Skip to main content
Right of Boom
September 5, 2025

The CyberCall – The New Role of the CFO in Cybersecurity

Guests

Andrew Morgan

Video Transcript

All right, welcome. And we're back at another Monday here on the cyber call, and I think we have a really, uh, important cyber call today in that, you know, for a long time, um, you know, Brian Blakely, uh, has been on and Gary Pika talking about, you know, the language of the business. And so, um, I wanna start to dedicate some of the cyber calls to bringing people on that are actually in the buyer seat, have had that role.

Um, and so that you can hear it directly from, from them and what they hear, what resonates to them as business executives and what doesn't. Um, because we can't help a customer, or we can't help a prospect if we can't sell them. That's the reality. So that's one of the most important things. Sorry for the dings. Let me just turn off my, forgot to silence my, uh, my owl, my apple stuff. All right. So there we go. That's all set there. Um, as always, um, this is now in podcasts.

We'll do some intros shortly. Um, one of the, uh, really cool things about it is like last week, Brian, the one with Kelvin, uh, that you were on that between the video cyber call and the podcast, we were right around a thousand or so views. And so, yeah, so it's really starting to, you know, get a lot of, uh, momentum back again.

Um, and, and it's really cool to see, you know, we always had this, you know, big, uh, group that, uh, was in, um, crowd cast, but then we've had to switch multiple platforms and, and so we're, we're retaking uh, taking that momentum. So that's exciting. Alright. Um, just a, a quick banter I like to start off with this week. Um, Eric, you know, you and I talking, I've talked to, uh, some breach attorneys, um, some companies in the MDR space, um, about what's going on with Sowa.

Um, and so what, what, what kind of was an article came out about a week ago, someone's got back, back, we're getting a little feedback. Is anybody hearing that or is it me? But, um, yeah, maybe just, you can mute whoever try that out.

But anyway, an article came out about a, about a week ago from, oh, I think it was bleeping or one of the, those types of, not of, of organizations media, and said that, um, between, uh, Arctic wool huntress, et cetera, that there was this proliferation, they mentioned Akira and, and maybe another ransomware group, but there, there was this proliferation, Brian of, of new, you know, attacks and that potentially there was a zero day that, you know, was, you know, out there again around the Sowa, S-S-L-V-P-N.

Um, SonicWall, uh, has come out and said, not absolutely not. There is no additional zero day. Um, and yet, you know, Eric, in talking to you, and I don't wanna put words in your mouth, you've been pretty busy with this. Can, can you, just from your standpoint, and you're not, you're on the business side of attorney, so maybe kind of set the stage there.

You're not a breach attorney, but I did have conversations and we're gonna have on next week, who is, who's dealing with, I think, north of 20 of these personally right now. But, you know, talk to us about why are you dealing with this and what are you seeing? Yeah, and I can't speak to whether it's a, a zero day or not, but, um, I can tell you that I have more of my clients dealing with this issue, um, than any other issue post Kaseya.

Um, and, you know, not that I represent a tremendous number of MSPs, but I represent a lot of MSPs. And to have multiple of my clients dealing with the same issue, um, including some that tell me it's, it's post patch, um, I think is, uh, is, is definitely peculiar and, and would lead one to believe that, that, that maybe the scales are tipping toward a, a zero day instead of something else. Yeah.

Brian, from a, from a CISO perspective or vcso perspective, how do you, you know, any advice on, you know, like, you know, we, we've been talking about, like, and you've talked about this is more of a, you know, a technology that needs to be deprecated. Corey Clark came out with a great article.

He, his company was bought by SonicWall, but he came out, you know, solutions Grant came out a great article saying, you know, Hey, look, for years I've been talking about deprecating and making sure you have all the necessary patching MFAs and things, you know, all the necessary, uh, defense in depth around V-P-S-S-L-V-P-N. So, so on one hand we have, this is a technology that should be deprecated in my opinion.

Um, on another hand, what would your thoughts be when, as Eric says it, it would seem that between the different attorneys I'm talking to, the different MDR companies I'm talking to, it would appear that this is more than just nothing to see here. Is it, you know, shut down F-S-L-V-P-N if you're using this. What, what are your thoughts?

The, The nothing to see here, and we talked about Ingram a few, few weeks ago too, is that we're, we're not getting the transparency we need to be able to react and do what we need to do. And the nothing to see here always reminds me of the original naked gun with Leslie Nielsen when he's standing in front of a fireworks factory and it's going off and blowing up and there's all kinds of stuff, and he is like, nothing to see here, folks move away. And, you know, that kind of thing.

There's a lot to see. I just don't think we're getting the whole message. But to your point, the bigger problem here is, is, is deprecating some of these older technologies and SS S-S-L-V-P-N and some of these others, I really think if you're not looking at zero trust, beyond the buzzword of zero trust, actually putting in the defense in depth and zero trust principles, sassy types of solution, right?

The, the, the, the perimeter is end users fingertips now, and we need to have, have better things in place. Fortinets dip deprecated S-S-L-V-P-N on a lot of their appliances, enforcing zero trust or IPSec type of tunnels for whatever reason. But the bottom line is, is, is, uh, I'm not sure how much we can rely on a lot of these vendors, and it erodes trust when, when these vendors can't produce, even if it's forthright and transparent.

Eric, I know you on the attorney, there's this balance you have to strike between transparency and, and at the same time, you know, not giving away too much and protecting your stuff yourself, but at the same time, MSPs rely on our vendors to produce, uh, you know, transparent information so we know what's going on with the root cause, how it's being dressed, what to do, and it just feels like some high level maybe overlawyered lip service sometimes that we get instead of something that we can, we can actually react to and protect our clients and ourselves.

Yeah. Yeah. Well said Brian. Um, so next week, um, we'll have Spencer, we will have, uh, who, who's a breach Attor, a breach attorney for McDonald Hopkins. We will have on Chris Laer, um, who we've had on multiple times to kind of walk through, uh, again, not, Hey, let's beat up on a vendor. This is more so comms strategies as a breach attorney, what should you be doing? What should you be, how should you be working with your clients?

Because when you know whether, we'll, we will find out eventually whether this is another zero day or not, but in the meantime, if you're an MSP dealing with multiple customers that has, you know, this issue, um, you know, w we, we will, we'll get strategies for you. Um, and again, I'm not sure who on our panel has got the feedback, but if you could check what's going on there, I'd appreciate, I'm not hearing feedback. Is anyone else hearing feedback?

Um, I was, anyway, maybe it's just, maybe it's just me, Eric, maybe it's my head and my, let, let's get on into it. Um, alright, so this week we are talking about how to sell, uh, or get into the mind of the CFO, right? And, um, you know, one of the ones, um, that I think is, you know, so probably undertake, you know, uh, underserved, right? As far as thinking about this from an MSP's perspective.

Um, Jason, um, who I'm gonna introduce momentarily spent, you know, better part of two decades, not in our space, but as a corporate controller, um, as a CFO, and, you know, working with governance IT security, and you as the MSP selling to sell him. Um, so getting into his mind and understanding how he thinks, what matters, what doesn't matter, um, I think is a, is is really important.

So, um, here, when setting, uh, the stage, I'm gonna just talk about the real decision often comes from the person that you may not be thinking about. The person that you might think is, um, yeah, just the guy or gal that, um, although they have the checkbook, um, you know, we don't nearly need to involve that person. And, and I think this call is going to make you think a lot differently about how to involve this person, when to do it.

And, um, so let's get on into it As far as intros go, uh, let me start off with our guest and then we'll go around the horn and, and, and I'll hand it right over to Eric to kick the questions off. So, Jason, welcome. It's great to have you with us for our first time. If you could tell us a little about yourself, what you do there at Info Systems, and I'll go over to Brian and and on. Yeah. Thank you. And Andrew, thank you so much for the invite.

You know, uh, you and I met, I guess this early this year, right? A boom 2025, and had some great discussions with that, which I think kicked off a lot of this and, and event, that event opened my mind to a lot of things as well. But of course, I'm the CFO from IT for Info Systems. And, um, we are growing MSP, we started out, this company started in nineties as a var. So we do two sides of, we are do value added reselling, and we also do, um, obviously MSP.

So, you know, the key thing that you just remember with the CFO is they do hold the purse strings, right? And I've built my career through different, um, organizations where you can think of finance and operations. Uh, like in the restaurant space I was in, they were, oh, you're just the guy that doesn't give me the money I need to operate my business. And, you know, you just withhold money and you gimme a budget I can't attain, et cetera. Well, think about that as your clients.

You're gonna, there's, there's that friction between maybe a CFO and a technical person. They're trying to get money for the stuff that you're telling them you need, and they're trying to get that approved. But the finance guy is saying, no, I don't see the value in it. They're speaking in different languages, I think Russian and English, right?

It's like you're speaking around the same topics and it's important to CFO, but they don't see the value, so they may not approve what you're bringing to 'em. So how do you educate the technical people if you don't have a seat at the table to the CFO to go upstream and show the value you're, you're bringing, I think that's where you're getting to Andrew. And so that brings down that friction. Then that person becomes a hero with them, and they can get what they need.

It helps protect the company. We all win, that must peak gets a sale. So I think that's the big thing that, the big picture I want to take a load with is like, Hey, we're all talking around the same thing, but how do we bridge that gap in communication? Yeah. But I really appreciate this opportunity. I'm excited about it. I hope it do you justice.

Um, you know, you guys speaking about the Sonic Law stuff, I hear stuff I under things and man, you guys are speaking Greek to me with the, the jargon and all that kind of stuff. I know it's important, but man, getting it upstream to me is just a little bit different level. But I appreciate it. 'cause I know it's needed. Yeah.

Well, I, I'm glad you said that last part because that's one of the things that I think is really important that everybody takes away from this call, that, you know, we're all sitting here saying, this is wildly important. And you're sitting there going, yeah, but I don't get it. So let's, let's keep that out there. Um, Brian, real quick intro from you. Thanks again for being a co-host. Yeah. Excited to be here and welcome Jason.

Yeah, Brian Blakely, chief Risk Officer, and I lead the professional division at Compliance Scorecard and help, uh, MSPs and their clients down, uh, compliance journeys, iso, SOC two, CMMC, that kind of thing. Excited to be here. Thanks, Andrew. Yeah. Well, Phil, Phil, Phil, it's good to have you back. Thanks. Thanks as always, miss. Always good to be here. Yeah, absolutely. And, uh, Eric, intro and I'll let you take off, uh, kick off the questions to Jason. Yeah, thank you.

So just quick intro, uh, Eric Tills, I am a, uh, former MMSP owner and, uh, current MSP attorney, um, helping MSP with their, uh, their commercial contracting and legal needs. Um, so Jason, thank you for, uh, for being here. And Andrew, thanks for having all of us here. Um, and I think in your, in your intro, Jason, you mentioned English, Russian, and Greek, um, that, that kind of sense to say, And I'm not C3 po, I don't understand, I don't speak all those.

So, so that's, that's the stage for, you know, MSPs and, and frankly, lawyers too are notorious for speaking in languages that our prospects can't quite relate to. And even though you have threats and breaches and things like that in the news every day, can you tell us what, what really resonates with business executives, particularly business finance executives, and what, what is it that misses the mark? Sure. Yeah.

I think most executives connect with discussions that tie the technology and security and measurable business outcomes such as, you know, revenue growth, cost efficiency, regulatory compliance, brand reputation. All that is kind of tied to that, you know, and how you kind of get their attention is, you talked about grouping in kind of a, a few categories here. You know, you want to lead with business outcomes, not technical features, right?

I don't need the technical features, you know, I don't need what's going on. I just, how are you affecting each one of those things I just missed mentioned, translated to risk, like downtime or compliance gaps measured in financial terms, how that's kind of what I'm concerning to what's the big picture with it?

Um, quantifying the impact in dollars, if you can do that, you know, if you can quantify what it means, you know, if it'd be measured, 'cause then it's measured and it's dollars, I can rank it and prioritize it, you know, and then make it something that is a need, maybe potential in the, in the business. Align it to our strategy, right? Show how your solution support the company's specific growth or market and penetration strategies that they have.

Customer goal was risk admitted, excuse me, risk mitigation strategy can be a strategy as well. You know, it doesn't always have to be about growth. It can be mitigating some risk that's out there that we're trying to protect. So that's part of, so aligned to the strategy of the company. And then the last thing I think is important too, is build trust through evidence, right? Just, just, I, I'm, I'm going be cautious.

Most CFOs will be like, yeah, just because you tell me doesn't mean that you can do it, right? So kind of show me, you know, the, the Jerry McGuire help me help you, you know, type of thing. You know, show them with this evidence, you know, um, that could be independent audits, proven processes, you, uh, real world success stories. If you have people I think vouch for you, that'll help.

You know, when you talk about missing mark, go back to it's just like, don't share the how, I don't care how I don't care. How about vulnerabilities and threats and things? I don't, I mean, I do what I don't, you know, it's focus on the what, you know, what can happen if I do this or don't do this. And the why, you know, that really gets it to that next level to really help really get it to how it impacts the business. Yeah. That's awesome. Thank you.

And as a CFO, and, and, and particularly think back to your, your pre M-S-P-C-F-O days, you mentioned, um, seeing things as any, as something other than just a cost. So what is it that makes you see an investment in security or, or an investment in IT in general as an enabler of growth instead of just a cost? We know there's a cost to it, right? But what, what, how, how much, how do you look at that? Yeah, that's a good question.

I mean, here's the thing that, you know, I was reading the other day about at Gartner said, forget what CFOs think necessarily. So this is a Gartner study, so this is gonna be more higher level companies that have CFOs and big awards and all that kind of stuff. But they set a stat that 85% of CEOs now views cybersecurity is critical to business growth. So whether the FO that you're talking to sees it as a growth enabler or not, it really is. And that's what you have to educate them on.

And I'll spend a little time here, I think, to kind of paint the picture of where I came and where I am now. Um, I, you know, A CFO is basically a steward for the company resources, right? You know, I'll mitigate risk. And, uh, and you know, and as much as possible, that's the financial and fraud. I spend a lot of time there, you know, internal processes, controls that I do for fraud and stuff like that for, um, things I look at, brand reputation.

You know, I look at enterprise risk, operational risk. I am kind of more of an operational role here at this company as well. 'cause I have operational experience in my background, not technical operation, more the business operation. So that's something that CFOs can pull in as well. So just remember that, you know, and when, when cybersecurity's now directly tied to the enterprise value of the company, the brand reputation and operational continuity, it's becoming very important.

But I realize that now let's talk about where I was, right? Um, you know, I, I kind of looked at this as sunk cost. There's kind of a need to have, and I'll kind of tell an example, is what the company, and I, I think I was sharing this story with Andrew, um, there, if you guys ever heard of something called arc flash, basically it's where if you stick a screwdriver near an outlet, you know, it can arc to it and electrocute you. And that was an engineering company.

And we were trying to sell, we had this guy that could re-engineer the networking and the layout of your electrical, uh, grid and layout in the, in the, in this industrial space to where it could help reduce the risk of somebody being around breakers and arc happen to them and just basically kill them or hurt them severely. And man, we had, Trump was selling it. It was just like, until somebody got hurt or they see the value that way, or OSHA made 'em do it, they didn't see the value of it.

And that's kind of how I viewed cybersecurity. Yeah. People are talking about it. Hey, my head's in the sand, it ain't gonna happen to me. Right? It's just, it's, it's happened to everybody else. It's just not gonna happen to me. And so, you know, I is, look, I looked at it as a need to have not a growth enabler.

So, you know, and then about three to five years ago, I started hearing more, you know, that's when things started coming up in the market where I'd hear, you know, forums I'm in, or literature I'm reading in the CFO space, talking about, you know, ransomware and things that are happening. And I didn't understand it and what it meant and how it could impact me. But I, I'm like, okay, there's something here.

And, you know, doing insurance renewals, they're asking me about certain things that, you know, that, that I didn't know about with cybersecurity. Do you need cybersecurity insurance? Well, I don't know. Do I, you know, and they couldn't answer it. So an MS P could definitely come in and help, you know, with that review of HA answering insurance questionnaires, right? So I think that you have to some middle tier CFOs and lower company, they may not know yet.

So that's where you got to educate them if you're going into a higher level company, large company, or more of an enterprise. And they're probably gonna see the value a lot more. 'cause their board's talking about it, their CEO is talking about it, they may have a CISO or other people that are helping them with the risk mitigation. So it's bubbling up with them a lot more. But I think what hit the point home for me, and this is when a light bulb on was right? Boom.

This year when, what was his name? I think it was Brent Adamson, is that this keynote speaker that spoke, and it was talking about the, the larger the deal, the larger the company, the more stakeholders you have in it. And I'm like, man, that's so true. And I think, and I started thinking to myself, that's me. I mean, I believe as a CFO in most of the decisions, they're probably a key stakeholder. I asked Mr.

Adamson, I think offline, if he could help me understand where that was and the key stakeholders, what the CFO would be like in the top five or whatever. And he didn't wanna say it, rightfully so, I get it. But I think from my opinion, because of the purse string, I think it's very important. And Andrew, you talked about that purse string to where you can control if it's gonna be spent this year, spent next year, spent it all. So the education properly is properly.

And I know I'm, I'm, I'm speaking a lot. I'll get your question, Eric, but I wanna speak to it. This is, I think is very important for MSPs. 'cause I'm speaking from an CFO and an MSP and also A CFO on the other side. An equation that came to me a while back, it was called value equals experience over price. And I heard this in the restaurant space, and you'll kind of get this, when you look at two different restaurant chains.

You got Waffle House and Ruth Chris Steakhouse value is the experience over price. Well, you know, both of those brands, people are going so they're seeing value. But the experience you're getting at Ruth Chris is totally different than you gonna get a waffle house. Well, that's what you've gotta start speaking as is an MSP to the business leaders is like, what value do you bring?

If you're speaking only on technical stuff and you're not showing them how you're gonna impact their business, you're gonna stay at the more lower price level. You're not gonna show, you're not gonna level up to what the business needs are. If you can level up to what those business needs are, then you're gonna really help them make a decision. And we fight this at our current company, guys.

You know, when you're trying to get a deal and you're trying to get a sale, you just want somebody to pay for what you have. And you start getting negotiating down on price, really understand the value and spend the time educating yourself from your partners or your third party vendors that can help you to what the true business value is that you can bring to your clients and educate them through that.

Um, so I think that's a big key that you need to think about as you're leveling up the C-suite, CFO. You gotta show the value outside of the technical stuff that the IT people value, get it to the business outcome level, you know? And so what now I see it as a growth and competitive advantage. So let's talk about that. You know, clearly, you know, I, cybersecurity supports revenue continuity and a enables us to win and retain clients. It helps us meet requirements to enter a new market.

If I'm wanted to go to a new market and it's heavily regulated, I'm gonna need to know if our current, you know, things, our tool stacked that we have or our current system processes can go into that market and we can penetrate it well, and b, have a competitive advantage. You know, that's the last piece. Are you a competitive advantage example that helps, um, open doors for new contracts or compliance customers, uh, demand.

And if you're private equity play, so if you're looking at a company and you know, a company's getting ready to sell and there's a private equity play, cybersecurity is a top five area in PE firms behind, right? Behind financial and operation metrics. So it is very important people. So it's just, you gotta show it as a growth to show it as a growth enabler where you need to show that it's not only reduces risk, but it also creates upside opportunity.

And that's a long-winded answer, and I'm sorry I camped out of there, but I thought it was kind of important. Yeah, no, it's, it's really important. So, so as a CFO and, and you get a, a proposal that comes across your desk for an IT project, a security project, et cetera. What's the process that you go through to make sure that that proposed product or services aligns with the company's strategic goals and revenue goals? Hmm. Not to just the hand revenue goals or, and or both.

Are they like some, yeah, yeah. Lemme say, 'cause for me, the biggest thing for me is like, does this project, I mean, does this project protect or enable or grow, enable grow is what I'll say one of our revenue streams. If this is yes, you know, then the next question, but it becomes does it support a long-term strategy? And what I mean by that is it could support a current revenue stream, but what if I'm looking to shut that down or change it?

Because there's something in the market downstream that I'm seeing that we don't want to go there anymore. So it may support an existing revenue stream, but it may be then not in the long-term strategy, but if it supports a current revenue stream and it's in the long-term strategy, then that becomes very important, right? So, um, that's what I need to figure out is how you're going to help, you know, enable or grow that long term strategy. Yeah. Andrew, can I ask a, a follow up question?

Yeah, Jason. So I think that, that that's key and important and that's, that's gets to that point where the MSP knowing you and your business, one of the things you started off with, as you said, VAR transitioning to services. So in that example, I think, boy, Jason, I might ask you something about what's that mix, that's that revenue mix right now? 'cause you might be 90% VAR and 10% services, but you really want to grow the services area of the business.

You may have value, Hey, are you In my head right now? The percentages aren't there, but that's really what we're trying to do. Good job, Brian. Everybody has their switches from bar to services, right? And so, but I mean, you're looking at that revenue mix. So then, then translating some of the risks and opportunities might be something might be more valuable if you're growing your, trying to grow your services, which are more enterprise value.

If you have a risk in those areas, you'd probably be willing to invest more than you would in something to fix, uh, uh, you know, a risk or, or even enable the, the VAR side of the business as an example. That's right. Absolutely. You're spot on. You know, and coming outta the example for the lines of strategy. Then, you know, the next thing I wanna ask is a is for a business case and all that means, guys, is a justification of why I should go with you.

And it's more than just the vulnerabilities and threats, it's the risk mitigation, growing a business, what it means. So, you know, in the business case to quantify the avoidance of loss, like risk reduction and or the potential gains, right? Is it gonna enable sales? Is it gonna increase productivity? Is it gonna, you know, you know, help confirm customer trust. You know, all these things go into the business case. There's different things.

Or is this, you know, it's a sunk cost for now, but it's gonna position us for a year from now to be where we want to go, right? That's, that's value to me, right? Is helping me get to where I want to go. There may not be an immediate return, is what I'm saying. Brian, can I, Eric, bear with, do you mind if I go behind it? Yeah, go ahead.

So Jason, you know, a lot of times you'll hear MSPs talk about, you know, you know, all our great customers and all our great processes, and this is how we do it. Mm-hmm. Do you really care? Does that, does that, do you care? Like, and and if not, or if so, what really is, what are you looking for in that sales processes as evidence? Is it they understand, you know, literally how I'm generating revenue, understanding how I'm gener, you know, need to mitigate risk.

You know, can you talk to us about, again, be don't be an M-S-P-C-F-O be be the previous CFO that mm-hmm. Again, MSPs are notorious for all our great accolades and resources and differentiation, but I'd really love to hear from like what's going through your comp, right? You're computing all this stuff, right? As a CFO, what matters? Yeah, it's a great question.

And where I kind of view it is in my side, is it an operational or technical process you're trying to validate and or financial, I can get really deep into financial controls and all that kind of stuff, but if it's operational or technical, I'm gonna lean on my technical team to validate that out because I may not understand it. Totally understand. And then obviously come to them to see, okay, how does this impact the overall business?

Is this something that's only gonna impact your area and only affect you, which may be important? It may what you need to do your area well. But then does it translate into more of a growth app or opportunity for the company, or does it impact the company if they can impact the total company or strategy? That seems to be a lot more important to me, obviously, than just affecting some particular business unit right now.

Not to say that that's not important to correct, but it may not be a priority for right now if we can deal without it, if that makes any sense. Because there's only limited resources, right? You only have limited funds and capital. So I'm constantly prioritizing that to what is the biggest bank for the buck, basically. Well, let's, let's dumb it down as something as simple as MFA for a second, Jason. Mm.

Pretend again, you didn't real understand what multifactor was, but it is something that has to be systemic across. And not only again are, you know, should it be on your M 365, but it should be on, you know, your mission critical systems and it should be on your administrative accounts and, you know, your service accounts and, and all this stuff. And you're sitting there as a CFO going, I don't know what the hell they're talking about.

But, so how, you know, this is something Brian is excellent about, about translating this into business terms. That's right. Um, but maybe you and Brian can banter on this a little bit because I think this is the part where, you know, MS sitting there going, oh my gosh, why aren't they doing this? This is like table stakes and so mission critical. Yet you're sitting there going, I don't know. Why is it important? You know, and why do we need this?

Yeah, I mean, to me that's very, I call those green fees just at the price of admission to get in the game. You have to do that. I see that now, but I understand sitting on the other side, I may not see it, but, you know, I think that's where you easily go to, you know, if it takes one per, okay. You know, CFO, how many people do you have in your company? Okay, I have 200. Okay.

If you have one person that goes in there and clicks this and they have an MFA issue, and what does it mean, you could be transferring money out because that's an AP person that is now listening to somebody that's hacked something in your office, 365 gets in there and takes your email, and now they're looking like a client. They're wanting to transfer their bank account from one their current bank account to another one when it's not.

And they just gonna, so it's really getting into understanding that this simple thing that, you know, the value, it's not a very expensive thing to do. Yes, it is a pain for people to have to pull out their phone and or authenticate or other ways that they want to do it, but just help them understand that the risk that this is gonna stop potentially and how it's gonna reduce the percentage of it prior, the probability of it happening. Your thought too about that. Yeah.

Brian, Bruce, as, as we go to you, you're Jason, you're okay with an example. You don't see that as fud. Just to clarify, if I said, Hey, your AP person did this, you would be okay with that? It's not, oh, here comes the fud. Yeah, and I think it's matured the C ffo, if you can understand who you're talking to. If it's somebody that definitely gets MFA and whatever, and they don't, I mean, it's really, that's a level of talking to somebody that really doesn't understand the value of MFA at all.

That really seems to have a lot of pushback, doesn't see that it's just a nuisance. Why do I have to do that? They don't know my password. You know, I mean, it's just, it's really getting 'em to understanding. But I do think it's good to bring out, because that's a very key important thing that the CFO should be thinking about is fraud control on their side.

So CF like, I'm responsible for enterprise risk and operational risk, et cetera, but a CFO or a certain business may be only control about financial. So if you're talking to the purse string holder, how does it impact them? Well go to how it can affect an, uh, affect an AP clerk or an AR clerk, or how it could affect somebody on their team and they could really mess up their outside of the business. Brian, any any thoughts? Yeah, I mean, I, I agree and, and Jason made some key points there.

I think in the MFA example and, and getting to know Jason and his business, and this is where you take it a step further and get out of nerdy acronyms like MFA and you kind of change the discussion and, and saying, Hey, Jason, you know, we, we looked at some of your contracts and it looks like you've got some requirements around data security and compliance and that kind of stuff.

And some of your largest client contracts, and let's say, Jason, you have $30,000 you can spend either on your VAR side of the business or for your, uh, MSP services, right? And you're saying, oh, well I've got $30,000 I can spend in one area. And in the other, I think a, a good, uh, MSP that knows you and knows your business, they come and say, Hey, you've gotta prove that you have MFA. The best way to do that is an attestation that you're gonna build trust with your, your, your clients.

We think that $30,000 that you got for next year, you should spend that on some sort of compliance to prove your trust. And this will grow your services side of the business, right? MFA's a part of that. But to think more strategic and bigger. 'cause MFA's just one thing, it's a whack-a-mole. And I don't wanna come to you with the issue of the week, right?

I wanna say, Hey, I know when I talk to you that 10% of your revenue right now, professional services, you're trying to increase that mix next year to 60 40, let's say, here's the things that you need to do, by the way MFA is part of that, but I feel like that's a whack-a-mole that's tactical, it's table stakes. Yeah.

But hey, let's prove to our clients we have MFA and a whole bunch of other stuff enabled that's gonna grease the wheel of your sales and increase your penetration and your market share on your services side of your business. Yeah. That's what I mean by a little bit different conversation Absolutely. Than just being, uh, whack-a-mole with MFA or, or get a new sonic wall or whatever it is. Yeah. Yeah.

Well, you talk about the being simple and it, I mean, the blocking, and I call it blocking and tackling, you know, it's the basically the you need to be do with this. Well, that's a minimum thing you need to do. And sometimes I think we overlook that, but sometimes the most simplest things we do or that are out there could be the best things for us. And it's just things to start from.

So I don't think it's, I don't wanna mitigate it and say, oh, that's the wrong word, we're this, but it's, I don't want to overlook it because it is very important, but sometimes people just don't realize. But I think Brian, your, your approach there is spot on. Yeah. I think we're missing opportunities as MSPs if we go to the CFO and, and say, we need to enable MFA, and here's what it is.

I'd rather have the, from an MSP perspective, Jason, I, I'd rather have the, the, the CFO or the controller, whoever that is, sometimes the business owner, sometimes the business owner's spouse or whatever it is, is in control of the money, right? O oftentimes. And so I'd rather have them be a, a champion and understand that, hey, we're gonna help you strategically.

Yeah, there's some checkboxy wh whackamole stuff involved, but let's be strategic about this and maximize something you said earlier, Jason, connecting your investments to return on investment. If I put a dollar over here, what does that gain me? And I think that's where we can oftentimes be, uh, more strategic and we miss opportunities by going in with a specific vulnerability or, or specific technology requirement. And that, that people like Jason often know it's table stake, especially CFOs.

They, they get into their banking and financial institutions, which have required MFA for a long time. Right. Cool. So Andrea, if it's okay with you in the interest of time, why don't we skip to Brian? I'll, I'll skip my last question. Um, and Brian, if you wanna take it away Cool. Oh, yeah, Yeah. If that works for everybody. Yeah. And, and kind of in line with what we were just talking about, Jason is mm-hmm.

Jason, when I sit down with, um, with business leaders, we'll just say C level, level people for the first time. My go-to starting point is, is really understanding how that business makes money. What are the revenue streams? How are they profitable? That kind of things. And what I try to do is map the critical business function system processes and, and the people, uh, that keep that, that revenue engine running. Right?

So, from your seat, Jason, how do you decide where to allocate budget to protect and support those, I'll call 'em core business functions? And when it comes to IT and security, what, what specific metrics or signals guide your investment decisions? I think in the chat, Eric brought up, you know, qualitative risk, right? High, medium, low versus quantitative, $80,000 or whatever that is. That's right. Right.

I guess, I guess what sort of signals and and specific metrics are, are you, you interested in and, and how do you make those investment decisions? Yeah, great question. And I think that's good that you're doing that to understand, you know, going through all those questions and taking the time to get to know your, your folks. But I, I look at it prior towards, for budgeting purposes, based on business criticality, cri criticality, cri, geez, I can't say the word criticality. Geez.

And like of occurrence, you know, those are the two things I kind of look at. So, um, if it's outside of the, you know, sometimes if it's even out, if there is something that's very highly critical and it's a high likelihood, and even it may not, I may not have a budget for it. It may be something that I need to plan for and get it done now. So budgeting is important and looking at strategic things for growth. And that's just having the discussions.

You know, if you find something or can identify something that is a huge criticality for the company and it's got a high likelihood, then sometimes you may be gonna get that money now. But I do try to prioritize it that way. Um, something that we do here in which I think, uh, you know, is look at the, basically like a risk registry. You know, you go through and look at, is it, is it critical to the mission of the company? Is it, uh, you know, has a, what's the operational objective?

How does it impact the financial contractual obligations? And what's the probability level, you know? And each one of those, you can rank those and score it. And then each one of those has a mitigation cost and or strategy. Then, you know, that I can then plan and start prioritizing. Some of these may be right now, I gotta get it done this year.

And if I don't have the budget, some I may prioritize over the next year or two to based on the, the, uh, you know, basically just trying to get to the biggest bank for the buck, if that makes sense. Yeah. And how, how much weight do you put on, like, I, if the IT person came to you maybe in your previous, uh, function and explained to you, Jason, here's something we, you know, here's a critical vulnerability that's impacting 80% of your revenue.

Is that directionally accurate, or would you need some more, uh, I guess what would be in your head what supporting questions or thought Would have that would peak my interest. Right. You know, that'd be like, okay, wait, so what does that mean? Help explain them. I'd ask more probing questions to say, what does that mean? Are you talking about continuing operations? It means is our network gonna be up or down?

Then it goes into like, well, okay, if that's gonna be down, if I got a 80% probability, my network's gonna be down and my network goes down and, and I gotta, and that's gonna take two days of repair. Well, what's the cost of my not doing business for two days? Right. What is that Jason? Jason, I, I loved your reaction to that. And that's exactly what I'm trying to get across to MSPs out there, is your reaction to that question.

You didn't start immediately tuning me out or saying, here we go again. Acronym soup. And just like we started off talking about SonicWall and it, and we probably sounded like the, the adults and a Charlie Brown episode, right? Yeah. I don't see some popcorn. Like, I hear this, I get some of it, but man, I don't really get it. Well, the last thing we want is this is our C-level stakeholders, right?

Yawning, stretching, looking at their phone and when's this guy gonna get out of my office or off my phone? Right? Right. You, you engage, right? So suddenly staging that gets your attention and now you know, okay, now I'm gonna have a meaningful conversation 'cause I woke up. 'cause this is something that's impacting a, a, a big, big portion of my revenue, potentially I need to That's right. Yeah. And they may not understand, but just let them ask their questions, right?

Because they're very, I mean, it is just, and, and listen, most CFOs they want to trust but validate, right? They're gonna trust you're saying the right thing, but okay, is this true? Show me how you're getting here. It, this is something you saw. I mean, it's just, they're going to ask questions if they're gonna do their job, but before they spend it, especially if you're talking to spend a significant amount of money, or it may be outside of the budget, right?

Because that's like, I've gotta go to, you know, my stakeholders up above and say, Hey, I missed this in our planning process. I need money. Not saying it's not needed, but you gotta show me why it's important to go and basically have a discussion that may not be very good with the stakeholders that I report to as to why I need to spend this money. Right? And how did we miss it? Yeah. And so you're armed with the right information. Exactly that, yeah.

At the level that they're gonna understand, like, I may understand a little bit more than them, but you gotta get, if I gotta go to a CEO or board level approval, you know, they don't really care what, how, how much is it gonna cost and what's this gonna do for me. Ryan, quick question, Jason. Jason, you know, you talked about Brent Adamson and there's also, you know, um, other research out there on, you know, over 60% of the deals, you know, that are qualified ending up in no decision.

Um, top sellers know how to de-risk. So a lot of MSPs are, it's all or nothing. It's 350 a seed, it's 250 a seed. You got a hundred users. That's the does de-risking help. Hey Jason, look, I know we're, you know, we're, this is the beginning of our relationship. What if we started off with an assessment to look at risk based on, you know, your outcomes that you're trying to get to? It would only, and it's part of, let's just say initial onboarding.

Even if you don't go with us, here's the out, you know, here are the things you can use for whatever you go to now that obviously I simplified the hell out of a sales process, but does de-risking help if I sense you are, you and the team are kind of, you know, maybe going towards a no decision? Yes.

I mean, I, I guess I always think for my, it's very important if you can go in with some kind of assessment or some kind of way that you can show value where it's not coming across where you're trying to sell me a product or a tool, right? Just think of it as your investment portfolio, right? You don't want somebody to sell you just this fund because they're getting paid on it. You wanna do what's right for you.

So if you can help show me and ask the questions about my business and get to know me and build that relationship and not just be sales 1 0 1 where you're just trying to get take to the next level of the sales process, build that relationship, help understand, really understand what I am doing, what I'm trying to do and trying to accomplish, and how you can help with that.

And you know what, sometimes this is relational, it may not happen now because I'm telling like that value proposition, I'm telling our leaders right now, our sales leaders. 'cause our, our CEO says that sometimes the second best answer is get to know fast, right? What, what I think some MSPs do, because they're trying to sell so quickly into the cycle and they wanna get the sale that they start, like I'll say enabling the client to where they're doing things that they don't wanna support.

Like if you have a tool stack that you believe in, well, let's go sell it. Help them understand why you are worth what you're charging. Not trying to enable them to get down to something that's watered down just to get the sale. You know, that's not, could I, could I jump in just from a, from a legal perspective real quick on that assessment issue? Yeah.

So too often MSPs are doing those assessments without any documentation in place and Oh, like any NDAs or anything like that or Yeah, about NDAs. I mean, how, how is is a, is a MSP unlimit liability, what, what's their warranty? All that stuff. So that's, so you gotta make sure as an MSP that, especially if you're hands on keyboard, especially if you are deploying agents, that you've got an appropriate agreement in place. It doesn't need to be a full blown ms a and statement of work.

I've done like little two pager assessment to kind of take the best of both worlds in there. But, but if you're gonna be hands on keyboard in a customer's environment, or if you're gonna be deploying agents in a customer's environment, make sure you do it with the proper legal protections. I'm glad you brought that up, Jason. You're, you're big on limitations of liability. Maybe we can, Brian, do you mind if we just riff on this just for a second?

Um, you know, Eric, you and I were talking about this earlier today. Um, but, but Jason, this is an area that, you know, you talk about sometimes you got a big proposal in front of you and you know, everybody's like, oh, let's get this over the line. Um, so, you know, just talk a little bit about, you know, limitations of liability and things. 'cause this is something that I think sometimes we overlook, right? Right. So I'm gonna speak to an example we had as the current company I'm in, right?

So we are dealing with the Fortune 100 company are doing some services work and you know, you guys are familiar with the golden rule, right? Those that have the gold make the rules. And when you're dealing with a client that that's big, their MSA is pretty standard, they're not gonna change much, right?

So, but, so you need to understand everything that's talked about, obviously the data protection, all the stuff that's very tactical, which I'll call for my technical team to review to make sure that we can deliver on that. But then it's also, you know, what's the data retention? How do you get dispose of it? Well, if you have an incident and or breach, what does that mean? Who you go to talk to?

Then you go to, you know, then you go to, um, you know, limits of liability, then you go to identification, who's holding the bag at the end of the day? All that kind of stuff, right? And when we were going with them, they required us to have more cyber insurance than we currently carried.

So what that is, so what we had to do is we had I then looped in our insurance broker, even if that contract before, then I want my insurance broker to, 'cause I do think that insurance is a way to help mitigate risk. And you need to have it if you're gonna be in a play, in a plane in this space, in my opinion, because, and if your bigger contracts you have out there, have your insurance people look at it with you because there's language that they key on in the contract.

And Eric, I'd love your thoughts. I didn't know you were gonna be on here because I am not a lawyer. I know not to be dangerous, but I also know my limits, right? So I know when to pull the lawyers in and the insurance people, but like to then look at it because what you don't wanna do is there to be language in there that you can't get out of that if something were to happen, you think you got this insurance backing you up.

And then, oh, behold though, we can, this language here caused this not to honor the insurance. You're, you're on your own and then you're on the breach for whatever that limited liability is. You know, it could be tens of millions of dollars and you're on the hook for it. And then reputational damages and everything else. It's just like reviewing contracts is very, very big to me. And I think it's very important and you've got to look at it. You gotta know what you're signing up for.

In fact, we have a client that we are looking at as a PE firm, right?

They just lost a deal because they were looking to go into a company and the company that they were about to purchase within two weeks away, they got an MFA pop got into and they looked at their, they had, they were very not diversified with, with client number of clients, but high big clients and the language that they had, and all the client documents said that they do, they'd have to tell the clients on anything if it was an incident at all.

Not a breach or anything, but in any kind of incident. So they had to tell the client that this was a minimal thing and they pulled out the deal because they thought, you know what? The customers may not trust 'em anymore. They may lose these customers and they maybe so, so private, this all plays into all that. And that's what the C-suite is talking about. And that's what's important to us.

It's like, man, it's not just getting the deal, it's not just getting the sales deal and getting the profitability for that point. It's what does this contract do for the long term and how are we exposed and how is that mitigated? Brian, back to you. But how, I mean, literally this is what you talk about weaken and week out, Brian, about your customer's contracts. Yeah. They agree. Yeah. Our, our clients enjoy cash flow just like we do, right?

And sometimes they get, and Jason sounds like he's, he's prudent and does his due diligence on those contracts, but a lot of our MSP's clients, they're just signing stuff. In fact, some people that I even shouldn't be signing are signing and they don't understand those compliance requirements.

There's data security requirements, compliance requirements, areas where they should have like what Jason, what you just shared, that should have been defined up front in the contract that should have been redlined right away. Yeah. And said, Hey, we'll, we'll let you know of any confirmed data breach involving data within the scope of this contract or some language like that.

Um, and so, and also as an MSP, I don't know how you properly assess a client's risk without understanding the promises that your clients have made to their customers. Hmm. Because there's tons of things in there. How can your stack and the things you're selling, how can you make sure they're aligned to the things that Jason just said are most important in the business? And that's, that's fulfilling their contractual obligations to some of their larger clients. The largest clients, right?

Right. That's revenue streams. You can connect MSPs. Listen, this is a golden opportunity to connect everything you do directly to revenue tied to your, uh, to a, a client's customer contract. Yeah. Right. That's so important. And, and Jason, if I come to you and I say, Hey, we reviewed your contracts and did you know that you have these 24 hour breach, uh, or incident notifications? Did you know you're supposed to report your vulnerability scans once a quarter to this client?

Did you know this or that? You know, where you can educate them and say, well, here's what we can do for you to make sure you're aligned with that agreement. What do you want to do? And you can look at your agreement and say, Hey, that's a $10 million agreement. The MSP's telling me I need to spend a hundred grand. That's a no brainer all day long. Spot on. Yep. You Got it. There's, there's no one customer any Ms. P has that's worth betting their business on. There you go.

That's a great way to say. And I, I was telling Andrew earlier today, I think it was that, uh, I was negotiating contract with a client last week, and the, the, my client's end user customer is a production company of a extraordinarily high profile Hollywood power company. Right. And so, of course they're concerned about security and confidentiality and data security and things like that. And they wanted uncapped liability for, uh, for those things. Right?

And I said to my client, I said, look, you know, it's a business call, but, you know, a $4,000 a month contract, right? This is not worth betting your business on. Um, so I don't care if they're a Hollywood Power couple or a Fortune 100 company, as you mentioned, Jason. Uh, it just doesn't make sense to, to do That's right. You know, it, it, it's one thing to stretch. It's a little, it's another thing to break. And, uh, that's Right. Exactly. Great way to put it. Yeah. Yeah.

And, and Andrew, we've, it looks like we're down to nine minutes. I'll just ask one last question if that's okay, or turn it over to Yeah. One last question, Jason, from your perspective, how can MSPs better align with that, that decision maker, that per string holder, the CFO or controller, uh, kind of role? I guess, how can MSPs better align to that, uh, to not only get but keep a seat at the table as a, as a valuable partner and not just like an IT or security nerd? Right.

That's a great point. You know, getting, you know, I think, um, you, you talking about you wanted me to focus on getting a seat at the table first, or what was the first part of you want me to say? Yeah. How, how did they, how do they get that that trusted advisor partner sort of, or get that, get that seat at the table, for example, if you're gonna make a, an important decision. Yeah. How do you get to a point where you think, you know, I should call Brian up and get his take on this?

'cause I wanna understand the risk and if there's any cybersecurity or security serves, right. That to me is getting and earning a seat at the table, right? 'cause I've provided, I'm a valuable resource to you as opposed to just maybe the run of the mill IT guy that you hear A QBR every now and then and hear about how many tickets they resolved and that kind of stuff. That's one. But how do you get and earn a, a, a seat at the table and become more of that trusted advisor with you, Jason? Yeah.

You're talking from the MSP's perspective. Yeah. Okay. As an msp, You know, obviously if they share some compliance frameworks or expectations, you know, those kind of green fees that you gotta, you got to, um, make sure that you can deliver on. But I think it's that business discussion that we're talking about.

Even if you're speaking to the IT leader or somebody on IT staff, if you can pr, I think I said on this earlier a little bit, but if you could properly equip them with the questions that need to be asked that they can bubble up if they don't know the answers, right? So that way that they're, and because if it was me, if I was the CFO on the other side and my IT person starts asking these questions that they never asked before, like, Hey, well how, what, how do we protect our revenue streams?

How do we do this? What is, why are you asking what's going on? Who's asking this? And they talk me and I'm like, I'd be, for me, I'd be like, Hey, can I have a conversation with them? 'cause I wanna get, like, then you kind of get to the seat of the table or you help empower this person to get at the seat of the table that they may want to get to that.

Now you've helped build a relationship there that hey, every time that they need something, they're gonna go back to you because you help them look good in front of their, you know, boss or peers or whatever. And I think that's important to do that. Um, you know, it, does that answer your question? Does that It does, right? Yeah. Get that champion, but also provide, um, you know, direction and advice that your, your client can, can use Right. To enable the business outcomes.

Have it be more business focused. EE exactly. And champion, nobody likes to look stupid in front of their boss. Right, right. You know, and, and so, and sometimes it is emotional, sometimes gatekeepers do that, uh, to, you know, 'cause they think you're gonna make 'em look stupid. Instead you wanna make 'em look like the hero. Yeah, that's perfect. Yeah. Yeah. We're doing so like we're having a a, a big restaurant chain. We're looking at 'em, we're starting out.

I think for me, after coming to ride a boom and all, I think security is the tip of the spear to get in to do things. 'cause it's an easy play. And I tell you what, we've already starting to do more executive sponsorship with me getting involved at the sales process as part of that. So I can have these conversations with people. We are going with this person. We did a small pen test. They like what we did, we're doing some things.

And now we've got later this month a whiteboarding, what we call whiteboarding session. It's a, basically with their CTO I'm going down there, our CEO, they're bringing their CFO and they're gonna have to sit at the table and we're gonna talk strategy and talk the stuff that we're talking about. How can we help you? Now it's a little bit different 'cause we do have the VAR side we can help with too.

But also you can have that same discussion even with the MSP side and how you can do it from services. Because way we view it and way you should look at it too is help them have their resources aligned to what they feel is important. You can do the kind of the soul sucking stuff for them that they don't have time to do. They wanna staff augment or whatever, but you don't know what they need and what they're planning or thinking unless you can sit down and have those discussions.

So, you know, that's, I think the cybersecurity and MSP play is a great way to get tip of the spear in to start having these conversations because you can show value very quickly with all the, you know, the risk and issue. It's a hot topic. Everybody understands. I said earlier this the Gartner stat, 85% CEO is, see cybersecurity is part as a growth enabler. Alright, Phyllis. Yeah, I think I'll just ask one question before time runs out. It's been a great conversation.

Um, so you talk about for MSPs, um, they need to essentially just be able to describe cyber risk to the business, um, you know, to, to help win over a client. But in addition to that, you know, in your old hat before you worked for an MSP, what kind of security and compliance evidence from MSPs would give you confidence in, um, awarding business to a certain MSP? And um, do you have any war stories about sales or service providers gone wrong that you wanna share?

I know we don't have much time left. Yeah, no, I'll kind of try to keep it quick. I mean, obviously any independent validation, SOC two, isis, CMMC readiness, et cetera, you know, that would be good. Um, documented your documented incident response plan. What would you do in the response to help them? You know, I definitely think for me, um, something that you can do to help get it is what I call maybe small tabletop exercises.

Help them understand what the risk is and what would happen and understand how they respond and what they need to do on their side and what you would do. Um, proof of insurance is big for me. Make sure that they have the insurance if something goes wrong, that they got the ability to help make you whole. Um, if I'm, so if I'm a CFO, I'm looking at that for you. Client references, um, would be big. And then actual examples of how you'd handled incidents in the past.

I think that would be, you know, kind of prudent kind of small things. Um, you know, and red flags for me, right? Are things like, hey, we take security seriously or the general taglines. Okay, doesn't everybody right? Don't come with that. Don't say that with me. Don't, I mean, just get past that. Um, I don't have any, you know, can't think of anything off the cuff, any gone wrong. It's a time where things have went wrong.

But what I can say is, before I was in info systems, the MSPs that worked with me never brought up the cybersecurity side, the level where I had to take it seriously. Right? They were just, man, they were, they were trying to keep my network up. They were trying to get my fee for it to make sure everything was running properly. And they didn't really, it wasn't a proactive discussion of looking at where I want to go and what needs to happen.

And it was just really, help me keep you on board now and help keep you safe. I was asking dumb questions about, you know, ransomware 'cause that was a hot topic, are we, oh, you know, but they never dug into help me understand what I was really asking. And so if you hear them ask, well what is ransomware? Should I be concerned? Use that as a, like, okay, they're interested, really dig in, but you can't go in with all the tools and, you know, and the threats of all you gotta go in.

This is why it's important. What is ransom? And just help them understand, ask questions about their business and then turn it around to how you can help their business and their strategies. I think we've got time for one more if you can. Yeah, sure. So you, you did talk about, um, you know, showing incident response plan, um, which I think, you know, is great and having like a tabletop exercise. Mm-hmm.

Um, so how do you expect MSPs to communicate and respond during a critical incident from a CFO's perspective? And what should, um, MSPs be doing proactively, um, to talk about incident response, right? You already said like quick tabletop and showing the plan. Yeah. And you know, also, I guess kind of detail how, how to explain that to the CFO versus a technical person.

Explain what the, what you're asking for them to respond in a way, or the tabletop exercise, the Tabletop, you know, how do you explain, you know, um, incident response. Okay. And how an M MSP's going to do that for an organization, um, when you're speaking to the CFO. Yeah, I think from an, from me from an incident response about may I meeting immediate acknowledgement that it happened, right? Um, clear situation, you know, brief with facts, known impact next to what you're gonna do.

Regular updates, if any financial impact or estimates. That's kind of what I've been looking for. You know, that's kind of what I'd like to know for now. I don't know if, if I was on the, I'm trying to think now, that's what I'd be looking for, but on the other side, if I didn't know, I probably wouldn't know enough what to ask. You know, I wouldn't know.

So I think that that's where I think the tabletop exercise can come in because I think you can, I think there's probably executive level to take your tabletop exercises. You can have to have them talk about how they're gonna communicate as board, how they're gonna do all this stuff. And you could use that, in my opinion, to also talk to 'em about their business, talk to 'em about their strategy, talk to 'em about that during those discussions.

Um, you know, there's different levels of tabletop exercise, but I think that's very important if you can get them to understand and role play what could come out. Because I live in the what if game as a CFO. What if this happens? What should I be prepared for? What if this happens, I should be for, so for me as A CFO, I love those because it helps me think of things I may not be thinking about that I need to be thinking about that could help protect my business.

Alright, thank you Phyllis for getting those two. And Jason, that was awesome. I, uh, you know, again, Brian and I have been, you know, talking for many, many years about speaking the language of the business. And like I said, we're gonna, you're, you're kicking off a, we're a series where we're gonna start bringing in business executives so that the community can hear from people like yourself what matters. And I feel, I hope you all on this really important and impactful.

So, um, Phyllis, Eric, uh, Brian, thanks so much. Um, all of you out there for tuning in each week. We really appreciate it. And again, Jason, thanks so much, uh, for joining us. Mission, you all a uh, fantastic. Safe week ahead. Take care. Thanks guys. Thanks everyone. Thanks Andrew. Thanks.

Related Videos

The CyberCall – The New Role of the CFO in Cybersecurity | Right of Boom