A Standards Driven Approach to Managed Security
In this video, Gary Pica, Wes Spencer, and David Powell discuss a standards-driven approach to managed security during the Cyber Trifecta event. They emphasize the importance of aligning security practices with compliance frameworks like NIST and CIS, and how implementing standards can help MSPs communicate business risks and solutions to their clients more effectively. The discussion also highlights the need for MSPs to be proactive in educating clients about cybersecurity risks and to offer tailored solutions that go beyond merely providing technical tools.<ul><li>The webinar emphasized the importance of integrating security standards into managed security services to address the evolving cybersecurity landscape.</li><li>Participants highlighted the need for clear communication with clients about cybersecurity risks and the necessity of moving beyond a 'scare and sell' approach to engage them in meaningful security improvements.</li><li>The discussion underscored that security is an ongoing process that requires continuous evaluation and adaptation to new threats, rather than a static state to be achieved.</li></ul>
Guests
Video Transcript
All right, live and recording. Welcome everybody. We have Gary Pico, Wes Spencer and David Powell. And this is day one of the cyber trifecta, and this is a standards driven approach to managed security. Um, Wes, just kind tell us a little about your thoughts on this. We'll go around the horn and then I'm gonna turn it right over to you. This is a one hour session. Hope we have a ton of q and a out of this. I've got a few polls I'll put up that Wes has queued me up for.
You'll queue me up for those, correct? Wes? Yeah. But, uh, Wes, tell us a little about today and we'll go around the horn and we'll get right on into it. Yeah. Rock on. So, uh, everyone, thank you for joining me and look at this 616, uh, attendees that have been joining us. I remember the early days of us talking about getting this thing going with our friends at Huntress and ID agent and seeing this all roll into fruition is awesome. So thank you guys for joining.
Hey, look, so as we were building the content, we were thinking a lot about, we didn't want to have just, uh, technical only content. We also wanted to have some things that are there for those that, um, either want to break from the CTF, uh, or if you're somebody that's in, um, sales or management, uh, VP level, you know, how do we talk and communicate cybersecurity? We wanted to make sure we had at least a snippet of that. And so that's what we're including. So my name is Wes Spencer.
I'm the CISO at Perch. Uh, most of you guys know Perch by now. Um, Gary, you wanna say hey and then David, and then we'll, we'll jump into the content. Yeah. Hi, I'm Gary Pika, the president of True Methods, also one of the hosts on, uh, the Cyber Call. And, uh, yeah, Wes, today one of the key things that we're gonna do, uh, look, you can know what to do technically, but uh, you know, if you work in an IT department, you have to get stakeholders on board.
And if you're an MSP, you have to be able to get customers on board, uh, in a way, well, they'll make the right investment. So, uh, parts technical, but if you don't have the business part, um, it's no bueno as I like to say. Hey, and this is, uh, David Powell and I'm the new, um, do I still have the, we the new car smell, Wes, or is it gone? It's, it's just slightly there. Slightly. So there, uh, I started at Perch back in June. I'm thrilled to be here. And I come outta the MSP space.
So I've been in the MSP space for 20 plus years and, um, you know, have had all the challenges of trying to get clients to do something about security when they all kind of know it's a problem, but how do we get 'em to act? And so that's some of the topics I wanna explore today. Right on. So these are the things we're gonna be talking about. I'm gonna close this in just a second, but I wanted to pop this up there. Follow us on LinkedIn. All four of us are very active.
Uh, if you want to follow more and see the things we are talking, communicating, I've got that there. And I'll pop this in at the end as well. So just wanted to throw that on there for a minute. Um, okay, so we're talking about security standards today. Now, I have been a huge fan of security standards. Those of you that don't know me, I come out of the financial services industry. So I come out of enterprise. These are things that are like common for us to talk about.
Um, and Andrew, let's go ahead and drop in the first poll question. So, the way that we three operate, we're gonna hit off each other. We're gonna be talking back and forth, but the more you communicate in the ask a question down below or using chat, the more we are going to be able to include you into this conversation, which will really make this thing, um, take off.
So first question you can see it in the poll when Andrew gets it up, is this, is what level of mapping does your MSP have to a compliance framework? And by the way, if you're not a managed IT provider, and you're on this call today, no worries. The, the same concepts that we're gonna talk about today for you inside your organization are gonna hold true in that way as well. So, but I do wanna ask that question.
If you're an MSP or you're working in your own org, uh, what level of mapping do you have to a compliance framework? Would you say that you're, you're fully mapped? Would you say that you're partially mapped or would you say you're kind of in that? I haven't really begun, but I want to, I'm really curious to get that. So when Andrew gets that poll question up, we'll see that below. Let's go ahead and jump in in words They lost the map. Yes.
So while we're waiting for that poll question to come in, there it is. It just showed up. So, uh, we want to take a look at this because this is gonna give us some, some feedback. Um, I don't see any fully mapped yet. Uh, Gary, that doesn't surprise me. Does that surprise you? Yeah, no, not at all. Okay. Absolutely. Based on based, I'm happy that we're seeing some partially mapped. So that's, yeah, that's making me optimistic. Yeah, Right on in, in chat.
While we're waiting for these to come in, will you just chat back and let us know what the compliance framework or frameworks are that you are mapping to? So I see one from Eric, CMMC, uh, which makes a ton of sense, right? For those that are in the US side of the house. Uh, but hey, one fully mapped. That's great. We got one on there. Um, yeah, go ahead and pop into chat 'cause we're curious to know what frameworks you guys are following and mapping towards.
And Gary, while we're doing that, while we're waiting, let's start with this. So when it comes to standards, what are we really trying to solve for, for cybersecurity in the s and b? Yeah, so we're gonna talk about it today from two perspectives. Uh, one, you know, from the, from the provider perspective, how do you evaluate yourself and your customers about where they are on that continuum if you don't have some base, and we see a lot of people are using CIS, they're using nist. Okay.
And then the other thing is, how do you relate that to a customer, uh, in terms of what their business risk is? If you don't have some box, right? I call it the box and the blob. If you don't have a box, right, which is your standard, the blob is, uh, your cu each of your customers environment, all you have is a blob. And if you have 20 customers, you have 20 blobs, right? So you're feeling whether they're secure or not.
And, uh, I, I'm, you know, me Wes, I'm a feelings kind of guy, but not when it comes to this Makes sense. David, what are your thoughts? Yeah, you know, I think it's really hard is that a lot of MSPs are going in and talking to their clients. And the only kind of answer they have is this idea of like, scare and sell. Like, if I could scare the client enough, then they'll do something.
And you know, we know that the SMBs have a tremendous amount of security risk things that used to be, you know, the exclusive concerns of your Bank of Americas and your Kaiser hospitals. These big companies. Now, those same cyber risks are applicable to the smaller companies, but they don't have an IT staff to help 'em. They have an MSP to help 'em. So the MSP knows they have these needs. They know that they have these challenges and they're like, okay, we gotta get the client to move.
We gotta get the client to do something. And the answer too often is, we're gonna go into scale. So they do this assessment, and then you kind of visualize like these three five inch, you know, three ring binders that they come in, like drop on the client's desk. And they're basically like, see, here's all the things that you suck at Mr. Client. And they want the client to be like, oh my gosh, I suck at all these things. I should do something about it.
When instead what it really, it creates like this expectation gap to where, well, there's no way I can ever do those things so I'm out. You know, and they just don't even attempt to do it. And so what I really wanna see is, you know, more of this like, how do we get 'em to go on a journey? How do we get 'em to move at all instead of the scare and sell approach? 'cause in my experience, the scare and sell approach really doesn't get the action that you wanna see from the end users.
Yeah, you, you're exactly right. And I want to include what Todd is saying here in chat, because he's also exactly right is vendors do the same thing. And he, he's right. Like I, every time I go to RSAI go to Black Hat, you are inundated with, you know, stopping the scary thready threats before the threats happen. And the buzz wording that goes on, that really means nothing. And we let marketers lead and we end up with a whole bunch of like, confusion. I think both clients are confused.
Stakeholders, like CEOs and board members are confused about cybersecurity. And let's be honest, we are confused about cybersecurity because we oftentimes don't distill all this. And so we kind of kneejerk back to, uh, scare and sell, don't we, Gary? Yeah, absolutely. And so, you know, not only do you not want to drop a report with 50 things that are wrong on someone's desk, and use that as the main, what you wanna do is say, listen, we, we've done this alignment against standards.
We've uncovered some things. And what I want to do today is I wanna start with, there's a bunch of 'em, but I, I wanna start based on what I've learned about your business, I'm gonna talk about four or five that are important and what the solution is, whether it's a project, whether they have to invest a little bit more monthly because we're adding some, you know, new services and process to our stack and say, look, this is gonna get us a, the most bang for the buck.
And so this quarter, these are the things that we want you to, we wanna focus on with you. Do you understand how they could impact your business? Then let's talk about some of the other ones. We'll, we'll, and we'll, like you said, we'll take you on that journey and put them out there. So many times though, MSP, see it is flat, right? As, as in, as opposed to if there's 20 things, there's usually two or three, it'll get you 60, 70% of the way there.
And so you have to view it in that logical way. Standards is one way you are able to do that. 'cause if you don't, how do you communicate that to a customer in a way that's organized, reasonable, where it seems like, wow, I can make this investment and I can get this in return for it. That makes sense to business people. Yeah, it does make sense because, you know, I say this all the time, business people aren't stupid, right?
They're very smart people, but they understand risk and they understand their business and their operations processes. They're relying on you to become that trusted IT provider, right? And David, you know, one thing you mentioned a second ago, I wanna ask you this question. So, you know, dropping the big stack of assessments, right? Like the 500 pages assessment that you just did, um, that's not that effective, is it? Right?
So are you saying that we shouldn't use assessments when we go about solving these problems? No, I think you use more meaningful ones. So, you know, I know you're working on your home office there, Wes. So if I came into your home office and said, Hey Wes, let's replace all the sheet rock in this home office.
You'd be like, well David, I don't have the budget to replace the sheet rock, but if I, you know, took a knife and like put a little line down the sheet rock and could pull it back and shine a flashlight back there and show you that it was covered in mold because you know, pipes were leaking behind there and all this kinda stuff, all of a sudden you're like, well honey, we're not going on that vacation this summer. We've gotta replace all the sheet rock, you know, in the home office.
And I think that's what clients you have to show 'em, right? Is there has to be something actionable. They don't know what they don't know. So some level of assessment, you know, you gotta show 'em the leaking pipes and that creates, ooh, urgency. I gotta do something about it. But that's not that, Wes, here's the 50 million things at your house at all stink. And now you gotta do all this stuff at once, right? No, no, no. Let's just start here. 'cause mold is bad.
We get that and you move 'em along. And so, you know, Wes has four kids, for those of you that don't know. And so Wes and I were talking about this, it'd be like if he went to a financial planner and said, Hey, I need to save money to send my four kids to college, right? If a financial planner went and said, alright, wes, that, you know, sending four kids to college is gonna be $50 million. So you've gotta start saving, you know, $5,000 a week to send your kids to college.
Wes would be like, well, forget it, I guess. You know, my kids won't go to school, or I'll take out massive amounts of loans instead of like, Hey, you know, Wes, could y'all stop eating dinner out once a week and let's just put that money in a college fund. And then you begin to kind of build and you begin to kind of, you know, at one day you turn around and you're like, wow, I've saved all this money for college. It's like how our 4 0 1 ks work.
That to me is what our, we have to do with our clients is show them a reasonable, meaningful, actionable path to doing something better than they're doing it now instead of the scare and sell, which creates this huge gap that they're just, they'd rather tap out than try to fill all those gaps that they have. Yeah, that that, that's a great point. And one thing we hear says here in the chat, I want everyone to look at this.
So he says, you know, I'm not sure where, but I like this analogy of can't have security without compliance, can't be compliant without security. You know, you're pointing something out that I think is really true and accurate in this world is that there's kind of a yin and yang or two ends of a line, right? When it comes to the world of cybersecurity is true, security is a piece of it, and compliance is a piece. They're not the same thing, but they are closely related.
You know, one of the ways that I see this, and, and Gary, I want you to comment on this as well, is I look at compliance as setting the minimum bar, right? Like in my, I'm building my security and the the minimum says this, if I'm, you know, PCI, if I'm a bank healthcare, you know, I'm DOD manufacturer, whatever, you have the luxury as an MSP by talking about the bare minimums, which is what compliance sets. But that doesn't set the maximum in almost every case, right?
And, and we're not necessarily talking about getting to the maximum, but we are talking about doing what's required. And sometimes that requires going beyond, uh, compliance, right? And so, Gary, here's my question for you. I think with things like PCI that was just mentioned by Mark and others, it makes it easier for us to communicate, but it's not the be all end all, is it Gary? No.
And if you map it back to how an MSP does business, I, I think when you start to pick, you know, you pick your framework. So a lot of people here are talking about, uh, nist, right? 1 71. Um, so you have to then agree on, hey, what is my, what is my process? What is my stack? Like, how do I match up with that? And when you go in, like you said, you set some minimum, this is what we do for every customer, right? So this is where we want people in alignment on these things.
Then depending upon your business, Wes, you may need something more than that, right? Uh, your DOD that's an obvious one, right? Your finance as you mentioned. Uh, but if you don't have some standard that is your minimum because it should be reflected in your offering as an MSP as well. And you know, you can't just go in and say, well, you can have bronze, silver, pewter, tin, you know, and if they get tin, then they get no security, right? Um, On a Tanium Unobtainium. Yeah.
So I'm saying today that you know, the customers, they're not qualified to make those decisions, man, like at all. Like, we have to make those decisions for them and for ourselves and our risk right in it. Does that make sense? Gary? I was a, I was a high school debater and one of the things they taught us, all the cool kids were high school debaters too, by the way. You're curious, I heard That quarterback of the football team, a high school debater, right?
And so the way that they taught us, one of the things was like, lift an argument outta one setting and drop it in another. And if it doesn't make sense here, it probably doesn't make sense there. And so I used to tell the sales team at my elastic, I'm like, look, if you would not accept that in any other part of the world. So if you went into the orthopedic surgeon and said, Hey, you know, you need knee surgery? And he says, well, do you want the gold, silver, or bronze knee surgery?
And you'd be like, well, what's the difference? He's like, well, the bronze doesn't have anesthesia and we refuse instruments and all this stuff. You'd be like, wait, aren't you the expert? Didn't you go to medical school? Why don't you tell me what I need here? And so we would never accept it there, but clients know they don't know the answer to security. So why would we go in and let them choose from these options when they don't have any idea what the right answer is there? Yeah.
And you know what's frustrating when I say to people, Hey, you got five different offerings, which is the right one where you have everything to manage customers probably and keep 'em secure. They always say, you know, this one, it's usually the most expensive one. And then why do you have all the rest? And they say, because people want options. That's what they'll buy. I'm like, well, your sales aren't that great. So yeah, I don't, I don't think it's working, you know, in that way.
Uh, and hey Wes, we we have a unicorn in the chat. Ed was a quarterback and on the debate team, that's, that is a rare thing. That is A rarity. Indeed. That's a rarity. Uh, Was he a math team too? Was he a athlete? He Must, yep. Chess champion the works. Uh, yes, ed, I think we all want to be like you, sir. Um, hey, and, and Issu Iisha says something really good too. You know, he's saying, you know, total security is a myth. Um, he says, but at best we can try to get close to that, right?
And, and he's right. You know, that's exactly right. Is, you know, oftentimes, and when my board would ask me at the bank, Hey, how are we due after I do my board report, uh, where information security's at, oftentimes I would get a question of like, Hey, well what do you think about all this? Interpret this for me. Are we secure? And I would always answer back kind of joking. I'd be like, let me go check again, right? Because security is about a process, isn't it?
Security is not about a, we are secure. Uh, maybe all of our checks are green lights right now and our processes are running smooth and all the things we've done look good for now, but that can change in a moment's notice, right? And so educating our customers that this is a process that doesn't change. There's not a milestone that we complete and then we're done. Um, that is dangerous. And I do think a lot of MSPs, David, gimme some comments on this.
Feel like in the past they've sold security as a do these things and you hit this, and now you're secure only to have things change like we've had in the past two to three years with security. Yeah. And now they have to go back and eat crow and say, well, you know what, maybe things are changing. They don't know how to have that conversation, do they? Yeah. You know, there's a couple of things in there.
So one is I feel like sales teams for MSPs are scared of answering the question to their clients around, whoa, whoa, whoa, I thought you were already doing this for me. Right? And like Gary said earlier is that we don't like to have that. We're not used to talking to people about risk. We're used to talking to people about technology. And so a lot of SMBs view cybersecurity as a technology issue, not as a risk issue. And then the MSP is the group that does my technology.
And so how do you overcome that challenge talking to the client about, Hey, I'm here to talk to you about cybersecurity. Whoa, I thought you were already doing that for me and now you're playing defense. Right? The other thing is that, um, I like healthcare analogies 'cause everyone's been to the doctor. So it's something they can relate to. And it's kind of like the idea of being healthy, right? There is no status of I am healthy, right? Is that you still could get run over by a truck.
You still could die cancer if you went to the doctor every single day. That's still not a state of I'm healthy. You can be healthier, right? Just like with security, there is no final state of you are secure. The CIA is not secure, right? So there is some level though, being increasingly more secure, just like you wanna be increasingly more healthy. And for everybody, those look a little different based on are you trying to run a marathon or are you just trying to drop some, some weight?
You know, what is what, what are your goals are you trying to accomplish? And there's a different regimen for that. Similarly, what is your compliance and regulatory environment look like? And then you have different things you need to do based on someone else's, you know, profile there. Yeah. That, that's really good. Gary, you know, you work with lots and lots of partners, uh, in your experience getting to that idea of process through security, uh, yeah.
How, how many of your partners understand that right away? And how many of 'em do you have to build those concepts in? What are the ramifications when they finally learn it? Well, let me do two things. Can I start with what something Zach said and then relate it back to this? 'cause I think it's a great setup. You said speaking in business terms is difficult.
So, um, that part I would agree with until, you know how, and that's why we're saying using standards, and I'll give some examples with, you know, uh, my peer members that I work with and what's happened over the past few months. But then, um, later you said Coronavirus doesn't help either. That part, I would say my famous statement, I couldn't possibly disagree with you more, right? Coronavirus has been the best thing that ever happened because everyone knows that their topology has changed.
Everyone's knows that there's been, you know, new security risks that are, that are out there. So it's actually helping a lot of business owners and v CIOs that were more technical base. This is a great reason to talk to people about, about their business. And so relating that to your question, Wes, which is my customers that already had standards in place and do regular alignment, they're doing, you know, they're, look, they're doing alignment pretty much every month in some form or another.
After they made all these changes, you know, for work from home and whatnot, and they did 'em quickly, they were able to go back to their customers and say, Hey, listen, look what happened to your alignment score. Here's the things that we had in place that we don't now, and here's the recommendations. And sometimes it was projects. Hey, they, they, they packaged the, you know, two or $3,000, two factor authentication pro uh, um, project.
And other times it was, Hey, because of this, we're dealing with some new risks that we didn't even have three months ago, right? And look, we made some changes in our process. We've added some tools to our stack. It's gonna be about $400 a month for us to close these gaps. And they're having such success because they already had those muscles built, right?
The second best time to do it is right now, because again, those standards and that alignment process, that auditing against the compliance, that's like, that's the, that's the base of the model, Wes. Yep. Yep. Um, indeed it is. And, and I wouldn't come back to another comment. Mihir, really good points, and thank you for clarifying. So he, you know, he's saying, you know, it doesn't also help that standards are so vague and yet so specific in what they're asking for, right?
Uh, can I get a show of hands in the chat? How many of you, either now or when you actually, let's just ask now, currently for you today, when you open up and look at some kind of standard framework, how often do you get intimidated by it? A yes or no? Like, is that intimidating? Is it something that's like secondhand? Because let me just say the first time I opened, even to some degree today, you opened the big, uh, Excel spreadsheet for CSF, that can be intimidating, right?
Even to me today, and this is what I've been doing for years, it can feel intimidating. And we have a problem in this industry of communicating standards down market to SMB if we get intimidated Yep. Look at them coming in and a few nos, and that's cool too. Um, but David, question for you. So when compliance standards are intimidating for us, how in the world are we supposed to communicate that clearly to our end users who also probably don't understand it? Yeah. You know, it's, it's hard.
But I will say that, you know, and the land of the blind, the one-on man is king, right? So if you know a little about it, you know more than your clients do, right? And so the education piece, you know, if you kind of think about different sales approaches, you know, teach, tailor, take control, all those things. But that teaching component of going in and explaining to the client, this is what's actually happening.
And, and I'll say, I think that there's been this huge problem in the business world to where there's this false sense of security. And I often talk about, you know, if the three of us lived in the same neighborhood and somebody broke into one of our houses, Facebook would light up, the next door app would light up, and tech people would be texting like, Hey, something bad's happened in our neighborhood, and we would all be vigilant.
Nor would we disparage the people who got their house broken into, you know, it's not like they'd be like, haha, Gary's house got broken into. We'd be like, oh, that sucks. How do we, you know, improve all that? But in the business world, we don't talk about it. We don't talk about breaches.
So it creates his fault sense of security to where everyone thinks that it's not gonna happen to them, and they live in a good part of town when most people live in like the bad part of town and everyone's getting breached, there's just no one's talking about it. So it doesn't create that sense of, you know, urgency around it. So there's this education number one around, you know, what are the real risks? What are the kind of the standards out there?
This is education around it could happen to you. And that's where Wes and I have done a lot of talking in the office around, we need to equip our MSPs, need to equip their sales team with real world stories of like, Hey, here's how this happens, right? And this is what the consequences are for you, that the client can see themselves inside this story. Instead of it being all abstract. There's bad guys wanting to do bad things. You know, how does that translate?
Well, Wes, this is what that looks like. You know, this happens, this happens, this happens, and now you're, you know, ransomware and don't have any backups. Um, so I feel like there's this education that has to occur around the standards. There's this education that has to occur around what their actual risk is in the environment. And then I think there's this education around how an exploit happens so that they can connect with that and see their own vulnerabilities.
And then that, in my opinion, creates the desire to want to do something about it. You know, Wes, um, I, I have a whole team, right? That for the past six or plus years, we basically teach MSPs have been teaching people how to implement, you know, an alignment process, whether that's to their own standards or now, you know, security standards.
So I'll tell you the number one thing that we impress upon people that are at the, like, and we have a bunch of 'em here at the very beginning, um, to take it in steps. They have 30 clients and they want to take, you know, five different standards, or they want to take all of, you know, 1 71, and this quarter we're gonna go do every client with whole. And I'm like, no, you're not, you're not gonna do that. So why don't we make a plan over a couple quarters and commit to it?
We're gonna take, we have 30 clients, you know, Hey, we're gonna take these two sections and do all 30, or we're gonna take three sections that we think are important and we're gonna do our first 15 half of the client base. Then next quarter we're gonna decide that next step. And so that you are actually doing something that's impacting your business and the customer's business.
And I always tell people, I know now you realize how important it is, but you've been in business for 10 years and you haven't done it. Like, let, let, let, let's, let's take our time and do it right. Have your team build confidence. And it makes them go through a process of knowing like, okay, if there's a hundred things, what are 10 most important ones? And why are they, so even just deciding what to do first, synthesize it. But that would be the number one mistake.
And the number one good decision on the other side, uh, that when people do it in chunks, they almost always ramp up to it. And once you've been through the process once, now you're just looking for misalignment. It's e much easier to keep going than it is to get started. Mm-Hmm. Yeah. That, that, that is really true, right? Just that, uh, journey of a thousand miles, single step analogy, right? There's so much truth to that. And I, I can, I can definitely agree.
I think, you know, it's, I remember the first time I walked into that bank, um, I did not come from financial services. And I, I don't, I've never shared this story, but I'm gonna share this today. First week on the job, you know, who was in the door of my bank, my federal examiners.
So here I come out of my previous job, my previous industry, which I was a professor of information security, and I had some other jobs and different things before that, but literally day one on the job, like, oh yeah, by the way, when you start, uh, FDIC is in, and they would like to interview you, right? Uh, that's a little intimidating, right? And so he sat down and he was grilling me with questions. He is like, I know you're new. I know this is your first day on the job.
I'm like, yeah, you think, um, but you know what it came down to? I'm like, okay, I don't, I don't know financial regulations, so I'm just gonna go back to the basics. He's like, what are you gonna start with? How are you gonna be, begin your security strategy at this bank? And I'm like, we're gonna start at policies. We're gonna start at learning and making sure we're adhering and mapping, not just to what F-F-I-E-C says, but also to best practices. And we're gonna look at frame.
And he loved the answer. He is like that. I wish everyone would give that answer. I'm like, well, thank God. Because that was the only thing I knew to say. Uh, but that really is the beginning, right? Is just saying, Hey, I'm gonna get started in this. Sometimes for us it's like learning a second language, but David, that's okay, isn't it? I mean, not all of us. I don't think anybody just wakes up speaking security frameworks and security terminology right out of birth, right?
Yeah, no, it's all learned. And I think that that's a challenge with MSPs, to be honest, Wes, is that, you know, most of our security gurus at Perch came out of kind of the practitioner space, right? Like you came from financial services and stuff.
And you know, I think when you're looking to build an automation practice, let's say in your MSP, you go to somebody on your team and the the guy that learned Python on the weekend and the guy that, you know, likes scripting, and so they kind of had that embedded knowledge, but you know, a lot of MSPs don't have that embedded security knowledge. So they have to go either bring it in, or if they do have it, it's scarce.
And so then they have to figure out, okay, we've got two guys, three guys, four guys. Do we apply them to fixing our client security environment or do we apply them to looking at our own security environment? And, you know, it's just a scarce resource. And so having that credibility on your staff is kind of gating issue one. And then you have to figure out how do we deploy them and how do we utilize them most effectively is kind of the second big question there.
But I mean, the number one thing I hear, number one, when I, you know, uh, uh, uh, am on a webinar questions, it's about they can't get their clients to do it. They can't get prospects to spend enough, you know, to do it. And most of the time, those people, they don't have a processor standards.
Even just that process of applying no standards to your own stuff, your own MSP, when you get that ev, every client I've watched worked through this, they get this realization about how much work and process and dedicated roles it takes to do this, right? And then to their clients. So when they get in front of a client, they have such confidence, right? To know that they can actually start to weaponize a prospect's low price.
Uh, Wes I told this on one of the cyber calls, but I'll tell, like, tell the my, you Tell it again, My story. So, uh, during the pandemic, I'd been, uh, getting together with some business people in my, in my neighborhood for a socially distanced, uh, cigar and, uh, sometimes an adult beverage, uh, on, on a Thursday, uh, after work. And they all own small businesses between 10 and 30 employees. And we got talking about did they go work from home?
What was going on with their business, PPP, everything. And I started saying like, well, how did you address these things around, you know, backup? Like, you know, what do you and security when you made those changes? Well, what do you mean? Well, how did your provider address this?
Well, what do you, so I started asking 'em more questions, and they all started leaning up in their chairs and, you know, and there, and I started explaining to 'em like, Hey, here's how this works, and here's the risk. Here's what, here's the conversations that every provider should have been having with you right now. Let me ask you, do you know how much you pay your providers? And they all told me monthly what they pay.
And then I, I, they told me how many employees they had, so I figured out their seat price. And I'm like, I got bad news for you. Anyone who's charging you less than this can't possibly keep you secure. Let me show you the math. And had I still owned an MSP, I've had two. I don't have one currently, although if anybody's looking to sell, I'm always a buyer.
Um, but had I had an tell, we, I would've had five prospects, you know, immediately right there, um, without pulling out reports, without giving them a stack of stuff. In fact, I was the first VCIO in my first MSP, and I used to go in loaded for bear with stuff, and I couldn't get decision makers to want to come back to, they weren't as interested in security and patch management as I was, right? Yeah.
Uh, but when I started having these cigar conversations, you know, with them, I made these relationships that have been lifelong. They took my recommendations. That kind of sums it up. Yeah. It, it does. And David, I want to ask you a very similar question, because you've been in the same boat before, right? And, and here's kind of what I want you to, to espouse.
Like, so we've been in this boat a lot of times, like we're not talking today about margins, but we all know at the end of the day, if we are going to enhance a cybersecurity offering and go from just firewall and, and AV and, and start doing the things we need to do, that actually are compliance map. It's not just vendors and tools, it's people and processes wrapped around. But for sure all of those things eat our margins, right?
The big fear everyone on this call has today, is, how do I pitch that? Because they're gonna come back to me and they're gonna say that that's more expensive than the guy down the street. Or if you're sitting inside your own organization and you're not working in m sb, but you're on this call, you're thinking, how do, same thing, how do I pitch that to my board or my IT steering committee, right? So David, what's the answer there?
When everyone says, well, you're more expensive by double than this guy over here. Yeah, it's really comes back to teach Taylor. Take control, right? So you gotta teach 'em. So you have to educate them on what it is, what you're doing for 'em. You know, a lot of that comes down to that idea between like foundational and advanced security. So, hey, Mr. Client, we're doing foundational security for you, which is all signature based, right? So that's AV and that's patch and all that kind of stuff.
Then there's advanced security, which is all anomaly based, and that's gonna be, you know, endpoint detection and sim and all that kind of stuff. And so we're looking for anomalies in advance. So you have to teach 'em number one. So when there other guy comes in to talk to 'em that he's painting them in a corner going, oh wait, this, this guy's only doing foundational security. He's not talking to me about anything, you know, advance. You have to tailor your message, right?
So what is their risk tolerance? What is their compliance and regulatory environment? Are they healthcare or are they a dry cleaners? But if they're dry cleaners that stores credit card in their system, well now they've got PCI, you know, compliance thing. So you have to tailor your message to them. And then take control is you have to guide 'em. You have to show 'em, Hey, this is where you need to go from my position of expertise.
And that's where little phrases like what we see with clients like you, right? Is that everyone's looking for the cheat code, right? Everybody's looking for the answer to the test, up, up, down, down, left, right, left, right, start select va, um, or va start select. And so, uh, but the idea is like if you can say, Hey, what we're seeing with other clients, you're de-risking it. No one wants to go first. No one wants to be that, you know, outlier.
So if you de-risk it by like, Hey, here's what we're seeing other people like you, Wes do, they're doing this thing, they're taking these steps, they're beginning to implement this. Now you've de-risked it. They feel like, oh, okay, there's a little bit of peer pressure in that. Or no one wants to be the one on the outside not doing the thing, but you have to teach 'em why it's important. You have to tailor your message based on who they are.
And then you have to show them where they need to go. And again, not provide gold, silver, bronze. Don't let 'em pick, tell 'em what the right answer is, um, for them. All right? So we're getting really close. I want to come back to standards again, right? Uh, 'cause we're getting really right back into the, the content of today's talk, which is simply this, um, Gary question for you, right?
Getting back to standards, you know, it seems like unless a customer's regulated, they don't really care about standards all that much. So what role does a standard play and what role doesn't a standard play? And while you're answering that question, Andrew, if you could get the second poll question queued up, um, because that's really gonna gear into what we're talking about next. So can we, uh, can I put this in the context of a sales presentation, please? Okay.
So, um, one, I'll give people a couple little things you can do e every time you're in front of a, a prospect or a customer. Two, this goes without saying, um, ask them some questions, you know, about their business and what they do. Um, and then I always like to ask them, you know, who do you compete against? Who are like your main competitors? And when you compete against them, you know, what do you charge on average? What do they charge?
And I find out, or they a high price or low price, I make 'em explain their business model and I tucked that away so I could use, I can use it later. Then you're gonna go and you're gonna ask some questions to uncover pain. And sometimes, you know, we're gonna lead them, like with security, we can ask questions to help them. Like sometimes we have to show them where, where the pain is. Then when it gets to the point where, um, we wanna weaponize low price, right?
Because we're gonna be like twice as much or, or a thousand dollars a month more on a $4,000 deal, we wanna relate that back to our process. So I'll always bring a process example. Hey, let me give you an example. We, we talked about an issue you had around passwords. Uh, this is just one standard. Here's the 23 questions that we're asking 'em on a regular basis just about passwords. I didn't even ask you about those 10 other things. One, do you see why this takes some time and effort?
Two, do you understand why my customers don't deal with the same things that your customers do? They say, yes. I'm like, look, you got 40 employees here. What are your overall monthly expenses? 400, 600,000 a year with what you've dealt with that supports all this? Whether I charge you 5,000 or 6,000, do you really care about a thousand bucks one way or the other based on this?
And if you knew that the only way you could get to a reasonable level of security is by a process like what you have to invest in, and that was your two choices, what would you do those four minutes? I have a hundred hours of sales content, but that's basically what it is in four minutes, Wes. So that if, if you're listening to this, the best thing that I can tell you that was just recorded, that is gold right there. And what I would do is I would go pause this.
What, what, what were we at right now? What I can't tell 37 10 is where we're at, right? So just go back up to about 34 or something like that. Hit pause, replay that learn. Because Gary, that's really valuable. I think we're missing a lot of times just the practice of how to have those conversations. Yeah. Like when I'm hearing that as a practitioner and you spoke to me like that, I'm like, yeah, he's right. That makes total sense. David, what, what do you think? No, it makes sense to me.
Yeah, I think that, you know, the, the obstacle to getting customers to move is lots of times on the sales side, you know, do they have confidence in, in the message? Do they have a repeatable message? You know, or do you have wildly varying where one guy seems to hit his number all the time and that's because he's got this script down like Gary just did and you got these other guys that can't articulate it.
Well, how can you make that something prepackaged that any of your team can reproduce and have that same conversation and you know, um, it's kind of that classic thing, right? You wanna uncover the pain, then stick your finger in it. So how do you identify that and how do you get it to move it along instead of becoming this huge long drawn out process? Yeah, you know, you know, Wes, here's what I always tell people I train in, in, in, in, in sales. Look, there's a truth that exists, right?
There's an undisputed truth. And that truth is you do not get more secure by investing less with your MSP. Like, don't shoot me, I'm only the messenger, okay? So, you know, the customer can't change that. The low price convi, you know, provider can't change it. Only thing we can do is just explain to 'em it's not a sales trick. We're just explaining to them what the reality is that the least expensive thing they can do.
If they wanna be more secure, if they wanna be more productive, if they wanna have technology fuel their strategic direction, they gotta be able to pick a vendor that has the right process and there's a price to pay for that. But it always yields results and we're such a small cost compared to all their other costs. Once you feel that way, Wes, everything changes, man, because I was on the other side when I started where I couldn't close a door. Yeah.
Why would usually jokingly start Wes, lots of times with I'm like, Hey, have you ever Googled any ailment that you have? And you know, that chuckle And I'm like, what always happens? You die, right? Whatever you Google, I have a hangnail and if you Google Die an Hangnail, you're gonna die. Right? It's gonna tell you that it's gonna get infected, it's gonna go systemic, and then you're gonna die that whatever you Google, you die. Right?
And, but my point on that is like, that's, that's his security stuff. To Gary's point, if you don't treat it, it's gonna get worse, right? It's not just magically one day you're gonna wake up and your environment's gonna be more secure, right? There's, there are infections in your environment and left untreated, they're just gonna fester and get worse until someday they have to be dealt with.
But it's not just magically gonna get better and you go hire some cheaper dude down the street and his service is gonna magically make him, you know, better either. Yeah. Yeah. Uh, Wes, we, uh, David asked a good question before, but I don't think we ever really finished it. Uh, Wes, um, David, you said the one thing you hear a lot from salespeople and all the providers you dealt with is they come back and say, well, I go tell 'em I want to do some stuff with security.
And they tell me, you know, I thought you were already doing it, right? Yeah. You mentioned that. And then we kind of move, we moved on from it. Yeah. And you know, uh, that's, I'll tell you how you can weaponize that one. You just tell 'em like, well, yeah, do you think the threats are the same? They're not the same as they were 10 minutes ago. Yeah. And if you wanna be up on that, come to the cyber call every every week with us. Yeah.
You'll have confidence about what's going on with those, you know, with those threats. But the other thing you can say, Hey, when's the last time that you had a price increase from your current vendor? Okay, it's been two years. Do you think they need to be doing more for you than two years ago? Do you think that, um, that security risks that we're dealing with are the same now as they were two years ago?
So you really just, almost every objection you get should be the reason why they would invest more with you. Yeah, that's right. Yes, Indeed. And, and you know, I can even give a little technical backup to exactly that. I mean, threats are changing. One of the reasons we did the perch security threat report that we did last year, uh, well I guess for the 2020 report, uh, is for that exact reason, Gary, is if you look at the past three years, MSPs are under attack like never before.
Uh, their clients are under attack, like never before. Bad guys. And we're talking household name bad guys like the Soden guys, right? Is a good example. They understand the MSP, they understand the tools you use. They know the RMM. If you give a bad guy like that full and unfettered access for just a few minutes, the RMM, they will toast and ruin everything. That's just what they're, they're good at it. So you're right.
And, and that's the reason we produce that report is to bring evidence to that so people could see as an MS whoa, it, it has changed for me and the old days of doing security for where an MSP are no longer the days today. Wouldn't you agree with that, David? Oh yeah. I mean, it's crazy how fast it changes, you know? And, um, staying on top of it, I mean, you look at all the trends that have impacted technology, you know, none of these things, what this has only existed since 2007, right?
And so it's really not that long and how much we've all had to adapt just to those. And so you look at the amount of business innovation that was crammed in about three weeks in March, you know, think about some of these companies that sent their people home. Um, if you had said, Hey, we wanna work from home strategy for some of these companies, it would've taken them a year to convene committees and to hire HR people and to create legal policies and all that stuff.
And they freaking did it in three days. You know, they just sent everybody home. And so, you know, the, I think Gary makes a great point. The amount of innovation and changing that's happened just in 2020 is enough to say, man, there's, you know, there's no way we could charge you less. We, we ought to charge you more. 'cause before we just supported Gary's PC sitting at his desk, and now we support Gary's PC at his desk, the one at his house, the one at his lake place. You know what I mean?
It's like everybody's gone all these different kind of places and put a ton of pressure on, um, the infrastructure. So yeah, I I I'm in complete agreement that the, uh, evidence of change is all around you. And, um, that should only drive more, um, price increase, not less. Yeah. Because there's not delivery Model. You wes, uh, I've, I've worked with so many people, right?
And, uh, what I, what I saw, uh, last quarter in a pandemic, we just had our peer meetings last week, 35% of our peer members in a pandemic through over 20% net to the bottom line. I ran my first MSP at 33% net profit for only one reason. All the way through it. We made standards really the core of what we did, and we based our VCIO process on that. And that allowed us to create separation in the sales process. Uh, you know, drive higher prices, have command over our costs.
So we knew we were at 70% gross margin, but all of it really, you know, it was my one good idea, right? That I ever had way back when that we stuck with to become the best at that. And, um, I've ridden it for, for 20 years. And with all these changes in security, it's just enhanced it. 'cause we, we know back then we were developing our standards. Now in addition to that, we're being handed these standards to have all this credibility in the security world that we can leverage. Hmm. Yep.
That's good. That's really good. And, and that actually gets close, uh, close to another question I want to ask both of you. And it's this question right here is when we start talking about selling and we're, we're doing like what you're talking about, kind of figuring out what gross margins are gonna be and how we're aligning this and what goes into the stack? A big question I think we often have, and I'll throw it out to I guess both of you, but Gary, I'll let you start.
When it comes to selling security, um, are we selling a solution, a suite, a tool? And I'd be curious to know in the chat what you guys currently feel like you are selling today A solution, a suite, a tool. So Gary, give us some feedback on that. Yeah, so here, here, look, it's changing fast. So MSPs have, they always usually start off selling a tool, then maybe they turn it into a solution, then it goes in the stack, right? Like historically, that's what happened. Right?
Now you really need to decide what that base level is. You're offering everybody. And you need to figure out, hey, based on the tool stack, I want to have, and think of it this way, your tools probably should be roughly between 25 and 30% of your overall seat cost, right? And so if you know what your labor should be on average, like we have a calculator that we, that we give people, um, Andrew, if you want to post it, it's true methods.
com/price where you can calculate your, your, your seat cost. Um, then what you, what that gives you a framework to say, okay, based on that, how do I prioritize my tool stack to get to, to where I need to get to? And then anything that doesn't fit in there, maybe that would be my premium offering.
So you have some organized lens by which, because if you're just out there selling different products and, and different one-offs and tools to every customer, um, you're probably gonna be less secure, not more, because you don't even have standards, David, I'd Say. Yeah. So I'd say that there's this, I live in Birmingham, Alabama, and there's this bar here called the Collins Bar, and it's kind of those history bars. And they don't have like a drink menu at all.
They just have all of these alcohols along the back and they're mixologist guys, you know, they just wanna talk to you like, what kind of stuff do you like? Do you like it sour? Do you like clear, do you like dark liquor? And they make something special for you each time, right? And that's kind of the way that we like to think about this is that, you know, the end user gets bombarded all the time with all these different vendors.
Multifactor, authentication, dark web scanning, you know, all this stuff, right? And so if each one of those vendors represents something on the wall behind you, it's really about talking to your client, like, okay, what, what do you need? Right? What is your compliance environment? What is your regulatory environment? Do you have rules you must adhere to? And then others that are a good idea. And then you find out that, and then you mix 'em a cocktail with all the tools that you have.
That's for them. This one size fits all approach of advanced security is kind of hard because there's not, but that's also a great opportunity to create differentiated value because the client doesn't have great expectations around what that cocktail should cost, right? Is they don't know, you know, kind of like we've talked about a million times, is that all in seat price?
People kind of know what that might cost, but there's not kind of that expectation, that whole red ocean, blue ocean idea around what advanced security tied to compliance might cost, you know? And in fact, lots of times they think it's really, really expensive and it might be. But um, I think the more bespoke you can kind of get for them, where you've got great relationships, but you're tailoring it to what it is that they want to do, I think creates a lot of good differentiated value.
So Gary, in your mind, why do you think it is that most MSPs don't bake security into their offering already? Oh, that's the easiest question you asked me. Uh, uh, they got a math problem. Okay. Uh, they're out there at 120 or $130 per seat. You back off based on even half decent margins, what your seat costs need to be. And, and when you look at the math, almost all the money they're taking in is going to solving tickets and alerts, right?
Doing some professional services projects to bring in money. And at the end of the day, um, they don't have the budget to be able to do it because proactive always gets squashed by, by, by reactive. Um, back in the old days when I was actually going around the world speaking, uh, I probably before Covid the previous year, spoke in front of 5,000 MSPs. And I always ask this question, how many people here, you know, are, are proactive? Ms. P every hand goes up.
I'm like, okay, how many people here have at least one don't work with your methods? You have at least 100% proactive service delivery role. Someone who doesn't do any tickets, respond to any alerts and doesn't bill any hours, almost no hands go up. And I'm like, lies all, all lies. So basically the MSP model wasn't really, wasn't billed.
So now we're asking the MSP to have a lot more level of command over looking at what their costs are by role and how to build in these roles, and then how to show the value to the customer. And that's a lot of, that's a lot. That's a long way to go for, for a lot of MSPs. Yeah, that, that's a, oh, go ahead, David. Oh, I was just gonna say a hundred percent. I just completely agree.
You know, that the price, they, they're so scared so many of them to go ask their clients to pay more and don't feel confident about selling the value of why they should pay more, that they, you know, are just trying to protect what they've got right now and don't really look at the added value. Yep.
Um, Gary, one thing you said that really gets me thinking, and David maybe you can elaborate on this too, is Gary, you're kind of hinting that the way that we've always done it managed it is an operational model kind of smack security in the face and doesn't quite, um, I don't wanna say doesn't quite work, right? But it it definitely is in, um, uh, disagreement with what we've typically done in the past, right? That's kinda what you were hinting at. David.
Have you seen the same thing in your experience? It's, you know, it's, it is a different mindset. I think that, um, you know, a lot of the MSP mindset when you're trying to scale your MSP is built on this idea of like automation. We gotta have automation, we have to make things easy and all that kinda stuff. And automated, automated systems easy. All stuff is not necessarily the answer for security, right?
And security is hard and it's a heavy lift and you may have to trade a little bit of automation to get, you know, a more secure environment. So yeah, it kind of runs counter from an operational, you know, every MSP's job is what to create operational leverage. If you want 30% EBITDA margins, you better have a lot of operational leverage. Well, the way to get operational leverage is to have systems do things, to have automation sitting behind it and not have a human touch in each little thing.
A lot of the security stuff has humans touching it, and you're introducing complexity into an environment, um, and maybe slowing things down a little bit to make sure that they're more secure. So yeah, it runs counter to that. Yeah, that's, you know, Wes, uh, you always come up with these little nuggets and then I steal 'em and make 'em my, you know, act like I, like I invented them. Um, but that's a great one.
That concept that security runs counter, because if you really look at it over the past, you know, eight years for all this talk of, you know, proactive managed services, mainly what MSPs have done is changed their billing model every day. If you looked in their office and had a camera over 10 years, people come in, they sit down, they open up their PSA, and they, and they, they work on tickets like that part's the same. And as David said, they've added some tools and some automation.
Those two things aren't what security's about. It's about a, a lot of process, a lot of truly proactive roles, the standards, the alignment, the compliance, and that's not part of traditionally what MSPs have done for the past eight years. Yeah. And once, if I could have one kind of closer remark around that is you have to make sure as an MSP that you're doing what you should to be secure before you go talk to your clients.
And I always kind of talk about, you know, you can't be the 400 pound personal trainer shoving a big Mac in your face and watching it down with mountain dude about to teach someone how to, how to, how to lose weight, right? And that's the way MSPs are. Sometimes they're strolling into their client environment weighing 400 pounds, shoving a big Mac down. So lemme tell you how you need to be more secure, Mr.
Client, you know, when they really have to shore that up themselves first, then extend that out into the client environment. That's so crucial. Oh, I didn't eat lunch, man. That burger is actually sounding good right now. No doubt, no doubt. I usually miss lunches when I have these kinda afternoon things. Yeah. Hey, um, as we close, we've got about three minutes left, so we're gonna kind of get into kind of closing comments here. But first of all, thank you for joining.
I truly hope this has been helpful for you. This has been recorded, so you can go back at any time, you can listen to it, you can share it with colleagues. Um, hey, it would make the, the world to us if you just shared on LinkedIn as well, just pop it in LinkedIn with the URL and say, man, this is a great session. I learned a lot about it. Um, by all means, please use this. Um, if anyone has a final question for us now is your chance, pop it into the chat.
You've got two super smart people and you got me that are along as well. And as Andrew is mentioning, um, cyber nation.com, if you like, the stuff we're talking about, this is what we do every week on Monday at 1:00 PM Eastern, we dive into these concepts and this stuff and we bring guests on. So hopefully that's been helpful for you. Um, because look, we are all in this together, aren't we?
This is something that all of us deal with, that all of us are, are tackling, we face a common threat, a common enemy. I can't say that enough. Um, so as we close, David and Gary, David, I'll let you start. First give us, take us out on a closing comment that kind of pulls us back together for us. Oh man, I just think that don't be intimidated by this stuff, right? Is that it is happening. You have to know your clients are looking to you for the answer. So don't be shy about it.
Go get educated some, but start educating your clients so that they will act that at the core they have to, you know, everyone's at risk, everyone's vulnerable, they're looking to you to help 'em. So figure out a way to get 'em to, to act and move and take those reasonable next steps. Yeah, and you gotta get moving.
Like I said, we had our, I was with a hundred of our peer members, uh, last week in our virtual peer meetings and compared to even a year ago to hear how many of their special projects and things are around security. Yeah. Uh, they're on it. So you have to be on it. These are people that are, you know, leaders, you know, in our industry. And so get immersed in it.
And I just wanna say Andrew Morgan, uh, single handedly this year, what you've done, uh, to help educate this industry about security. You've educated, you've helped me and all of us, um, with Cyber Nation, with the cyber call, with these kind of events. I'm just saying you are leading the way in helping MSPs get down the line on this. So thank you. Well thanks, thanks for the comment Gary.
But you know, I have to say the channel and you know, you guys have all I've known, well David and Gary personally, I've known for over 15 years, Wes for the past three with perch kind of market. You guys have all been very good to me over the years, so I'm just paying it forward and paying it back. Um, I did put, thank you for those kind of words, Gary. I did put um, a few URLs in. So the Cyber nation is live. Sorry for confusing you Wes. I kind of threw that in there.
We just launched the Cyber nation. Um, Gary's in there, David's in there. Wes is in there as moderators. It's, um, all the stuff that's going on with the cyber call will be posted there, the videos, how to get to the cyber call. Um, and um, let's see, uh, in terms of, well Wes, I'll let you close out a few things. I'll just say, um, cyber Phish is, uh, offering a $500 promotion going on right now.
Um, they are talk about leading the way in terms of phishing with what they call what's, uh, human emulation technology. Um, uh, and, and so, uh, try it out. There's a Protect Your House campaign, it's free. Um, the links down there, the CTF was kicked off yesterday. Um, we had 145 or 46 competitors in there. We're gonna be doing a lot more teaching.
Um, you know, even if you're beginning have no skills around ethical hacking and thi and forensics and things that could help harden your environments, there's gonna be a lot more of that coming. Um, and then we have two more days of uh, just one hour per day. Um, this was an awesome, um, uh, uh, session. We'll make sure this is recorded. Well, it's automatically recorded, but I'll make sure it gets into the cyber nation as well. So with that, Wes, I'll let you take us.
Hey look, we're, uh, we're a minute over about to be two minutes. So thank you for joining. And Andrew, we already have folks that are joining in. I don't think it's gonna focus, but I'm gonna hit approve all to you people that just wanted into the cyber nation. I just approved you. Uh, welcome. Thank you guys. I can't wait to see you guys again. Thank you for your time. I appreciate that. And with that, we are signing out. Cheers.
Related Videos

Right of Boom 2025 – Steve Rivera – Logically
Right of Boom 2025 – Steve Rivera – Logically

Right of Boom 2025 – Calvin Engen – F12.net
Why Vendors and MSPs Prioritize Right of Boom – Hear why Right of Boom attracts the most security-focused MSPs—and how it creates unique value for vendors and partners.

Right of Boom 2025 – Bill McLaughin – Thrive
Right of Boom continues to raise the bar as a cybersecurity conference built for MSPs. With attendance surging from a few hundred to over 1,300, the event delivers more than just technology—it’s a ...