Skip to main content
Right of Boom
January 30, 2025

Session 1

Guests

Andrew Morgan

Video Transcript

We're recording now. So what I'll do from here is I'll do a, um, I'll do a countdown and also just, you know, 3, 2, 1. I'll pause and then we'll go. Mm-Hmm. Good. Alright, cool. Um, Wes, can you see Zach Okay. From his camera, just so you, is he clear to use? He's a little fuzzy but not bad. Okay. Am I clear? I, It's a, it's a bandwidth thing, I think. Okay. On My side. Yeah. Maybe if it's fuzzy. Yeah, it's a little pixelated to me.

If it's that way to you two, Andrew, then it's probably on his end. Yeah, Your, yours looks awesome. We really good job on that, man. Why? Thank you. Hey, you guys there? Yeah. Yeah. Better picture or same? Same problem. Same challenge. About the same. About the same. It's okay. It's Not terrible. It'll be fine. That's better. I don't know what happened there, Zach, but Yeah. Much better. Okay, Cool. Okay. Alright. So I'll do a, a 3, 2, 1 countdown.

You'll hear me pause for a second and then we'll go, Okay. Okay. Three, cool. Two, one. Hey everybody, Andrew Morgan here from the cyber call and the Cyber Nation. Joined with CSO of Perch West. Spencer. Wes, how are you? I'm doing awesome. Awesome to see you. And Zach Duke, CEO of FinTech. Zach, great to have you with us. Thanks for having me. Awesome. So, hey, we're gonna just take a few minutes here to talk about something that I got from a managed service provider on a banking client.

They have, but those of you that may not know Zach, I've known Zach for a long time. He spent 17 years growing one of the largest MSPs that focuses on banks, uh, in the country and then started his own business. You're gonna hear a lot from Zach, uh, in our group in 2021. So excited about that. He knows just a touch about banks. Another guy that knows a lot about banks is former CIO of a bank, Wes Spencer. So Wes, here's the question I got coming out of the cyber quality the other day.

Obviously Orion, SolarWinds breaches on everybody's mind or compromise question I got is, Hey Andrew, as an MSP, I feel like I'm okay. Don't have SolarWinds, you know, check things out. But a client of mine's a bank and the software service provider commonly known as the core they use Orion. Can you look into your contacts and maybe see what I should be doing? What should I be telling the bank? How do I approach this?

I couldn't think of two other people to really get on the, on a video and talk about this. So, Wes, to you first. Yeah, so you know, Andrew, what we're really talking about is something that banks call third party risk management, not just banks, other organizations too.

And this is something that I think a lot of MSPs, if I can just be fair and honest, I think not all, but a lot of MSPs have kind of left that, uh, down on the roadside and haven't really picked that up because it's something that's not revenue generating, but it will come back to bite you in situations like this. And so lemme kinda explain what I mean by that.

So this is not the first time that this has happened, and it won't be the last time where there's some kind of third party, uh, vulnerability or disclosure or something like that. And we have to know, wait a second, how does that affect me? And potentially how does it affect my clients? So another good example was with Specter and Meltdown hit, you know, we had a lot of our enterprise clients at Perch reaching out to us saying, Hey Perch, what's your vulnerability to Specter and Meltdown?

Are you aware of it? What have you done? And it was very simple for me because we had a prepared statement and was able to send it and it included, Hey, reach out to me if you have questions. But my point is this, how do those enterprises know to reach out to Perch? You know, we're probably one out of a thousand or 2000 vendors that they have. Well, the reason is because in a, in a third party risk management program, one of the things that you're going to do is ask this question.

Every vendor I have, do they store process or transmit my information? And what kind of information and how much, it's a very simple set of questions, but it pays off in dividends because in times like this, we have to go back and reach out. Do I want to go focus on my landscaping vendor, uh, with Orion probably not. Do I want to go focus on my core banking provider? Absolutely I do, but not just my core banking provider.

You know, even going back to that statement from the MSP Andrew that you just made, it's not just the core provider. There's probably others that, uh, you'd want to ask that same question too. And so, you know, Zach, I feel like that's a big piece of it, is having a third party risk management program that does know the answer of who that list of vendors are and, and do they store process and transmit that information. So I can at least begin there. But Zach, what are your thoughts on this?

Yeah, so there's a couple of things we're talking with with our banking customers. So, so number one, we're telling them they need to reach out to every vendor. To your point, Wes, that has access to customer information and ask them, did they have this implemented and they need a response from that vendor.

I, I think there's a secondary component to this, and this is really where FENOs SEC and our platform ties in, which is all around governance and proving compliance is they have to document what they do as well. So as an institution, they can't just say, Hey, I reached out to everybody. They have to go through a process of making sure they have an incident log, they have a response plan.

If there's a vendor that uses this in a case that it's a third party vendor, they need to have a exception tracking process to be able to validate that. And there are some unique challenges as you look at the regulatory space of making sure that they are documenting that. I also think as a service provider, as a technology solution provider, you actually have a unique opportunity to also change the game.

So first off, I'd say you can send out a response to this, to your customers and highlight for them, did you have it? Did you not? What's your plan of action? And I think organizationally, it also just raises this dynamic of a unique opportunity to think of the future. Unfortunately, this isn't the first time, this isn't gonna be the last time. This is gonna be a status quo dynamic. It pains me to say that.

It's almost like I wanna go take a shower after I say that, but that's the world we live in, right? And as an organization, you just start thinking about what happens if a tool that you use that has access to your customers is compromised and it's on every single machine that they have, and how do you respond in that event? So I think it's, it's really twofold is proving it and then getting a plan for the future.

I think there could be some people that are watching this and saying, man, I I missed that. I think that's a miss. Interesting. Hey Zach, you know, you, you know, you know our Frank Gary Pika and one of the things you just said, man, I just thought about Gary immediately. Like what a great message from like almost a challenge or sale. Like if I have prospects that are banks right now, as an example, are regulated, boy don't I wanna be saying, Hey, just wanted to reach out to you.

Did you do this? Did you do this? Did you do this? This is what we're doing with our clients. How are you guys going about it? So I'm really glad you brought that piece up because that's the wedge and the thought leadership that you can start to bring as an MSP to your clients. It's spot on. And, and also think of the customer's perspective. How do you make it easy for them to take that data and apply it? Remember they gotta document it. Hmm.

Maybe that email you send them, you think of, Hey, just copy paste here. Wouldn't that be awesome? You're helping them out. Right? Right, right. Excellent. Excellent. Well, we're excited. Like I said, Zach, really excited to have you. Um, you and I haven't talked in a while, but we will be having you a lot involved in 2021. Uh, really appreciate you coming on here. Wes is always awesome to get your perspective.

We'll get this recording on out to everybody and we hope we help the community on out. So with that, happy holidays to everybody. Have a great day. Thanks. Cool. So that was awesome. That was awesome guys. It's probably 6, 7, 1 takes baby, huh? Yeah, one takes baby. That's what I like. Yeah. Tell tell. What do you mean one? What do you mean one takes you, you guys do more than one take. What are you talking about? Come on, man. I get mad when I have to go beyond one take.

I know Wes tell, tell him your connect. Hey, hey, I'm right there with you. And candidly, I think if you're doing this right, You shouldn't Wes tell him your ConnectWise story. I think it's hysterical. Oh yeah. So connect, you know, for, uh, IT nation secure, it was all, you know, digital and they did the one before that didn't go so well. And so they're like, we're gonna micromanage the living hell outta this thing.

And so, um, you know, they, they like saved like two and a half hours for me to do a like 15 minute segment. And so I'm like, why, why, why? And so I jump on and they have like a camera guy that's like, you know, tweaking every little setting and should it be moved over here and, but I jump on and I have good lighting and I know what I'm doing. They're like, oh, this looks okay. I'm like, yeah, can we go? And they're like, well let's talk about the content.

And I'm like, yeah, yeah, I looked at the content. I mean, let's just start talking. I'm like, yeah, but we're gonna do a handoff and you're gonna do like, okay, thanks Arnie, or whoever it is. Thanks Jason. And then I'm gonna say something and I'm gonna introduce, uh, uh, Sean Brown from Snap Tech. I'm like, yeah, I get it. Like, I saw that email. Lemme just do it real quick.

And they're like, okay, but we'll probably do this four or five times and we'll just pick the best one and maybe we'll splice different ones together from all the like, just watch this. So we jumped in, I just did it right away and I was like, how's that? And they're like, that was really good. Can we just do a second one just in case? I'm like, yes, but it's gonna be the same. So I did the second one, same thing. And so we finished and I'm like, Hey, uh, the first one's good, right?

And they're like, yeah. And they go, we've never had anyone do that in one take. That's unbelievable. I'm like, that's all I do, baby is just one take here. Uh, I was like, if you try to do it more than that, it's gonna get, you know what? Look, it's like I say I've got a finite number of strengths. They may be really small, but this is one of 'em, right? So I'm good, right? I don't have very many strengths, but this is one of them. Exactly.

We had this other thing, I'll just tell you this real quick. We had this other thing, oh my God, I seriously, I've never seen, like Wes is the, wes is got a, an emotional maturity like way, way up here. We're on the we, so we, we agree to IIMC and we do this event. Same ev same. This is for IT nation. We do something. Cisco needed our help. So we did their content and we had to use their platform. And at first they're like, yeah, we're gonna, same thing, we're gonna block off from nine to one.

I'm like, I remember this. I'm like, look, I got Wes, the CISO approach. I go, I'm not blowing smoke here, but he's got call after call. I can't block his whole day. I'm like, so I get this window, I'm like, you guys got 90 minutes with us and if we can't do this in 90 minutes, we're not not doing it. Actually, I think I got it down to an hour. No, 90 minutes. Zach. I am not kidding you. It took 45 to 50 minutes just to get us started. Things like we start in and Wes, Wes is my first handoff.

I'm like, blah, blah, blah, and Wes great to have you. What do you think? And Wes goes, Andrew great. And Wes is just on a roll and the guy from Cisco comes on. He goes, Hey, hey, we gotta stop you. I'm like, what do you mean? You gotta stop us? Yeah. The way in which, um, telepresence works, it doesn't recognize the transition right away. So there's a delay. So Wes, you need to count down from 5, 4, 3, 2, 1 and then start talking. I'm like, you mean everybody's gotta do that?

So Everybody's gotta do that. Everybody's Gotta do that. It would, and and Then 1, 2, 3. Yep, you're right Andrew. Everyone's gotta do that. So stupid and honestly pretty difficult to like actually have a conversation. Oh, it was horrible. And they made us literally Wes, I, I'm sorry Zach. So like literally the open the shade, close the shade, move this, move this over here. Oh, by the way, you wore black. I'm like, yeah, they told me to wore black.

Well, it's not quite or you're wearing, you know, something dark. Yeah, we'd like you to wear something light. I'm like, you guys told me to wear something dark? Hold on, go up. I mean, I am not kidding you, Wes is text. So this is the part of the emotional maturity. Wes is texting me ready to strike somebody. He's like, I'm gonna f*****g kill somebody. I was ready to kill that dude. Hey, um, well we got it done.

Um, I think this thing should take off like wildfire mainly because I got to be on a call with you guys. It's almost like I feel like I'm a big deal finally. I love it. I gotta agree. Hey, this whole statement, Andrew, of he's, um, Zach's gonna be joining more. What you got cooking, man? I don't know. Yeah. You know, I love how he just like, hey. He's like, Hey man, here we go. I love it. Good stuff. I don't know. I I have no idea what the hell I'm gonna do.

We'll do a, we'll do a financial services type, you know, monthly call with you two. There you go. I'm done. That'll Work regular because then that way we can start, you know, pushing Zach's, you know, what he's doing, Wes, and because you know you're gonna own, you know, 75% of the company after this investment, you know? We'll, well, No, no, no. It's, it's an earnout, it's Oh, okay. About it. Anyway, so I appreciate it guys.

Um, I'll get on LinkedIn, I'll tag you guys and then if we can get a bunch of people to like it, that'd be awesome. Yep. Sounds like a plane. Cool. Thanks everyone.

Related Videos