Navigating AI Growth: MSPs Tackle Cybersecurity and Data Governance in 2025 with Carolyn April and MacKenzie Brown

[00:00:13] AI is rising fast as a revenue driver, but are MSPs building real capability or just chasing the hype? We'll dig into the data with GTIA's Carolyn April and talk cyber threats, identity-driven defense, and staying ahead of adversaries with Mackenzie Brown from Blackpoint Cyber. Plus, what's fueling profit in 2025 and why product sales aren't dead yet. Welcome to the Business of Tech Lounge,

[00:00:38] the live version of the Business of Tech podcast. It's Wednesday, March 26, 2025, and I'm Dave Sobel. We'll be taking questions and comments throughout the show, so make sure to put them in chat. If you have a question, we will happily respond to it. Now, I want to thank Sales Builder, our Patreon sponsor whose support makes this show possible. Focus on your IT sales workflow with the

[00:01:03] power of automation and visit them at salesbuilder.com. That's B-U-I-L-D-R dot com. Reminder, I am keeping an eye on the chat. Throw something in and we will answer those questions in real time. Carolyn April is the Vice President of Research and Market Intelligence at the Global Technology Industry Association of Business Trends within the technology ecosystem. With over two decades in the

[00:01:29] IT channel, her expertise encompasses areas such as cloud computing, managed services, and business model transformation. Hello, I'm so happy to be here. It's been maybe a year, maybe a little longer. It has been. I thought you came out in Q4, but it's been a little bit of time. And you've got exciting data, so I'm looking forward to diving into that. I sure do, yes. Mackenzie Brown is the Vice President of the Adversary Pursuit Group at

[00:01:57] Blackpoint Cyber, where she leads efforts to enhance security strategies and empower managed services providers. With a background in incident response and organizational security maturity, she's previously served at Microsoft's detection and response team, managing global scale incidents and guiding organizations in improving their security postures. Mackenzie, welcome to the live show. Mackenzie Brown, Mckenzie C. Happy to be here. Very exciting. Good way to spend a Wednesday. It really is. You've been on the show on an interview, but this is your first time joining us for live,

[00:02:26] mixing it up. Mackenzie Brown, Mckenzie C. I know, no pressure. None at all. Well, this is a great time to come because Carolyn comes bearing data, which is always like the most fun way to start things out. And Carolyn, I want to start because I dug into the report and I know it's available at GTIA's website if people are interested in diving into it. But I wanted to start first with some of the AI's emergence as a revenue driver. Mackenzie Brown, Mckenzie C. Because in the report, I noted that 53% are expecting significant AI revenue this year, up from 32% last year. And 66% are

[00:02:56] intending to sell services and products. And what do you attribute that dramatic jump in the AI revenue expectations to being? Like, are people building real capabilities or are they just exploring hype? Mackenzie Brown, Mckenzie C. Well, I think it may be a little of both. And it also depends on the company themselves. We are in a hype cycle, the way you would see with any kind of groundbreaking or newly innovative type of technology. I'd argue that AI is pretty superlative in that department.

[00:03:26] But if you think about when the channel really started paying attention to AI, it's almost when the rest of us people out there, laypeople did as well. When ChatGPT sort of broke on the scene in early 2023, that's when this became a thing. Despite the fact that we know machine learning and forms of AI have been around, but the generative AI focus really hit a couple of years ago. And we started asking about it then in our studies. And clearly, the first year we asked about it, AI for the channel was

[00:03:57] not much of a thing at all. Yet they were some channel companies were experimenting with it in-house, very few were selling any kind of product that was AI based or doing any kind of services work around AI. It really was something that they were playing with in the sandbox. Last year or the year after that, a little bit different. We saw more companies using it in-house and use it not just as an

[00:04:22] experimentation way, but actually applying it to real tasks within their organization. If they were an MSP, they might be using an AI tool to help them with things like patch management, things like customer service, so chatbots, that kind of thing, dealing with customers. There was more actual application of the technology. Still not too many selling, but an increase. This year, I think we turned that corner where at least those channel firms that are kind of out front with this are

[00:04:52] seeing real revenue possibility and they are starting to find ways to monetize this technology, whether that comes in the form of selling some sort of AI enabled product, whether they are like big 365 providers, in which case they would be getting very involved with co-pilot for some of their customers and in other ways that they may be getting involved in AI. But that jump is the real deal. We did see

[00:05:18] an almost double digit jump in the number of companies that say that they think that they're going to see significant revenue increases in the year ahead. So I don't want to write it all off to hype because I think there's definitely some reality based in there and we do have some data we can talk about later about what specifically some channel firms say they're doing on the revenue side with AI. But I'm going to say that there's definitely some there there. Okay. Now, Mackenzie, I actually want to parallel this

[00:05:43] because if the numbers are jumping on providers selling it to customers, I have an expectation that adversaries are doing exactly the same thing on the other side. But I don't have data and research, I suspect you do. Can you tell me what's going on on the opposite side of that? Like what our adversaries are doing with generative AI? Right. I think what we focused on a lot of last year was adversaries or threat actor groups, honestly, learning AI just the way we're learning it, but less from a

[00:06:14] actually maybe from a business productivity stance, right? They're trying to improve their operational effectiveness. A lot of what threat actors were starting to play around, which is what we see is advanced social engineering, more sophisticated phishing campaigns. That's a given, right? That's improving the linguistics, the urgency, the type of language that's being used. And of course, doing large scanning and discovery efforts of who their targets are going to be. And now what they're

[00:06:42] talking about a lot is not just, you know, they used the same way we use AI that can build out our operations from an infrastructure perspective and to improve some of our operations. They're using that as well. And I feel like they're going to advance a little bit more into understanding where the value of AI sits. So this is a lot where you hear about the learning models or LLM hijacking attempts of what type of data is sitting in AI. And without going down a full legal conversation of what's considered

[00:07:11] trademark or copyright in AI, the biggest question I get actually from some of our partners or clients is, hey, we're interested in implementing something like co-pilot and starting to play around and leverage it. And the first response I typically give them is, well, do you have a data governance plan in place? Do you have some sort of identity monitoring? Have you looked at your access controls? There's a lot of security initiatives of frankly, the basics that don't take place

[00:07:41] the same thing. And I think that's a lot of things that are going to be able to do with the whether they're hosting that internally, their own learning model on their own infrastructure or leveraging something like co-pilot, they look over the fact that we are doing some data sprawl just the same way we do app sprawl. And if threat actors are able to get a foothold into an environment, that's valuable data that could be leveraged for them. So I think we're going to see a continuation of the

[00:08:07] ways that they leverage AI to build out these attack campaigns, to be able to code faster, perhaps create new versions or variants of malware to evade detection. They're really leveraging AI the same way we are operationally for productivity. But I do think that there's going to be a lot of existence of data that is very valuable. And if they could cross that boundary and get access to it,

[00:08:33] that's a big fear. Interesting. And it's funny because you talk about the data governance piece, that has been a recurring theme with every implementer that I talked to. Colin Graves, who was on last week on the live show, spoke about that in his interview. And I'll tease for listeners, I've just literally did an interview yesterday, which will drop where we have exactly that same conversation. So Carolyn, talk to me a little bit about what's going on. When I dug into the data, again, the top use cases were automation, content, creative mark and marketing. That's not quite as weighty as

[00:09:03] some of the conversations that other implementations are having when I see the leaders, nor either what McKinsey is talking about. Yeah. I mean, I think that those, the low hanging fruit, they're still out front for the vast majority of now. If you think about the channel, when we're doing a study like this, we're going out to the broader channel. You're not slicing and dicing by, you know, the most forward thinking or progressive. This is the entire channel. So you've got a lot of small companies.

[00:09:29] So a lot of SMB size companies, you know, you ran an MSP for a while. A lot of MSPs are very small in numbers. So they don't have a lot of resources to be that cutting edge with what they're doing with AI yet. However, so they are plucking at that, at that low hanging fruit. And that makes a lot of sense. But if you look at the data, the percentage, it's a relatively balanced percentage of people doing that automation of tasks and the content generation, you know, and the marketing and the sales type of

[00:09:56] uses for AI that seem like low hanging fruit. And those that are starting to incorporate AI as part of a service or piece of the portfolio that they offer. So, you know, they're using, they're offering data services. That may be the umbrella of services that this particular channel company says it's offering to customers. And within data services, it's doing some AI work. So it's helping to work with customers and make sure if they're building a language model, you know, a model for their AI that

[00:10:23] they're putting the right data in. It's clean appropriately. It's accurate. All of the things that need to happen. It's secure. Similarly, we have channel companies that will identify the things they're doing with AI as part of their cybersecurity services. So it may not be that the channel is identifying a piece of their portfolio as AI services specifically, but they're incorporating AI now as a consideration in some of the services that they may already offer, like cybersecurity data services,

[00:10:52] general consulting, that seems to be a big catch-all for what they're doing with AI. There's so much upfront work that a lot of customers don't understand needs to be tended to if they're going to consider using AI in some format, whether that's doing the data cleanse and all of that, considering cybersecurity, considering infrastructure. I think a lot of companies don't understand that in some cases, you're going to need to refresh some of the infrastructure and hardware that you might be

[00:11:19] working with if you're going to get really deep into the use of AI within your environment itself. And so the channel has a great opportunity here, quite frankly, to do that kind of consulting to help build an AI strategy for their customers. And that may mean not selling any sort of things at all with risk with regard to AI, but selling their consulting acumen. Gotcha. Reminder for anybody watching live, throw your questions and comments into the chat. We will definitely take them here. And if you're watching on the

[00:11:48] recording, send me an email at question at MSPRadio.com. We'll take it from there. One of the data points that I found really interesting on here was, you know, the profit pressures despite revenue optimism kind of section is AI, cyber and data are all seen as profit centers, but competition and pricing pressure at 49% were areas that weighed on here.

[00:12:09] Mackenzie, I kind of wanted to ask you a little bit. We keep flirting with data governance and cyber and stuff. This feels like a lot of the cyber skills that you think about from cyber frameworks and management skills should translate into data governance. Is that what you're seeing with providers that are leading in this? Or am I off base?

[00:12:30] No, I don't think you're entirely off base. I do think that we have in general, and I was reading through the report that was provided as well around this is we have a shortage in talent, not necessarily workforce, but in talent of those that understand data governance and data security, as well as our understanding the business acumen that's required on the data service providing side of it.

[00:12:59] Because you're balancing compliance requirements and regulatory needs that they're trying to meet versus actual hands on needs of understanding the data that they have versus the actual service side of the house where this is actually a good topic that got brought up in the news other the other day was an increase on tax services for data services and hosting. For a lot of vendors, that's going to be an increase, which means anyone that is utilizing the

[00:13:29] those vendors is potentially also going to see an increase. So we look at all of these services and then I do think match specifically with the talent that's needed is going to be a big issue. I apologize. My camera is not liking me today. Some days are like that. Now I want to throw it back Carolyn before I round out on the report a little bit. There was one other area that really intrigued me and it was the idea of 37% saying they sell services versus 31% still selling products.

[00:13:58] Yeah. And 31% are also forecasting revenue growth in reselling tied to PC shipment growth. Now IDC just dropped all of their projections for this year to only a modest 2% growth and most of it they're tying to Windows 11 upgrades. I'm looking at this and saying a bit of a disconnect between what I think the providers are looking at and what the market is saying. Like what's keeping product sales alive here?

[00:14:26] Well, there may be some stick-to-itiveness on the part of the old school resellers I would say. I think there's, I can't explain it entirely, but I think I'll go to one data point that I think is really important from the beginning of the report that I wrote about. We asked the question, what do you think about the state of the channel? Very general macro question.

[00:14:49] Health-wise. And it's literally a split between half of the respondents believe that the channel is healthy and yet status quo, stable but healthy. The other half thinks it is healthy but changing rapidly. So you've got these two camps. And the way I view it is you've got the more progressive channel companies, those that are embracing AI, getting into more sophisticated cybersecurity, just going for it and trying to grow their revenue.

[00:15:17] And then you have this other very strong 50% that are still steeped in a lot of legacy work and traditional work that the channel has done. And frankly, they consider their businesses healthy, they're happy and they're marching on. So you've got even a disconnect within how the channel perceives itself. Now, as far as PC shipments go, I believe in terms of hardware, there is a big refresh with Windows that's going to be coming up.

[00:15:41] I believe that AI is driving some infrastructure spend in particular. And that has been sort of an underreported phenomenon, that that is definitely something that's happening. I think, Alan, I think it's just a continued strong placement of these channel companies that are in that 50% that are very much infrastructure focused and continue to be to this day.

[00:16:06] Gotcha. Now, we could spend all day here, but there was some other stories that I wanted to kick around to talk a little bit. Mackenzie, I want to throw it to you on this one. In particular, I was digging into some dark reading stuff that really talks about some of the basics are still a significant problem here. When we look at cloud configurations, I found yet another article showing how cloud configurations left in their basic stance are continuing to let people just essentially get owned by not doing the basics.

[00:16:34] How much of what we're dealing with in cyber is still the basics are still a problem? And how much are we really need to be considering advanced new threats? I think it's a little bit of both. And hopefully the tech gods are with me right now. My camera doesn't. But if it does, it says no signal. That's very apropos with this conversation. No signal as attached to what needs to be happening.

[00:16:59] Misconfigurations, especially in the cloud, let alone any sort of technology that you're investing and implementing is a huge issue. Cloud specifically, when it comes to even from a security operations perspective where we're monitoring and detecting potential threats that are being exploited inside a cloud environment is often due to the fact that, well, there are some misconfigurations and identity.

[00:17:21] Being able to do proper access controls, understanding asset management. This is from an application perspective, understanding the trust that you have in place in placing some of the security settings often that are not turned on by default. These cloud hardening procedures are not necessarily prioritized. And nowadays it is maybe five years ago this wasn't considered basic. Today it's still considered.

[00:17:46] Now, today it is considered basic. These basic needs that need to happen. And I feel like, again, if we start pushing towards some of these more advanced technologies such as AI without really looking at, you know, understanding the location or our footprint and where our data lives and how it's being protected, how we're not just providing governance, but we're limiting access and we're putting those layered defenses on top of it.

[00:18:14] And if we can't get, if we can't get, if we can't get, if we can't get that handled, if we can't get that handled, then we're really going to struggle with some of the advanced technologies that need to be invested in or really struggle with, we may see some sort of positive impact that those technologies make, but one incident, one threat actor could switch it all up for us. And it makes all of that positive revenue get masked by a very negative impact.

[00:18:41] Right. Now, a reminder for those watching, throw it into the chat. If you've got a question, we've got some experts here that will happily take your questions on anything. And I will happily contribute an opinion, which I'm full of all the time. Now, Carolyn, the other piece I kind of wanted to dig in is I, as I think about this, we've talked about the configuration problem that the data and dark reading is showing. What are you seeing in terms of sort of state of the play on cybersecurity?

[00:19:03] Like how much of revenue growth are solution providers hanging their hat on cybersecurity versus some of the other projects that they're looking at? Well, cybersecurity is a big hook that they're hanging out on for sure. It has been for several years. It's been the number one service slash product area that the channel has identified as its revenue driver.

[00:19:30] This year it was eclipsed by AI, but again, cybersecurity was number two. And likewise, for profitability, they're seeing a lot in cybersecurity. So it's clearly a big, big piece of the puzzle for many channel firms. That being said, I think to go to your very original point about base, the basics not always being met. There are a lot of channel companies who are still very much living in the basics of cybersecurity, and that is what they offer at a bare minimum to their customers.

[00:20:00] It's not really a part of their portfolio. That is what they would call their core mission. And then you've got, you know, many channel firms out there that are really devoted to cybersecurity as their core mission. And what's going to be interesting is to see whether that side that is really only considering cybersecurity is sort of an add on or something that they have to do as a table stakes for their customers, but they don't dive into the more sophisticated elements of it, whether they shift over and transition.

[00:20:27] But I don't, if you, you know, ask me, what do you think is the number one, you know, opportunity revenue wise that the channel has been pursuing in previous years and will continue to pursue in the foreseeable future? It is definitely cybersecurity. Okay. Now, AI might grow leaps and bounds, but you have to remember AI was starting from here. Right. So doubling in revenue means you've gone from 5% to 10%, you know what I mean?

[00:20:53] So it's not quite the same as what is already a very well established stream of revenue for many channel firms in cybersecurity. Well, and in theory, they could be hitting two different parts of a customer's revenue stream. If you're investing in AI, you may be helping with top line growth revenue where cybersecurity could be about protecting existing revenue streams, costs of goods sold. Like there's a difference there, which is actually is an interesting way to me to pivot a little bit into the larger scene about what's going on larger.

[00:21:21] And I want to say, Mackenzie, I've got some questions in particular, because I think you have some good insight into this. I was digging into some of the chaos over at CISA and I've been covering it on the daily news show for those that follow it there. In particular, there was a there was a highlight that I shared with you before we went in here for listeners. CISA has been having some level of chaos within terms of their staffing and changes that are going on in the larger sense with what's happening in Washington.

[00:21:46] In particular, there's been some coverage about disarray among the red teaming environments at CISA. And I thought it would be really useful for you to be able to tell us like, hey, what are these red teams at CISA do? And what's the impact of that being less stable than it was before? Well, CISA in general has made strides in the cybersecurity community by developing a lot of the policy and plans that organizations need to leverage to build out their own internal program.

[00:22:15] Let alone they do a ton of monitoring of emerging threats, vulnerabilities, things like zero days that are hitting the market that we have to be aware of. And this could go everything from supply chain attacks to individual vulnerabilities on well known vendors that everyone is using, albeit Microsoft or otherwise. So it's incredibly important of the type of work that they're doing and continue to do from a red teaming perspective.

[00:22:42] A lot of what these teams are doing are not necessarily red teaming from a national security perspective, other potential adversaries, but they're actually focusing on red teaming. What our infrastructure looks like providing services, much like what a lot of the branch forces do when they go out to individual states.

[00:23:02] For instance, in Idaho, we have a huge one out at Gowan field where there's an entire red team that does essentially almost free work in a sense pro bono to a lot of critical infrastructure here.

[00:23:13] So having those red teamers come in and be able to actually test and fuzz against the attack surface of critical infrastructure of agencies that maybe need that support that haven't budgeted it is very important to have that expertise because that's how they're able to identify perhaps areas that they have not even that they've overlooked that are considered a weakness or gap in their network.

[00:23:37] So this concern here is not just from the red teaming aspect, but anything that is hitting cybersecurity. What CISA has done has been incredible from a policy perspective, but cybersecurity as a whole needs more policies and regulation. We don't have enough already. We are fighting just to let alone get our own budget for cybersecurity for these individual organizations, but actually say, hey, this is the bare minimum of what it costs to implement some of these security controls.

[00:24:07] We need more people. We need more people. We need need more talent and recruiting of workforce. We need more education out there to develop the next stage of workers and talent that are going to be recruited, let alone the expertise that it needs to work with people like managed service providers who frankly, in my eyes, are critical infrastructure. They provide a lot of support to government agencies. And so we're overlooking also the impact that that has on small and medium business.

[00:24:35] So the CISA stuff is a little sensitive to me, of course, because anything cybersecurity policy is sensitive where it feels like we've made so many strides forward and I just don't want to see us dropping backwards. So I guess I'll broaden the conversation a little bit because the other thing that we're all tracking and, you know, is some recent of the discussions around the use of signal for potentially classified information.

[00:24:57] In fact, you know, just a bit ago, the Atlantic actually released the specific transcripts of the conversations the government officials were having on online. And I want to actually have a little bit of a broader conversation here of your both thoughts on the level of concern and engagement that providers should have on the enforcement of some of these laws.

[00:25:17] The reason I think that this is a particularly interesting example is classified information is one of the few areas where we actually have laws versus just policies around. Most organizations have cybersecurity policies and you it's kind of technically an HR violation if you break policy as opposed to classified information, which actually is the area that we have laws around.

[00:25:42] And my premise and I offered this in the show on Monday is that I think anyone who sells cybersecurity should be intensely interested in the outcomes of this because it talks to leadership's recognition of the importance of enforcement of policy.

[00:25:58] And that if this this this position, if if there are no consequences for breaking the law, it puts cybersecurity focused providers in a position of pushing a boulder up the hill of saying, well, if you can break the law and there's no consequences, why are we worrying about policies if you're an employee? And I am I on base here?

[00:26:20] Because you both think about it, McKinsey, you think about it from a cyber perspective, Carolyn, you're thinking about it from a general, you know, solution provider health perspective, am I on base or is there another tact I should take to this? Because I'll throw it to you as the cyber expert. I mean, I definitely think when it comes to it, we saw a lot of the things in the news about WhatsApp not too long ago, and some of the vulnerabilities that sit in these secure, quote unquote, communication channels, we're all leveraging it in many ways.

[00:26:48] Obviously, at a corporate level policy, it's the same way whether we're talking about AI or secure communications that are out of band of corporate networks that, you know, it's it's both policy and like you said, classification, it's putting you at more risk. It's putting any sort of intellectual property or proprietary information leakage at risk, and it's putting the users themselves at risk.

[00:27:11] So I do think from a security side, like you said, this is a really great lesson of how can policies exist, but more importantly, how do we enforce them? And Carolyn, I'll throw it over to you thinking about it just from the general health of the solution providers themselves. Carolyn Kielsen Well, I'll take it from the sort of from the business angle here is that I agree with you. I agree with your premise.

[00:27:32] If there are no consequences to this more stringent level we're talking about, not policy, but law, if there are no consequences to cybersecurity laws being being broken or transgression in any way there, it makes it harder. Carolyn Kielsen It really undercuts the gravity of a message you're trying to get across about how important it is to have said policies and laws and how important they are.

[00:27:58] Carolyn Kielsen So if you are, for example, a solution provider or an MSP who's out there pushing cybersecurity quite hard and then consulting with your with your customers about how important it is not only to have cybersecurity technology in place, but you also have governance and various policies and rules that they have within their own organization and how they interact with other organizations. And this would be particularly important to MSPs, how they kind of keep their own ship in good standing and then make that messaging go out to customers.

[00:28:28] Carolyn Kielsen It makes it harder to make your case when you see something being flouted law wise elsewhere. Carolyn Kielsen It's you know, this would go for any any kind of law of so and so gets away with something. Why can't I or why is what you're telling me is important really all that important if we just went through an instance where the law wasn't followed there were no consequences and everybody's a okay.

[00:28:53] Carolyn Kielsen I think it just makes the job of selling cybersecurity and the self signing site selling the adjacent services around cybersecurity such as the policies and the governance much more difficult. Carolyn Kielsen Yep. And that's I think that's why we all want to be keeping an eye on this story is if we're in the business of selling cybersecurity and I think we both see you know, we've all sort of agreed like hey, that's a big opportunity for MSPs.

[00:29:14] Carolyn Kielsen I think we want that to be taken seriously. And we want to make sure that you know, our leaders government like also take that so that it trickles into the business side of this. Carolyn Kielsen Yeah, we could go all day long, but I want to be respectful of everybody's time. Mackenzie, I'll start with you like if people are interested in getting in touch having further conversations, what's the best way to do that?

[00:29:33] Mackenzie Kielsen LinkedIn, that's always the best way for me, honestly, is LinkedIn. Like half of my business is going through that. If you want to learn a little bit more about Blackpoint Cyber and what my team does, which is focusing on threat intelligence and threat research for our partners and the MSP space in general, you can find us on our website. Mark Leary Awesome. And Carolyn, I know you've got new resources out from the you know, in terms of your channel report. Tell me a little bit about the way people can get access to that at the GTA organization.

[00:30:01] Mackenzie Kielsen Sure. Well, they can find everything they need resource wise and get the full report here, including the PowerPoint deck if they're more interested in digesting graphics and not reading a full report, all on GTIA's website. So it's gtia.org, not the org, not .com. And you can also find me on LinkedIn. So if you want to talk to me personally about any of these data points or any other subject related to what we discussed today, I'm happy to have a chat so you can find me there as well.

[00:30:30] Mark Leary Well, thank you both for joining me. This has been great fun. We could go further, but I got to be careful with everybody's time. But I'll have you both back to mix it up again in the future. Mark Leary Thanks for having us. Mark Leary Awesome. Thanks so much, Dave. Mark Leary Now I want to give a preview of an upcoming interview. Sahil Agarwal, the co-founder and CEO of Encrypt AI joined me to talk about security and the critical importance of compliance in the adoption of generative AI technologies. We discussed how organizations can identify and mitigate risks associated with the

[00:31:00] AI ensuring the safe deployment. And we had a long conversation about it. Here's a preview of that discussion. Sahil Agarwal, So what red teaming or what risk assessment is doing is let's say you have an agent or a co-pilot with a particular use case. There are certain guidelines that you would like it follow. There are certain policies you would like it to follow or regulations that may apply. So what risk assessment is doing is in real time dynamically prompting your system and attacking it,

[00:31:29] and simulating those attacks to see whether a system responds in an adversarial manner. So that's how the risk assessment is done. But what it's giving you is a detailed report of all the risks and vulnerabilities that exist. With that detailed data set, you can go ahead and refine the mitigation itself so that your mitigation system is much more efficient.

[00:31:53] So rather than putting a solution there, you can have a much more efficient and elegant system in terms of mitigation for your application. My Patreon supporters already have this interview if you want to listen right now. It'll drop on the weekend on YouTube and the podcast feed. If you're interested, I really do encourage you to listen. It was a fascinating discussion. Visit patreon.com slash MSP radio to learn more. Now listeners, you can support the show. The number one thing you can do is like, share and follow on your favorite platform. And I want to thank Sales Builder.

[00:32:20] I want to thank Sales Builder, our Patreon sponsor whose support makes this show possible. Focus on your IT sales workflow with the power of automation and visit them at salesbuilder.com. That's B-U-I-L-D-R.com. And vendors, you too can get your name mentioned on the live show. It's a simple monthly subscription. Visit patreon.com slash MSP radio to sign up and learn more.

[00:32:42] Now listeners, you can support the show. The number one thing you can do is like, share and follow on your favorite platforms. It really matters. Hit that like button, hit the subscribe and follow buttons and follow me on whatever platform makes the most sense for you.

[00:32:56] And you can support directly with our give what you want model you set when you think the content is worth and you get access to all my videos early. If you have a question and are listening to the recording, send it in at question at MSP radio.com. Thanks for joining me for the business of tech lounge. And I will see you next time. Thank you.