Speaker 1: 0:00

Does she now have access to that server? Yeah, do you have protection on her personal device? No, we're in a bit of a problem here. We don't need to send them a report.

Speaker 2: 0:14

Welcome to Sell Me this Podcast where we explore sales strategy and business growth. Today, we are diving into managed service providers, otherwise known as MSPs, with Dustin Cesar from Site Technologies experts in IT solutions that help businesses scale efficiently. We'll break down what makes a great MSP, how to choose the right partner and why MSPs are more than just IT support. They're key to long-term success If you want to future-proof your business and optimize your IT strategy. Stay tuned. This episode is packed with insights. Let's get into it. Dustin, welcome to the show. It's a pleasure to have you. I'm going to dive right into things today and would love for you to share a little bit about yourself, a little bit about who you are and a little bit about site technology.

Speaker 1: 1:00

For sure. Okay, so I've always been into IT. It's been my thing for quite a while. I go back super, super early days Again, this is back in the 90s, but from an MSP perspective.

Speaker 1: 1:11

We purchased a company. A friend of mine from high school purchased a small break and fix break fix shop and called QuickTech and started that company at around 21 years old, 22 years old, that company at around 21 years old, 22 years old, and we grew that to 14 staff. We hovered around 10 and 14 for quite a few years and then we broke through the 20 barrier, probably about four or five years ago, and then we hit a certain. Our next ceiling more of a revenue ceiling needed to start establishing some executive teams and we weren't there. We couldn't get past that spot and we ended up working with a company called Site Technology around consulting and we didn't have an ERP and ERP consultants but felt like we were starting to be asked these questions about things like dynamics. We are asking questions about power, automate, business analytics that we just didn't have anybody on staff that could manage this. I would, of course, love to jump in, but it wasn't scalable, I wouldn't be able to do it properly and also as an entire line of business within the company without doing something different.

Speaker 1: 2:13

Business partner and I sat down we discussed that maybe would this be a time for us to be looking at either a merge, an acquisition, potentially a purchase of another company. And we've been working with Site Technology, which then offered some of this, and they were using us for MSP IT, cybersecurity and things that we did really well and they were doing, of course, the ERP. That relationship went really well. Brandon, the president of Sight Technology at the time, was like, hey, let's see if we can merge and come together. And we had a chat us three or me and my business partner and then of course, I was Brandon involved and John decided that he was like you know, this sounds like a good time to to hang out my tool belt and I'm going to move on. So he sold his portion of tech to site technology and then we did the merge and then had 17 lawyers and accountants and everything else that goes with that and and started executing that process back in around it was June no, it was around April of 24 is when that started.

Speaker 1: 3:13

The decision was made then June 30th we really between January and June is when we went. January to April was when there was a decision made. April to June is when we decided okay, now we need to get all these ducks in a row the lawyers involved, the accountants, tax advisors and things of that nature. All of that stuff was dealt with on June 30th. John walked away super happy, never having stress of an MSP anymore. And then I now have added stress of now trying to merge the two. But that all happened in June and now Site Technology is the new name. Quicktech is coming up in all the wrong places at all the wrong times that I need to manage. But it's definitely fun to unwind 20 plus years of API keys and logins that are tied to the QuickTech domain, but definitely take some time.

Speaker 2: 3:56

I know we had a chance to talk about this briefly before the show, but I have those memories. Three years down the line, you're going to find that one QuickTech address somewhere. It will be the gift that keeps on giving, for sure, for sure. So you started an MSP at 21. So you're a young Dustin. You've started this MSP. What is that experience like? Because I feel like the world would have been a little bit different then, but also such an exciting journey to grow it to where it is. What was it like to start an MSP at 20?

Speaker 1: 4:23

something years old, oh man. And what's so cool is that it's so fresh in my mind, because when we were in because of this merge, we had to go back on some old emails from the original partners to get shares and that sort of thing. So I was going back to like emails that we had back and forth, like when I was 21,. So that was in 2001,. The world was very different. But bronze silver gold was a thing and Gary Pica talks about it still to this day and the idea was we had that across everything our computers. We had a bronze silver gold, or what we now call good, better best, and then we had a managed services agreement and we felt like we were a bit ahead of the curve because nobody was really doing that in the break and fix world. We were doing virus removals and John and I were both. This isn't sustainable. We can't have this feast or famine Now. It did take quite a few years, in 21,.

Speaker 1: 5:08

It wasn't an immediate MSP. We were quite literally, you might remember and again you're much younger than me but the blaster worm, which was this you used to plug directly right into the shop or your ISP's modem and no firewall, and the idea was that this blaster worm could hit your LSAS and it would boot your computer. It would just blue screen it and reboot it. And Windows XP SP2 put in a firewall. This was, or maybe it was, sp1, but one of them. No, it was SP2. And it added a software firewall. Anyways, we would just go around, john and I, we had a trunk full of routers. And we would just go around, john and I, we had a trunk full of routers and we would just put them in the client sites and these were like so you were the router guys, you just went around them, yeah, but we bought there was probably about 20 or so of these Linksys firewalls. Anyways, that was the Wild West back then. So 2001 was, it wasn't malicious, there was no, it was because they restarted the computer. But there's no ransomware at the time. So it was just really annoying that your computer just randomly rebooted. What's the problem? They would call us. So we quickly came out as technicians and then fixed it. Quicktek and virus removals were a big thing, and then, of course, just teaching people how to use the computer. Again, we're going back to 2001,. Right, where the big issues was what's going to happen when 1999 turns to 2000? Like that was a critical issue, like the world was.

Speaker 1: 6:25

You were part of the big Y2K decision. Totally yeah, it was wild. And then everybody's like staying up late to see if their computers are going to fry. That was a very different time but super fun because you could really you could see that things were changing, even like the web was changing. There's a website called Dogpile. At the time that you would do your Googling, google was there but it was old school. Geocities was the name of what would be like a free web host. Myspace was big. This is the era that was pretty Wild West. You were truly anonymous because they, at least that we thought we were, but it felt anonymous.

Speaker 2: 6:59

It was back in like open internet right when it was a little bit less controlled. I remember I was having a conversation with someone the other day around ask jeeves, I don't remember ask jeeves yes, I do. Yes, he was like a butler. Yeah, I feel like this episode is going to have a small age gate on it with some of the references here, but but, yeah, like it was such a different time back then it was and fast forward today and I can't even believe we're in 2025 now.

Speaker 2: 7:23

It sounds made up when I say it still, but how has the world changed in terms of MSPs, in terms of managed service providers, even in terms of some of the role that you play at some of those customers, since the router drop-offs in 2001?

Speaker 1: 7:41

It significantly changed. Our value was always there as a trusted advisor, which we didn't really coin that term until a little bit later in this MSP world. But it shifted from the physical server and we'd be worried about doing those reboots because you don't know if that server is going to come back online because Windows 2000 wasn't very stable or 2008, etc. And it started to shift where the stressors now were no longer on whether or not the hardware was going to come back online and you were going to have a server outage. And even then internet service providers were unstable. So if the machine was up, the internet was down. Somebody would be like that's fine, we can just work local. But then, once everything started to move to this cloud and people started to really understand why and we had to teach that it wasn't about just now shifting your costs into the cloud, it was to teach that all of those times that you've been offline because of your in-house server was because you're investing $15,000 a year on servers and hardware and they only last three to five years and you run out of storage so quickly. And what if we were to use these tools like the Googles and the Microsofts or the Amazons to store everything. And they're like, yeah, put it up there. So then we just started throwing it in there, right, and that was probably 2015-ish. Everything just went into the cloud and there wasn't really a thought around security, like, how are we going to secure it? Sure, we, of course, protected it with the username and password, but multi-factor was also still relatively new to people and people didn't like it. We positioned ourselves to be still this is at the quick tech days. We positioned ourselves to be the security first IT services provider. So we're like, hey, you put this stuff in the cloud. We need to make sure that we're protecting it. Don't worry about the people internally in the company. You've just exposed all of your files globally. How are we going to protect that? And we've got pushback right. Some doctors don't like to use MFA because it's annoying, or at least that's what they say. And that was where my focus became, where I was like we really need to protect this. And then, of course, then what was it?

Speaker 1: 9:39

2018, the first kind of ransomware came around and we started to go, oh, there's a huge risk to MSPs now that we need to protect this. So we started getting questions right Like how are you protecting me from ransomware. To be honest, we feel like we're really behind. We don't know. We have no idea how we're going to protect from this. They were ahead of us. They're finding all these vulnerabilities, like vulnerabilities, although it wasn't new. It was new for, at least for and I'm going to speak from our perspective is we now need to patch for these things. This isn't just windows patches. Now there's third-party issues and now there's firewall problems. There's iot devices. You got people with shadow it that are buying sass products that get exploited, like all of these things that we now need to protect.

Speaker 1: 10:25

And it became again the Wild West again because we had the SaaS sprawl and then COVID hit 2,000 people are VPNs.

Speaker 1: 10:34

Like it was wild for us. That's six to eight months when everybody needed to work from home. We just exposed VPN because we needed to get people on VPN and they didn't have a firewall that could support it. So now we've got these users that are connecting on the front end of a FortiGate and we all both know very recent for whoever's listening to this podcast very recent there's now a major vulnerability on the FortiGate firewalls. I'm not picking them in particular, I am for the sake of this conversation, but exposing that is super dangerous. So that's become now wow, okay, now we need to step back, now we need to move into a maybe more modern VPN solution. So it's this constant battle where it feels like we're always behind. And then, of course, then Microsoft makes a change and we need to disable a toggle for new Outlook or else we're going to get a bunch of help desk tickets. So that's our focus now is that end user experience and then security.

Speaker 2: 11:29

I really, first of all, I want to applaud you because I feel like there is sometimes this narrative that the teams and the IT providers know all right and that there's this, but you just work, and it's technology.

Speaker 2: 11:42

And I do believe and agree with the idea that technology has come an incredibly long way. I do believe and agree with the idea that the technology is actually one of the easier solves right now, sometimes when you consider some of the human change elements. But at the same time, I don't think that people fully appreciate just the roller coaster ride that's happened over the last we'll call it 10 or 15 years, with the sheer amount of change that not just organizations have had to deal with, but the IT teams and MSPs and managers, writers having to figure it out and really change the tires on the bus. While it's really easy to say you know what, we know all the answers, trust us, but I think that the honest and real answer is we're working on it together, right? And I think that idea of partnership, that idea of building something together, is really comes through in what you said.

Speaker 1: 12:38

Oh great. I think that there's also two ways to look at it and I think that most IT people they'll do, for the most part, good MSPs. There's not a wrong way to do things. I'm saying that with an asterisk, because there is.

Speaker 1: 12:50

We both know that there's a wrong way, there's very wrong ways to do things, but most MSPs they don't want a ransomware ticket. They don't want to see their clients ransomed. That doesn't benefit them in any way. It's actually going to be significant a number of hours. Brand awareness is terrible. So for the most part, everybody wants to install some sort of protection. Some are going to do it right. Some people may overdo it, some may cause end user experience to be poor, some may roll it out incorrectly, but for the most part, most MSPs want to not have service tickets. And then the client's perception is they want to sit in a boardroom and go. Am I protected? And I have to answer that with you are, but here are your risks. We've identified which are the highest risk items. Now we need to identify where are those areas of risk that you might not know exist and then you have to tell me whether or not you want to cover them. And I think that's what we become. We become risk mitigators to a certain extent, because we're getting less and less of those blue screen issues and the hardware failing. Now we're just replacing laptops instead of trying to fix a four and a half year old laptop and then to follow that up.

Speaker 1: 13:55

There's also some of our clients are co-managed, or what we call collaborative IT, and some of those guys have been at that an IT director there for 15 years. They don't know what's happening in the space like we would, so they're looking for us for advice and we need to prop them up, the IT directors, to say, hey, let us help you, let us fast forward your organization into the modern world, and you should not have your firewall exposed. You should not be only relying on NTFS permissions. There are things that you need to be thinking of. Oh, my servers are protected. They're behind a firewall, not really. You also just gave Mary Lou access to VPN from her personal computer. Does she now have access to that server? Yeah, do you have protection on her personal device? No, we're in a bit of a problem here. So then we talk to the IT director, right? So I think that we're slowly trying to raise tides, to raise all ships across the, regardless of size of business, but it is definitely. It's difficult, it's not an easy process.

Speaker 2: 14:57

So do you feel like the skillset and this might be a bigger question, but do you feel like the skillsets required in being an MSP and running some of these organizations is changing? Because, to your point, even if you look back five years and the distribution of tickets are some of the things that are becoming very important at that managed service provider and partnership level that companies should be looking for when they are are evaluated in some of these partners, because I feel like the scorecard has changed a tiny bit.

Speaker 1: 15:40

It has. I think that there's still a need for certain skills in certain areas, but for the most part soft skills which are hard to the soft skills are the hard ones, harder to find in our industry, but then also critical thinking.

Speaker 1: 15:55

And critical thinking is really difficult to ask that in an interview Because they have to actually go through the process of going. Okay, I've got to figure this out. I'm a guy that I started this company. It was just me and the business partner. So if I couldn't figure it out and John couldn't figure it out, the business partner at the time it had to be one of us. So you just have to go through it and figure it out and that's where the critical thinking is almost taught. But in the day and age of Apple and Android devices that just work, there's no need to figure it out. You just restart your phone and that's it. That's the critical thinking process, right, and if it's broken from there, that's maybe when you would call someone like us.

Speaker 1: 16:32

It is difficult to hire in this space, but I do think that soft skills and critical thinking are one of the top needs at an MSP from a skills perspective, at the desktop support level, when you move into cyber, obviously you'd like to have somebody with some certs that can understand how to read logs, that understand the black hat and the white hat style is that you're defending. So what are you going to be defending against? And you have to think like the hacker, and that is a unique skill, I believe. And in those areas, and then, of course, consulting, that's a whole other thing. Sitting down with a CEO to tell him what he wants, it's not to tell him that he needs Microsoft 365, business premium and Entune and don't know group policies, like the CEO doesn't care about group policies. So how do you have that conversation? And that's a unique skill to be able to communicate. And every MSP is going to be a little different.

Speaker 2: 17:23

So do you feel like the partnership that you talked about at the beginning with site technology is where they come from more of the ERP side of the business. Has that enhanced those conversations? Have you seen a difference in approach or is that the perfect marriage there that's really come together to be able to combine those two worlds?

Speaker 1: 17:38

I knew it was going to be good the partnership. I didn't know how great it was going to be able to combine those two worlds. I knew it was going to be good the partnership. I didn't know how great it was going to be. Because now I think like a tech, I think like a CTO would, and I love the details and I want to get into how I'm protecting because I have passion about it. I have passion about what I'm doing.

Speaker 1: 17:53

But again, ceos, the CEO might not care, the CFO might not care. So I now have ears that I can ask say, hey, if you were the CEO that I was presenting this to what would you think? Oh, that's way too much detail. Man, get that detail out of them. They don't care about their assets Okay, but I care about it. He doesn't, or she doesn't. They don't want to see that. So that's been really helpful. So we definitely have those ideas where I do in terms of some of our proposals. I'll have mock meetings with them to say what is this? Is this delivery good? Is this 90 minutes? That I'm asking the CEO or the CFO, is this going to be valuable time? No, okay, got to streamline that, slide deck a little bit or give them more notes. So that's been really helpful. So that's been really helpful.

Speaker 1: 18:37

But then also, like I would never be able to do an ERP implementation. I don't understand GL, like general ledger, like I wouldn't know that. I understand the basics, but not for a major organization. That's $100 million in revenue. I'm not going to be able to figure that out. But somebody that has the skill set that is around accounting and the best practices of accounting and the best practices around inventory or manufacturing and things like that and how they would tie into the ERP. That's what the site technology consulting arm has brought and that helps in the business decisions around strategy.

Speaker 1: 19:09

Okay, let's talk strategy beyond. How often we're going to replace your workstation, that's a great question, but that's not the question you want to be asking. How is your organization going to use and leverage AI? How is it going to have the HR policies? How are you going to prevent SaaS sprawl where it comes into the cyber side? Sure, workstations are important, but that's not a conversation that the C-levels want to have. They get it. Yeah, replace them, that's fine, do that. But what about everything else that we want to work through? And if they're not going to leverage your lean on us. They're going to find someone else, so why not be the one that's that trusted advisor, right?

Speaker 2: 19:46

Yeah, and I think that one of the things that people often miss is that and I love that you've said this is that there's this whole body of work that needs to happen around your lifecycle management management, around some of the security posture, and sometimes people just want the answer. They want to know that someone has to look at it. Right, there's not a scenario where no one looks at it, but is it the conversation that needs to take place at the board level around what our next laptop refreshes? And I think that a lot of organizations miss that element and I think that they have this. That's right around where these conversations belong.

Speaker 1: 20:39

I don't know if I've had the aha moment, but I always ask for constructive feedback after any time I do a meeting, when I get to talk to the execs or even team managers or in some instances it's general managers of a clinic, let's say and I always ask for constructive feedback so that I know your audience before you deliver. But for the most part, things shift over time as well. Your conversation shifts Back in 2015, before pre-ransomware, we'll call it, or pre-crazy vulnerabilities and things that you were really affecting your organizations. You were having that asset report. You were using the warranty masters of the world and you were going look, your servers are not up to date and your workstations are really old. Look at this and then you know you've got this number. If you were using the old warranty master, you have this number that tells you these are your opportunities. But it's different.

Speaker 1: 21:30

So the aha moment came from the. We don't need to send them a report, a risk report. That's 300 pages. They're not going to look at it. They're going to look at the summary at the top and they're going to go okay, I get it, I've got 300 pages, but tell me where my real risk is.

Speaker 1: 21:49

And that was a bit of an aha moment was around risk because they don't sure. Email protection. That's important, but what's the risk? Is this going to be catastrophic? Is it going to be business outage? How long? That's another thing too. Sure, if that server goes offline, it was just archive. So why am I putting a Datto BDR on it? I don't need that, it's not critical. Have that conversation so that you know.

Speaker 1: 22:12

What is critical and that's where the aha moment came was that we weren't asking the right questions. We were just delivering solutions that tend to come from the third party tool providers. That's right. They're like, oh no, you need BDR. And I was like, yeah, you probably do, but for everybody maybe not. Is it for every server in every organization? Probably not RPO, rto. Have those conversations. Have you talked to your clients? How long would it take to come back up? Do they know that it could take seven days to get their two terabytes down because you're just doing cloud backup? If they know, that's fine, but have you told them that? Because you don't want to be telling them that when you're starting the download and they're on 1.5 megabits in some rural city, you're in trouble to recover that.

Speaker 2: 23:00

And this is where I feel like if that element isn't aligned, the risks doesn't necessarily. If you're a managed service provider and you decide you're going to back up everything under the sun and you're going to the people that hold, the risk is the business and that's a lost opportunity for cash that could be deployed elsewhere. On the flip side, if you're not able to have that conversation effectively and they go unprotected, a huge risk for everyone and I feel the theme that I'm hearing from you is really the skill that modern managed risk providers really need to hone in on is the ability to be able to clearly and effectively discuss risk and business opportunities.

Speaker 1: 23:40

Yeah, totally. And the opportunity doesn't need to come as a sale. It doesn't need to be that we're trying to sell you something. It's a conversation of okay, we didn't know that server existed in that closet. That's a risk to the organization. And we also didn't know that it was keeping the I don't know the HVAC system going, the HVAC system that's got a back door into your network. We didn't know that existed. So asking those questions is really important because you're going to get them out of those meetings and they have to feel, when I try and have my meetings, they can't feel salesy. You can't go in with numbers to say you need the latest and greatest tool here, okay, what about all the things that I have now? Can I leverage any of these tools already? Try not to sell that new stack of tools. So it is. You have to know your audience, but you can't go in as a sale. You have to go in as that. You're a partner. You're partnering with them.

Speaker 2: 24:31

I totally agree, and so a fun fact that I actually learned at a conference recently is that Calgary, out of all cities, actually has the highest concentration of managed service providers almost in the world, so the highest number of MSPs per capita in the world, which is a. I'm not sure how I feel about the stat, but it's a stat that I've heard, and so there is an incredible amount of choice, and so I know Vancouver. There's a lot of different managerless providers. How on earth, if I'm a business owner and I recognize that I don't want to invest in building out my empire, but I do need to lean on someone for these skill sets how on earth do I even get started to weave through some of these things? Because, as you're saying, the solvism what tool stack do you use anymore? It's, how do you have these business conversations? So how would you recommend that a business leader actually starts to evaluate different options based on some of those things that you find really important?

Speaker 1: 25:27

I think that there's probably every business is going to be looking for something different. For the most part, they're probably looking for a new MSP. If the help desk has failed. They weren't responsive enough. Maybe there was an event, an incident of some sort, and not every MSP is going to be able to guarantee 100%. If they do, if somebody says that they guarantee 100%, definitely look at the next one, because there's no way to protect 100%. There will be a breach, for sure.

Speaker 1: 25:53

But I'd ask them what they focus on when they're looking at your organization. So, are they focusing on a security aspect? Are they talking about Windows patches and asset reports? Maybe that's not as important. Ask them who their account manager will be. Do they have an account manager that will be focused on their account? Again, depending on size of your organization, you may not need a dedicated. You may get some shared resourcing. But careful with any buzzwords. They talk about AI and they talk about we use automation to automate everything. That's great, but that shouldn't be a selling feature. They should be talking about what is their relationship going to be like with you?

Speaker 1: 26:31

But I think every organization needs to ask this question around what are they doing to protect their own house. So how do they protect their employees? Maybe even give a scenario I play these to myself like in the tabletop exercises, like what happens if we had a rogue employee? What happens if somebody got access to a password, what does that do? And ask them, and I would be able to answer them right away. If a C-level asked me that, or whoever was doing the procurement of a new MSP, I'd be able to ask that and be like, oh, that's a great scenario. Let me tell you how. I think we would have defended against that because there's unique scenarios. So those are always fun exercises.

Speaker 1: 27:08

Do referral checks, not the ones they give you. Go to their website and definitely look, but then see who they're also following on LinkedIn and ask Just say, okay, if you can't do that, because sometimes OSINT will make them so that they leave that stuff off their website I would ask them for their top five. I'd ask them for somebody that's been with them for over 10 years and somebody that just started with them. That'd be a really good exercise to start with, because the one that just started will tell you about the onboarding experience and the one that's been there for 10 years is going to also tell you about what the experience is like after the honeymoon's over? Have they had some ebbs and flows?

Speaker 1: 27:42

And try and find somebody within their vertical. If you're not-for-profit, for example, ask for some not-for-profit recommendations size. If your company is really accelerating in terms of growth, ask for one of those that they have. And if they're not able to provide it, maybe that's not the right MSP for you, but you'll get really good references from that or, pardon me, feedback from references, and they'll be honest and then obviously thank them for their time and whatever that may come from that.

Speaker 1: 28:10

But be careful with just the cost conversation because you can't always compare. Sometimes there's a bait and switch there. Yeah, we do it for 49 bucks a user per month. Okay, great, but what does that include? If you're going to tell me that, what am I paying for that outside of that? What are exclusions to this? I'd ask to see their agreement. Tell me what I have to sign, not only how long is it going to be for, but what about cancellation policy? How much insurance do you have? What risk do you have in your liability, limitation of liability? That I have to assume, those types of questions. That's where I would start. And again, feedback from references is usually the number one there.

Speaker 2: 28:49

So one thing that's been happening a lot in the MSP and managed service industry is this consolidation, which I know that you're part of that story right now, but also this standardization, and so I feel like the standardization is a little bit of a double-edged sword. What advice? A lot of these MSPs are starting to adopt the same tool stacks. They probably have one of four different ticketing platforms. They probably have one of four different automation platforms. They're starting to look very similar from a technical and software tools standpoint. How on earth could an MSP set themselves apart, and how do you set yourselves apart when so much on the back end is starting to become cookie cutter?

Speaker 1: 29:30

And I think that was the commoditization that they've talked about over the last 10 years. It's like every MSP was racing to the bottom. They were looking to get volume. We had a lot of consolidation with big MSPs in the last five or 10 years. You're right, we're not going to be able to compare.

Speaker 1: 29:46

You know, my email security platform is better than your email security platform. That's not the conversation that I want to be having. It's going to be on the we now have, for example, at SiteTech, site Technology. We have now the ERP consultants and business and data analytics. We have cybersecurity, of course, we have our traditional service desk and then we of course we have technology strategy and it's and it goes outside of that box of just providing that bucket of services that we've always provided. We have to provide that, but that should be table stakes. So if I come into a meeting and they ask me about that, it's yes, we provide that and I promise you it's best in class. That's the reason why we feel confident and guarantee the performance of our products and our staff.

Speaker 1: 30:30

But let's talk about everything else, and we actually we just had an executive meeting yesterday and we were talking about when we onboard a new client that's come from another MSP. Never have they ever had a risk registrar or a register or a technology strategy meeting that they've had on a certain cadence. We talk about them as QBRs and TSMs, but the ones that we take over are usually ones that haven't had that, so we try and go. Okay, clearly, this is a misstep. Maybe that's what they were missing, and that's where you identify all those areas that they didn't know that an MSP can provide services in, like SaaS sprawl. We have the opportunity to look at identity management on those SaaS apps People that are using way too many, like Adobe Chrome, you've got Google Drive, you've got OneDrive, you've got Dropbox but they're all located under that personal account of the receptionist that's leaving next week. Did you know that? There are ways that we can prevent that?

Speaker 1: 31:23

And that's that story that, I think, goes into what an MSP can provide, and I'm not saying anything that's new. We're all nodding, we're like, yeah, we know that's a problem, that's a huge risk, but does our client know that? Do we tell them that this is a potential risk for them? So we can provide all those solutions, like you said, but I think, to differentiate yourself as a true MS, that can do way more than just email security and firewalls and Windows patching and asset management is. We can talk way beyond that and tell them, like to be honest, have a conversation, set up a scenario for them.

Speaker 1: 31:58

Hey, what happens if, right now, the primary company that you do your banking with gets compromised and they send over an email and ask you to change the bank routing information? Do you have processes in place? Oh yeah, we do. Let me ask you that again Do you have processes in place? What does Dave do when he gets an email that tells him to change bank routing information? Does he have a process in which he needs to pick up the phone and call them? He's supposed to have you talked to Dave, and that's where those stories start to go.

Speaker 1: 32:26

And then it's almost scare tactics to a certain extent, but don't use that to try and sell. It's to just really paint the true picture of what's happening. Just recently we had a half a million dollars no, not our company, but a client that came to us with an incident where they had wired half a million dollars to the wrong bank routing and it was because it was a legitimate business email compromise and it was a vendor that they do work with. So they wired it out. Nobody picked up the phone and it was like, yeah, I definitely felt weird in the gut, but I still sent it because it really needed to happen. We really needed to send that invoice.

Speaker 2: 32:57

You did a really good job creating urgency.

Speaker 1: 33:00

Yeah, for sure. And then we talked about security awareness trainings. All you needed was an SAT program? No, you didn't. You needed some policies, you needed some procedures in place there. And that's where a true MSP that does more than just asset management and basic conversation we should be, and that's another differentiator I think that we provide at Site Technology, and I think that if you are looking for a new one, that's what you should be asking. What are some of those questions that they ask?

Speaker 2: 33:26

What are some of the common misconceptions that people have around managed service providers Like? I think that, especially in we'll say that small and mid-market space, these are businesses that are potentially growing. They've always had this aspiration of having maybe the guy that they call, or maybe they're used to, the one person that kind of does everything and they've said a managed service provider is not for them. What are some of the big misconceptions that you see people having in that space.

Speaker 1: 33:53

Some organizations. An MSP isn't for them. We're not going to align with everybody, but an MSP. I think that if you're looking for someone that can provide just the asset report, the Windows patching, there are some MSPs that can do just that. But don't expect more. Don't expect that they're also going to be able to resolve all those problems. That's. Another thing, too is MSPs can't solve all those problems. But you can come to us and we may be able to proxy and find somebody that can solve those issues for you, but we can't solve it all.

Speaker 1: 34:25

It would be one thing that I'd say that I think a lot of people have a common misconception of anything that plugs into the wall. It can fix. We'll try Most of the good staff that we have on our team. All staff are good on our team, but everybody wants to solve a problem. We all are solutions driven. We want to solve the issue. So somebody does call us and say my TV's not working it's likely going to be an IT issue or my website's down. They're not going to look at the marketing guy or girl that just changed the DNS records, but they're going to come to us first, not to the marketing designer first, so we can be available, of course, for those things, but we can't solve all those problems. That'd be one thing that I think would be a common misconception.

Speaker 1: 35:06

And then also guaranteed security. It's impossible. You can't. So if anybody's guaranteed security that you will never be breached. That's not possible. So that is a misconception. What we can do is we can limit the blast radius and we can talk through what it would be if there was a breach and we can talk through what are the processes to try and mitigate risk. Going back to that risk conversation. But we're not going to be perfect. We're also going to hire wrong people. That's going to happen. We're going to have staff members that were great when we hired them that aren't maturing the way that we had hoped that they do. So there are some common misconceptions about us having perfect staff. We're not going to do things perfectly. We're also a small business that's going to make mistakes as well, and we have. But so that's another big thing too.

Speaker 2: 35:50

What's one thing that you wish every customer of yours knew from day one, that maybe took them a while to learn.

Speaker 1: 35:58

One thing that I wish that they knew. One would be that they can't always get the same technician, and that's part of the handover that we explain. But I think maybe you're looking at maybe a higher level. I think that it goes back to what I was saying with misconceptions, like we can't, but our job is to tell you what your risks were, are, rather and I think that's a failure on the MSP side. To be honest, it's not that they've come in not knowing something. That's why they're coming to us, because they don't know. Or they're saying things like why am I always falling behind? Those are the answers that we need to give them. I don't know if there's one thing. I'm actually just spinning my wheels now. I don't know if there's one thing that I could say that I wish that they knew. Maybe come back to me on that question. I may have something later.

Speaker 2: 36:42

Okay, cool, I'll let it marinate a tiny bit there. What about on the customer side of things? So I feel you've had the opportunity, as you've grown your business, to work with a wide host of different customers. What are some of the things from a customer end that really make a good relationship for you and make some of the more successful partnerships that you've been able to deliver?

Speaker 1: 37:03

I think trust is a huge part of it is that trusting that what we're coming in to do is for the greater good of the organization and again, it's not coming from a sales perspective and that takes a little bit of and there's a relationship building there. Going back to losing staff members internally it's difficult when you lose, let's say, a technical account manager for one of your clients, they're going to think, oh, I just lost that relationship. I think that's part of the your relationship is with my organization. Sure, there's people involved in that and there's relationships with the person themselves. But know that we have tools and systems in place so that we can make sure that transfer to the new one is going to obviously hit the ground running and it doesn't have to start back at zero. But that is, I think, one of the big things that we are very relationship driven, so that we can have that focus. So that'd be one thing that I think would be in that area.

Speaker 2: 37:58

That makes sense. When you look at the future of the managed services industry. What are some of the changes that you see coming? Obviously, there is a ton of stuff happening around AI, around security, around all those kind of buzzwords, but things that are also are real in terms of the technology landscape changing incredibly quickly. How are you seeing that affect the MSP industry and what are some of the things that you're preparing for as a business as the world continues to change?

Speaker 1: 38:26

I think there's going to be, unfortunately, some loss of some of this. Not, it doesn't. It's not always about size that I'm trying to be careful with the words, but the msps that are looking to just come in at cost because they're not going to be able to service well and we're going to end up where we're going to see ransomware of companies because they didn't know that they were exposed, which is going to sink these companies and they're going to try now they're going to get cyber to help them out. They're going to recover and then they're going to try now they're going to get cyber to help them out. They're going to recover and then they're going to be looking for an MSP, or they'll have a terrible taste in their mouth about an MSP because they were the one that caused them to lose their business or millions of dollars. So I think that the space is going to ultimately start to swallow those up, and I'm hoping that comes from either government influence or compliance of some sort, which is going to say you can't run that way. You are putting back doors into absolutely every device in their network. You can't be doing that because we have a global threat that is coming from everywhere, regardless of where it's coming, like different countries, people, et cetera, from your neighbors. There's threats coming from everywhere.

Speaker 1: 39:34

So I think we're going to see less of those kind of the term that we use internally the trunk slammers is what we call them right, it's like that MSP I'm hoping doesn't make it through this next five years, because it does make us all look bad and we need to be very careful. We need to secure our own house. We do it every day. There's something new all the time that I'm also implementing internally and our tabletop exercises expose areas of weakness that I was like no, we need to protect that. Let's talk about it.

Speaker 1: 40:03

Change management how are we going to do this? How are we going to train through it? How are we going to make sure our clients understand there's been a change? And that's expensive, and I don't think a lot of MSPs are going to be able to do that at a smaller scale without increasing cost, so they'll have to obviously increase pricing. So what I'm saying is I hope some of these MSPs that are looking to just come in and try and make a quick buck it's going to be a problem because you're going to affect the organization that you've installed backdoors into. So that's what I'm hoping for, and I know that may sound doom and gloom, but I'm also seeing the other side, which is the other light. The end of the tunnel is that maybe we will have government influence to force us to be better.

Speaker 2: 40:44

It's a super interesting discussion because if you look at a whole bunch of other areas of the business they are, they have either kind of regulation or oversight, compliance and rules they have to play by and for some reason, it as a whole has largely skirted that and there's been various attempts to put in place rules to play by.

Speaker 2: 41:08

But for all intents and purposes, I could end this call today, put out a nice website and announce that I'm an MSP and just start servicing customers and that's crazy and bonkers and a huge amount of risk. And I fully appreciate what you're saying, which is the idea that there is a little bit of an entry point to actually being able to play in this space now and to do it properly, there are investments that need to be made, there is a base level of security that needs to exist and there's some base investments that if those don't exist and you mentioned it as table stakes earlier if those don't exist, they run as fast as you can in the other direction. But I think that it will lead from my perspective and I'm curious on your take to a little bit of that continued consolidation, because previously the barrier to entry, as you mentioned, to 21 years old to becoming an MSP was quite low, but I think that world is changing and there will be some consolidation in that space.

Speaker 1: 42:00

I do too. However, the only thing I would not argue I still think the barrier of entry is low. Anybody could do exactly what you just said. You could whip up a WordPress site in a minute and say that you're a managed services provider and there's no regulation against that. Now, again, I'm careful with the regulation word.

Speaker 1: 42:20

I think what's happening is insurance is asking the questions of who is your MSP or do you have an outside consultant that does A, b and C? I still think those questions are too broad. I don't think that they're asking the right questions. When they ask for do you enforce MFA, that's an impossible question to answer. On what? On their switches or on their login to their identity? Right, like you can't answer.

Speaker 1: 42:44

I think that insurance still is. I think it's helping because it's asking the questions, and I think what's going to happen is that they're going to have people that will answer those questions with yeah, I use MSP, abc Inc. And the insurance provider is going to put them into the registrar and go hey, abc Inc. How many times have we seen a breach at ABC Inc? We've seen 30 of them. Okay, you do not get cyber insurance, you're with ABC Inc. I'm hoping that we get to that stage where and that would be again a really perfect world we may, however, also see this in the banking world, because the banking world also provides loans and they may start asking those questions of hey, who are you with as an MSP? Because we don't want to give money out to a company that could potentially sink, follow the money right. If the insurance and the banking is starting to ask these questions, that could help us also get rid of the fly-by-night that was a better term to be using fly-by-night MSPs that don't have the best interests in mind.

Speaker 2: 43:45

I completely agree, Dustin. We've been talking for almost 45 minutes here. I feel like the time here flew by. If people want to pick up this conversation, if people want to connect with you, what's the best way for them to get in touch?

Speaker 1: 43:58

with you. Sure LinkedIn, dustinkassar you can get me there. I'm also dustinkassar at site technologycom. I am an open book. I'd love to tell you how we do things. I'd love to tell you what maybe you should be looking at. If you're looking for an MSP and it doesn't matter really where you are, I don't care if you're Canadian, american or even overseas Give me a call and I'm happy to help bounce some ideas around with you as well, and even other MSPs that are looking to come into this game, that don't want to be the fly-by-night. I'm in almost every conference, or at least I try and attend every conference big conference that is and again, would be happy to help anybody that is on that journey as well.

Speaker 2: 44:38

Amazing. This has been an absolute blast today. Dustin, you're clearly a wealth of knowledge in this space and really appreciate you taking the time, and thank you so much for joining us on selling this podcast today.

Speaker 1: 44:49

Absolutely. Thank you so much for the invite. I really do appreciate it, Keith.