Transcript – Noncompetes are outlawed

hello hello hello oh wait hey we just had a friend show up Steve hey Steve hey there so so full transparency everybody number one I’m sick as a dog I’ve had this 101 102 degree fever for two days so I’m pretty loopy so much so that I forgot that we were bringing Steve on today so my bad because like I said I’m like not fully myself whoa where did oh Jesse Jesse will be right back apparently Jesse didn’t want to stay here with us so no he’s adding uh he’s adding his link audience yeah there he is is there we go so um hey everybody uh welcome to this week’s uh ad lib version of Team Tim uh today’s February 2nd like where the heck did like January poof gone already into February pun Phil right I know I feel like Groundhog Day like being sick over and over again for the last 48 hours but uh so uh Steve uh welcome uh let me before we kind of get into that I’ll just say my Hello uh and then I’m gonna try to not talk so that I’m not being too loopy for everybody but I’m Tim golden uh founder of compliance scorecard yes I have my pepe shirt on today and not my compliance scorecard because as you know I’m a new grandfather and they call me Pepe and I’m just like oh I get to see the granddaughter if I’m not too sick so anyways Tim golden founder of compliance scorecard our good friend uh Tim schner hey Tim take a second just getting off mute Tim thank you um Tim schner uh channel security guy looking for a new role uh been been having some great conversations uh in the last couple weeks here but um you know excited to continue working on outsourced it and and vendors and with msps in the channel so uh you know this is where we kind of put it all together Tim there we we actually did put a post out I I Steve I sorry I forgot about you but um we have a couple things we’ll touch on today and I I think we can we can hit those three topics as well but certainly want to talk about Steve and all the good things that channel programs bringing and making it easier for msps to find good vendors or vendors what their capabilities they’re looking in so Jesse one of you why don’t you go hey everyone uh Jesse Miller found ER power PSA Consulting we help msps scale their Security Programs and do it efficiently and profitably uh I am also excited to be here today because I thought when Steve first started his rocket MSP podcast the way he was bringing vendors on and just letting them say their peace and doing the things that we all don’t want to do right is take those meetings and listen to the demos and get on the email list I thought it was really cool what he was doing and then this latest announcement of uh acquisition by Channel program is just I think another step in the right direction for the industry and the vendor ecosystem so again excited to get into this and Steve tell us a little bit about yourself and what you’re doing absolutely well hi everyone I’m Steve Taylor I am the channel content producer I gotta I gotta get used to saying that I got a fancy title now uh but I’m the channel content producer with Channel program um I’ve been an IT professional since 2002 I started my own MSP in 2009 I started making content for msps back in7 and uh this is just another evolution of that now I get to work on content fulltime and I’m super stoked that’s awesome that’s awesome I know Steve you and I have been trying to connect back at uh rocket MSP to kind of as a vendor come on there and do what we were talking about so what is that going to look like at at Channel program because you know we have been kind of part of Channel program here at least myself as a vendor for a while now and you know we’re noticing some some really good you know fun things coming out of out of channnel program yeah so I I’m still trying to figure it all out to be completely honest but what I can tell you is um I still have a bunch of guests booked into May for the rocket MSP podcast um we’re we’re starting uh demo days next week so every Friday I will be going live with a vendor and it’s going to be um deeper dives into demos than even the rocket MSP podcast was I’m really excited about that um and then I’ve got some other content that I’ll be doing like Monday I’m gonna go live with Garrett Brown and basically every Monday at two we’re gonna talk about the stack charts so this Monday we’ll talk about the stack chart that gets released over the weekend so just lots lots of opportunities for me to get in front of people nice nice um so uh we were going to talk a little bit today about like the non-compete stuff some CIS controls Yeah Tim Tim wants to stir the pop more on my conversation around Eco chamber but before we get into that I want to share something uh pretty interesting that that our good friend uh Jay McBean put out here uh so uh let’s see so Jay we all know Jay right Jay’s got all the data he’s the person right let me bump this up a wee bit right he’s got all oh let’s get rid of that out of way yay and you know hey how about some ads you know but he’s got all the data right and when we look at you know what are the predictions from canalyst going forward right and all the things that are happening like is there a number there that kind of sticks out for anybody if I kind of pull this up real quick is is there anything that really sticks out there well I think it’s interesting and that’s why you know I I sent this to you Tim is because I thought it was very interesting that 60% growth for msps in 2024 in compliance now I think it’s really interesting too and I’ve been saying this for a long time is that MSP uh managed service provider business is a little bit countercyclical right so when you see downturns in the economy and people are tightening their belts typically they they look to for ways to save and an MSP can usually be that especially for mid-market organizations but I think it’s really interesting that you know we see a 12% growth in the industry in a downturn which is awesome but then we also see a 60% growth in a really an emerging kind of space for msps so I think and that’s that’s more than just an echo chamber right somebody that’s a good way to talk about that but I think I do think sometimes in the community we can get really uh you know talk about the same things all the time and we are in our own little e Echo chamber or bubble whatever you want to call it but I don’t think 60% growth it that’s a little bit too big that’s that’s Market driven right people are asking about about compliance people are asking about strategy so that that’s my take on it at least yeah you know and you know in full transparency uh yes we are a compliance company and you know hey foreshadowing or foresight or whatever but you know Jay’s Jay’s J McBean for those that don’t know I’ll drop the link in chat so you all have it like he’s him and what they’re doing over at Catalyst they have the data they know these predictions right they they do the research like way smarter than any of us around this stuff and you know for them to come out and say you know 50% here 30% there y y y but that big number of 60% kind of really stuck out for me because when you’re looking at a downturn economy there’s room for growth right there you know there’s room to operationalize stuff there’s room to you know generate more business and become a true business partner as an MSP with your customers yeah yeah Yeah Tim it’s interesting right because we Tim golden myself met uh almost two years ago right like and we were both compliance driven vendors in the connectwise pitcher program right and people are like what are you guys doing like I don’t really get it and 60% is a really interesting number Jesse because compliance isn’t typically delivered like you can’t just turn on compliance and it’s it’s very it’s very manual intensive right like you’re interviewing people you’re creating policies you’re creating a structure a long-term road map so I think that’s amazing that that number is shocking to me um but but it also tells you that it’s not going to all be you know it’s going to be somewhat tool-based right it’s going to be there’s gonna be automation there’s going to be road maps there’s going to be all the things that you preach right to ICP driven right like so you’re you’re not kind of like recreating uh you know a custom a custom uh cyber security plan for customer or client that you’re using so um I think you know I it just shows you that all these tools have entered the market um certainly on the Enterprise space uh there’s Ved a secure frame like these guys are two billion doll unicorns I mean it’s crazy so um some of that stuff’s coming down Market uh I was probably a little early uh in my my older um Fort Mesa company but they’re doing they’re doing really well right now in compliance with um you know with with some of the things that are going on in the market and Tim obviously you know we’re not supposed to talk vendors here but uh it’s okay when I can as long as you don’t talk about you know you’re talking about your own vendor right so um you know just if anyone if anyone was there at the MSP geek conference last year we were kind of competing like how do we pitch compliance right like I was like Tim’s got this very uh ingenious kind of like uh let’s start with policy right let’s start with let’s start with the basics let’s start with policy life cycle and and get people on board with that and um so anyway just just some observations in the market and I’ve been lucky enough to actually sit in sit in on some demo calls and the the level of understanding of compliance and what it takes to do things is just unbelievable how far most of these msps have come along so before you know it was it was just a it was just a difficult conversation like which framework and I’m sure Tim has these demos every day of like we want to do this we want to we want to do CIS controls for this set of customers we want to do you know a HIPPA overlay or a sock 2 overlay or whatever it is um but just the level of understanding and go to market in terms of compliance so anyway I’d like to hear so St Steve you’ve talked to a lot msps right over the last year or two or three right probably a couple hundred if I had to guess right has has you know is has there been any thematic things or themes amongst the msps as it relates to some of Jay’s predictions here about co-managed about uh growth in compliance about you know Ai and that kind of stuff have you seen in your conversations you know either discussing with msps or vendors as a whole anything around those you know I think it really depends on the maturity level of the MSP so you know the the smaller msps and and you got to realize you know with with rocket MSP I was really focused on tools right and and let’s be honest like a lot of the the less mature msps are more focused on tools than they are with processes so I I find myself speaking with the less operationally mature ones and that’s okay because you know they they need they need help and and they’ll get there right so with with the kind of msps that I’m talking to um they’re they’re more excited about like playing with AI for marketing and and just like little things they’re not getting involved with building uh their own custom open AI inside of azure that’s based on other tickets to help them triage and everything else right um they’re also typically not going to be as strong when it comes to uh coding and and scripting and all that so they’re going to rely on thirdparty Platforms in order to be able to do things so whether it’s uh uh what do you call it robotic process automation or yeah RPA or or some of the other things out there I I don’t want to name names because I don’t know how you guys are on the show but um you know you guys we can’t plug ourselves but you can plug other people yeah okay so I mean you know there they look at things like Roost and and MSP Bots and all these other things and and they’re they’re definitely looking for ways to to automate what they’re doing I I don’t really see a lot of um the the more immature msps really worrying about compliance because they’re still not necessarily following a a framework or a set of controls for their clients as it is even just for Best Practices so heaven forbid they look into something like cmmc that’s a bear you know yeah you know it’s interesting that you say that and I I was guessing I was hoping you would talk about that right is the different levels and the different maturity because this is we see so from that perspective we see the rest of the industry more than half or a 60% growth curve that’s a hockey stick as far as I’m concerned right and you have smaller msps and you have other msps sitting here say well what do I do about this I’m becoming more commoditized and I’m becoming pushed into a corner even more and I think that chart actually speaks to it Tim if if you have it and you want to pull it back up I think it said something like 50% of msp’s plan to partner for services they don’t offer today and so I think that speaks to there’s becoming a much more uh open and um cross-pollinating community and I think that’s important I think that’s a good thing overall so um let me pull it up full screen and kind of do a little here see if I can without blowing me too up right they’re going to experience some growth either co-managed or co-p partnering generative AI you know across vendors tracking 35,000 vendors whoa right is that is that is that coincidence that 50% plan to co-partner and 60% plan to grow in compliance it sounds like they’re partnering with compliance Partners to do that now you know I I don’t want to I don’t want to read into the data too much or anybody I can’t believe that 50% MDR number I mean even the majority of nsps are already using MDR so I’m shocked that it would be growing to that degree I mean I mean what are your thoughts right how of you find an MSP that doesn’t have an MDR partner well it depends again we’re we’re looking at operating maturity right so you know I mentioned earlier that there’s a buch of the the less mature msps that aren’t aren’t doing things based on a set of controls or um or a framework so those msps are still relying on I’ll call it old school antivirus techniques where you know they install web rout or or you know something along those lines and they’re not using the more advanced Tech yet yeah because it scares them you know they they don’t know what they don’t know and it’s overwhelming and they don’t want to get in over their head so they stick with what they know um and and unfortunately that that puts them further and further behind you know it’s interesting um there it sounds like there’s a bit of a gold rush in the vendor face there right so 50% plan to grow and you’re saying these msps it it’s kind of a it’s a bit of a gray box for them a lot of of them getting into the these types of um offerings what how are you seeing vendors be successful or what should msps be looking for in a vendor if they’re going out and finding these Services what are what are you seeing in good partners because I think you have a pretty good view high level of the ecosystem today you asking me yeah I’m sorry yeah Steve for you no it’s it’s okay so I’m sorry ask the question again so how what are you seeing from vendors that are being really successful and really enabling msps and being good part Partners to msps so what are some what are what are what are some characteristics of a good partner that you’re seeing uh fantastic onboarding um handholding with within the onboarding process to make sure that the MSP understands what it is what it does how it works all that um and then honestly like a lot of these unified cyber security platforms while while they may not be uh able to go that that inch wide mile deep they really do seem to cover a lot at least of the basics for these for these msps and I really think that they should be looking at some of these companies like guards or um Judy or the other one coill by Field Effect like some of these companies like I look I I haven’t used it so I can’t tell you if like if it’s going to stop all all the threats and and protect all your clients but I can tell you that it’s it’s a more holistic approach it’s a more TurnKey system and something like that I think is I don’t know probably really really beneficial especially because you know we just launched our I I’ll go on a little tangent we just launched our vendor contract thing how much how much better is it for you to only have like one contract with a security vendor instead of 20 because you’re working with 20 different security vendors yeah yeah it’s interesting I I kind of came up with a a phrase because I was talking through this in detail over the last couple months and it goes the E the efficacy of the whole is better than the peak of the parts right so when you’re talking about economies of scale and an ecosystem that you’re able to deliver a holistic umbrella of security for your clients I think like you said there’s something to be said about having an ecosystem that all works and operates together you you talk about um yeah go ahead Tim I was just gonna say so um I’m gonna talk about myself a little bit but I’m going to relate it appropriately so the average MSP has what 20 25 tools 27 tools right we’re very tool heavy the challenge that we’ve seen in the ecosystem is that none of those tools talk to each other there’s no standardized thing there’s no like we’re building out all these Integrations and I’m working with platform a platform P PL and like how they Define asset in one platform it’s called asset unor device and another platform it’s called configuration and another platform it’s just called asset and we’re like there’s no standardization anywhere in any of these msps tools and whatnot so as we’re starting to look at that and working with great Partners like like Lion guard and I can R Michelle at lionard really did a great job on on one of our recent LinkedIn posts summarizing well her thoughts and kind of my thoughts a little bit too is that we can be better together right as vendors helping msps actually not only be you know protecting themselves but protecting their customers and there should be at least in my opinion more collaboration across vendors because at the end of the day we’re all here to serve the MSP and those MSP are here to serve our end customer right and so the ecosystem idea like J MC says this all the time like Salesforce doesn’t make their money off selling Salesforce Salesforce makes their money from everybody else that ties into Salesforce right and so as an ecosystem not to be confused with eoch chamber we’ll get to that a little later get that yeah that a little later you know all of us working together so that we can be better together um that’s a that’s a huge piece that I’d love to see um and I talked to you know I’ve talked to you about this to I talk to other GRC vendors about this is the whole recommendation part needs to be tied in you know when when I have recommendations or gaps coming out of a tool that should integrate with my CRM and my sales process to be able to put an SQL back into the system and have an account manager take that and run with it and that shouldn’t be a send you an email and hopefully you put it in or or maybe there’s a zapier configured and we get something in there but it doesn’t get action right I I feel like there’s a lot of room for improvement in that particular little piece of the process yeah there’s two posts there’s two posts that went on so Kyle Spooner said something about you know tool utilization recently yeah and it’s interesting right and then like I don’t want to do it but like GRC products are like you need another tool to manage your other tools right like it it gets to be but it does I mean if they’re workflows I mean you just mentioned Roost right like automation of all the different things where does Roose do right like Roose does service desk automation they do they probably Auto they probably integrate like with uh cyberfox and cyber QP like I am right like password reset things like that um so as you said like these things have to play together uh it’s interesting Tim and we’ve had some pretty heated arguments I guess recently blue o red ocean uh these terms that uh Matt Lee I don’t know who you know I I heard him talk about I don’t know if it came from that but um there’s certain parts of the MSP vendor ecosystem that are new and some of them that are extremely mature and and they’re and they’re fighting for established market share that’s not going to grow that chart you just showed us clearly there’s a ton of growth for everyone so why fight about it um things like compliance things like AI I want to say I am was more last year and Pam and and and things like that where it was a growing Market I I I I think it probably still is growing but um certain areas are are more red ocean and certain areas are blue ocean where like people should just be rising the tide um compliance is is absolutely blue ocean where you know all the GRC vendors all the people out there talking about like you know how do I even think about selling this as an MSP you know Jesse like you’re working with the GRC guys as well so um I think it’s a little different I don’t think there’s a lot of red ocean but there’s a little bit uh obviously like even the EDR MDR spaces it’s hard for them to differentiate like themselves so there there are I I mean again you know because I talk about it all the time I get hit up by almost every vendor out there that’s got a GRC tool so there’s a lot of them out there that’s what there are uh might be the year that the ocean starts to turn a little red yeah yeah well you know there different price points as well like the unicorns that I mentioned before are like anywhere from 10,000 or something like per end company and then there’s cheaper ones uh that are certainly way way more affordable like a tenth of the price so and then there’s people that are doing kind of vcio and things like that right like you’re starting to overlap a little bit in terms of yeah where the best practice kind of meet a framework or something like that and then evidence it so well go ahead so now I was just gonna say you know Steve said in in multiple different iterations like that operationally mature or not operationally mature MSP right and you know we all talk about this you know across the sphere of all a framework start something do like you hear me say that all the time right so things like CIS is a really good starting point for yourself right doing these exercises internally compa trust Mark right like getting your own house in order drinking your own champ all of that stuff but here’s the thing it’s it’s pretty easy to for you to be able to start getting into that because you can literally walk over to CIS and download a Excel file although it’s not very operationally mature to do it that way uh you can go in and just start doing it that way so um I I always say start somewhere do something pick a framework and go right yeah yeah it’s interesting even CIS right it’s it’s so it’s so hard to stay to your point it’s so hard to stay up to date with Tim you talked about you’re like oh I am was last year right I’m like but who’s even doing that right yeah it’s it’s very it’s it’s there’s a very small subset that’s doing that well and having the governance piece of that right but it’s like oh we’re not talking about that anymore we’re talking about AI we’re talking about GRC so I think it’s important to make a a differentiation between what’s getting uh what’s getting customer clicks and what’s actually getting customer value because they can be two different things although they’re linked right so yes we should be talking GRC yes we should be talking compliance but we should make sure that we have those IM systems we’re performing the governments we’re doing the work on the back end and that goes to spe to what Steve was talking about with the operational maturity so I think it’s just again it’s easy to get kind of swept up in the Zeitgeist the Zeitgeist of what we’re all talking about right now but we do have to remember that it’s not the next big thing and that’s old it’s just that’s not what’s that’s not it’s in the news cycle right so we need to make sure that we’re doing the needful for our clients while also yes being aware being able to talk and speak to what’s getting marketing leads into the business right so y yep so the only reason I put CIS in the title here and we talked about it a little bit is just still the same story still the same great guidance yeah it’s very uh prescriptive framework it starts with this the number one control it’s prioritize from the top clearly there’ll be some uh you know controls maybe that aren’t applicable as Jesse talks about icps and some of them are are more applicable to others but right uh just the explosion in the channel right like it’s really um we’ve got another podcast coming up here in a coup couple weeks talking about the CIS vendor mapping which will really help cut some of the noise and I don’t know if Channel program is gonna is gonna do that but Steve basically uh Matt Lee pax8 uh really driving this initiative to uh talk about vendor capabilities and mapping them back to CIS controls in a very uh judicious and even to some degree audited perspective of like how how those uh you know capabilities of those vendors actually mapped to the control so um that’s really where I want to bring up CIS like it’s still the same old story and Jesse said like are you still doing I am maybe it’s gone but are you still doing it the way like CIS tells you to do it so right um you know I I think we could leave it there but uh anything else on CIS Tim um no I mean I feel like we’ve built we we’ve you know beat CIS to death just start just go somewhere grab the thing start doing ig1 do you even know as an MSP where all your own assets are and not just Hardware devices not just things that are plugged into the internet right that you can get an IP address from what about your phones what about your people right any of that kind of stuff what about the Roomba down the hall because you’re working from home and that Roomba gets hacked right I I said this a couple of weeks ago I went and grabbed run zero to test out and play with it free little thing you can actually you know get free Insight from run.com and I ran it internally and I’m was like oh I did know 99.99% of the stuff that was here but now I actually know and now I can actually deal with them all appropriately so yeah start with one. one where’s your stuff and do does that stuff in your home office actually tie into everything in your house right or are you segregating those Networks so as far as CIS it’s an easy enough framework easy loose term easy enough framework to start with yeah there’s some good resources cyber call did 16 episodes 18 episodes one on each episode um interesting thing with this on be on the lookout for this vendor mapping uh as it develops they’re developing charts on how to like read the control and understand it like where’s the data flow does it relate to other controls um that’s going to be pretty awesome when those things come out so so one of the things I’m I kind of want to roll a grenade into the room here a little bit and who knows maybe you guys will change my mind but I I often find that msps lack the in-house expertise and resources to provide the the comprehensive cyber security services that will meet compliance regulations and standards yeah um and often building out that infrastructure is is going to I don’t I don’t know that I would use the term distract but it’ll definitely put a strain on the msp’s core competencies um what what do you guys think about maybe instead of msps trying to do all things it what if we took the the lawyer approach and you know we had well here’s here’s the the company that specializes in cyber here’s the company that specializes in Office 365 you know so on and so forth where where now they start to really specialize in doing something really great and let’s be honest probably be able to charge a heck of a premium because they’re going to be so knowledgeable at that one really awesome things yeah I don’t I don’t disagree with that um get that grenade Jesse this is a good one no no this is good and yeah I don’t disagree with that and um you know I think it goes back to that statistic we were looking at is msps look at they look there’s a 50 50% of them plann to partner for services they don’t offer in their core competency and work together so I think that that statistic was speaking to exactly what you’re saying and um you know Z Zach from Fort Mesa Tim actually put a a post uh or reped to a comment in my post that really stuck in my head the other day about how retail um f fast food places are doing Fortress right so it’s this concept of they all attack a market together and like Chipotle you know Panda Express all these places all say hey we don’t overlap or compete necessarily although we all offer food we offer different specialty types of food and we’re all going to put in shops around each other because we know that it’s going to be better for the whole to actually attract a bigger customer base over the course of time and so I think that Fortress approach Steve is actually a good way to think about it and I think that’s important and I and I also say that’s why it depends on your operational maturity yes I do believe every single MSP should offer VC so services I don’t I still you still have to convince me how you can offer a security program without strategy just doesn’t make any sense it’s not going to be successful or at Mar it’ll be marginal at best right in my opin step three is question marks and step for is profit that’s all I know right right exactly yeah it’s a it’s a great episode actually um but yeah but that’s the thing right is so if if there are question marks Burger King the market right what does Burger King do they wait till McDonald McDonald’s builds they develop a market and then Burger King moves in once it’s been proven out and I have msps that that’s why we actually launched a vcso service that we’re offering for msps at our PSA um because of that exact need is we’d go in and build these programs out for msps and they’d say or msps would come to us and say hey it’s great we get the margins there we get it but it’s a huge outlay in people expense and processes to take that risk so what do we do we’d rather just buy that it’s the build versus buy we’d rather just buy that have you deliver it to our clients our employees can learn and start to get acclimated to that ecosystem down the road and then when we’ve developed a customer base that’s big enough and sustains the outlay and the risk to go build that team then we’ll do it right so that was a long- winded response to your grenade roll in the room but I wanted to kind of try and flush that out so I don’t know if that answers your question that’s kind of how you think about it but I’d love to hear your take too and I just said don’t you miss a good shopping mall they’re still around uh you know it’s it’s more well it’s more of like the suburban sprawl shopping malls now right yeah the good ones they inside the ones you can walk for Miles yeah there’s still a few we got the biggest one here in Minnesota still yeah funny so what other topics were on our list today because I’m fading quick yeah so I’ll just briefly go through non-competes but um big law you know New York state non-competes are kind of out the window California they’ve been out the window other states they’re coming along um so where does that leave employers right like um and Tim you could jump in here but we’ve been talking about IP we can talking about Insider threat like if doing those programs well um a lot of the statutes that you put in on employers like oh if you create you know this sales list it’s it’s the property of the firm or things like that um there’s certainly ways around not ways around but ways you should be doing in the first place that non-competes aren’t shouldn’t really be relevant so yeah yeah I think non-competes were overly punitive in general so I’m glad to see him go to be frank you know as an employee I always kind of uh felt that they were unfair and now that I own a business there is that concern that says you know what if this person goes this contractor decides to Work Direct with this customer or this you know the reality is though is that that’s just not going to happen if you’re doing your job well right I in the the whole idea of collaborative and I think in the growth mindset that we we are as an industry in general these days I just see that being less of an issue I don’t know maybe I’m you know too star eyed still but that’s I just don’t see it as as a real problem and like you said Tim the way you the way that I’ve been at least advised to go about it is exactly what you said is you protect your intellectual property and you make sure that works done are works for hire right and you make that clear that if hey you’re if you’re coding from if you’re coding something or if you’re building something that’s for this that’s the intellectual property of this firm and yes then it’s I think it’s fair because you can’t take this intellectual property that I paid to develop and go use it somewhere else however you can are free to go over to the next next door and build more intellectual property right so I think that’s the I think it’s the right way and I think it’s a step in the right direction in my person beautiful rep yeah thanks Jesse Yeah I mean listen I just brought up a c a couple of couple of things here oops let me put that over there so FTC talking about non-competes even me here in New Hampshire where I’m from like non-competes right in favor with federal government right and so the point that Jesse that you just made about like intellectual property right so there’s a piece of that that I feel like can and should be protected right but there’s also the wanting my staff to stick around and I think that boils down to like good company culture right if you Foster good company culture and you put in some guard rails and some safeguards to make sure IP doesn’t leave then chances are how do I say this if if you have a crappy company with a crappy culture and you get disgruntled employees it’s probably gonna like people taking your stuff and going to the next guy because you’re not willing to take care of them yeah you know that’s you know that comes from having a strong company culture where you invest in your employees you invest in your customers and you you know put those safeguards in place yeah well here’s a great example I was talking with a client of mine one of their people was uh was on the GRC team at a big bank for years right and he was talking about how yeah we had these great uh you know processes and everything he’s like I would have loved to use them but the minute you downloaded something to your personal computer they would know and you’d be fired that day you know so so that’s the way to protect against that stuff is an intellectual property and IP Protection Program right so yeah and the tools as you said Jesse to catch that so um if people understand that these ra are in place like they’ll play by the rules and uh but as Tim said it’s also a little bit like respect and and uh you know is is a two-way street so it’s a combination of of all things right so a little a little bit of carrot a little bit of stick yeah on that I saw you peek up there so uh I I’ll be honest I I don’t like non-competes uh I I got I got dinged in my past thanks to a non-compete and it wasn’t and the interesting thing is it wasn’t even an employer employee non-compete I I’m not going to say anything more about that but uh I’m I’m not a fan but I do think that this this does open it up like let’s say you join uh a group and you decide you want to make a group like it but better um do do they have the ability to to go after you because there’s because the non-compete Clause ban or or you know what I mean so like I think I think they’re opening up a gray area here and it’s it’s going to be one of those things where I don’t think it’s going to stick because I think enough people are going to Lobby you know big business and it’s it’s not going to stick yeah I think the other thing is they’re asking for a lot of times in contracts they they’re just not legally enforcable anyway but right why put them in the contracts and and kind of like lay that down on an employee I think that’s I don’t know just some people you know these a lot of these contracts are just miswritten and they’re asking for things because they can get away for asking things because people need to work and people need jobs and they’ll sign things which probably aren’t Fair all the time so yeah yeah I was I was just thinking of about that Tim the other day um and not even in relation to what we’re talking about today but I was I was I was kind of rolling that around and saying well yeah um it’s PE it could get to a point where it’s completely unenforceable but people people are still gonna put it in the contract because the employee the typical employee is not going to have the resources or maybe the know how to even fight it right so it’s like oh yeah okay you’ll win out in court but we’re going to take you to court for it anyway so you to do that it’s it’s like you know again I I think that’s a terrible way to go about doing business but I was thinking that’s probably the way it ends up right at the end of the day so yeah cool well I could talk about non-competes I I’m working on a little white paper on uh Insider threat um but there’s not that many much there’s not a lot ton of aspects non-competes or contractual language is certainly one aspect of uh you know like I said you you need to set expectations and have you know respect for going a two-way street but at the same time like these ridiculous non-competes are not only they seem to be illegal but uh they’re also ineffective so how can you have an effective and productive and profitable relationship with your employees is um you know kind of where we’re going yeah so I want I want to kind of just change course real quick here because as we were talking about the CIS yeah is I still there’s there’s still some issues I think with I mean there’s never nothing’s ever going to be perfect but I wanted to talk to people about as you start to go out and use the CIS to to you know do risk evaluations and things on your customers you don’t have to go exactly off the letter of every control in CIS and one of the biggest bones I have to pick with CIS is the end user training control 14 I think it’s overly long and complicated and I think I’ve got an idea I’m going to share my screen and people can screenshotted and see them they also here’s the other thing they also don’t split they don’t have a split between fish testing and end user training it just says you should train on these seven categories so here’s my proposed change to the rule Jesse uh this will be even more controversial I don’t even think you need CS control 14 because if you make the systems solid all right fa TR me if you work in a big big company big like you can not have cyber security awareness training and literally be fine fair fair point and I and that’s the thing is because if you’re using if you’re building a risk percentage out of the CIS controls and you have all these listed out okay you you do you get no before or whatever vendor you’re using for that or uh breach secure now or uh Finn security any one of these you put them in there you do your training and oh we just got like a 10 percentage Point boost in our risk score because we can answer yes to all these but did we actually get 10% more secure no so I think shrink shrink the number of questions you know are we doing fish testing are we doing training with all these things and if we can’t say yes to all these things it’s only a partial and then are we training our developers and our specialized roles on things and specifically about their jobs those three things you can answer so again I love the CIS it’s still my favorite framework but you know you it’s okay to color Outside the Lines a little bit I guess I’m trying to say yeah and we had the stack debate like we we certainly have different uh perspectives on what’s like really critical and what’s not critical even throw it out so yeah y exactly well I mean I literally did this the other day it’s a numbers game it’s a math problem right you know so so check all the boxes for cis4 and the rest of our numbers are skewed because I have all these greens and when you look at the overall average like I did this the other day like I was trying to work on some kpis and blah blah blah blah blah and I’m putting numbers together and I went into Excel and I hit average well I had like 12 12 columns that were set to zero yeah so when you do an average quotequote you have 40 numbers but half of them are zero like it just totally screws the math all up and I was like oh that’s why that does so same thing here right so yeah that’s why that’s why pin wheels are good right like the pin wheel graphs are good so yeah risk dollars are extremely limited so how are you going to deploy them in the most you know and still have reasonable reasonableness met when uh the boogeyman comes to get you right so or whoever it is Steve I’m interested you know and I wanted to ask you this earlier and we’re kind of hopping all over the place here but you know from your from your chair obviously you get to talk to a lot of msps you see kind of what and you you mentioned you might be talking to less mature msps on the whole what are they asking about what do they want to know about oh what do they want to know about that’s a good question um I mean gosh it’s it’s everything from I mean I I get emails asking me what rmm and PSA they should be using yeah um I mean it at least once a day yeah and and then that’s that’s such an open question so if if you guys have ever been a part of a group called BNI uh it’s a referral Network and when I when I ran my MSP I was in one for like five years and they always say you know don’t don’t say you want anyone with a computer because because the brain just goes well everyone has a computer so I’m not going to refer anyone to you because I can’t think of a single person right and I feel like you just gave me that question like oh golly like what what are msps asking you about like gosh what aren’t they asking me about I’ve got I’ve got guys asking me about uh what PSA and rmm they should use to um gosh how how do I do this with RPA to uh why why is this tool so expensive like I don’t know I didn’t write it like so so I get it’s real interesting because you know I get some some characters that that reach out to me and um I I have so much fun with it um but I I think the biggest thing that msps are worried about right now is cyber security that is that that continues to be the thing like I I ran a poll on LinkedIn I was like hey what what do you want to see more content of in 2024 it was like cyber security PSA rmm you know and a couple other things they only let you do four options right right cyber security was like 64% wow wow so so that that says something right you know that that says that they all obviously get it um but I think that that on the flip side they’re all starting to get like decision fatigue because because there’s like there’s a new cyber security platform every month it’s ridiculous and it’s don’t get me wrong I love the Innovation because like every time a new one comes out it’s like they’re doing something new and creative right it’s not like you’re getting the same you we don’t have 20 web routes we’ve we’ve got all these different different platforms that do different things and they all have their pros and their cons right and and it’s it’s becoming more and more difficult for msps to determine which which one of these sucks the least for me because because you know if you look at it like not I I have never found a product that I’m like this product is perfect they don’t need to change a thing you know what I mean um so you got to figure out which one sucks the least for you and and I can’t tell people like oh well you should go with XYZ platform because I don’t know what your process looks like I don’t know I don’t know what systems you have in place I don’t know if you have systems in place right so yeah no I I completely agree with you and my advice has always been yeah which one sucks the least the one you keep the longest and optimize the most so jumping on to the next one just because it’s got 2% better or whatever detection rate I think that’s that’s a uh it’s a Fool’s errand right so get picking picking a stack that has good support and good people that you like working with and listen to you and then taking it with with its warts and improving it and optimizing it for your client base and for your business I think is the the antidote for for the fatigue you’re talking about right and and I’ll be honest like I was I I’m guilty and I and I share my story when when I ran my MSP for the first like six years I was so terrified of doing sales that I would just give myself busy work so I’d be replacing my tools every 3 to six months I’d be like oh well let’s let’s try Synchro now let’s and it’d be like I’m looking for this magic thing that like I don’t know I guess I was thinking the tools were were what were going to Define my capabilities and I and and almost like if if the tools have the right features if you build it they’ll come right yeah but but that was never the case it was always it nobody cares I I love this phrase nobody cares how the watch is made they just want to know what time it is yeah when you go to when you go to a mechanic to get your car worked on are they going to take you into the shop and be like look at all my Snap-on Tools nobody cares if you’re using Snap-on or some garbage that’s gonna break from uh uh gosh what’s that place everyone makes fun of I know what you’re talking about yeah Harbor Freight har fre yeah so so as long as the car gets put back together safely I don’t care what tools you use so why why do msps think the customers care what tools we use they don’t yeah exactly they want to yeah they care about how does it help their business make money Revenue risk and reputation what’s the other one Jesse R regts regts yeah so we’re winding down here we got about we got about nine minutes left uh typically we tend to do the one key takeaway but I think we’ve kind of been all over the map here today in our conversation a really awesome question that somebody asked how far behind are smaller MSP in terms of their Stacks wow that’s a great question yeah I can I can I take a stab at this real quick fire away my friend so um the cool thing is I’ll be able to actually have real answers on this you know and and a couple months you know because we’ve got this navac thing that everyone can use but whatever right um so what I have found is that the L mature msps um are so worried about their stack that they’re not worried about their process and and it doesn’t it doesn’t matter if you’re using it glue or one note right I mean maybe it does but but the more important thing is that you’re documenting process processes now don’t put your passwords in one note that would be dumb but it’s the more important thing is that you’re documenting processes and that you’re doing things in a consistent way across the board with all of your clients right and by you know by by having tool sprawl um you know oh well the this client wouldn’t spend as much money on backups so I have them on this platform while this other client they wanted a bcdr so I’ve got them on that platform yeah um I I I think tool sprawl is probably the the bigger problem that we have with with some of these less mature msps and and the fact that that they’re just so they lack so much confidence when it comes to their own capabilities that they rely on the tools and they just keep adding to the stack yeah I had somebody post I think it was um what was that I think it was they basically said that every MSP they’ve seen fail was because of not having pricing discipline exactly what you’re talking about well they couldn’t afford or they didn’t want to pay for this backup so we just did this custom thing for them right and now we just created something separate that we have to support and it’s Death By A Thousand Cuts when you get to that point right yeah so interesting enough like Tim golden used to basically achieve fed ramp right using no tools and then we know some msps that use a ton of tools maybe 50 60 80 and they have incredible stack so I don’t know you know it’s it comes down to Steve what you said processes and procedures and and business Acumen and um even sales sometimes right but the stack can differ uh pretty pretty dramatically and you could still get a great result so um well you know one of the lessons that I learned talking with our friend Brad Brad gross is you know don’t ever call out specific tools or specific like things in especially in your contracts especially line items and and I learned that lesson the hard way because I called out security awareness training provided by blah right as a line item on the invoice and what happened the customer went over to blah and signed up on their own for blah and canel my canceled in they because they could get it for a dollar or so cheaper well not not to mention the whole operations and Tech debt that you’re creating for yourself that if you do need to switch that tool you got to switch your sows and you got to update everything and the customer’s like wait what happened it’s yeah don’t don’t do that don’t do that all right we’re almost closing comments but Steve one thing you talked about here was like or you just talked about Jesse like getting tool optimizing it um there’s thousands of tools maybe not there as many in the channel but uh I was talking to Tim about the 20% Rule and it’s like as a vendor if you might sign up a bunch of customers say you sign up a 100 customers but only if 20% are actually selling through to more than half of their end customers right so if you’re more than 20% you’re going to make it in the channel if you’re less than ch% you just have great sales and you’re getting you’re getting a these people that are trying tools out and not using them and you’re you’re really just not getting the sell through right so Channel program um I don’t know how much you guys work on this but as you said like customer success that like customer Delight um peer groups right we’ve seen some awesome uh VC vcio uh platforms that do great peer groups like getting the MSP to invest their time and actually selling it through to the End customer uh is that where that metric’s from and I I always ask vendors like what’s your sell through rate so um it seems like the cream does rise to the top like so you look at all the successful vendors that are dominating R boom and it nation and all the great conferences right um there those are the ones that do have really good sell through right so um it’s just a matter of like and that and it’s it’s funny because the Channel’s very like reputational like networking like oh what are you using what are you using oh I’m using that like it seems like like the ones that do and get get that sell through get that like product participation really win so um that’s my final F final observation and final takeaway I’ll ra into one baby that’s right so with with uh what two three minutes left here um like I said we’ve been all over the map today uh you know key takeaway for today I guess I would say for me is if you don’t feel well don’t get on a live stream because I’m totally we appreciate you man we appreciate you um Steve what about you do you have a key takea away from today oh man no that’s all right I love I love Steve by the way for that he is just gonna give it to you straight every single time you know perfect no I honestly I I actually find the uh the non-compete thing really interesting that’s that’s the one that I’m most interested in not any of the cyber security stuff because I’m burned out from cyber security but um I think the non-compete is is gonna be interesting to see yeah very interesting indeed about you Jesse Yeah final takeaway I I just think uh we talk about burnout we talk about how much our head spin in the cyber industry every day and here’s Jesse Tim and Tim telling you oh you gotta get up on GRC now and that’s what people are talking about so the takeaway is is to pick a vendor pick a tool pick a client type to iterate on not your entire client base and start playing around don’t be afraid to color outside the lines and if you’re looking at something and you’re saying this doesn’t make sense you’re probably right and you should you know maybe make a little bit of an adjustment like we talked about with the CIS so I think that’s the takeaway is pick a framework pick a tool pick a customer and then optimize and you you’re going to have success and with that said next week we have our good friend Jennifer about coming over to talk about cyber security yet again yay hey we we love it baby exactly you’re the Shi left show I mean what are you gonna do people so uh join us same bat Time same bat Channel Next Friday with uh Jennifer we’re gonna talk cyber security stuff as usual and how to sell it thank you everybody and uh enjoy your weekend later subscribe now