🎙️ SPEAKER Liam Downward
📍 WHERE TO FIND HIM LinkedIn: https://www.linkedin.com/in/liamdownward/ Website: https://cyrisma.com/
📌WHAT IS THE MSP INITIATIVE? The MSP Initiative was developed with one goal in mind: education for the IT & MSP Channel. We are bringing together some of the best industry minds from all over the planet to help you learn relevant and helpful tips and tricks you need to take your business to the next level! Every Tuesday and Thursday at 1:00 PM ET, we will have great IT Channel members and experts discussing relevant topics to your business. We hope to have these great members from diverse backgrounds and areas of expertise help everyone through some new and changing times. Register once and join us every week! There will be time reserved at the end of each session for a Q&A, giving you the opportunity to ask real questions you need answers to for your business.
📝 VISIT THE WEBSITE BELOW TO REGISTER tinyurl.com/y749r79u
📱 WHERE TO FIND US Facebook: @mspInitiative LinkedIn: @mspinitiative Twitter: @mspinitiative Website: mspinitiative.com
[00:00:01] Hello, ladies and gentlemen. It is a October 3rd edition of the MSP Initiative, MSP Talk.
[00:00:11] And if you follow these, then you know in the beginning we do some housekeeping and then we get on to the good stuff.
[00:00:17] So without further ado, here is that housekeeping. MSPinitiative.com.
[00:00:23] This is where we park most of the stuff that we do.
[00:00:25] So for example, this session is being recorded.
[00:00:27] Like every other session we've ever recorded, we park it on our podcast or on our YouTube page.
[00:00:32] And the sessions tab at MSPinitiative.com.
[00:00:35] You can download, like, subscribe, forward, all that good stuff.
[00:00:39] Thank you, thank you, thank you to everybody that made the journey out last week for MSP Community Minds.
[00:00:45] That was our second of the year. We are doing these next year.
[00:00:48] But if you didn't know that we did these, take a look.
[00:00:51] It was a two-day, totally educational event with a bunch of MSPs who did panels and workshops who did two-hour workshops at a time.
[00:00:59] We love this format. It seems to be very well received.
[00:01:02] We think that there's, like, you know, some pass forward here.
[00:01:06] And so we're going to plan some of these for next year.
[00:01:09] But we love, love, love the ability that people were in a sharing mood.
[00:01:13] And that's how people learn. At least that's the best way I learned.
[00:01:16] I was not a book guy, but I digress.
[00:01:18] But that brings us to probably what we're more familiar with.
[00:01:21] So if you are not living underneath a rock, then you've probably heard of the MSP Community Block Parties.
[00:01:29] There are four between now and the end of the year.
[00:01:32] So let's go through them real quick so you know what's going on.
[00:01:35] If in a couple of weeks you're, you know, like 10 days, I think, headed to Germany for PAX 8 Beyond Berlin,
[00:01:43] Super on October 14th, which is, I think, the second night of the conference,
[00:01:48] we will be holding an MSP Block Party in Berlin.
[00:01:51] Very beer-themed for your Oktoberfest enthusiasts.
[00:01:55] And it will be, jump on a shuttle, take you down the street, you know, 9 to close,
[00:02:00] and you'll love this place.
[00:02:02] It is very, again, Oktoberfest-themed, very beer-like. You'll love it.
[00:02:08] Then let's turn back around. Let's go to South Florida.
[00:02:11] Thank you to Miami, DadoCon Miami, on October 29th, which is the second night of DadoCon.
[00:02:16] We are going to be at the Fountain Blue, on-site, at the famous Live Nightclub,
[00:02:22] literally on property, no shuttle necessary, from 9.30 to close.
[00:02:26] So definitely register for that one if you're going to DadoCon in Miami.
[00:02:30] Now, we're going to just go a couple hours up the road.
[00:02:33] We're going to go to Orlando.
[00:02:34] So on November 6th at 9 p.m., we are bringing you not just cigars, not just bourbon,
[00:02:41] not just alcohol, not just karaoke, and a lot of networking with 2,000 of your peers.
[00:02:46] We're bringing you Flowrider.
[00:02:50] That's right.
[00:02:50] You've heard him on the radio with the apple-bottom jeans and the boots and the fur
[00:02:55] to bring you a private concert for free for the MSP community.
[00:03:00] So definitely jump on a shuttle on November 6th at 9 p.m., or maybe before,
[00:03:05] and drive a mile down the road to Icon Park in Orlando,
[00:03:09] and we will entertain you into the night.
[00:03:12] And then we go really far away.
[00:03:15] I'm sure Jen can't wait to fly 24 hours in the opposite direction to Sydney, Australia,
[00:03:21] for DadoCon Sydney on November 12th at 8.30 p.m., second night of the conference,
[00:03:26] down the street from the conference hotel in Darling Harbor in Australia,
[00:03:31] where it is summertime in November, not fall.
[00:03:34] So all that being said, those are the four community block parties left for the rest of the year.
[00:03:39] Head over to MSPinitiative.com.
[00:03:41] Go to community block parties.
[00:03:42] Register ahead of time.
[00:03:43] It is free if you're an MSP for you to join us.
[00:03:46] So do that ahead of time so you don't have to do it on site.
[00:03:49] So there it all is.
[00:03:52] Then there's some community offers and deals from different companies from around the sandbox,
[00:03:56] if you can take advantage.
[00:03:57] Awesome.
[00:03:57] And industry calendar that takes you all the way until the end of the year
[00:04:00] until we collect all the other dates for 2025,
[00:04:03] of which I'm sure there will be something between 300 to 500 of them,
[00:04:06] and create a new calendar for you so you can know when you don't want to work,
[00:04:10] where you can find yourself.
[00:04:13] There is all the housekeeping at MSPinitiative.com.
[00:04:18] And if you don't know how to spell initiative, Google will fix it for you.
[00:04:22] Now all that's out of the way.
[00:04:24] Here we are, October, and we bring our guest for today's conversation,
[00:04:30] Liam from Chirisma.
[00:04:33] How are you doing today, my friend?
[00:04:35] Hey, not too bad, George.
[00:04:36] In fact, it's Chirisma.
[00:04:38] So just see.
[00:04:39] You know, I'm sure everybody like has to get.
[00:04:42] It's funny you say that, George, because we actually, when people come to our booth,
[00:04:44] the first thing we'll say is, I bet you can't pronounce what that name is.
[00:04:48] And they'll go, Chirisma, some other thing.
[00:04:51] And the funny part is when somebody said to us one time, it says, it sounds like a drug.
[00:04:55] We're just waiting for the FDA side effects to come out, right?
[00:04:58] So I was like, okay, all right.
[00:05:00] So, but hey, as long as I remember it, that's all I care, right?
[00:05:03] Hey, listen, you know what?
[00:05:04] It's one of those things where people will stop and think about it, which gives you a
[00:05:08] chance to talk to them.
[00:05:09] Exactly.
[00:05:10] Exactly.
[00:05:11] It's like the hook.
[00:05:12] Yeah, exactly.
[00:05:13] Exactly.
[00:05:14] So anyway, I think this is the first time we've had you on the show.
[00:05:18] Yes.
[00:05:19] Every time we do this, we like to learn about you a little bit, right?
[00:05:22] Because everybody's journeyed through like IT MSP lens.
[00:05:25] It's like very deep.
[00:05:27] So tell us about your story.
[00:05:29] And then I guess that'll take us to present day, which will tell us about your company.
[00:05:32] Because you're the guy.
[00:05:33] You're the guy at the top of this company.
[00:05:35] The check signer, the founder, right?
[00:05:37] The founder, everybody that blames everything, does everything.
[00:05:40] No, just it's a team effort, but we're proud of where we are.
[00:05:43] So in actuality, if I go back, so we say about what's one unique thing about a person,
[00:05:49] right?
[00:05:49] Me, I'm originally from a place called the Isle of Man, right?
[00:05:53] Which is a little island between England and Ireland.
[00:05:57] And one of the famous things it has, if you know, is the Manx TT, which is one of the oldest
[00:06:01] road races in the world, but also one of the most dangerous road races in the world.
[00:06:06] It attracts many riders every year.
[00:06:08] That's where I'm from.
[00:06:09] But in actuality, I never thought I'd be in computers or IT.
[00:06:13] I wanted to be something totally different, going to university, doing all this stuff.
[00:06:18] And I went back to Ireland, lived with my grandmother.
[00:06:20] And being Irish as she is, tradition is, I was thinking I'd have the summer off.
[00:06:25] She was saying, you're not going to be lazy.
[00:06:27] You got to go and work because you got to pay housekeeping money.
[00:06:30] So for about a couple of weeks, she kept at me, at me.
[00:06:33] And then I found an opportunity to work at Gateway Computers.
[00:06:37] Believe it or not, the old Moo TV.
[00:06:39] With the cow box.
[00:06:40] With the cows boxes, the whole nine yards.
[00:06:43] Literally five minutes for where my grandmother was.
[00:06:45] And it wasn't due to the fact that I thought, oh, that'd be a good thing to get into.
[00:06:48] My brain was, ooh, they start at eight.
[00:06:52] They're five minutes away across the...
[00:06:53] I could stay in bed until like 7.50 and still be on time for work, right?
[00:06:57] Wow.
[00:06:58] But I go for the interview.
[00:06:59] And then the rest of the history, I actually fell in love with it, to be honest with you.
[00:07:03] I fell in love with it.
[00:07:05] I actually didn't realize I had a passion for it.
[00:07:08] Didn't realize it and fell in love with it.
[00:07:10] The opportunity to work with computers, not only within the system, but also providing support.
[00:07:15] And the rest is history.
[00:07:16] Fast forward, I've literally done only IT as my whole career.
[00:07:20] This is not like my second job or third career kind of thing of being in the industry.
[00:07:28] And I fell in love with cybersecurity along the way.
[00:07:31] So my first kind of taste of cybersecurity was in 2002.
[00:07:36] And then I actually applied and got my CISSP in 2005.
[00:07:41] Wow.
[00:07:42] So back then, and then just kind of progressed on that way.
[00:07:46] And then if we fast forward to where we are today, was an MSP owner, got out of it in 2015.
[00:07:54] And then basically three years later, saw an opportunity to build Syrisma.
[00:08:00] And the reason why we saw that was because within the SMB market space, especially for the MSP community, was that a lot of the solutions they were offering, a lot of people couldn't afford it.
[00:08:10] Right?
[00:08:10] Because cybersecurity can be expensive, right?
[00:08:12] Especially if you look at some of the enterprise solutions that try to work in the MSP.
[00:08:15] It's cost-effective.
[00:08:18] We're really multi-tenant.
[00:08:19] It wasn't the idea of how do we make people secure.
[00:08:22] Then I started building on this ethos of trying to make cybersecurity affordable, accessible, and simplistic.
[00:08:29] And that was the foundation of building on Syrisma to allow the MSPs to have more toolset consolidation, right?
[00:08:37] So they can have total cost of ownership, ROI.
[00:08:39] And then they build on that to build out additional net new margin for themselves, not only within their current customers, but also prospecting and opening up other areas of revenue.
[00:08:47] And that was the foundation of Syrisma.
[00:08:49] And we use it as an ecosystem now to build on that, to do data classification, vulnerability management, secure configuration, GRC, all rolled into one platform for not only other clients to log in, but the MSP to be able to look at it and say, hey, I could theoretically pay X for Syrisma, but I can, on the other hand, turn that into 3X, 4X, and revenue generation if they work out the process or the kinks in their process because they always focus on the availability.
[00:09:14] And cybersecurity is kind of being a natural progression to move into cybersecurity more than it is to focus on the availability of systems because it's a requirement for business.
[00:09:24] Okay, let's rewind.
[00:09:25] There's a lot there.
[00:09:26] Let's rewind.
[00:09:26] Lots to unpack, right?
[00:09:27] No, no, no, that's good.
[00:09:28] That's good.
[00:09:29] I asked the question.
[00:09:31] And by the way, I just love learning.
[00:09:33] It's like everybody takes this crazy path to get to the same.
[00:09:38] So Gateway Computers, you were in the heyday then.
[00:09:41] Yeah, literally in the heyday.
[00:09:43] Literally in the heyday.
[00:09:44] And it was, yeah.
[00:09:46] Gateway Computers, America Online was like popular at the time.
[00:09:50] Yeah.
[00:09:50] Like this is the time period that we're talking about.
[00:09:53] Yeah, absolutely.
[00:09:54] And he came.
[00:09:55] Can we call it the dot-com era?
[00:09:57] Pretty much the dot-com era.
[00:09:59] Dot-com era.
[00:10:00] And it was an amazing time because it got to show you how you go to a store and buy a computer of how it's built from start to finish, right?
[00:10:08] The order being placed, whether it's from a company or an individual person and going through the assembly line and then providing the support for it.
[00:10:16] I'll tell you so many stories of being in support of what people did back then of what things were.
[00:10:20] Prime example was we got a phone call from a person that said that his coffee cup holder was broken.
[00:10:27] I've heard this one before.
[00:10:29] And this is like, okay.
[00:10:31] And my answer goes, yes.
[00:10:32] I press the button.
[00:10:33] It comes out.
[00:10:34] I put my coffee cup in it.
[00:10:35] And then it goes back inside again.
[00:10:37] Coffee goes everywhere.
[00:10:38] My keyboard is not working.
[00:10:39] And we tried to explain to him that that is a CD-ROM.
[00:10:44] He didn't know what that was.
[00:10:45] Second one, and this is from my friend.
[00:10:48] And he was in support for another company.
[00:10:51] And it came up on the computer saying that there was not enough virtual memory.
[00:10:56] Okay?
[00:10:57] Ran out of virtual memory.
[00:10:58] And it says, please close all windows, right?
[00:11:01] That you're not using.
[00:11:02] So he said, reiterated it.
[00:11:04] He had a little bit of silence.
[00:11:05] And all he heard was, the person literally got it from the computer and closed the windows.
[00:11:12] Came back and said, I've done that.
[00:11:13] And I still have the same error message.
[00:11:16] I've got a lot more.
[00:11:17] It's kind of funny.
[00:11:18] And I still have some of them written down and stuff like that back in the day of things
[00:11:21] that we encountered with people at the time when computers were becoming more and more
[00:11:24] popular, especially for home use.
[00:11:27] Wow.
[00:11:27] I mean, so it sounds like you did a couple of things at Gateway through your journey.
[00:11:32] Like answering the phone was one of them.
[00:11:34] That, you guys must have had the water cooler of all water coolers.
[00:11:38] Oh yeah.
[00:11:39] Big time.
[00:11:39] Big time.
[00:11:40] Yeah.
[00:11:41] And then.
[00:11:42] I mean, it could have been like a series of just comedy skits.
[00:11:46] Oh, really?
[00:11:46] Seriously.
[00:11:47] It's funny.
[00:11:48] And we talked to friends and so forth that worked in other areas with tech support.
[00:11:52] And there's so many similarities.
[00:11:54] We've become more in tune with computers that we kind of know what everything is.
[00:11:58] But back then, you know, like even when I went for my second job for at a accountancy firm,
[00:12:05] they were doing training on people that were all utilizing the old dissertation systems
[00:12:10] with the feet on the pedals back and forth for typing up, you know, in their recordings
[00:12:14] and so forth.
[00:12:15] That they were getting taught how to use a mouse.
[00:12:18] This is back in the day.
[00:12:19] You're thinking how to use.
[00:12:20] You'd be surprised of how many people took the mouse, put it on the floor and still thought
[00:12:24] it was a dissertation thing and trying to click at it with their feet.
[00:12:28] Yeah.
[00:12:28] You know that show, IT Crowd?
[00:12:30] You know, the one where the guy's like, hello, computer.
[00:12:35] Yeah.
[00:12:36] Yeah.
[00:12:37] Yeah.
[00:12:38] Exactly.
[00:12:39] Exactly.
[00:12:40] Wow.
[00:12:41] Okay.
[00:12:41] Like, that's what it reminds me of.
[00:12:43] Or I still joke about this today.
[00:12:53] Hello, fire department.
[00:12:55] I have a fire.
[00:12:56] Please send.
[00:12:56] And he's emailing the fire department.
[00:12:58] I'm just like.
[00:12:59] Yeah.
[00:13:00] I actually asked this question last week and I was like, who is texting 911?
[00:13:06] Like, you can.
[00:13:08] You can.
[00:13:09] Like, if you're in the US and you're in a major metro, you can text 911.
[00:13:13] But like, I'm calling 911.
[00:13:15] Exactly.
[00:13:16] If you have time to text.
[00:13:17] I don't understand what this adversity is to like talking to someone.
[00:13:21] I know.
[00:13:21] By the way, guys, like, no offense.
[00:13:24] They call this a phone.
[00:13:26] Yeah.
[00:13:27] You can talk to people.
[00:13:29] All right.
[00:13:29] Like, no.
[00:13:30] They just like, it's actually a computer.
[00:13:32] And a phone.
[00:13:34] Yeah.
[00:13:34] And a phone.
[00:13:35] Well, think about it.
[00:13:36] It's like we go in circles, right?
[00:13:37] You think about back in the early 90s, late 80s.
[00:13:40] Pagers were the show.
[00:13:41] The thing.
[00:13:42] That's pretty much what we've gone back to with a lot of this.
[00:13:44] The younger generation is texting is basically paging back in the day instead of being numbers
[00:13:49] for certain things that you know, like 123 is I love you kind of thing.
[00:13:53] But 911 is whatever.
[00:13:55] But the whole point is then you get the little you get the pages with the actual keyboard
[00:13:58] on it.
[00:13:58] That's where we're at right now is back and forth and paging that they forget how to interact
[00:14:02] with people.
[00:14:02] Did you watch the BlackBerry movie?
[00:14:05] No, I did not.
[00:14:06] No, I did not.
[00:14:06] Go and watch it.
[00:14:07] Okay.
[00:14:07] Go and watch it.
[00:14:08] Okay.
[00:14:08] And then send me a message.
[00:14:10] You're going to love it.
[00:14:11] Okay.
[00:14:12] Like they tell you how they smashed the first BlackBerry together and like how they like
[00:14:16] ripped the keyboard off from like, like, you know, another thing.
[00:14:19] And I was like, yeah, interesting.
[00:14:21] And I was like, really just like light bulb went off.
[00:14:23] But anyway.
[00:14:24] Yeah.
[00:14:24] Yeah.
[00:14:25] And so you had an MSP then.
[00:14:27] Yep.
[00:14:28] Is this MSP based in Ireland or?
[00:14:31] No, in the US.
[00:14:33] Okay.
[00:14:34] All right.
[00:14:34] You had an MSP where?
[00:14:35] Where was it based?
[00:14:37] Rochester, New York.
[00:14:38] Okay.
[00:14:38] So I actually, so actually.
[00:14:39] So I'm, yeah.
[00:14:41] Well, it depends on where you live.
[00:14:43] If you, if you hear these say we're not upstate, we're western New York.
[00:14:46] So that's, that's the thing.
[00:14:48] But everybody else is, it's upstate, right?
[00:14:50] So, but yeah.
[00:14:50] It's not New York City.
[00:14:52] Yes.
[00:14:52] It's not New York City.
[00:14:53] Yeah.
[00:14:54] Which, which by the way, I'm not that far.
[00:14:56] I mean, are you still in New York?
[00:14:58] Yes, I am.
[00:14:59] Yeah.
[00:15:00] So I'm in suburban Philadelphia, right?
[00:15:02] Okay.
[00:15:02] So like I can go this way or I can go this way, but like I need to get to a bridge or a
[00:15:06] tunnel, which I would like to play.
[00:15:09] And I'll tell you why.
[00:15:10] I'm sure you already know, but like, you know, I keep it on.
[00:15:13] If I hit the highway at the right time at five o'clock in the morning where like I'm
[00:15:19] not sitting in traffic, I could get to a bridge or a tunnel in like an hour and 20
[00:15:23] minutes out.
[00:15:24] Yeah.
[00:15:24] But on every other time of day, that's a half a day operation because.
[00:15:28] Oh yeah.
[00:15:28] Big time.
[00:15:29] Yeah.
[00:15:30] And like, it was funny.
[00:15:31] I had a guy come in from the UK because it was, it was Liverpool and Arsenal were having
[00:15:38] a game in Philadelphia at, you know, the stadium here for the Eagles.
[00:15:42] And I was like, oh, you got tickets.
[00:15:43] Come on over.
[00:15:44] And he actually did.
[00:15:45] And I was like, oh, okay, cool.
[00:15:46] He's like, oh, I'm coming into JFK.
[00:15:48] I have, you know, how much should I have on the easy pass?
[00:15:50] And I was like, a hundred dollars.
[00:15:52] He's like, for what?
[00:15:53] I'm like, because once you go through one round of bridge and tunnels, you're going
[00:15:57] to blow through.
[00:15:58] You're easy.
[00:15:59] He's like, what are you talking about?
[00:16:01] I'm like, like, you got to go through two things to get out of JFK to get to New Jersey.
[00:16:07] It's like 25 bucks a pop.
[00:16:08] And then by the time you're done, you're halfway through your easy pass.
[00:16:11] He's like, this is ridiculous.
[00:16:13] And I'm like, hey man, I don't want to hear it.
[00:16:15] You have like that congestion zone in London.
[00:16:17] Yeah.
[00:16:17] Right.
[00:16:18] Exactly.
[00:16:20] Like you have your own problems.
[00:16:21] Okay.
[00:16:22] Yeah.
[00:16:22] Right.
[00:16:22] Yep.
[00:16:23] So anyway, I try and avoid the bridge and tunnel.
[00:16:26] I've only flown out of JFK one time in the last 10 years.
[00:16:29] And it was because my colleague who is Mr. Delta, Mr. Delta.
[00:16:35] Okay.
[00:16:35] He has like Delta and all their partner airlines.
[00:16:38] We're going to the enable conference last year in Prague and we had never been to Prague.
[00:16:43] And so it was like 16 hours, you know, it was like three hours to get to JFK horrible.
[00:16:50] And then JFK to London, take a train to the other airport in London, London city, London
[00:16:55] city to Amsterdam, Amsterdam, the Prague.
[00:16:57] Yeah.
[00:16:58] Yeah.
[00:16:58] Yeah.
[00:16:58] Yeah.
[00:16:58] And I'm just like, dude, where did you, Hey, he's like, it was the right price.
[00:17:03] I don't want to hear it.
[00:17:03] I'm like, okay.
[00:17:06] It's funny.
[00:17:07] You say that Georgia, because it's kind of like Rochester is the same way.
[00:17:09] There's no direct flights.
[00:17:11] It's always a connecting flight to everything.
[00:17:13] But the funny part is, is that everybody say that you're from New York.
[00:17:16] They automatically assume New York city.
[00:17:19] And I was just saying this to Jen before people think they don't realize I'm like, they
[00:17:22] like, Oh, are you a suburb of like, no, we're actually closer to Toronto and
[00:17:27] Niagara Falls than we are to New York city.
[00:17:29] And they just, it blows their mind.
[00:17:31] But then when we want to go and take a flight, we have to, if I want to go to Austin, I have
[00:17:34] to go through like Chicago or Philadelphia or somewhere else.
[00:17:38] And that you talk about that's 16 hours just to get local.
[00:17:41] So for me, I, I, you know, and maybe, and you know, me and Jen, you know, we, we may
[00:17:46] be at odds about the best airport in the world, but if I, if I, I'm either going Newark or
[00:17:52] Philly, I can get a direct flight anywhere.
[00:17:53] I don't have to do this multi-flight.
[00:17:56] Oh, rub it in.
[00:17:57] Why don't you?
[00:17:58] Like, like all of a sudden for a while, you mean American, you know, bought, bought us airways,
[00:18:05] us airways had a hub in Philly.
[00:18:07] I, you know, and then they like, kind of like for like six or eight months to like took all
[00:18:10] the direct flights out of Philly.
[00:18:11] And I was like, okay, I just go a little bit further down the road to Newark's one highway
[00:18:14] and no toll.
[00:18:16] Yeah.
[00:18:16] I paid $1.25 to come back all good.
[00:18:18] Yeah.
[00:18:19] But then all of a sudden all the direct flights came back to Philly and I was like, Oh, easy
[00:18:22] peasy.
[00:18:23] We're going to go back over here.
[00:18:24] Yeah.
[00:18:24] Yeah.
[00:18:24] So if it's not, you save that $1.20.
[00:18:29] So yeah, it's the time and effort.
[00:18:30] Lucky me.
[00:18:31] But yeah, ask Jen about her parking lot.
[00:18:33] She may have a different story for you.
[00:18:35] But anyway, that being said, uh, so you had an MSP outside of New York city.
[00:18:41] And, um, let me ask you a question about that for a second.
[00:18:45] Why is it that anytime I'm on the phone, I'm sorry if I don't, if you, if you listen to
[00:18:50] this, you take offense.
[00:18:51] Don't because you know what I'm about to say, but I'm going to say it anyway.
[00:18:54] Why are they always hard to deal with?
[00:18:56] Why are all the people from New York that are in the IT business always like, I expect
[00:19:02] the problem.
[00:19:03] Why?
[00:19:04] Yeah.
[00:19:05] I don't know.
[00:19:06] I think they grew up with issues.
[00:19:08] So they always expect it.
[00:19:09] So I tell my team, I'm like, listen, if they're coming from New York expected, they're going
[00:19:14] to, there's going to be a thing.
[00:19:15] Yeah.
[00:19:16] You can't deal with that.
[00:19:18] Yeah.
[00:19:19] Don't pass that off to me.
[00:19:21] I'll take that.
[00:19:22] Yeah.
[00:19:22] Right.
[00:19:23] I'll be honest with you.
[00:19:24] I, for me, I saw it a little differently because it's sort of an opportunity for us to kind
[00:19:30] of fix that.
[00:19:33] Talk to him about issues and not rather than saying we are an issue.
[00:19:36] Right.
[00:19:37] Um, so, um, and that's the thing we saw that as we, as we grew, um, to a team.
[00:19:43] And, but at the same time, we didn't handle the, I'm trying to put this in a way that
[00:19:47] isn't like totally flipped, but how do you handle the mentality, the New York city ish
[00:19:53] mentality where it's like, everything's in negotiation.
[00:19:56] It's every penny, you know, like they'll literally fight you on the corner for it.
[00:20:00] And I don't want to pay for anything.
[00:20:01] Cause I feel like that's still the status quo here.
[00:20:04] Right.
[00:20:04] Uh, we made a decision in the company not to take any company, any business from it.
[00:20:08] And let's take companies on from New York city.
[00:20:12] There it is.
[00:20:13] Yeah.
[00:20:13] So it was suburban New York, every New York and, and, and 10 other states that we were
[00:20:20] working with.
[00:20:20] Um, and then from that New York city, but you're right.
[00:20:23] It's all negotiation.
[00:20:25] Right.
[00:20:25] And the negotiation was how much can I get the price lower?
[00:20:29] Right.
[00:20:30] It's like, Hey, do you like two cans in the string?
[00:20:33] Like, what are we doing here?
[00:20:34] Yeah.
[00:20:34] Yeah.
[00:20:35] So we just made the decision not to do that.
[00:20:37] And we focused on specific key areas at the time, healthcare and finance.
[00:20:41] All right.
[00:20:41] So, and you'll see a lot of them moving out of New York city, uh, and, and different
[00:20:45] areas.
[00:20:46] And so we were able to take on that role and responsibility.
[00:20:49] And then it kind of opened up cause we, we kind of at that time decided to say, where are
[00:20:53] we going to do is a little bit differentiators, more engaging cybersecurity at that point in
[00:20:57] 2015 and bringing it in.
[00:20:59] So we built a cybersecurity practice as well to go and do assessments and build that in
[00:21:04] and merge that into, onto the MSP side, which gives us a little bit of differentiator on the
[00:21:08] other side, which means we weren't as cheap as some of the other MSPs because we had that
[00:21:12] kind of thing.
[00:21:13] And then, um, then basically at that point, the, we, we got acquired and then from there,
[00:21:20] I kind of went back into corporate and that's when I started seeing things, but people knocked
[00:21:23] on my door and says, Hey, are you able to do consulting again, Liam?
[00:21:25] Can you do it on nights and weekends?
[00:21:27] So I did.
[00:21:28] And then that's what started the whole process thinking, hang on a second.
[00:21:31] I'm seeing an opportunity here that we can build a platform and then move into,
[00:21:36] and then we started in 2018 building the, um, hold on timeout.
[00:21:43] Did you sell your MSP?
[00:21:45] Yeah.
[00:21:47] Tell us about that for 10 seconds.
[00:21:49] Cause like everybody has like this idea of how that goes.
[00:21:54] Like you have multiple bidders and somebody come knock on your door.
[00:21:58] Like it was, it was somebody from knocking on our door.
[00:22:01] And then at that point with the knocking in the door, it just basically allowed for an
[00:22:04] opportunity.
[00:22:05] And I think we were at a point where we're like, okay, it's time to work on something
[00:22:09] different.
[00:22:10] And then we.
[00:22:11] So when you sold, so when you sold, how many employees, how many customers were,
[00:22:15] were you supporting and how many computers were under management?
[00:22:19] Um, at that, I wasn't involved in that side of, outside of that.
[00:22:22] I was, I was the cybersecurity focus.
[00:22:24] Okay.
[00:22:24] So on the MSP side, we, on the security side, we had probably roughly at about seven
[00:22:29] people working on the MSPs on the cybersecurity side.
[00:22:32] And there was like 13 working on the MSP side.
[00:22:36] Um, and at that point we were at close to, I think it was like two or 300 customers, uh,
[00:22:40] maybe, maybe 30 or 40,000 under management.
[00:22:43] And then that got merged into, uh, another, uh, company.
[00:22:47] And then for us, we took advantage of that.
[00:22:49] And I decided to kind of burn out after a while, cause you constantly kind of doing something
[00:22:53] and being on the road.
[00:22:54] So it was an opportunity for us to say, Hey, how about if we merge into, um, a full cybersecurity
[00:23:01] focus?
[00:23:01] And that's kind of what I did on nights and weekends.
[00:23:04] Cause customers came back and said, Hey, I'd like you to be able to do this, this, this,
[00:23:07] and this.
[00:23:07] And then three years later after that, I started Syrisma.
[00:23:11] Okay.
[00:23:11] Well, as most great companies in the sandbox, right.
[00:23:16] And then we said there's enterprise companies and big red tape companies split off, whatever,
[00:23:22] like the really good companies started in MSP land and they came up with an idea and they're
[00:23:26] like, why isn't this out there?
[00:23:28] And they built something.
[00:23:29] Right.
[00:23:29] So like, this is that story here.
[00:23:31] Yep.
[00:23:31] Yep.
[00:23:32] So, so let me ask you this.
[00:23:34] I have this, this question has probably come to you eight different flavors and ways,
[00:23:38] but I'm going to say, I'm going to ask him.
[00:23:39] Um, how much of cybersecurity is legitimate and how much of cybersecurity is just, I'm
[00:23:46] selling you a box of goods because it sounds good and it scares you enough that you're going
[00:23:51] to take out your credit card.
[00:23:53] Well, one of the things is that you can't sell on fear, uncertainty, and doubt that turns
[00:23:57] people away.
[00:23:58] That's part of the problem.
[00:23:59] Why we are in this situation, cybersecurity becomes more expensive, the bad actors are
[00:24:03] everything.
[00:24:03] So for a lot of it is that we want to focus on in cybersecurity is to kind of focus for
[00:24:08] you, George, to say, okay, I need to be compliant.
[00:24:11] I say you're a financial institution, or even now we'll just say car dealership, which a
[00:24:15] lot of MSPs work with.
[00:24:16] They're getting classed as a financial institution, which means they're no longer focusing on
[00:24:21] availability, generating revenue.
[00:24:23] They're now having to say, as I collect that data, what am I going to do with it?
[00:24:27] They don't have the staff.
[00:24:28] So they're going to look towards the MSP and the MSP is going to go, I'm focusing on
[00:24:32] the availability of systems to make sure you're up and running, generating that revenue
[00:24:36] to keep paying your bills.
[00:24:37] Now I got to start thinking about security.
[00:24:40] What is the requirement?
[00:24:41] Until CDK, which very much, by the way, since you brought up car dealerships, kind of mimics
[00:24:47] MSP land, right?
[00:24:49] There's like three or four big companies, all PE back now, and the one big guy had the
[00:24:56] one big breach.
[00:24:57] Sounds familiar?
[00:24:58] Sounds familiar to me.
[00:24:59] Yeah.
[00:25:00] So like what happens when 15,000 car dealerships are down and all of them had all their data
[00:25:09] in the one place because it was the big guy who was housing all the information.
[00:25:12] And now all of those credit card numbers and social security numbers and finance applications
[00:25:17] and credit scores and all the other stuff that the car dealership, to your point, they're
[00:25:21] acting like a financial institution because they're housing all this information.
[00:25:24] And now what?
[00:25:27] It's right.
[00:25:28] And the problem is, is that it's about, the question is complacency, right?
[00:25:33] You take into a situation like that, they're at a point where they're funneled through four
[00:25:38] major companies.
[00:25:39] They have no one else to come and pick from.
[00:25:41] It's the same thing on cybersecurity.
[00:25:42] You think about your E-10ables, your Rapid7s, your Policis.
[00:25:45] They focus on that.
[00:25:46] Then when they look at other alternative solutions, that's where Cereso comes in.
[00:25:50] But what we have to compete with is complacency.
[00:25:52] What complacency is in their personal life, they get compromised on a daily basis, right?
[00:25:56] Banks, getting this, credit monitoring.
[00:25:59] So we become basically, we don't go, oh my goodness, the sky is falling, right?
[00:26:07] Now it's at a point where it's like, okay, we can't do the fear and certainty now anymore.
[00:26:11] We can't tell them that, hey, the sky is falling because yesterday they just got a letter in the
[00:26:15] mail saying their healthcare got compromised or this got compromised.
[00:26:19] They're getting a new credit card, so they can't do that.
[00:26:22] So what's now, it's basically saying, hey, when are you, you could potentially lose business
[00:26:26] because George, your vendor is now doing a vendor risk management against you.
[00:26:31] Are you doing policies and procedures in place?
[00:26:33] Are you doing this?
[00:26:34] Because if you're not, we can't award you the contract.
[00:26:36] We can't award you the business.
[00:26:39] Now with MSPs, it's a little different because now the fear is for them is that if they don't
[00:26:45] provide a service or meet their SLA and there is a breach or compromise, they can now be
[00:26:50] included in the class action lawsuit and a suit for them to be included.
[00:26:54] And it's actually happened.
[00:26:55] It's already started.
[00:26:56] CES has already recommended that MSPs need to make sure that they cover themselves in
[00:27:00] every aspect when it comes to cybersecurity.
[00:27:02] If they say that in their SLA, they need to follow through on it, which means what are you
[00:27:06] doing?
[00:27:07] We're going to do patch management.
[00:27:08] Well, how do you know you're doing patch management?
[00:27:09] Making sure you do vulnerability management.
[00:27:11] So it all ties into certain things.
[00:27:13] CES is saying you need to do this.
[00:27:15] But from a customer perspective, they need to meet a requirement.
[00:27:18] Like if it's for example, the car dealerships, they have to be compliant around the safeguard
[00:27:24] rule of FTC, which is an extension of GLBA, which is what banks and other financial
[00:27:28] institutions have to do.
[00:27:29] Which means tactically, I have to do vulnerability management or risk-based vulnerability management.
[00:27:34] I have to do a pen test on a regular basis.
[00:27:36] I have to make sure I have secure configurations in place because that's a requirement of system
[00:27:40] hardening, as they like to say, in the compliance or policy process.
[00:27:44] I need to make sure that I know what my data is.
[00:27:47] It's from a data sensitivity and classification standpoint so I can manage it and maintain it.
[00:27:51] But then how do I then bring that up to a level of a security scorecard that can be
[00:27:56] presented to the executive leadership?
[00:27:58] Because they don't need to know all the ones and zeros.
[00:28:01] They need to know is, oh, here we are here.
[00:28:03] And how do we get to here?
[00:28:04] And that's where the plan needs to be built.
[00:28:06] And that's when solutions like CIRISMA needs to be applied.
[00:28:08] Hold on.
[00:28:09] Hold on.
[00:28:09] I'll give you an example of this.
[00:28:11] Microsoft came out with a security score.
[00:28:13] No, but I've never seen anybody get to 100.
[00:28:16] Oh, because you're never going to get to 100.
[00:28:18] Right?
[00:28:18] Because the only reason being is because they're going to say, let's take a compliance example.
[00:28:23] Just use CIS, right?
[00:28:24] CIS controls version 8.
[00:28:26] There's over 60 plus, 100 plus questions, right?
[00:28:30] You're not going to answer every single one because there's going to be ones that you're
[00:28:33] going to mark as not applicable because either you're saying it doesn't require to us or
[00:28:37] we have a compensating control because we can't physically implement it.
[00:28:41] So that means that you're still not doing it.
[00:28:42] It's the same thing when you go to Microsoft Secure Score.
[00:28:45] All the different configurations, whether it's data, whether it's app, whether it's identity,
[00:28:49] all those different things you need to know.
[00:28:51] But you need to break it down by saying, do I need to do this?
[00:28:54] Yes or no.
[00:28:54] If you turn everything on, you can impact productivity, right?
[00:28:59] So that's a key thing.
[00:29:00] Security comes with an impact on productivity and also an impact on culture.
[00:29:03] There needs to be a combination of both where you need to understand what you can do and
[00:29:07] what you can't do.
[00:29:08] It's not going to impact productivity, but it's also not going to reduce your risk.
[00:29:11] Okay.
[00:29:13] Let's rewind for 10 seconds.
[00:29:14] Yep.
[00:29:15] I'm starting to get the feeling based on our conversation that, you know, are you implying
[00:29:22] that an MSP needs to be very, you know, careful on what end customers and the industries that
[00:29:31] they exist in that they're supporting and that they can't be a generalist anymore?
[00:29:35] Because it sounds like in order to deal with, like, I was talking to a guy in Australia a
[00:29:41] month ago and he's like, there's not a government recommended, you know, they're like CIS is a
[00:29:47] US government.
[00:29:48] You know, I guess it could be applied worldwide, but like down there, they're like, you know,
[00:29:52] the accepted thing is like ISO 27001, right?
[00:29:57] Like if you can get to that, that is the current go-to because there isn't a recommended one.
[00:30:04] Well, so let's take it back for the, for you talking about Australia.
[00:30:07] Yeah.
[00:30:07] So there's a tactical one that's called essential eight, right?
[00:30:11] So essential eight is tactical by saying, here's what we want you to do, which is make
[00:30:15] sure you-
[00:30:15] Which is a government thing, right?
[00:30:17] Government thing.
[00:30:18] Not basically for the MSPs, they need to look at implementing that tactically, which means
[00:30:22] locking down macro, system hardening, vulnerability, patching.
[00:30:27] But when it looks at the strategic aspect of it, which means education around the users,
[00:30:32] policies and procedures, there isn't one for that.
[00:30:35] There is other areas that you can adopt and incorporate to maintain that you're increasing
[00:30:39] the security posture of that.
[00:30:41] But then when you go to like Europe, they have NIS too, right?
[00:30:46] Then UK has the cyber essentials, which goes in tactical aspect because they know tactically
[00:30:51] a lot of things are very weak.
[00:30:52] Because back in the day in the MSPs, it was their security mindset was as long as they have
[00:30:57] a firewall, have antivirus and I do regular patching.
[00:31:01] Well, I try to do patching.
[00:31:03] I'm good.
[00:31:04] Everything else is around that is, wasn't really thought of, right?
[00:31:07] Now it's a big different situation.
[00:31:09] So these are things that they have to abide by, but reality-wise-
[00:31:13] What's the, like, I understand CIS is a guideline, but like, is it SOC 2?
[00:31:18] Is it, like, what, what, like-
[00:31:20] So it depends on industry, right?
[00:31:22] So let's take, for example, if you're in healthcare, you've got a federally regulated security guideline
[00:31:27] to follow, that's HIPAA, okay?
[00:31:29] If you're in banking, you've got, you've got FTC, you've got FISMA, you've got all these
[00:31:35] different things that are out there from a federal regulation.
[00:31:38] Then you've got state level, which is agnostic.
[00:31:41] And state level is making sure that you're protecting PII information on any residents of
[00:31:48] that state.
[00:31:48] And each state is different.
[00:31:50] One's more severe than the rest, right?
[00:31:52] So you pick one that you're working with and you're in to be able to provide that.
[00:31:57] And then you go from that and you're able to manage it.
[00:31:59] Now, the problem you have is, is then you're kind of feeling like you're all over the place
[00:32:03] because you've got all these regulations that come into play.
[00:32:05] So it's basically stating that, okay, I want to abide by a situation where I'm going to
[00:32:13] pick, and you talk about generalists, right?
[00:32:15] The generalist or somebody that's very well adverse on cybersecurity will pick and say,
[00:32:20] okay, we're going to standardize on a specific framework and then crosswalk it.
[00:32:24] So let's say, for example, if I pick CIS controls version 8 or 8.1 now, they've already
[00:32:29] done the crosswalk for you.
[00:32:31] So if a customer is in HIPAA or this, they've crosswalk what controls they have and tell you
[00:32:36] that there's still 10% left to do.
[00:32:38] But if you follow CIS controls version 8, you can get to about 80 to 90% of potentially
[00:32:42] majority of the regulations out there and just focusing on one standard.
[00:32:46] And that's where it comes into play.
[00:32:48] But the other aspect of this, it's not one size fits all.
[00:32:52] So we get it a lot where we're saying around, like, say, secure configuration.
[00:32:56] Well, I want to push it down, a secure configuration that does all my customers the same standard.
[00:33:00] You can't do that because each customer is a little different in what they do that you have
[00:33:05] to take that into consideration by saying, yes, you can have a standard group setting,
[00:33:09] but you can't apply what you've done over a doctor's office into a lawyer's office.
[00:33:14] You can't apply the same configuration because they're going to be different because how they
[00:33:18] their productivity may be different from a doctor's office or vice versa from a security
[00:33:22] standpoint.
[00:33:23] So there is a situation where you have to be actually aware and understand and sit down.
[00:33:28] And that's why we educate back in the day.
[00:33:30] I was educating people called creating the security organization for any company that you're
[00:33:33] in and be a part of it.
[00:33:35] Because once you start bringing in different areas of business or different areas of departments,
[00:33:40] you're able to understand how they work so you can help to build out the security posture.
[00:33:45] And, you know, you've heard the statement that security is not a product.
[00:33:48] It's a process.
[00:33:50] It's a combination of both.
[00:33:52] Right.
[00:33:52] You can institute product, i.e.
[00:33:55] like Syrisma, that can help you with process because you can take tactical and turn it into
[00:33:59] strategic.
[00:34:00] Right.
[00:34:00] And with strategic means policies and procedures, additional education, doing tabletop sessions,
[00:34:05] all this kind of stuff that's available to you.
[00:34:07] And that's the key thing.
[00:34:08] It's about being educated around cybersecurity, but not educated in a specific product.
[00:34:12] Because the product itself is great.
[00:34:14] It can only take you so far.
[00:34:16] But you need to understand cybersecurity to be able to help the customer and listen to
[00:34:20] their needs to be able to come up with a formulated plan, that combination of both product as
[00:34:25] well as process.
[00:34:26] Okay.
[00:34:27] I mean, at the end of the day, here's the reality.
[00:34:29] If I walk into any business in America that's not a technology business, which is the majority,
[00:34:34] by the way.
[00:34:34] Yeah.
[00:34:34] I don't care if it's a donut shop, mechanic shop, doctor's office, accountant, lawyer.
[00:34:40] I could go on architect, realtor.
[00:34:43] Yep.
[00:34:43] I mean, they don't give a crap about security.
[00:34:47] Like, quite frankly, they all look at it as a roadblock to get them to be able to do
[00:34:52] what they actually need to do.
[00:34:54] Correct.
[00:34:55] At the end of the day, you know, like, and I didn't come up with this, but I've heard
[00:35:01] it a thousand times, right?
[00:35:03] Technology is one of like the top four most hated industries in our, at least in the
[00:35:07] United States, right?
[00:35:09] Employers, mechanics.
[00:35:10] Like, you're just talking a language that they don't understand.
[00:35:13] And anytime a dollar amount comes along with something they don't understand, they get
[00:35:16] frustrated.
[00:35:17] Yes.
[00:35:18] So like, at the end of the day, the MSP has gotten pushed into almost an impossible corner.
[00:35:24] One, they got to keep the lights on and they get in trouble when the lights go out.
[00:35:27] And it's not even their fault.
[00:35:29] They're just managing whoever and whatever that problem is.
[00:35:32] And then number two, they're getting squeezed to Point CSA, which is a government agency.
[00:35:36] They're like, well, the MSP is bad, bad, bad.
[00:35:38] Yeah.
[00:35:39] Bad things.
[00:35:40] And it's like, well, if the MSP doesn't dare that, that customer that they're servicing
[00:35:43] is just completely might as well be on the island with Gilligan.
[00:35:47] They're lost.
[00:35:47] Yeah, exactly.
[00:35:48] Exactly.
[00:35:49] You can blame us.
[00:35:50] You can blame us.
[00:35:50] The problem didn't go away.
[00:35:52] Yep.
[00:35:52] So like, you know, and then of course, the MSP is always being back to your New York City
[00:35:57] thing, always being squeezed for money.
[00:35:58] Right.
[00:35:58] It's like, well, you're asking us to do more and more and more, but you're asking us to
[00:36:01] pay less, less, less.
[00:36:02] These two things don't work.
[00:36:04] Right.
[00:36:04] Yeah.
[00:36:04] So, yep.
[00:36:05] So, so, so your platform that obviously you started out of an MSP, so you understand the
[00:36:10] challenge, right?
[00:36:11] Yep.
[00:36:11] You understand that problem.
[00:36:13] Yep.
[00:36:13] Your platform, when you go to an MSP and say, hey, I know you could buy like 45 different
[00:36:18] things here, right?
[00:36:20] Yep.
[00:36:20] Like you probably heard, you know, one size fits all and there's going to be a overlapping
[00:36:24] of products required on top of process, on top of all the other things you just talked
[00:36:28] about.
[00:36:28] Yep.
[00:36:29] Like at the end of the day, the average MSP is not big.
[00:36:34] No, they're not.
[00:36:35] An average MSP does not have a U working for them.
[00:36:38] Correct.
[00:36:39] Like you always had an MSP and you had a security department.
[00:36:43] Most MSPs, that security department don't exist.
[00:36:46] Exactly.
[00:36:46] They're, best case scenario, it's outsourcing to somebody else.
[00:36:49] Correct.
[00:36:50] Absolutely.
[00:36:51] And like, by the way, everybody's worst nightmare was not, was a theory until about three months
[00:36:57] ago when CrowdStrike took them all out.
[00:37:00] Yeah.
[00:37:00] Yeah.
[00:37:01] And then every MSP who outsourced to the Yankees or so, or they claim to be the big guy on top
[00:37:07] of the food chain.
[00:37:08] Mm-hmm.
[00:37:09] Now they had to go put the fire out and they introduced that vendor to their customer.
[00:37:13] Yeah.
[00:37:14] Yeah.
[00:37:15] So now we all, yeah.
[00:37:16] So, so now they, they got burned on both sides again.
[00:37:19] Correct.
[00:37:20] When does it, when does it come back down to earth and settle down for the MSP?
[00:37:24] I feel like they just keep on getting squeezed.
[00:37:26] They, they do get, they, honestly, they do because it's a doggy dog world out there.
[00:37:30] Right.
[00:37:31] And everybody thinks that they, they understand cybersecurity.
[00:37:34] Now, what I, what I tell people to do is to say that, okay, use the resources you have.
[00:37:38] Because a lot of them understand security, but don't have the means to be in security
[00:37:43] on a day-to-day basis because their focus is primarily maintaining subs systems up.
[00:37:48] Right.
[00:37:49] But they want to get into the confidentiality and integrity of systems or networks and so
[00:37:52] forth.
[00:37:53] Now, within our tool set, you talked about how do you get customers to start realizing,
[00:37:58] you know, you know, how do we make them think about how to move from point A to point B?
[00:38:03] It's basically showing the platform to internal users, i.e. to the, to the MSP themselves and
[00:38:10] saying, okay, how do we turn this into a revenue generation?
[00:38:13] So we can earn more money, not only from the customer, from existing customers, from a
[00:38:16] new night, new customers.
[00:38:17] What differentiate us from one MSP to the next?
[00:38:21] How do we turn our staff into being not only IT people, but IT slash security people?
[00:38:28] Right.
[00:38:28] But how do we talk to, when we go into our QBRs, how do we talk to the leadership and say,
[00:38:34] here's what we've instituted for you?
[00:38:36] Now, there's three things that we've done in the platform that helps them to do that.
[00:38:40] Number one, we simplified that you're not a credit score.
[00:38:44] You're not a high risk.
[00:38:45] We turned it into a grade.
[00:38:47] So they know F through to A.
[00:38:50] A is doing great.
[00:38:51] F means failing.
[00:38:52] Everything in between is a process improvement.
[00:38:55] Next thing they ask is, what's our financial loss if we were compromised by ransomware?
[00:39:00] What's the dollar, potential dollar amount?
[00:39:02] Now you're asking, you're providing that to them.
[00:39:05] That's an easy sell.
[00:39:06] We already do the math.
[00:39:07] You're now presenting saying, hey, by the way, here's what we can, here's what your
[00:39:10] potential loss is.
[00:39:11] Here's how we can offset that to cyber insurance.
[00:39:13] And oh, by the way, Mr. MSP, in that little questionnaire that we created for you, you can now uplift to
[00:39:19] the customer, net new functions or services that they didn't have before because you're turning that no, which could be also from a certain insurance
[00:39:27] standpoint be classed as negligence because if it gets compromised, you're turning that into additional services for yourself.
[00:39:33] The final thing that we put in there for them is, well, how do we compare to other people in our industry?
[00:39:38] That's a question that we got.
[00:39:39] We got a lot until we put it in place.
[00:39:41] Now they can go in and they don't need to be security experts.
[00:39:44] Those three things right there.
[00:39:45] The rest is all gravy.
[00:39:47] If you think about it, presenting those three things to the customer already sets you apart from the rest of the other MSPs that don't have that.
[00:39:53] They've got multiple tools and they have to do an Excel spreadsheet.
[00:39:55] It's directly right there.
[00:39:57] And now you can present to the customer.
[00:39:59] You're not having to kind of scramble on a quarterly basis to build out a report and spend hours and hours and hours and doing it.
[00:40:05] You can walk right into the customer and bring the dashboard up and right there, right away, see your grade, see what your financial impact is and show them how they compare to other people in their industry.
[00:40:14] And oh, by the way, as the MSP, click, here's my action plan for you in near real time of what I want to institute.
[00:40:21] And at that point, they look like stellar experts, but they don't have to have somebody come in and click on the thing and be this expert.
[00:40:29] The application provides that to them.
[00:40:31] And then all they need to do then is just execute.
[00:40:33] And until the next QBR, they see the grades going down, which means you're enhancing your patch management.
[00:40:38] You're showing them.
[00:40:39] Now, we do get the opposite side of things where you get MSPs that thought they were doing patching and the vulnerability says you're really not.
[00:40:46] They're like, oh, my goodness.
[00:40:48] We then educate them and says, hey, it's not don't create your own fear of losing the customer because that's going to make you nervous and make you make a wrong decision because you're knee jerking at that point.
[00:40:58] The other element of it is to say, hey, when we analyze this new tool, we discovered that we're meeting the SLA because we're patching all the Windows patches.
[00:41:08] All the vulnerabilities that we're identifying right now are all third party, which means our RMM tool, whatever we're using, is not doing a stellar job at identifying those potential issues.
[00:41:17] That's why we incorporated CyRisma, because we need to have more visibility on third party vulnerabilities so we can actually patch because CyRisma is telling us that we're doing a great job on Windows patching, which is part of our SLA agreement.
[00:41:29] On the third party, we're not doing so great.
[00:41:32] That's why we're instituted CyRisma to bring elevates our accountability, but also brings you attention to where we didn't have that visibility before.
[00:41:40] So now you turn that negative into a positive and the customer goes, wow, that's why I'm paying you this money because you don't want them to go through an order every year and say, why am I paying the MSP this money?
[00:41:49] And I'm not seeing any value.
[00:41:50] That's a key thing right there that you're willing to accept certain responsibilities.
[00:41:54] But at the same time, the platform means that they need to have some level of accountability because it's not all one sided.
[00:41:59] Right. You talked about before about the art of the deal is I don't use your product.
[00:42:04] You're going to do everything. We only can do everything to a certain point.
[00:42:08] But there is expectations that you need to do things.
[00:42:11] And what CyRisma does is allows you to elevate certain things to mitigation, to the customer side, mitigate.
[00:42:17] And then the customer comes back to the QBR and says, why is our grade not moving?
[00:42:21] Hang on, Mr. Customer.
[00:42:22] I've assigned this three, four things to four of your employees and they haven't configured it yet.
[00:42:27] That is why the grade hasn't moved.
[00:42:29] So now if anything happens, you've got evidence to say we assigned it.
[00:42:34] They are aware of it.
[00:42:35] They didn't execute on it.
[00:42:37] They can't come after us.
[00:42:39] I like that.
[00:42:40] So there's ways of doing the actual integration and showing that.
[00:42:45] And that's where MSPs can become subject matter experts over time by allowing you to leverage tools like CyRisma to allow your staff to become more aware of what's going on and not be fearful of the unknown.
[00:42:57] Right.
[00:42:57] We're all fearful.
[00:42:58] If we don't see something, it's like that's why horror movies became so suspenseful because they knew that their natural fear of not knowing or seeing something enhances that kind of like, oh.
[00:43:07] And that's what it feels like sometimes with cybersecurity because they feel that if I show them, I could lose the business or lose my job.
[00:43:14] No, embrace it because then if you do that, you can only fix an issue before it becomes a major problem.
[00:43:20] Yeah.
[00:43:20] Proactive versus reactive.
[00:43:21] I got you.
[00:43:22] So how does the program work?
[00:43:24] Right.
[00:43:24] Like, do you just work with MSPs?
[00:43:26] Are you also working with end customers?
[00:43:28] How does the program structure?
[00:43:30] Is it per customer?
[00:43:32] Is it per user?
[00:43:33] Is it per endpoint?
[00:43:34] Like, paint the picture.
[00:43:35] Yeah.
[00:43:35] So with the picture itself, we work with MSPs, MSSPs, IR firms, cybersecurity consultancy firms, anybody that works within cybersecurity that has the ability for multi-tenancy.
[00:43:46] Right.
[00:43:46] So our pricing is, this example, is that it's all based on endpoints.
[00:43:51] An endpoint is a laptop, desktop, and server.
[00:43:53] It's not a per customer.
[00:43:54] You subscribe.
[00:43:55] Say, for example, you have an MSP that has 1,500 endpoints under management.
[00:43:59] That's laptop, desktop, and servers.
[00:44:01] They can have a lot more infrastructure like printers, switches, routers, and all that kind of stuff.
[00:44:04] We do not include those into the pricing.
[00:44:06] That's automatically free to you scan and manage.
[00:44:09] Why should you be dinged on that?
[00:44:10] So therefore, you can manage your licensing a lot more effectively.
[00:44:13] So that's how we do it.
[00:44:14] So when you license and say, so by the way, I want to start off at 250 endpoints, that 250 endpoints can be across all your customers.
[00:44:22] Then at that point, anything above that is all based on what we call consumption.
[00:44:26] You can ebb and flow.
[00:44:27] As you lose a customer, gain a customer.
[00:44:29] Now, one of the de facto things that we also do is give you a consulting license in with being a managed service.
[00:44:34] So what that means is if you go out and all of a sudden you got this whale that could be 10,000 endpoints like a healthcare institution, right?
[00:44:42] You're thinking to yourself, do I have to buy more licenses?
[00:44:45] No.
[00:44:45] You can still go out and perform full-on assessment for up to 35 days.
[00:44:49] You're getting a full figure.
[00:44:50] Because the goal is you'd want to turn them into a managed service.
[00:44:54] Or you're doing the assessment to get paid for it.
[00:44:57] And within 35 days, just shut down the instance.
[00:45:00] You don't have to worry about any additional licensing.
[00:45:02] What that does is allows you to then basically do POCs with prospective customers, enhance your assessment capability, or even start a new practice to do cybersecurity assessments with Cyrisma, aiding you to do that as part of that.
[00:45:15] So you can gain, again, additional revenue generation streams that you want to be able to produce.
[00:45:20] So that's how we do it from an endpoint standpoint.
[00:45:22] So there's an agent that gets installed to do all of it.
[00:45:26] Yes, you can deploy an agent.
[00:45:27] It can be agent or agentless.
[00:45:29] Agent means you deploy an agent to all assets, i.e. in this case, Windows, Mac, Linux, or even now Chromebook that we just rolled out.
[00:45:36] Or you can put it out as a probe, which means deploy it on a specific machine.
[00:45:40] And then that same piece of software can then become a probe that you can set up to do discovery scans, importing, all the scans you do.
[00:45:47] Obviously, they take a lot longer.
[00:45:48] And then there's caveats.
[00:45:49] If they're AD, Azure AD joined, or intra-ID joined, then connectivity becomes a problem.
[00:45:55] So then that's why we did the agent-based because it just becomes very easy.
[00:45:58] There's no credentials.
[00:46:00] And they can be anywhere in the world.
[00:46:01] And you can scan them.
[00:46:02] Fair.
[00:46:03] All right.
[00:46:04] So it's multi-tenanted.
[00:46:05] It's endpoint-driven.
[00:46:07] You give them 35 days free if they need to use it in free customer prospecting mode.
[00:46:14] Yep.
[00:46:14] Is there an agreement?
[00:46:16] Is it month-to-month?
[00:46:17] How does it go?
[00:46:18] It's month-to-month.
[00:46:19] We don't do long-term agreements.
[00:46:20] It's month-to-month.
[00:46:21] We're the 30-day out.
[00:46:22] Plain and simple.
[00:46:23] I love that.
[00:46:23] So they're not tied into any contract.
[00:46:25] You know, MSPs, listen.
[00:46:27] You wish that was every vendor you're dealing with.
[00:46:29] Beyond.
[00:46:30] Yeah.
[00:46:30] Yeah.
[00:46:31] And that's how we want to do it.
[00:46:32] We want to make sure it's easy for the customer.
[00:46:35] And then they can have, and they can manage their license and they can log in and see exactly
[00:46:39] how much they've utilized.
[00:46:40] And then it's based on consumption, either pay by credit card or ACH or whatever they want
[00:46:45] to do.
[00:46:46] I like it.
[00:46:47] Yeah.
[00:46:47] I like it.
[00:46:47] So you said one thing in there, you know, so I was just looking at your list, right?
[00:46:52] So they said vulnerability scan, the security baseline, dark web monitoring.
[00:46:56] I know there's a lot of products out there, but that's in there.
[00:46:59] Yep.
[00:47:00] Risk monetization, risk mitigation, scorecard.
[00:47:03] That's your credit score, right?
[00:47:04] Yep.
[00:47:05] Cyber risk assessment reporting, the cybersecurity compliance.
[00:47:08] Yep.
[00:47:08] Let's for two seconds.
[00:47:09] You mentioned earlier in the call, the podcast, you know, pen testing, which frankly, I mean,
[00:47:17] I feel like the hot dog cart on the corner in New York City too.
[00:47:21] Yeah.
[00:47:22] What, what's legitimate in that category?
[00:47:25] And maybe you don't do it, but like I, everybody seems to be offering it, but like what counts
[00:47:29] and what doesn't count here?
[00:47:30] Yeah.
[00:47:31] So, so there's always this misconception of what is pen testing, right?
[00:47:34] Some people think it's just vulnerability assessments, the whole nine yards, right?
[00:47:37] So there's two sides to it for us from the internal pen testing standpoint, right?
[00:47:44] If you look at the pen testing methodology, it's a discovery, enumeration, vulnerability
[00:47:48] mapping, exploitation, right?
[00:47:51] So internally we focus on the first three discovery, enumeration, vulnerability mapping, and then
[00:47:57] you can export that out.
[00:47:58] Now, externally we look at web applications.
[00:48:01] So we actually then take advantage of saying, okay, we've enumerated the web app.
[00:48:06] We've, sorry, discovered the web app based you put in the URL, we've enumerated it, discovered
[00:48:10] potential insertion points.
[00:48:11] Now we're going to tell you cross-site scripting, SQL injection, all that kind of stuff, which
[00:48:16] is a requirement for certain regulations to have that ongoing with external facing websites,
[00:48:20] because that's the first protocol that your clients or their clients are connecting
[00:48:24] to.
[00:48:24] And you do not want that to be compromised.
[00:48:26] And even if it's housing potential information, especially with CCPA, California Consumer Protection
[00:48:32] Act and GDPR for European, and some US companies are adopting that, you need to make sure that's
[00:48:36] doing that.
[00:48:37] So that's the part of pen testing where we go through the full gamut of discovery, enumeration,
[00:48:42] vulnerability mapping, exploitation.
[00:48:43] But everything else is the first three of that whole exploitation of vulnerability or pen
[00:48:49] testing methodology.
[00:48:52] Okay.
[00:48:53] So lots of that right there.
[00:48:54] I don't know.
[00:48:55] There's a lot there.
[00:48:56] I know we don't have so much time, but like, I love all these V pen testing, this, that,
[00:49:02] human being that.
[00:49:02] I'm just like, why is this category so not consistent?
[00:49:07] Right?
[00:49:07] Everybody just uses it.
[00:49:09] It's just like any other technology.
[00:49:11] Yeah.
[00:49:11] They all market something.
[00:49:12] And you're just like, is that the same thing?
[00:49:14] Is that like, it sounds like.
[00:49:16] It is to the point, like, say, for example, we do have some of the security firms that use
[00:49:21] our platform for web application pen testing.
[00:49:24] So what they do is they do that as what they call surface check.
[00:49:27] Right?
[00:49:27] Now, the customer, and they'll charge them a certain amount of money for that.
[00:49:30] If they want to go into full red team, which means they'll take the results of that
[00:49:34] scan and then really deep dive into the customer.
[00:49:37] If they require it for one reason or another, they'll have that.
[00:49:40] So they'll do that maybe once or twice a year, that really deep dive.
[00:49:43] But every other point that we use Cyrism, that kind of like, all right, surface check,
[00:49:47] because basically the hackers out there are doing surface checks until they designate and
[00:49:51] find out there's a potential issue.
[00:49:53] Then they will kind of keep scratching at it, scratching at it, scratching at it, at a
[00:49:56] pace that basically doesn't get identified.
[00:49:59] So we're trying to do that from an external standpoint.
[00:50:02] Internal is where you start getting this, oh, V pen test and this pen test and automation
[00:50:07] and all this kind of stuff.
[00:50:08] What we want to do is bring you the information that you can extract out and put it wherever
[00:50:12] you want that from a pen test standpoint internally, whether that's Metasploit, whether that's
[00:50:16] this, whether it's that tool, whatever.
[00:50:19] Take the information that we've already discovered for you or the vulnerability mapping and then
[00:50:22] have at it from an exploitation standpoint, because then you can use a tool internally that's
[00:50:26] a lot more robust than what we would actually do.
[00:50:28] But externally, from a website standpoint, we have that built in.
[00:50:31] And then from the MSP standpoint, it's point and play.
[00:50:34] Just put the URL, click on schedule and off it goes.
[00:50:37] And then within a period of time, it comes back and give you results that you can print
[00:50:40] out and actually provide a report to their dev people to say, here's the areas we fixed,
[00:50:45] areas that are issues.
[00:50:46] Here's where the location of those potential problems are.
[00:50:49] Go ahead and fix them.
[00:50:52] Okay.
[00:50:52] Okay.
[00:50:52] Okay.
[00:50:52] So like, take whatever you want away from this guys and when you're watching this, but
[00:50:58] here's one thing I took away.
[00:51:00] I don't need you to be a security expert because I know you're not most likely, or you don't
[00:51:07] have that person or capability inside your company.
[00:51:10] Right?
[00:51:10] Like what this does is it tries to level you up.
[00:51:13] Right?
[00:51:14] Because the security people built it, but for the MSP to not have to like understand all
[00:51:20] the nooks and crannies.
[00:51:21] But here's the check.
[00:51:23] What happens when they don't understand what the portal is telling them?
[00:51:26] Is there like, do you guys help them with what the platform tells them to do or how does
[00:51:31] that?
[00:51:32] So, yes, we do.
[00:51:33] So we have what we call our technical onboarding, right?
[00:51:36] To educate the engineers of how to utilize the platform.
[00:51:39] But then also to how to digest and look at those results, right?
[00:51:42] And say, what's the next steps?
[00:51:44] But we also do it from a sales perspective, how to understand the value prop of a solution
[00:51:49] like this to sell to your existing customers or when you're going to that new customer,
[00:51:53] because they'll tell you they don't know how to sell cybersecurity, right?
[00:51:57] Because it's not being a kind of a go-to for them.
[00:52:00] It's their mainstay of bread and butter is literally, I want to go in and manage the
[00:52:04] full IT.
[00:52:05] That's basically it, right?
[00:52:07] Security is after the fact.
[00:52:08] And that's what we try to do is we have a partner portal which educates them on how
[00:52:11] to use the platform, the certification loan for the salespeople, but also for the technical
[00:52:15] people.
[00:52:16] But we're really building that rapport because what we want to do is selfishly as being,
[00:52:21] you know, as a vendor is that the more you bring into our platform, the more revenue
[00:52:25] we generate.
[00:52:26] But we want it to be a successful goal that you also generate additional revenue, right?
[00:52:30] Because if you built enough margin into your sales, you can roll it in and show value
[00:52:35] at.
[00:52:36] But if you haven't, you know, people ask the question.
[00:52:39] And in the meeting that you had last week, one of the questions was, how much do I sell?
[00:52:44] What's the price I sell for Enquim, right?
[00:52:46] And that's a key thing because I know exactly from an availability standpoint, from a cybersecurity
[00:52:52] standpoint, it's all over the place.
[00:52:55] But what we've seen from our partners that do it is basically it's your value that you
[00:53:02] think that the customer should pay on what your services are doing.
[00:53:06] Now, if you're strictly just doing Cyrisma, just doing that, they add an additional $5 on
[00:53:11] per endpoint.
[00:53:12] If they want to add in the strategic element, we've seen partners uplift the per endpoint
[00:53:17] laptop, desktop and server by an additional $75 per endpoint just with Cyrisma, right?
[00:53:24] And they're getting that.
[00:53:25] They're getting that.
[00:53:26] They're closing those deals, right?
[00:53:28] So we're trying to say, how do you get to that point?
[00:53:30] And they're educating them and saying, this is, you're making it a lot harder than what
[00:53:34] it really is.
[00:53:34] If you show the value of the platform itself by giving that little taste and showing them
[00:53:39] what you've done and being aware that, yes, you may not be 100% perfect, but now you want
[00:53:44] to be on that track to be better because you want to enhance their security.
[00:53:48] This is where you need to do.
[00:53:49] And it can actually, it's like the field of dreams, right?
[00:53:52] You build it, they shall come.
[00:53:54] And that's what you're doing is you're building it and being aware of it.
[00:53:56] And now you can actually start dictating your value as an add-on to the service.
[00:54:01] And when it comes to renewal, I'll just put an example.
[00:54:04] One of the partners were selling per laptop, desktop and server was $275 per month.
[00:54:09] Additional.
[00:54:11] Oh, additional.
[00:54:12] Yes.
[00:54:13] I love that.
[00:54:15] So, and he was able to, and again, because it's cheaper for them.
[00:54:19] It's like a, it's like a security office in a box, right?
[00:54:22] You bring, you bring it to the table to your sets.
[00:54:24] You bring the table, some, some additional leadership.
[00:54:27] They are going to look at you being a subject matter expert because that's why they're paying
[00:54:30] you.
[00:54:31] But then now you show them the value over a period of time for renewal.
[00:54:34] You can say, oh, by the way, we're going to increase your monthly because it's now we're
[00:54:38] bringing in some additional staff or whatever.
[00:54:40] And now you're creating that additional margin as well as enhancing their security posture
[00:54:45] because it'll be cheaper for them to pay you than it would be to go out and buy a CISO
[00:54:49] and a team to be able to provide services for them, or even go out and do an assessment.
[00:54:53] So depending on the size, average assessments can be $20,000, $30,000 minimum.
[00:54:58] It could be more depending on what you're doing.
[00:55:00] It's very interesting.
[00:55:03] So where do people go and find out more information, talk to someone, see what it does, all that
[00:55:09] jazz?
[00:55:10] Yeah.
[00:55:10] Just go to our website, www.cyarisma.com.
[00:55:14] There's information directly on there.
[00:55:16] And then just click on book a demo and that goes directly through to our sales engineering
[00:55:21] team.
[00:55:21] Get you on there.
[00:55:22] We do a white glove service.
[00:55:23] We don't just set you up in a trial and after you go and here you go, we actually want
[00:55:27] to walk you through the journey because it's successful for us and as well as for you to
[00:55:32] be able to get up and running in less than an hour on any clients because that's how quickly
[00:55:35] you can deploy Cyrisma and start collecting data in less than an hour.
[00:55:38] So just in case you're listening to the audio version of this, C-Charlie-Y-R-I-S-M-A,
[00:55:47] right?
[00:55:47] Yeah.
[00:55:48] And actually it's an acronym.
[00:55:50] Okay.
[00:55:50] Yeah.
[00:55:50] What is it?
[00:55:52] Cyber risk management.
[00:55:53] Cy R-I-S for risk.
[00:55:56] M-A for management.
[00:55:57] Oh, I got it.
[00:55:59] I don't think I would have figured that out unless you said it.
[00:56:01] Yeah.
[00:56:01] Yeah.
[00:56:02] So that's why it's capitalized.
[00:56:03] So everybody's like, why is everything all capitalized?
[00:56:05] Because it's an acronym.
[00:56:06] Oh, like, what is it?
[00:56:07] But yeah, Cyrisma.
[00:56:08] Yeah.
[00:56:09] Got it.
[00:56:09] Got it.
[00:56:10] I love the story, man.
[00:56:11] I'm glad that you figured out that you decided not to do with people from New York City,
[00:56:15] but don't be offended.
[00:56:16] That's just me.
[00:56:17] Guys, you're a tough cookie.
[00:56:19] Tough cookie.
[00:56:20] It's all good.
[00:56:21] I'm from the area.
[00:56:22] We're tough cookies too.
[00:56:23] Don't worry.
[00:56:23] Yeah, yeah, yeah.
[00:56:24] Yeah.
[00:56:25] Liam, thank you.
[00:56:26] Appreciate it.
[00:56:27] Thank you for joining.
[00:56:28] And thank you for coming last week to get Community Minds.
[00:56:30] Oh, it was good.
[00:56:31] I know it was a different format, different DOSA event.
[00:56:34] Enjoyed that.
[00:56:35] That was good.
[00:56:35] It was good to listen to some of the panels.
[00:56:37] It was very good to see some of the people up there.
[00:56:39] And some of the panelists actually are users of our platform.
[00:56:42] There's some smart people on there.
[00:56:44] Yes, they are.
[00:56:44] And like the fact that they were willing to share.
[00:56:46] That's what we want, right?
[00:56:47] Because like this whole New York state of mind where everybody's like competing with
[00:56:51] each other, you know, cast, moat, alligators.
[00:56:54] Yeah.
[00:56:55] Let's try and pull that back a little bit.
[00:56:57] Let's talk about what works and what doesn't.
[00:56:59] Yeah.
[00:56:59] Thank you for being a part of that.
[00:57:02] We really did like that format.
[00:57:03] And you know what?
[00:57:04] You know, the more people share, the more we all learn.
[00:57:07] And so like rise all the boats kind of thing.
[00:57:09] Yep.
[00:57:09] Yep.
[00:57:10] So I'm sure we're going to see you at an event.
[00:57:13] Probably I call it we're in the gauntlet period, right?
[00:57:15] Yeah.
[00:57:16] Yeah.
[00:57:16] So.
[00:57:17] Yeah.
[00:57:17] My next one I'm going to for me personally will be MSP Alert Live in Austin, Texas.
[00:57:23] Awesome.
[00:57:23] And then after that, that'll be the last one I will attend, but there's still others
[00:57:27] the rest of my team will be attending.
[00:57:29] Awesome.
[00:57:30] Well, if you're headed to Austin, make sure you grab a beer with Liam.
[00:57:33] I'll tell you more about that gateway computer store.
[00:57:35] All right.
[00:57:36] Have a good one, my friend.
[00:57:37] For everyone else, thanks for joining.
[00:57:40] You'll find this at mspinitiative.com under sessions.
[00:57:42] Keep checking in with us and we hope we see you at an event between now and the end of
[00:57:45] the year.
[00:57:45] Catch you guys.
[00:57:46] All right.
[00:57:47] Thank you.
[00:57:47] Bye-bye.
[00:57:48] Bye-bye.
[00:57:48] Bye-bye.