and certainly, I, I know we're gonna talk about another one where, yeah, you, you're getting more ingrained in, in what's happening in the customer environment.

I think traditionally as MSPs, you know, we kind of say, oh, that's, that's your internal process. We're we're just making sure your network's up, you know, your, your, your patch you're running. You know, that's, that's not our problem. Um, I think this could start to change that conversation because, you know, we can, we can build a process around, we can understand it, I think, as managed service providers when we can build this process around it. Yeah. Very cool.

Yeah, I, I agree with that, Andrew. That's a good thought. And, and I do think if we look into the future, um, is MSPs continue to build maturity and understanding around what does automation look like in this new era of cloud integrations. Um, I think it makes sense that MSPs also begin to be seen as those that help, whether it's billable hours or there's even a managed service component to it of, Hey, we're not here just to keep your IT lights on. We're also here.

And, and to help you manage risk, we're also here to automate a lot of your business processes. Um, I'll just give an example of this. I don't know if he's on today, but Robert cfi and I were talking about this, I don't know, many months ago, Andrew. And he's like, are you kidding? He's like, that's where we want to get to. He said, we just have a bunch of real estate, um, agents, for example, that we work with.

And he gave this example of, I'm telling you, I've seen their, their platforms and their business process, and it is archaic. There's a whole bunch of like, document trade arounds that they're doing that's just really, really old that could really be automated, and they would pay a lot of money for that. And that kind of sticks us up at the top of the level of value for them and all the vendors that they work with, because now we're making things sing along in a way more efficient way.

So I think that's the future. Yeah. And, and it bodes into, we gotta have him back as, as the whole Brian Blake, you know, understand, you know, the business conversation who just does it phenomenally less. And I think it, it's really, you know, the MSPs, I, I like, I've never been more bullish from MSPs right now in terms of their seat price, just because if, if you do these kinds of things, man, you're, it, it's amazing where, where the, these seed prices are gonna go.

Um, so anyways, back to you. Yeah, we're seeing some, some really cool use cases. Uh, people are wanting to, uh, for their customers use the platform to track, uh, their clients, uh, I guess the, the equipment that they service for their clients. Uh, we're using some API connections to, uh, find, uh, GPS locations of these devices. And, and whenever they have a failure, they're sending their own technicians out to, uh, to the field to get these things repaired.

And so we, we look at the geographical APIs and, and pull mapping data so they can know which location is closer to which other location. And, uh, you know, those are the things that if fees are doing for their clients, then they're providing a value that no one else is doing. Yeah. Very cool. Yeah, totally agree. Um, Michael, it looks like you keep coming in and out. I did have a question for you if, uh, you're back and stable again, You with us? Michael, can you hear me?

Yeah, Yeah, yeah, yeah. I gotcha. All, okay. Good deal. That was like a literally just in time recovery, so nice, nice work there on that one. So, okay. I'm gonna post a link in chat about a video that you guys shared at CPI and I just thought, I try not to use words like game changer often because man, we can really buzzword this to death, but this is a really, really cool automation that you built around phishing and automation.

But before I have you explain what it is you built, I wanna take a step back and ask you this question, Michael, of like, what led you to, of the million endless infinite things I could work on, why did I start with this? So, so give us some wisdom there. Why did you start with where you started? I think it came down to just volume, right? So we just, this was something that we did on a daily basis, uh, you know, dozens of times, thousands of times a month, right?

Um, and so when you have something that you're repeating that many times, like if, if you can save even a minute or two, right? Like, that compounds in the cost savings really quickly, right? And so one of the things that we've been, uh, trying to solve as, as we grow as a SOC is, is scaling, right? And so we wanna be very, um, kind of particular with our, our hires, um, and, and we do need to eventually get more, you know, human resources.

But if there's something that, you know, humans don't need to do, then let's use automation for that, right? Okay. That's so, so advice if I'm an MSP Michael and I'm like, mm-hmm. Hey, I'm trying to go down this, you know, RPA automation route and do some really amazing things. What's your advice to me on where to start? So are you telling me I want to go look in maybe my, my PSA and look for noisy tickets? Or like, how do I find those things that would be really valuable to me to start on?

Well, I mean, it, it, you, you gotta listen to your people, right? Like, you, you employ all these really smart cis admins and analysts and technicians, and they know what they're spending the most time on, right? Um, so, you know, like our SOC team, we, we meet once a week and we, we talk like, what are we spending time on? What are we getting frustrated with? Um, and, and you know, me personally, I, I started as an analyst, as an instant responder, so I saw firsthand, right?

Um, so you, you have to listen to your people because they'll tell you, right? And then look at metrics and then use that to kind of guide your priority. So you have a list that's, you know, based on feedback, and then look at your metrics, look at what you're spending the most time on, look in your PSA, and then use that to kind of shuffle around the priority of those, you know, different things that you can automate. Okay, that's good.

And I gotta pull out a comment that Kelvin just popped in. It's incredibly wise. So looking for noisy tickets can lead you down this path of attacking symptoms, not the root cause. And, and I think that's really wise words, right? Yeah. It's great to automate away things that just are noisy for us, but you know, what, if there's something deeper that you can go and fix, that'll eliminate that from ever happening, right?

And so I do think it's important to even sit down and think through, okay, what, what's the business case that we're trying to accomplish? We know this thing is noisy, we know this takes a lot of time. We know there's some things we could automate here, but let's make sure we understand the business case here first so that we can understand, you know, um, do apply our time in the correct way. Right?

So do you guys, you, you kind of approach it from that per, but maybe I'll flip this over to you, James. Do you guys see that as like, important as like, what's the business case I'm trying to solve before I go and look at like, the things I wanna automate? Sure. I mean, full circle right there, there was a large initiative to addressing business email compromise, right? Educating our users. So we, we took that head on as a, as a business, right?

We sold a, a lot of seats of, you know, security awareness training, integrated, you know, a a the button to allow users to easily report those phishing emails, uh, backend automation to start with on, you know, doing some analysis on those emails to, to automatically say, what is it a high fidelity chance that this is malicious?

You know, let's automate ripping this out of everyone's inbox instead of just the one, let's look across all of our customer's tenants and rip it out if that, that goes there. And then it was the next step. So that was the business case, right? Let's protect users. Um, let's, let's make it easy for them to report these types of emails. Let's run it through some automation. Once we've identified something positive, alright, now we got a bunch of other tools in our stack.

We all MSPs, we all have a ton of tools. So what Michael did is like, let's automate the research in these tools. Let's go out and re so let's, let's see who clicked on this, where'd that link go? So that way we can see, did anyone make it to that final destination of that link? Run it through our EDR, run it through, you know, our, our DNS filter and see anyone across all of our customers. And then, you know, and then we take that approach and we, we, we try to make it holistic.

So just because customer A reports something doesn't mean B, C and D didn't get that same email and potentially click on it. They just didn't take the time to report it. So now we're, now we're taking the protecting our customer approach and, and doing it across our entire customer base. Okay. So it's just, you know, it starts there. And then yeah, taking on that initial task, I mean, Michael and his team, you know, we get almost a thousand phishing emails.

You know, there's the education don't report spam, report phishing, right? Those are two different things. Yeah. Um, but when you hit it heavy with messaging to your customers that how important this is, then you're gonna get a lot of response back. And then how do you deal with that? Right? It is all, it all came from a place of we need to protect our users, educate our users. Um, but the other side of that is now, now what?

Now that they're reporting a thousand phishing emails, how do we, how do we handle this from a business perspective efficiently? Um, you know, and, and Profitable, You know? Yeah. And Let me add to that, at the end of the day, he's, uh, they're saving some time, right? So their SOC analysts, you know, now say that they may have five more hours a week, that's five hours a week that they can spend on putting thought towards the next step for what they can do.

Uh, instead of being tied up for that time. And that time is just so precious and so valuable. I meet with Michael and we literally, I mean, you see probably frank gauge behind my head, right? We build gauges like what was our, and we'll talk about some of this, right? What was our time to resolve these types of phishing tickets and how much time, you know, did we spend per ticket? And they're both clearly charting down, right? We're spending less time per phishing ticket and less man hours.

And Wes, you know, I just totally separate subject, but it's really interesting, you know, I, I was talking to one organization that, you know, has the maturity like James and their soc and like, they incent them, like when they do things like, you know, cutting down hours, like they have time or they have any free time, they can do education, they can, they can do training, right? They, they can do threat hunting, they can be creative.

So it, you know, it can be efficiency, it can be more billable hours or, or, or more things. But you know, James, do you look at it that way too, that hey, if we incent people to find cool things like Michael's doing that allows them to maybe get more skills and, and, you know, those Types. Sure. I mean there, Michael's always trying to, I mean, he's built one of Michael's many things that he's done at CI he's built a whole soc university, right?

That's, uh, just videos and, and processes and procedures he's developed and he records all these sessions and, and we encourage, you know, everyone, not just the SOC team, obviously they've all gone through it, but you know, every member of the support desk to go through it. Um, and so there's, there's many of times we're trying to save time on, on the support desk too, not just security. So it's, yeah, any, anytime where we can continue to build that.

And I think Michael's gonna talk about some of the other things he does with this team to, to help identify some of these areas for improvement as well. Yeah. And, and before you do that, so, so now that we've gone pretty far off the rabbit trail in a good way, on, um, how we think about automation, how we approach it, um, how we pursue, what do we automate versus what do we not symptoms root cause. I want you to talk a little bit about what you built, Michael. Go brag on yourself.

I know most people don't, but I put a link in, um, LinkedIn, so, or hear from LinkedIn so people can see what you built. But talk to us about what you did, how you did it, and the outcomes of your automation in this use case. Sure. Yeah. So let me, I mean, lemme give some context first. So one aspect of our security offering is managed phishing, right? So like many service providers, we train users, give them security awareness training on how to spot and report phishing emails.

Um, and we found this to be wildly successful. And before we knew it, you know, everyone was slamming that Phish report button and we're seeing hundreds upon hundreds of Phish submissions. Um, so as a soc, you know, we wanna review and investigate each one. And reviewing phishing emails is time consuming and tedious. And it ultimately keeps our very talented folks from focusing on more interesting security problems and security strategy, right?

So, like I was saying earlier, it's such high volume that if we automate a way, even a minute or two of that investigation, then it compounds into, you know, you're doing this a thousand times a month, that's huge cost savings. Um, so, alright, so, uh, someone reports a phishing email and an analyst gives a disposition. They say, yep, that's evil. Uh, we don't want to stop there.

We analyze the URLs, we look at the domains and the attachments, and we use, um, like our EDR or our sim to see if any people have clicked on that malicious link, if they've entered credentials. Uh, ultimately trying to answer the questions of who else got it, have the baddies logged into the accounts already, et cetera.

So for every single one of these reports, analysts are grabbing the URLs, they're plugging it into our EDR tool, and then they're hitting search to comb through web history and DNS logs. So we took that repeatable, tedious action and we automated it away entirely with roost. So every time an email comes in, our workflow grabs the URLs from the ticket, plugs them into our EDR, and then reports back directly in line in the ticket, a list of all users and computers that visited those links.

So by the time an analyst gets to a ticket, they can immediately start that instant response process. I love this. So, and this rings back to my old school banking, like threat intel days of very similar processes that we would build into, um, you know, maybe like, like, uh, regression analysis against threat intel. When we get a new thing that comes in from a feed and we wanna go look in the MTA and see if we have signs of it.

If we do, uh, then, then maybe it requires human analyst interaction or maybe we just, if it's high confidence, we just go in and pull it out of inboxes already. Like just one example of many. But I love that. And one thing I think you said in there, and I don't wanna put words in your mouth, Michael, so I want you to, to to to, you were explaining the process before you automated.

So do you guys, did you already have that workflow, like that process tree built out of we do this, we do this, we do this, yeah, we do this. And if so, so you did, so does, does it help to be able to see the process, we have documented security processes, did that help in your automation journey to say, wow, we could automate this right here, we could automate this right here. Is that, does that, was that, is that helpful? Yeah, abs absolutely.

I mean, yeah, one, one of the things that I kind of built out when I started here was all of these processes and procedures, right? And as we're going through them we're, you know, taking lessons learned and we're, we're refining them and phishing being so high volume is probably one of our most refined processes, right? We do it so much. We've gotten pretty good at it.

Um, and so we have written out in extreme detail, like every step you can take and where it can branch out, you know, depending on what you see. Um, and having that written out, you know, when I got my hands on roost, I was like, oh, let me just take this. Okay, let's substitute in some API calls here. And then I was able to come to the roost team and give them a really clear use case already built out because I had that, that skeleton, that framework.

So Tim, that makes me think of a, a question for you. Do you feel like most MSPs are at that level of maturity that James, um, uh, Michael just described of like, we're actually documenting and we have workflows built out of all of like the, the processes we go through in security? Do, do most MSPs do that? Because I think if they don't, that's probably a big starting point before you really start exploring like security automation, don't you think? Yeah, it absolutely is.

And, uh, I couldn't tell you if most MSPs are doing, I can say that, uh, the out of the ones that we talked to, um, the ones who are jumping to success quicker are the ones who have a lot of these processes built. Um, because, you know, if you go back to the cyber defense matrix, we're talking, uh, you know, people process technology, um, and you can't effectively use your technology or even your people without building those processes, you know, to do so.

And I think it's, it's a really big, uh, prerequisite to, to, to have, uh, that efficiency by building out those processes. Um, I think some of our people, you know, the, the MSPs that I talk to on a regular basis, some do, some don't. Um, the ones who are engaging with us, uh, that are seeing the value, uh, a lot of them are, you know, and they're coming to us with these things and we're just trying to identify, hey, what's the, what's the low hanging fruit here?

What's the first thing we can build to save us some time? And then we'll use that time to build something else. Okay, that's good. So, uh, Matt Collier in chat is being, um, he was a good friend of mine, uh, just being super honest there, and I'm, maybe that was the poll question you put up Andrew, no one, but I'm just curious if we could add a third poll question, Andrew, of like, has our MSP fully documented, um, all like process workflows for our security processes?

There's probably a better way to say that, but I do think that's a prerequisite to being, to being successful in automation. And I loved how Michael, you just sort of like built that into what you said, and I jumped into that. Like that's probably that's why you guys were successful in that, because you already knew what you were automating. Yeah, Yeah. We, Michael, we take Michael's documentation, right? And where we can, um, we're ConnectWise shop, right?

When we identify that type subtype and item, we automatically just publish a link and an internal note to the document, like, here's the process you follow for this, you know, for this type of ticket, if it meets the, you know, the criteria there. So now the next step is, alright, we've automated this half of it, now here's what you got left to do. Okay. Yeah, that's good. So, uh, James, your turn for a question. I know that CPI has some larger clients that you guys work with.

Um, so talk to me about, you know, some of those like 500 users and larger firms that you work with, no doubt. They have a lot of turnover, they have a lot of higher fire, you know, all that kind of stuff. So onboarding is, I hear from MSPs constantly how much of a burden onboarding and offboarding is, and I know in this post SOC two world, I shouldn't even call it post, we're still in the middle of this. Usually the deficiencies you see are all around onboarding and offboarding.

We found this particular user was terminated on this date, but their VPN credentials were still enabled. It's like, oh man, it's nonstop. Talk to us about your views on automation for onboarding and offboarding. Have you seen success with this? Give us your thoughts. Sure. Yeah. So we, I mean, we've been doing this for a while, you know, a couple years, not, I mean, short term, short term as far as user onboarding, but it was, uh, we did started in power automate, right?

This is before Bruce, Bruce stays two, three years ago. And, you know, clearly it's become evident that I, I don't wanna be in the business of, uh, you know, building out those tools, maintaining integrations, you know, the, the guy I'll, I'll gladly leave that to the, the roos guys to build the platform.

Um, but yeah, we, I mean, we got a, a new, a newer customer, and when I was bringing them on board, it's like I knew that the success or failure of this client was going to be, can we automate onboarding? I knew we could do it in power automate. I knew we could, you know, I could, I knew we could build it internally. This was like, uh, December timeframe.

And I started, I think talking to Tim and, and, and Aaron, and, uh, it was clear, I mean, this customer alone, I think we will do 700 hires and terms this month, this month. So, um, you know, and, and this is where, you know, building a partnership with a, a customer, right? They, they're a very fast growing company and they, they're kind of staffing, so, right? They're, they have high churn no matter what.

We, a couple of our mid-market customers are in retail staffing, both tremendously high turnover rates. And so, um, you know, this wasn't just us, Hey, how can we automate? I mean, they, they bought into it too, right? They have third party consultants figuring out how to automate their processes internally. Uh, we're involved as a stakeholder. They have other business stakeholders and you know, they're investing in this because it's part of their business.

And, and, and now we're clearly seen as part of that team, right? We're part of the strategy on how, how do we get these users onboarded quickly, um, consistently, uh, there's, there's a lot of hardware fulfillments in this. So it's certainly, you know, as you move more, I I guess mid, mid market, it's just gonna be a requirement to consistently be able to deliver the service. Um, you know, it's, uh, the more you can automate, obviously that's, that's why we're here.

That, that everyone ends up happier as long as it's well thought out, documented. Um, certainly it doesn't just stop at the roos level, right?

Um, when you got, when you're leveraging things like autopilot and Intune, uh, third party apps, you know, dynamically assigning users to the correct groups within an organization to provision other services and third party, you know, it's not just building Bruce, you gotta, you kind of under gotta understand the whole concept of what's happening in within this organization. But if you put in the time, then I think, uh, it yields great results. Yeah, it's well said.

Um, Tim, I think you had a couple questions you wanted to ask to Michael and James, right? Uh, yeah, sure did. Um, so Michael, I mean, we, uh, we talked a lot about how you, um, you, how you guys arrived to the journey of automation and, you know, how you're able to choose what's important for you to automate. Uh, how would you recommend another MSP who may not be as mature as you guys? How, how should they get started?

And, and Michael, before you answer that, 'cause it, Tim, I'm glad you asked that. Jason asked a question, it's pretty similar. So he says, what do you recommend to start an RPA that doesn't cost thousands of dollars or lose, you know, losing our workflows after X number of months? Um, like, you know, maybe that, that, you know, crawl, walk, run, if that's applicable here, Michael, I don't know if it is, but I'd love your thoughts. Sure. Yeah.

So, I mean, I, I, like I was saying earlier, I, I started as an analyst, right? Triaging these alerts, doing instant response. So I saw firsthand where the pain points were, right? What I quickly got tired of doing, or I felt the urge to skip steps. Um, and so, you know, as my team grew, I solicited feedback from them, right? I, I try to keep a pretty open dialogue, um, with everybody. Um, and so we do things like instant response tabletops, um, with back doors and breaches. Nice.

John Will be very pleased to, to know that. So, so once a month we meet up and we do these, these instant response tabletops, and they highlight gaps in our process, right? Um, you know, we're asking questions, we're going through a scenario. Um, maybe it's based on a real scenario that happened. Um, and we find, okay, like usually in the jokes that people make, you can see, you know, where they're struggling on things.

Um, so if they make a joke about, oh, like I had to spend X amount of time doing this, like, okay, let's drill down into that, right? So listen to your people, um, and solicit that feedback. Uh, look at your, I mean, you should be collecting metrics, right? Like time to resolution or remediation cycle times, how long you're spending in each phase of the investigation process. Um, and look at where you're spending the most amount of time, right?

And then, like I was saying earlier, use that as a guide to prioritize that feedback. Usually if you ask some, you know, seasoned CIS admin or something, they have a, a notebook or like a, you know, a OneNote file with all these ideas, all these to-dos, right? In their backlog of, of things they, they'd love to automate. Um, I mean, I know I personally have one that's extremely long. Um, and so leverage that, right?

Like, they've already thought about this a lot, and it's just there's something in their day to day that's preventing them from, from taking action on it, right? Um, and so leverage that, right? Ask, ask people, uh, in your, in your organization what they think, and then use the data to, to guide your priorities. Yeah. Keith just made a great point that, you know, processes is often culture in an organization. Um, how are you guys building that within your org?

Uh, I think it's, you guys are probably rare in that you're, you're process heavy and, and you've got people contributing to that culture. Well, I mean, I can, I can only speak from where I sit, you know, I, I try to, we have very talented individuals on the, on the team, and I just try to enable them, right? I hear what they say, I hear what they're working on, how, and I, the question is, how can I make it easier for you? How can I make it better for you? Does it happen every time? No.

I mean, right there, there is certainly restraints, but you know, it's, it's, it's continuing to enable them, continuing to reiterate, yeah. You know, that we need to have, you know, the basic processes down so we can, we can be consistent in our delivery. Um, you know, for me with Bruce, I, I think what we've been focused on is really kind of four things, right?

Can we improve our SLAs by, you know, reducing the time it takes, we put in into tickets and obvious, certainly we can, and I think every, you know, everyone on the team's on board with that. Uh, certainly, you know, from the business side, can we reduce labor costs, right? If we can, if we can, you know, not have to hire so many people, because we got, we take the smart people what they know, and we automate that and feed information to everyone.

You know, I don't wanna minimize improving ticket documentation, right? Nice thing about roost is every step that happens, right? It gets put in the ticket. I wish I could say that for every manual ticket that the information, real time, I know what's happened within this ticket. Um, certainly we're building on the air handling side of things, right? When something doesn't happen correctly, what are we updating that ticket with? How do we pass it off to you?

Human intervention, and I don't wanna minimize, you know, kind of Michael's already hit on it. Quality of life, the tasks that we're automating, I can assure you no one on the desk or in the soccer in the knock wants to continue to do so. It's just a bonus quality of life, right? So I think, I think everyone on the team is behind those basic principles.

So the motivation is let's get our ducks in a row, document the things we need to document so that we can, we can continue to take the stuff off your plate that you don't want to do, uh, that we can improve our service quality, have less, you know, customer interactions that might be negative. So it's all going towards that same common goal. And so I think that's why people get on board. Hey, Wes, can I, can I throw out something to maybe to Michael real quick? Mm-Hmm.

Um, Michael, um, Sunil, you references, um, I forget the author, but you can Google it. The ironies of automation. Now granted this, I think this study is, is 20 plus years old, it could, you know, type of thing did that basically says, Hey, the more we automate, the more actually we ha we need to labor to to, to do it. Did are, do you think we're beyond that? Like, are you, do, do you ever see something we you automate and go, wow, that just created a lot more work for us?

Well, the idea is to, to take work away, right? Right. I mean sure. Take away the repeatable work. Um, the whole thing that I really like about this is that it frees up our analysts to do way more interesting work or, or really work that they're better at, right? Like a lot of this stuff that's being done in SOX around the world is, you know, they're, they're querying stuff.

They're looking up stuff, uh, a lot of which you can, you can pull that and, and give that in the alert that they receive, right? And so they can start to do, uh, they can start to make decisions, right? So like analysts are really good at, at making decisions based on experience. Um, if there's some data that they need to make that decision, just give it to them, right? Um, so I think that as a bonus, it keeps our analysts sane, right? And it, and it keeps them from burning out.

And, you know, that, that is such a hot topic, right? In SOX is is alert fatigue, um, right, right, right. So if you can keep your analysts and your clients sane, well then they're gonna be doing more interesting work. They're going to be doing that more proactive stuff, right? Um, and, and ultimately finding stuff that they wouldn't normally find. So I don't know that I agree with that, that it would create more work necessarily, just different kinds of work. Right. More interesting. Yeah.

Yeah. And again, that, that study is old, older, but, um, Sunil references it a lot and I'd love to get his, it'd be great if he was just, you could snap him on in here and, you know, see examples. But, uh, Wes back, back over to you. Yeah, We, we need a, we need a Sunil as a service. You just snap and he shows up and answers that question you have for him here and there. I'd, I'd subscribe to that.

Uh, but I do think, I mean, what you just said was right in the sense of like, the whole business model VMSP is based upon, I can do all, I can do it for all of you much cheaper than you can do it on your own, because I'm gonna focus on 'em, build automations to make that happen. And so we're always pursuing this, and I think this is sort of like that, that big next step. Um, so there's some chat that you know, around folks like Jason asking, you know, how do I, how do I go down this journey?

You know, is there something better than, you know, my own lack of ability to do things manual and power automate that I don't want to touch, you know, obviously Roost is here. Um, you even have awesome platforms like what Kelvin is building, right? With CIPP. In fact, let me pop that in here in case anyone's not seen this. There's Kelvin, there's CIPP by Kelvin and team take a look at that. That's awesome.

So I guess, James, you know, my question for you is there's, there's, or actually maybe Tim, you're probably better for this question, I don't know. But, uh, there's a lot of, again, market confusion around, do each of these things compete with each other? Do I need all of them? How do I know what to explore and use for the right business use cases? How do you think through that being a former MSP and now aussi? Yeah, I mean, I don't feel like they compete at all.

Uh, SIP is a, is a platform for, uh, doing a lot of administrative tasks, you know, so, um, getting a view of what's happening in your environment, you know, giving you a dashboard, giving you, uh, buttons to push to make things happen. Uh, roost is more of a hands-off application. So when, when roost is successful, you don't see it. Uh, so that's kind of the difference there. Now, uh, can we do some of the same things? Sure.

Because we're, we're hitting the same APIs, but the, a lot of times the, the reasons why we're hitting or roost is, is hitting an API is a different reason than why SIP is hitting an API. Uh, and you know, there's a lot of, uh, opportunity for integration between the two platforms as well, and we're working on some of that too. So, you know, we're huge fans. Uh, we've got, you know, people who are contributing to both, and it's, uh, it's been great.

And we would have Kelvin on, except he's working on his world famous ki right now and, uh, in, in his kitchen. But, uh, but yeah, no, Kelvin's stuff is awesome. Um, uh, but, uh, Wes, um, sorry. So I, I just had to get that in there. Kelvin. I, I wanted to get him on. He's like, I'm cooking. Oh, Yeah, no, I mean, that, that's helpful. Um, so I think you really do have to explore that. That's right. Keith, real man do eat kih. Yeah. Let no one ever, uh, dissuade you from that.

Uh, but I think that's wise, and I think it's important to understand what I'm trying to solve for from the use case first, and then I can find the right tools to fit. I don't use a screwdriver to go, you know, use what I should use a hammer for. So I, I think that's valuable, right? Each tool has their own use cases. Um, but what about the MSP Tim? Like what prerequisites do you need as an MSP? If you say, I'm going down this route, we're gonna do some amazing things.

R pa is the future for us. What prerequisites do, do an, does an MSP need to have to be successful? Do they have to like, know Python? Do they, do they, do they have to like, know everything about like, you know, swagger and APIs and stuff like that? Or, or what, what are the prerequisites here? Nope. 'cause I don't know any of those things. Uh, I mean, I understand the concepts, you know, I can, I understand arrest. I, I can live in those things.

But, uh, really when we build roost, uh, or when we went down the, the road of, of building roost, 'cause I feel like we're still building and we always will be. Um, our goal is to, um, give people the power of automation without them necessarily being automation experts or API experts or programming guys. Uh, so we, um, we help people along the way. We'll build, uh, automations for people.

Uh, we're, we have a marketplace as well, uh, that allows us to take automations either that we've built or another MSP is built and put them out there to be installed, uh, by other, uh, MSPs who want to use the platform. So you're able to get the, the power and the benefits without necessarily being one of those builders. Uh, Yeah. Okay. Yeah, that's good. And I hear, I saw, um, Slagel put something in around Jinja. Yeah. I hadn't heard of Jinja until, uh, until the roost, but Yeah.

Can you explain that a little? Yeah. So J um, so when we talk RPA, a lot of, another word for these platforms is, uh, low code, no code development. Uh, so as implied, uh, not everything is no code. However, we are actively making, uh, improvements to minimize the amount of code possible. So, uh, our programming language that we've chosen for, uh, for whenever you do need to write some code is Jinja, which is a Python derivative.

Uh, you'll see this in things like, uh, I think Drupal uses it, uh, and a few other platforms. Uh, however, uh, we're taking a lot of those, uh, data transformations that people would typically need to do in something like Jinja and putting those into, uh, built in actions. So the, the, the low code is diminishing, the, the no code is increasing.

Wes, can I just post real quick, Tim, I'm gonna let you do a shameless plug here because a lot of the questions like Jay Scott just asked, you know, what's the value you know, what value can you provide to people who don't have, you know, the expertise you're sharing are, and, and are there templates? Are there things where people can, you know, log in, explain what the the Rock is?

Um, maybe just take two minutes so that we can, I wanna make sure we answer these questions, but, uh, I, I, it could be, you know, again, if I'm an M MSP that doesn't have Michael's chops, I'm sitting there going, this could be intimidating. Um, how are you guys helping with that intimidation factor if you'll, Yeah. So we, we knew from the beginning that we're not gonna be successful if all we do is create a platform and throw people at it.

Um, even if we have every feature in the box, even if there's no coding skills necessary there, there's still nuances of everything that we work in. You know, every API that we talk to is different. We're talking, you know, to things like ConnectWise and Kaseya and, you know, all the MS P tools and the 365 tools and, uh, firewall, a ps, all these different things. And, and they all work differently.

Uh, so, uh, we decided very early on that we're, you know, gonna have a platform that includes people that are here to help, uh, the MSPs get value from it. And we do that by, you know, basically doing as much as you need us to do to make sure that you're successful with an automation. Uh, so, you know, to, to Scott's point, what, what can we provide to people who do have that expertise?

Well, we help, you know, so we have, uh, you know, the live chat we have, we can jump on calls with you, we can, uh, help you guide yourself towards success, uh, because we understand that every system, every application is going to behave differently. And, and we've, you know, we can see things and, and we've, we've done things that, you know, may be similar to what you're trying to do that we can help you with. Yeah.

Uh, if you don't have the expertise, then come to us with your ideas, with your processes and say, Hey, here, here's my process. Uh, can you guys help me automate this? Or which pieces of this can we automate if we can't do the whole thing? 'cause, you know, we understand that, um, you know, someone's in a soc it's because they're smart.

Um, it's not because their job can be automated away, but if we can make their job a lot more fun by providing them visibility at their fingertips, you know, uh, whenever some event happens, or if they're trying to research what's going on with the user, then we've made their job more fun and we've, uh, made them more efficient, and then they can work on harder problems. So, so to sum it up real quick, I'll let you go in a second, James.

So to sum it up real quick, if, if you, if you're like, Scott, sorry to not be clear on your question. So if you, if you're mature, you got people like Michael, people like Scott, it's like, go ahead, create your stuff. We can validate, qa, it, whatever with our team. If you don't have those skill sets, we have a team that can help build and create, so we can meet you where you are. Yeah. I, I just created that term. No one's ever said that.

No one's ever said, James, I was just, I was just gonna validate everything they're saying, right? Um, the culture is, you know, the culture is what you would expect with Aaron. And in the early days of Perch, right? You got the, the Slack channel, you're in there asking questions, they're replying back error might be doing it itself. And so it's very collaborative. Uh, they're, they've been absolute help.

And even on the early days, you know, when we started working with 'em, like, I don't even, I don't even know if they had a model to buy, but it was kind of like, do it yourself. Uh, we'll troubleshoot and monitor for some failures there were, we'll build it for you. So, uh, very much I can, I can attest to their, uh, willingness to jump in and help and yeah, great group of guys. Thanks. I, I like the, I mean, the transparency, I guess just the culture that Aaron has built there.

Just the fact there's a, I mean, what company has a weekly call with all of their clients where they solicit honest feedback, right? Like, we'll bring something up one week and then you'll see that it's fixed the next week. Like, it's very, very rapid response and development, and it, it's kind of like having a, a whole dev team in your, in your back pocket. Um, That's well said. Yeah.

This, this could ruin our chances though of upvoting things that we want to prioritize, because collectively A CPI, we want something we post internally and we just get like 10, 10, 11, 12 up uploads right away to try and drive it trending. Cool. Very cool. Well, um, Wes, anything, we got like 30 seconds or so left here. Yeah, Kind of around. Let's finish on this.

I mean, I have an endless list of additional questions I'd love to ask you guys, but, um, I think some big takeaways I think, exist here are, uh, we recognize this is the future. We've got to go down this, this, this journey of we're not gonna have less SaaS apps. We're not gonna have less data flow, we're not gonna have less platforms helping and doing things, and we're certainly not gonna have clients reduce this either, right?

I remember three or four years ago at IT Nation Connect, I heard MSPs being like, man, I have so much stuff. I wanna slim that down, slim that down. I'm like, good luck doing that. It's only gonna get worse. And so, s need for automation is, is critical. Whether it's in security, it's in IT automation, it's in business efficiency, whatever those, those categories are.

And so maybe your starting point is really to think through, um, let's document what we're doing first and let's really understand our processes and our flows, and then we can begin to intelligently find solutions to these things. Going way back to what Kelvin said at the beginning of, let's find problems to, um, root causes and not symptoms. So this has been a great call, Andrew. I think I've learned a lot around all this, and I love, um, what SIP is doing. I love what Roost is doing.

Um, and, and I'm really excited for this being the future for MSPs. Yeah. Really, really cool. I, and I love our community, man. The, the chat, um, out there is just is awesome. I love your guys' support and support of each other. Um, James, uh, so good to see you. I'm so, uh, happy for all your success over the years at CPI. You guys have done incredible, uh, things and, you know, grown that organization tremendously. Michael, it's great to meet you for the first time.

And, um, really, really impressive what you're doing there, Tim, longtime friend of the community. Um, really cool to see, um, what you're doing on the vendor side. And, and it's, uh, obviously, you know so much on the MSP side of, of spending all that time in there. So, uh, really appreciate all three of you coming on and, and talking about this trend in the industry. Really grateful. Um, Wes, always great to have you on my friend. You got it. Alright everybody, how about fantastic Week.

We'll look forward to seeing you soon next week. Take care.

Related Videos