Roddy Bergeron from Sherweb

[00:00:00] edition of the MSP Initiative, MSP Talk Podcast. It's May, so we're almost into the summertime. We're in the thick of it now, kind of at the end of what I like to call the mini gauntlet in MSP land when it comes to events. The real gauntlet, the big boy, you know, Varsity League of that is at the end, you know, towards the end of the year, right? At the end of September, October, November. But we're in the middle of like, you know, the JV version of that

[00:00:27] right now. So I appreciate and feel for all the people who are travelers. Hopefully it's not too bumpy. And I hope that you weren't flying Spirit Airlines to begin with, because it is no longer an option. We're going to get some housekeeping done out of the way. We're going to bring our guests on for today. And we're going to talk all things, all things, things. So we'll see. Stand by. MSPinitiative.com. That's where you're going to find most of the stuff that we do for you in MSP

[00:00:56] land. Thank you to everybody that came out to not just enable, we did a block party with the Empower event in Fort Lauderdale. We just completed our first Las Vegas MSP community block party with the great folks at Kaseya Connect Global. We did it on site at the MGM at Hakkasan, which is one of the hardest places to get to on a busy night in Las Vegas, I'm told. It was a great night. We just

[00:01:22] posted some of the photos and albums online. The rest of them are coming here, I think in the next 24 hours, if you want to relive the night with us. But what a great venue and a great time with, I think we blew the building capacity three times. So a lot of people in Vegas, to my surprise, even. I'm not even a Vegas fan, but now the people came. It was a destination for sure.

[00:01:48] Upcoming events in the next 30 to 45 days, we're going to the European version of the Kaseya Connect event in Prague. If you don't know, Prague is the birthplace of the Pilsner beer. Yes, you can get a pint of beer for less than $1. No joke. I think beer is cheaper than water there. I digress. Yes. We're going to Prague. And then right after that, we come back to the good old United States

[00:02:17] of America with the fine folks from Roost are running the conference called Flow. It is in Nashville to close out June. And we'll reset the rest of the calendar for the back end of 2026, tell you what we got cooking for the rest of the year after that. So looking forward to seeing you guys, hopefully, if I didn't see in Vegas and we didn't see in Fort Lauderdale, in Prague or in Nashville, and thanks for following the podcast. Yes, we record all these sessions. I'll remind you at

[00:02:46] the end. And yes, they're available online. And yes, you can find all of those links to YouTube and the podcatchers download, like, subscribe and all that good stuff on mspinitiative.com. All right. That is all the housekeeping. Here we go. Fun, fun guest today. Been in the sandbox for a long time. I'll let him give you a little bit of his background if you've never met him before. Welcome to the pod, Roddy from Sherwood. Thank you, George. Appreciate it. Appreciate being here today. And

[00:03:16] hopefully, some people get some nuggets of wisdom today. As I like to preface everything I say, I was like, if you take advice from me, God bless you. It could be the best advice ever, or it could financially ruin you forever. But a little bit about me, George, you've been knowing me for a while. But for those who don't know me, I have a varied, varied background. I worked for a CPA firm doing audits, hospitals, banks, government systems, et cetera. Went to do some nonprofit work,

[00:03:43] turning around facilities with Department of Health and Hospitals, just basically figuring out how these facilities operate and then making sure they operate to the best of their abilities. You'd have to deal with that. I was like, where's the fun stuff going on? And I learned what a managed service provider was. And I was like, oh, this is interesting. I went to work for an IT company in Louisiana, helping them move from break-fix to managed services. I built their security program,

[00:04:08] their compliance programs, their vSISO programs, implemented EOS, brought them from 16%, 18% profitability to mid-50s. And my work there was coming to an end. I felt like I'd done some accomplishments. I think that's when we met George, obviously, when I was at my MSB. And then an opportunity came up at SureWeb for me to become sort of a security evangelist. My real title is

[00:04:32] security technical fellow. We're still trying to figure out exactly what that means. It's been over two years now. But my whole goal is to work across the SureWeb team. So technically, I'm in product, but I work with sales and marketing and the platform team and everybody else, just helping them align to security programs for MSPs. And then the flip side of that is I work with individuals in the MSP community, including not only our partners, but just anybody in general,

[00:04:59] to help them build better security programs. So I do all of the talks for SureWeb. I'm usually at conferences doing some kind of talk. I build guides. I build guides around how to have cyber insurance programs. I just put out a guide on building CIS control security programs. I just write a lot of these guides that just don't focus a whole lot on tools. Like I don't sell anything. I just help people build better security programs, help them see what's going on out there and help

[00:05:26] them have better conversations with their partners around best security practices. Got it. Interesting. So, and then in your non-work life, you're on a school board down in Louisiana, which is a whole other conversation for different people. George, everybody's got to have a hobby, right? Mine's dabbling in local government, right? So. Yeah, I don't know if I call that a hobby, but I got you. I'm with you. I follow what

[00:05:54] you're saying. Okay. So I like to start off with like, you know, current events, you know, a lot, you know, it drives a lot of our conversations. I know AI, it's like every other topic, probably now more than security was before, you know, like circa two years ago, but I digress. Mythos, that the unicorn doomsday AI security, anthropic tool that have only been released to big companies

[00:06:23] so far and governments to figure out what's actually the holes in their systems. Or so I read, I don't know if this is real. I don't know if it's just a marketing ploy. What do you know about it? And should we be worried about it? Oh, you'll hear both sides of the story because I'm on the fence about it. So anthropic release to certain individuals created mythos, right? The whole goal being how do we find vulnerabilities? Because right now, a lot of it's human driven. AI has been

[00:06:53] helping out a lot. In fact, you go to DEF CON, Black Hat, you go to any hackers conference, and a lot of these guys are using AI to help find vulnerabilities in systems. But apparently anthropic has created the mother of all mother AI systems that can help you find vulnerabilities. And to showcase that, they had a press release that said, hey, you know, we found a 20 year old vulnerability, I think in Linux that had never been patched, right? So there's two sides to this coin, right? The first one is like, they're keeping it a secret. So they're bringing in the big guns,

[00:07:22] Microsoft Sentinel one, Google, Amazon, right? Like these big companies and saying like, hey, we think we have a nuclear missile here. And we need to make sure that it is controlled. And you know, you guys between those companies, especially Microsoft, Google, AWS, and Sentinel one and CrowdStrike right there, their hands are in a lot of pies when it comes to operating systems,

[00:07:48] right? And networks. So they have a lot of hands in. So basically pulling them in saying like, hey, we need you guys to either vet this or use this tool to help find vulnerabilities before we release it to the public and someone else finds it. Because like, once you let the genie out of the bottle, you ain't gonna bring it back, right? Here's the flip side. Some individuals got access to Mythos unexpectedly through, I think, either API or MCP server or something like that.

[00:08:14] And they were like, this thing's not special. There's nothing special about this. So like, is Mythos a myth? Is it overhyped? Or is it the doomsday device, right? Like that's the both sides of the fence I'm on. We won't know until someone gets their actual hands on it. You know, like, just because a third party, even if it's a malicious third party gets access to something, we have seen them lie about aspects of what they found, right? Again, I'm always

[00:08:44] take a cautious approach to it. Like, yeah, AI is available and out there. I've always had concerns about this. Like, we all know that an individual with access to AI can perform things they normally wouldn't be able to do because the skill gap or the skill level lowers, or the skill ceiling lowers. You put the, like, anybody's ever, and I'm not saying I've touched it. I'm not saying I'm doing it. It's for legal reasons. I won't say I ever did it. There's things out there like fraud GPT and

[00:09:08] worm GPT that are already available that have no limitations on what people can do. So they're not technically the dark web or whatever services. But we haven't really seen an explosion of those things. So does Mythos actually do a better job? Don't know. How much of this is marketing hype and how much of this is them putting out press release because they, you know, hype drives up profitability for a company, especially on the stock market. We know Anthropic is not doing well, potentially

[00:09:37] financially. So like, is this hype or is this an actual weapon of mass destruction, George? I don't know. I can't tell you, but people need to be skeptical and cautious of anything AI. We've heard hype before, right? Like the cloud's going to kill on-prem and like, yeah, they're still on-prem services. And the cloud services are going to kill systems administrators, right? We won't need systems administrators and network administrators anymore. Those jobs still exist. So like, we've

[00:10:04] heard the hype. We've heard the rumor mill and I don't know, maybe I'm just jaded, George, but like, I don't feel like, I don't feel like Anthropic has a killer there. But again, we don't know until we see it, touch it, feel it and explore it. And unlike some people who are very important, I do not have access to mythos. So I can't tell you. Okay. All right. Let me, let me take a, you know, catty corner topic to what we're talking about.

[00:10:33] Customer of an MSP calls up, says, puts in a ticket chat. I don't know, whatever. Contacts your MSP says, Hey, need to install open claw. When can you do it for me? What's your response? Let's pump the brakes. So like, you know, I do a talk on implementing AI, right? It's mostly focused around co-pilot, but it applies to anytime you introduce new technology. First off, it's like,

[00:10:57] there's a whole slew of things that has to happen before we even turn on AI or turn on the licensor install an AI agent, right? There's governance we have to think about. There's data cleanup. There's a use cases, right? We need to know how we're going to use this thing. Cause like I could give you a, just go in right now and install open claw or any kind of AI agent or AI assistant on your computer. But like, what controls do we have in place? Will it leak data? Like there's tons of

[00:11:25] concerns we have to talk through first. And I tell people there's, there's people approach it kind of two ways or three ways. Usually there's the gung ho approach. We got to have it now. Like we have to adapt it now. We'll fall behind. And then there's the fearful approach where people are just scared of AI, right? Especially we saw it like, God, George, we're, we're getting old, but like people who said they would never, they don't, we don't want the internet for our business. We don't need it. Right. And like nowadays that's a, that's a prerequisite to have a business.

[00:11:53] You got to have the internet. And the third thing is a cautious approach. And I tell people to always take a cautious approach. We should be curious about technology and we should use it and learn it. But we have to adopt it in a safe and meaningful manner. And that's part of the issue that I have is like, we always see a rush to adoption. And then we see all these incidents happen. And like, I don't know, maybe because I go to places like DEF CON and Black Hat and you see all the bad stuff that happens, zero click attacks against AI agents, et cetera, et cetera. And I tell people to, you know,

[00:12:22] to be cautious about it. You have to pump the brakes and you have to help them explain. Now, I put my business owner's hat on. If I want AI and I can do it, like you should give it to me. So you have to find that balance, right? George was like, how do you guide them? Like you're, you're supposed to, you know, we throw the word trusted advisor around a lot. How do I advise you on this? And just like anything, like my attorney advises me sometimes to do things or not do

[00:12:48] things. I don't have to listen to them at the end of the day. I try to listen to them. They're the smart people. They're the reason why they get paid a couple hundred bucks an hour. Your job is to advise them and to the best of your ability. And again, if a client becomes too much of a liability for you, you may want to guess whether or not that person needs to be a client for you or not. But again, someone comes to me, I have a, I have resources and I have the knowledge to say like, let's pump the brakes and let's talk about use cases and data governance. And let's talk about how we're going to use it. And let's talk about what controls we're going to put in place because there

[00:13:17] are, there are issues, right? Like we've seen, you know, there was an issue. Let's see what, was it against, there was a, there's a article I was reading the other day. AI agent access has access to email, right? And access to CRM and everything else. A malicious individual emailed that agent, right? So you have no gate. You can just email it, emailed it, malicious instructions telling it to dump the CRM database and then email it to them in a CSV file. It did it, right?

[00:13:46] Cause like they had no controls in place. They had no guardrails. They had no safeguards. McDonald's chat bot, right? Like just two weeks ago, like they found out that it had no guardrails on it. So people were using it to burn Claude tokens and write code for it. Like you could submit it. Chipotle had the same problem. So like I tell people enterprises are having problems with controls and guidance and everything around AI. So like you have to have that same conversation with your clients, right? And it's hard. And like, sometimes they don't

[00:14:12] understand it and they don't know why they can't just use it. And your job is first to advise. And then you do, you do what you do what they ask you to do. And, or you tell them you don't want to be their, their provider anymore. Right? Like that's the, the, the crux of the position, George. So nobody on here is a lawyer, right? We like to play ones on TV. Just kidding. Just kidding.

[00:14:35] Um, seeing, I mean, I, we were just in, in Vegas last week with both of us, uh, for Kasei Connect Global. I sat in on many sessions, many, I like to sit in the room just like anybody else and learn like next year. Right. And the volume of options that are being floated out there to plug in left, right and center for the MSP, just you internally to plug it into your tools to do this and that

[00:15:02] and triage and categorization. There's an, okay, cool. I wonder, I think I already know the answer. Take your opinion. I wonder how many of these MSPs have just plugged something in, but they haven't really told their end customer in any meaningful way that, Hey, we are using these tools and the data that we have on you is now being pulled into these tools so that we can be

[00:15:25] more efficient for you. But, Oh, by the way, like if there's a problem, cause you know, the inevitable problem will occur, the breach, the incident, uh, whatever you want to call it, like it's going to happen. But now your data was in there, right? Could be documentation on your environment. Could be your users list. Could be your, you know, credentials that we're holding as MSP to your environment that are tied to our systems, right? Stuff like that. And like, I can't tell you how

[00:15:54] many, I'm going to expend one step further. I've seen the chats and the threads and the Facebooks and the reddits and the discords and the LinkedIn groups and the, you know, uh, so on. And like, these people are like, Oh yeah, I'm, I'm just, I'm, I'm having this build the script for me and the power shell and it's going in, I'm throwing this into an N8N and it's doing this. And it's like, forget the RMM. I'm just going to have it do all. And I'm like, guys, I'm all for bleeding edge.

[00:16:22] I love it. It's like a toy store, right? We're opening up new stuff every day. It's kind of why I got into this industry to begin with. Uh, that being said, like you have no idea like where this road goes until you have an accident. And at that point, your customer probably doesn't know because you never told them that you're in the middle of using all these tools. And it's one thing when it's your

[00:16:47] stuff, but your stuff also includes their stuff. And now we got a bigger, a bigger Pandora's box. What do you think about that whole thing? Oh, George, it's a problem that's been brewing since the first cloud application became available. And it's when you don't control a hundred percent of it. So like, I'm going to, we're going to go a little deep here. Shared responsibility models exist for a reason, right? And since any cloud environment, it doesn't matter if it's infrastructure platform or SAS, right? Some things you're responsible for and some things you aren't

[00:17:14] responsible for, right? And we have to spell those out. The problem is we as MSPs have never done a real good job around vendor risk management, right? Understanding what data transfers inside and outside of my control. How do I communicate with that client? How do I have, how do I express limitations or how do I let my clients know how their data is being used? GDPR spells that out pretty well in the EU, in the States, not so much, right? We do have some privacy, consumer privacy laws and

[00:17:39] everything else. But for the most part, we're so far behind the times in the MSP industry and in actually understanding what vendors put us at risk, what their risks are. And, you know, because they connect, I did a talk on SOC 2 reporting and I was like, here's why they're garbage, right? Like we, we hold them up to a high standard and I go, they're great to have, but they can be so controlled and they can be so limited. And like the quality of the reports vary, like they're not the gold standard. So people ask for them. They don't know how to read them.

[00:18:06] They don't understand them. There's a lot of due diligence that has to go around. Like, how do you manage a vendor? Why do you bring a vendor on? Because we just focus on price. Like, oh, you know, I'm picking X vendor because they're 60 cents cheaper per endpoint than Y vendor. If Y vendor is doing a crappy job at security and they have an incident or, or lowercase or uppercase I incident, a breach, whatever you want to call it, like it can end up costing you more. So that gets accelerated when it becomes AI, right? Like whenever you start to have like easy plugins,

[00:18:34] MCP servers, the ability to have something process your data. Can you tell me if you're, if that AI agent is processing data inside your, your national boundary, the US or Canada or Germany or Sweden or whatever, like we, we don't know. And that's why the topic around data sovereignty becomes such an important topic because like we could offload some processing of some sensitive data potentially to a country that you may not want to process. And it's vice versa, right? It's, if you're in Canada, you may not want your data being processed in the US, but most

[00:19:01] SAS companies operate in the US. So there's a lot of, there's a lot of challenges there. But it all revolves around vendor risk management. One of the things that you brought it up is, is like transparency. So like how is your data being used and where it's being used at? At Rider Boom, Tim Fournette and I did a talk around governance with AI and we came up with an acronym called TAIL. So when you're having a conversation with a client around AI usage, there's four things you have to touch on. And I have a, I have a workbook I'm working on for it.

[00:19:31] First one's transparency. So you have to be transparent with your client around where AI is being used, is it just, is it personal data? Is it your name, email address? Is it just system information? If you're an MSP and you're collecting workstation information or whatever, right? Second thing is audit trail. Does your AI create an audit trail that tells you what specifically it did, right? Some AI systems tell you everything it did. Some of them just tell you when the action is on

[00:19:58] behalf of a user. So you have to understand if the audit trail is full. Third one's intervention points. At what point does a human get involved? We talked about human in the loop, human at the helm, whatever. So like what decisions do you want AI to make and what decisions do you want humans to make? And that's a question to ask your client. So for example, when it comes to medical decisions, I don't want AI telling me like something without a doctor or a nurse intervening and saying like, is this correct or not? And I have some use cases from a book I read that show how AI gets it

[00:20:27] wrong in medical data. Again, utilities, water, sewage, power. I don't want AI taking those systems offline or taking a 911 system offline because it thinks that there's an attack going on, right? That can cause more harm than good. But then for low things like create me a marketing graph of the last quarter's marketing efforts, right? AI could probably do all that without me intervening. I just need to review the data when it's done, right? So like, where's my intervention points? At some point,

[00:20:54] a human has to get involved in these systems. And the last thing, the L is limits. What can AI do or do not, right? Because most people think AI can do everything. And while that might be true in the next few years, like the thought process and the intelligence of AI is that of like, I think, a high schooler right now. Like, and it's accelerating quickly. It could be a college student in a year. It could be a professor in four years, right? Four years ago, I think they ranked it at that of a

[00:21:21] toddler. So like, it's, it's progressing quite quickly. So all that has to be around like risk management. And that's like, I tell people, you're no longer in the IT game, you're in the risk management game when you when you become an MSP, because all you do is manage risk, securities about risk, governance is about risk, vSysso services is about risk. I mean, opening a business is about risk, like you take a risk on when you open a business, when you hire an employee, you take on risk, and you have to manage that risk in some way, shape or form. Now, do you become how formal do you

[00:21:50] make it and how far do you have to go? It depends on the client's risk tolerance. But that's the crux of it. Like every time we adopt new technology, whether it's the internet, you know, web 2.0, whether or not it's cloud, whether or not it's AI, like vendor risk and understanding the risks around it. I think we just we always have failed, we've adopted first and then said, Oh, bad things are happening, let's figure it out. But the same things we figured out 20 years ago, is still happening again. Like one of the talks at DEF CON was, was we're in the 90s, again, things like data

[00:22:18] traversal issues, unauthenticated logins, like, just stuff like that is happening all over again. So we never learned our lesson. And I think that's the takeaway is like the stuff that we should traditionally be doing around tech, new technology, for some reason, we fail to learn the lessons of the past. And vendor risk management is one of those. And even though we're starting to see it more and more is something that has been creeping up for a long time now. Especially when you start to

[00:22:46] think about how many services are hosted in AWS, and AWS has a has an outage or has a has an incident, right? Like your line of business application through, you know, law firm cloud could be affected, and you may not even know, right what we call subservice or third party organizations. So you have to understand that risk, it is a lot of work. And I don't think a lot of people are ready to take on that work. But like when we talk about how we show value and how we show

[00:23:13] why we cost more than our competitor, I think that's where we start to fit in, or like the differentiator, I guess. Sorry, long, long, long winded answer to tell you vendor risk management. No, no, we're gonna we're gonna go one step further. Again, cousin topic. What happens when the MSP becomes the vendor because they decided to vibe code, pick your system? Hey, I dumped HubSpot,

[00:23:38] I vibe code it. Hey, I dumped Halo. I vibe coded it. Hey, I dumped my RMM platform. I vibe coded it. And it's like, dude, like, there's a reason why it took a long time for these systems to get to where they are you spending a month and 1000 bucks and credits to come with your PSA replacement. It's not warm and fuzzy to me. I don't know what now they're the vendor. They've effectively become

[00:24:06] you want to talk about risk. They they've taken on all the risk in that. Yeah, yeah, yeah, no, I'm not against vibe coding stuff. I vibe code stuff all the time, right? Like I vibe coded an application that reads the school board budget and tells me what's being changed, the changes over time, etc. Like, but it's not something I use commercially. When you start to use something commercially, right? That's when I have a whoa, we'll pump the brakes because like, Reddit, who I love. I love Reddit to death, George. I love to go and like, I use my real

[00:24:33] name on Reddit. I don't hide it. I like to go read and sometimes I comment, right? And like, there's one one time where this guy said he vibe coded his own EDR. And he's like, I'm done paying all these fees. And I don't want to have a crowd strike issue happen. And I'm like, good, sir. Like, EDRs or any kind of endpoint protection, like, are you running in the user space? So you run it in the kernel space? And how'd you get access to the kernel? Like Microsoft only issues that just to vendors, right? You have to go through a certification process. If you're

[00:25:01] vibe coding antivirus software, you're probably only operating in the user level. And you have a huge blind spot that attackers want. But you don't know that because you're not in the industry. And you don't understand the ins and outs. You don't understand why things work a certain way. Same thing with like checks and balances and PSAs, right? Or RMMs. There's balances and information as to feedback and etc. And like this, these tools are built over time and through, you know, feature requests and bug problems and end user experiences and everything else. Like,

[00:25:30] can AI implement 80% of it? Potentially, but like the 20% is where you're going to have problems. And then who's do you have enough knowledge to review the code? Know if there's bugs or holes in it? Are you doing continuous testing and improvement? Like you see ICD pipelines work? What kind of testing are you doing? Are you doing just AI testing? So you have an AI check AI, like you still need humans in loop. This is where we start talking about intervention points. Like at some point, a human has to review it and understand the code. And that's the problem. Now short term,

[00:25:59] you may not have problems. You may not ever have problems, but somewhere, someone out there is Vibe code of the program that has numerous holes in it. So combine that with what we talked about first mythos, right? Now that we have an AI system and go out and detect malicious code, could I combine that with like a Shodan and then say like, hey, maybe AI has some certain fingerprints I can look for. And maybe I started having mythos burn a bunch of tokens and go find that. Or maybe I use a malicious AI to go out and look for it. You won't know because if you haven't

[00:26:28] properly vetted the software that you're now deployed and you don't have the capital or the agreement in place, right? Cause like agreements exist for like when you sign that terms of service, you know what you just, you don't know what you're signing half the time. Do you have those types agreements in place? Like you're going to get hosed. And like, as someone who is a, there's a big proponent of, uh, of not giving attorneys money. This is an instance where like,

[00:26:56] before you, before you release this code, you need to have somebody, at least a legal team or something, put some protections in place for you and have an actual person who understands the code or understands how to secure code, look at the underlying, underlying code for vulnerabilities. Cause like AI does write vulnerabilities, uh, or does write vulnerable code. It's not foolproof and have some weird calls and might rely on a third party. Like one of the things we've been pushing for software bill of materials, right? That's problems.

[00:27:26] Like, do you know what third party libraries it's loading in? Because if those libraries are vulnerable and you don't know about it, how do you know to update those libraries? And the list goes on and on George. Like most people who don't understand, like who use, and look again, I use it. I'm not a fancy programmer. I wrote batch and PowerShell scripts, right? I'm not a fancy programmer. Well, I, even I understand that. Like I've written some shitty PowerShell scripts

[00:27:50] that hosed the test system before. We don't know. And we don't know what we can't, we, we have to, you have so many checks and balances in software sometimes that like, I don't think people, people are ready for it. So cautious optimism, right? Like vibe code your stuff. That's fine. But when you start to use it in commercial environments, I have some hesitations and they should go through the proper processes. Cause we did learn, like, again, we, we have learned lessons and that's why COTS commercially off the available off the shelf software exists.

[00:28:18] It's because hopefully those people have the due diligence and the liabilities on them because they wrote the software and they may limit those liabilities in whatever way, shape or form, but like you're just a middleman. You're just passing the software onto the end consumer. You do have some risk there, but the producer of the software holds most of the risk there. Yeah. Yeah. I remember maybe it was, I don't know, something like a month ago. I'm actually going to pull it up right now.

[00:28:47] I want to make sure I say it right. So that's why I'm pulling it up. So there was a little, so I'm already seeing the countering point. So some, several people posted articles saying that Microsoft updated its terms of use for individual co-pilot users, including a clause stating that the service is for entertainment purposes only and should not be

[00:29:15] relied on for important advice. And then I already see my, you know, the Microsoft response and it's like, Microsoft denies co-pilots only for entertainment use. Uh, I was like, which one, which one is it? Yeah. Like, why are we even having this conversation? Yeah. Well, uh, again, uh, attorneys and engineers could be so far away from the same problem. It's, it's, it's laughable. Right. So again, I would, you can put whatever you want in those terms of

[00:29:44] service and those agreements, George, but what Microsoft is actually doing in practice is telling you, I mean, I got the documentation. Oh, use it to use it to forecast numbers, use it to create documents for you. You use it to build these AI agents, right? They're talking about autonomous AI agents. Like it's not for, it's not for entertainment purposes. This is, it's a, it's a, it's an actual corporate tool they charge you for. And if it was a, if it was a, for fun, fun and games, a co-pilot would be a hundred percent free across the platform. And it's not,

[00:30:12] they're charging you for it. I think that's the, that's again, attorneys get mixed and they're just like, Hey, we got to put some protections in place so we can limit our liabilities and tell you like, don't use this for serious stuff. But like the, it does it. Again, as a non-attorney reading this phrases, and I'm reading this article here. It says, use at your own risk. It may make mistakes. It may not work as intended. Don't rely on co-pilot

[00:30:38] for important advice. And then it goes into, you know, other phrasing. Like this is clearly a lawyer talk, not engineering talk. Oh yeah. A hundred percent. I mean, look, George, you take prescription, man. I take prescription, I'm not gonna say you take it. I take prescription medicine, right? They can put whatever warnings they want in that bottle. If that medicine makes me bleed from my eyes, like I could, I have, I have, I have a personal injury there. So like you can put as many warning labels as you want on something,

[00:31:07] but like you still have liability. And I think that's Microsoft's attempt to limit liability. And again, it's, I think it's fruitless, but I don't think it's a toy. I think, I think it's dangerous to call AI a toy. And if you want to get serious, it is not a toy. There's a lot of damage you could do to it. We've seen what, what damage happens. I mean, earlier I was talking about using AI in, in medical systems. So Pittsburgh Medical has a paper back in 2017, and it's a book called

[00:31:35] The Alignment Problem. A really good book to read about the philosophy around how AI learns and the use in real world case studies. So Pittsburgh Medical used AI to help better patient outcomes, right? That was the goal. So one of the excerpts from the book talks about one of the findings, and it was that people over the age of 70, AI found, are at less risk from pneumonia than under 70. Now, George,

[00:32:01] common medical sense would tell you the elderly, especially their poor health than someone that's younger, right? Like people younger than me are in better shape than me. Their knees are in way better shape than mine. So like, why did AI get this or why did they come to this conclusion? Well, what AI failed to factor in was that if you're under the age of 65, most of the time it's in home care, right? They give you, they tell you what to do. If you're over 65, you're considered high risk

[00:32:27] and they put you in a hospital, they put you in ICU, or they put you in a bed. So your level of care is different. So technically people under the age of 65 with pneumonia die more often than people over 70 because of the care they receive. AI didn't take that account. So it was risking, it was telling that patients over the age of 70 were at higher, were at lower risk of death than those under 65, but the medical data shows otherwise. That is not a toy, okay? Like that is dealing with human life and

[00:32:54] they don't put restrictions, Microsoft in there, and Copilot on them, and I'm not going to blame Microsoft. They don't put restrictions on that. Like you can ask Copilot information about your health needs and it will answer it to you. In fact, Copilot Dragon is that, that option from Microsoft is a hundred percent geared towards helping, helping health organizations manage client outcomes. So Copilot is being used in medical, medical facilities as a specific version. I want to say it's called

[00:33:21] Dragon. Like it's not a toy. It is not. And, and I think it's dangerous to call it otherwise. And then another one, I'm trying to remember the book was about how courts are starting to use AI to determine flight risks. And like, we're not going to get into racial profiling and everything else, but like there was some issues around, around how AI would label individuals high risk or not. So like, it's not

[00:33:44] a toy and like, we should be cautious of what AI outputs, but we're not. So calling it a toy is like saying, uh, uh, you know, there's like buying Tannerite and saying like, it's for, it's for, uh, it's for display purposes only. Like, no, we're going to go blow stuff up and it's dangerous. Right. You can't, you can't just say it's not dangerous and you can't just call it something that it's not. And calling it a toy, I think is, is, is dangerous in my opinion.

[00:34:12] Well, so, so looping back to kind of the top of the conversation, which is if the bad guys have access to the same technology that everybody else does, and does that not speed up all of the malicious efforts, right? To, you know, we've talked for years. I heard, Hey, the bad guys go after the easiest people to go after, right? Low hanging fruit. We always heard that phrase, right? Hey, your password is the same on all these different accounts. Hey, you didn't do

[00:34:40] two factor. Hey, you're like, it's a bit more complicated now, right? Because they can actually do things way faster, right? Instead of spray and pray, you know, like they can say, Hey, I can get into your world way faster before than, than even two years ago. And I'm going to start to use this technology to actively target you. Yeah. And so like, that's, I mean, like, I know it's a movie plot

[00:35:06] probably somewhere, but like that could happen now. That's not a crazy idea. It's already happening. Right. Here's the thing. We like to say this thing, like attackers are always one up in us and everything else. And they are, right? It's a cat and mouse game. We go back and forth and back and forth. Here's the thing. Like we have home field advantage going back to talking about sports again, George, we have home field advantage, right? We know what our system should look like. We know

[00:35:30] that people shouldn't be logging in from Russia or Iran or San Diego, California, right? We know that devices shouldn't be VPNing at 2 AM in the morning. Like we know all this, all these things happen. What we lack is visibility. And what we lack is, is, is centralized, manageable configuration, right? That's the same across the board, right? When something goes off kilter, right? We should be able to detect that alert and then say, why is this happening? Right.

[00:35:58] In real time attacks happen quicker because of, of, of AI, but we've always had the home field. We like, we know what, what our system should look like. We know how they should operate. Anomaly detection changes in, in our configuration drift changes and all this other stuff should be alerted on. And it's the same, it's a sock problem. Like sock always has had, their problem has always been, how much visibility do I have? And with AI now that's kind of pushed that to the forefront again, it was like, how much visibility and knowledge do I have in my systems? Because again,

[00:36:27] we have home field advantage. We know where the divots are at in the field to avoid when we're running. We know not to run the 30 yard lawn on too much left because the field's a little unlevel. We know which way it slopes. Like we practice on this field. We know it in and out, like we can feel it. It's so close. Like we don't need to, we don't need technology in our family. We can feel it. Right. Like that's how we should be with our systems. And we need the tools in place to see the visibility and knowing those things changes and have change management process in place where when there's a change, we know what's going to happen. All these things,

[00:36:55] we play a little too loosey goosey with our networks, especially around visibility. And I think that's, what's burning us a lot now. It's the same, again, the same problem we've always had, right? Cloud came available. We didn't know people were uploading files into their personal Google Drive or into, or into Dropbox or whatever. And then we're like, all right, the term shadow, shadow IT became a, became more common, shadow cloud. And then we put controls and tools in place,

[00:37:20] but like we always had the ability to know via firewall rules or via firewall logs, if people were using Dropbox and we should have known that, like why all of a sudden are they using Dropbox or why are they using these devices or why are they using these applications? And then put controls around it. Like we've always had that ability. AI again, pushes that back to the front fold and makes it, makes the turnaround and timeline a lot quicker. So the acceleration piece becomes quicker, but like the same, the same things that we've always done have always been on the same controls you've always had in place are always the same things that we should fall back on because they

[00:37:50] always do work. But again, like we have access to AI, like any, any now, any MDR worth their salt has some kind of AI built into it to help you. Like I hate writing KQL queries. And like one of my first use cases for AI was writing KQL queries to query data lakes for our MDR. Cause I hated it. I hate handwriting them. So like we do have the tools and we do have the knowledge and we do have the processes and things in place, but I don't think we do a good job of actually implementing them and understanding

[00:38:18] what our environments are like. But again, like anything else, we've always had to deal with zero days that we didn't know what's bringing on us. Right. What's the, what's the difference here? Right. Like you never know when it's going to happen, but you need to know when it happens. And that visibility is important in knowledge of our systems. No, a hundred percent. So, you know, I love the concept back to, Hey, bleeding edge toy store. Yeah. A hundred percent on there. How does it make you more efficient? Can we process information

[00:38:45] faster? Can we make decisions with more information available to you instead of waiting to manually do things, have it done for you, assuming it's accurate, all those things. I mean, you already mentioned how like the chat bot on, you know, the Chipotle and McDonald's or whatever, like got abused. I've been saying, and I still stand here and I, I don't know if I die on this hill or not, but like

[00:39:09] the customer experience part on the other side, not good. Many cases, not good. Like I just scheduled a appointment with the, you know, the car dealer to go, you know, bring the car in. And like, I, I went through it and like, it did not do what it was supposed to do. Like I got there, they fixed it. Like ultimately in the end, the human being had to deal with the exception that the system didn't do right. Right. But like, you know, does it get better over time? Maybe. Is it great right now? No,

[00:39:37] I prefer to just talk to a human being, get it done right. First time and be done with it. You know, I, I've been saying forever, Roddy, you know, to anyone who listened, right? This is the frontier airlines versus the Delta experience. This is the Chick-fil-A drive-through versus everybody else, right? Like Chick-fil-A doesn't have you talk to the AI speaker. They got somebody with a tablet sitting there ready to go. And you're in and out in five minutes, right? Face to face with them. Yeah. They say, hello. And my pleasure and welcome back. And you know, you're, you know,

[00:40:05] at my local Chick-fil-A, I'm on like the top 10 leaderboard. I'm told that I didn't know until they told me. Okay, cool. I got a lot. I got a lot to say about it. I do. I do. I do. So there's two schools of thought. There's efficiency and then there's quality of life, right? Well, I'm sorry. And well, efficiency and effectiveness kind of go hand in hand. Sometimes people like to be so efficient that they lose effectiveness. And I think they shoehorning AI into the wrong areas.

[00:40:33] I was having a talk and I can name the vendor, but I was having a talk with their field CISO. We did a webinar with them. And one of the things he said that like I'm stealing is the winners of the future won't be the ones who use AI in everything. It'll be the ones who use AI in the right places. And customer facing is the wrong place because you're dealing 90 times, nine times out of 10 with a frustrated person. And they're only going to be more frustrated because they're talking to something that doesn't understand frustration. It can act like it understands frustration.

[00:41:00] And I think what we're trying to do now is people are using AI as an efficiency squeeze, and they're starting to have problems with effectiveness. AI should be used to improve quality of life. So what do I mean by that? Right? If I can go back to my KQL queries issue, right? I'd spend 45 minutes to an hour and actually hated my life writing KQL. I hate my life. One of the most dreadful things to do. Like AI could write 90% of it. I would check it. And I'd run in and take me 15 minutes, 10 to 15 minutes. Right? Like that's a quality of life

[00:41:30] improvement. And I don't have to sit there and write code because that's a drain on me. I'm not very great at it, but I can go back and check it. Summarizing tickets for my staff or saying, hey, what other tickets this person put in recently? So I kind of have a little bit of background knowledge. You know that this issue has been going on and or it's been going on this organization for a while. And or here's some documentation around it. And here's the ticket notes from the other person. If you need to go deep dive, like that saves me a whole lot of time. So now I'm more

[00:41:59] effective as a person and my quality of life has improved because now I'm not missing information and the quality of the quality of the job that I'm doing has been improved. When we start to say, all right, well, I don't need 200 frontline people anymore because AI is going to replace them. I think you're long-term causing yourself problems. And for many reasons, right? PE is squeezing a lot of money out of people. And I think some of the play is to get rid of frontline and salespeople and everything else. And like, is the juice worth the squeeze at the end? Right.

[00:42:28] And I think, I think that's part of the play. I think people are looking at it from a, like, I call it the Boeing problem, George. Like when, when Boeing got rid of engineers in leadership position and started replacing them with bean counters, MBAs, not that I have a problem with MBAs, but whenever everything just became a number, right? Like a dollar sign, doors started falling off of airplanes. And like, that's a problem because an engineer would not allow that to happen because they're just as focused on quality as they are in profitability

[00:42:57] because Boeing was profitable in its prime time. But whenever they decided to become too profitable, like all they focused on was profitability and shareholders and, and the finances, which we should focus on finances. Like I'm not telling MSPs go out there and hand stuff away and just be good guys. Like you do have to make money at the end of the day, but like, sometimes it becomes their, their squeeze of efficiency ruined their effectiveness. And I've labeled, I've labeled

[00:43:24] it the Boeing problem. And I see that happen a lot of times. We see it happen in the space with vendors. They're great companies. And then as they're, they're, they're told to become more profitable. They start to squeeze the things that made them important. QA, new feature development, frontline support, et cetera. And then like those companies become, in my opinion, mediocre. And I'm not going to name any names. We could sit here and call them out, but like,

[00:43:51] I'd rather have a small client base and be exceptional than be a large client base and be mediocre or be un, un, un, I don't know what's the word, unremarkable. Right. And maybe that's just me. Cause like, I'm not in, I'm not in it for, I'm not here for the money and I don't have to sell anything. So like, maybe I'm altruistic about it, but I think that's the problem is that in the quest for efficiency and profit, we tend to forget what the spirit of the company is for and what we're

[00:44:16] here to do, which is to serve other people. And it gets lost in business and I get it. Right. Like I've seen, I've seen good people lose a lot and then realize that like they were in it for the wrong reasons and turn face. And I've seen some people just lay into it and I don't know what the, fix this. But again, it all boils down to me. It's like, what are you trying to do with your AI? Are you improving people's lives or are you just trying to squeeze pennies out of,

[00:44:41] out of rocks? And I think sometimes we get lost a little bit in what we're actually going to try and use it for. Yeah. Philosophically speaking. Right. I'm with you. I'm hearing what you're saying. I agree with you. So a lot of people that I've been following online, and there's so many people talking about this, but there seems to start to, I'm starting to see a trend bubble up recently,

[00:45:02] where all the feeds are starting to lean into 20, 27 is going to be a massive rehiring curve. I'm like, Oh yeah. Why all these companies, especially the really big ones that did 20, 30, 40, 50,000 people. Right. Cause they're so big. These are just fractions of departments. Right. They're going to rehire a lot of the front customer facing worker. Right. Whether it's a sales or

[00:45:28] account management support, customer service, like that kind of thing, like to your point, that didn't get better. That got noticeably worse. And if your customer churns out, then the money that you saved gets, you know, offset by the fact that, well, the money that was coming in stopped coming in. Right. So this broke. Right. Yeah. I think there's, yeah. Do you subscribe to this idea? Do you think that that, what do you think? So I got three paths. We can go down a AI gets

[00:45:56] noticeably better and more human-like, and it actually in the long run does can, or does replace human beings. Right. Like that's a, that's a gamble. That's a role we could be. It could definitely improve to the fact where like, it's like talking to a human being and not this fake or not understanding the logic or the emotion behind something that could be a path we go down. So like it could be a gamble and a good move to go in that direction. The second thing is we know companies like Anthropic and some

[00:46:23] of the big ones in, in, in even the Microsoft, like the AI play is not as profitable as they think they are. So do they raise prices on tokens? Like does Claude raise prices on tokens? So let's say they, we saw it happen with cloud, right? Like when cloud servers first came out, they were dead cheap. But then when the three big emerged, Azure, GCP and AWS, boy, howdy, did they have to make their shareholders and their profit back? And they rose and they raised prices. So if we raise prices and you're embedded so high into AI, you can't pull out, well, what do you do? Well, your, your prices

[00:46:53] increase and you potentially lose clients, customers. The third play is, is the same thing happens and you move AI on prim, right? Like you build out your own AI and make it cheaper. Who's going to run it is gotta be a, you gotta, you hire a network engineer, systems administrator and AI governance officer with blah, blah, blah. Right? Like you're gonna need some people to run it. So yeah, there could potentially be hires. Right? So if your token costs become too high and you're like, man, we're

[00:47:19] spending $120,000 now on a token for a per customer rep because of all the, all the BS that it has to do on the backend, I could hire somebody for half that to be a customer service rep and, or even a quarter of that if I offshore it. Right. And, and we start to hire back out. Right. I don't know. AI would have to get noticeably better. I think for the long-term play when it comes to customer facing backend stuff, code writing, et cetera. Like, yeah, like I think you're already starting to see that. And I don't

[00:47:49] think it's going to offset that. I think, you know, like I think sure web, I think the last report I saw or last talk I heard from our platform teams, like 30% of the code is, is AI written right now. And 70% still handwritten or hand reviewed or whatever I think the term is like, we're starting to see that. I would never go more than 50%, right. Of my code AI written. So there were always, we're always gonna need some humans. We're always gonna need people to review it. I think it's like anything

[00:48:15] else. Like people got a little too happy and thought AI was a silver bullet. And we're just going to realize that it's a, it's another tool like cloud, the same thing. We did the same thing with cloud. People moved all their systems to cloud and they were like, man, this is awesome. I don't have all this hardware on prim. And then people said the experience kind of sucks in this. It's expensive and they moved it back. And they said, they found that like the, the spreadsheet numbers didn't match out to reality, especially when there's soft numbers involved around customer sentiment and everything else. And they were like, eh, it's not working out. So they brought

[00:48:44] those things back in, especially as prices increased. They were like, it's cheaper for us to bring on prim. And I've seen that, seen that back and forth, bounce back and forth. People pulling stuff, bringing it back on prim, people on prim, moving stuff to cloud. So I think we're gonna see the same thing. Like, I think we're in the upward shift of the S curve. And then when that downward shift of the S curve comes back after adoption, we're gonna see some, some, I think some people say like, it wasn't the best idea and then rehire. But again, is

[00:49:10] there's still a couple of variables out there with regards to like how great can AI actually be, especially reading human sentiment, understanding human emotion. I think that's a huge part of customer service. AI is not there right now. And I think some of those moves are just enough to get somebody into a good, nice golden parachute with profitability. And then they bail out and say, the problems are left over. Right. Like next guy's problem. Yeah. Next. Exactly. It's not my

[00:49:37] problem. It's the next guy's problem. Yeah. It's like the new CEO of Disney, right? They got a lot of things to figure out. I mean, but to that end, like, you're like, Hey, these guys are so invested. Like the price goes up. I mean, hard not to put a, you know, a common theme to, Hey, Microsoft keeps raising the three, six, five pricing by like 20% every year and a half. And it's like, can't avoid it. Like they're like, Hey, if you don't like it, move to something else. Hey, Google just announced

[00:50:04] a 30% increase on Google workspace. Now, where do you go? Like, do I start bringing everything back on-prem? Dear God, dear God, don't bring exchange back on-prem George for the love of God. I would, I would pay any amount not to have to manage another exchange on-prem system, but, but again, I mean, Hey, for a small business, it probably makes sense. You're talking to large and enterprise businesses, like $3 increase on a license times 30,000 individuals. That's 90,000 a month times 12.

[00:50:34] That's a lot of money, George, though, for a million dollars. So yeah, there's those kinds of things, those kinds of things you have to figure out in the large enterprise. And then eventually it's going to get to a price where like some startups going to say like, Hey, I got a, I got a move I can make. And somebody kind of starts moving into space. I mean, the EU is already trying that, right? They're trying to build their office 365 Google competitor right now because they're, there's a data sovereignty thing. So like, let's say they move into the space. That's a, that's going to be a big hit. It's gonna be a big shift in the market.

[00:51:02] And will Microsoft adjust to that? How will they adjust? Will they lower prices to remain competitive in the EU? Will they, will they say, screw it, we're going to raise prices on North America because we don't have a competitor. And then that allows a competitor to enter a space where they can be low cost and be basic with basic email, uh, uh, an app that's acceptable to office formats and everything else. And just gets the job done for small businesses. I mean, there's a potential there, right? You can, you can raise your prices so much that you squeeze out,

[00:51:29] you know, the lower half of your, of your market and a competitor sees an opportunity and goes in like, will Elon Musk build an office 365 killer? That'll probably be the next episode, right? Well, I saw that Elon Musk might be buying whatever's leftover of spirit airlines and assets and building the airline of the future. Hey, God bless them spirit. You know, the jet blue might be next

[00:51:55] from what I understand there. They're suffering too. So you might have a, if only, if only these guys could have merged and stuck around for a little bit, who would have known what would happen? Uh, the crystal ball George sometimes is a little hazy, but yeah, you know, I, you know, like I, I can't say I've never flown on a spirit jet before. Um, but, uh, you know, someone can, can buy them and build them back. In fact, I think there's a crowdsourced, uh, there's a, there's a guy trying to crowdsource the buy and purchase of spirit airlines right now. I think they have until, uh, tomorrow,

[00:52:25] I think there's something to file the paperwork to attempt to buy it. So they've been raising funds online. I've had any go check on it. I think it's like, let's buy spirit.com or something like that. And like, he's been crowdsourcing money and attorney's fees and everything to try and buy spirits. So like, you know, George, I, you know, if I throw 10 bucks in it, I might be the CFO of spirit by the end of next week. You know, I think I read that one. The guy's like, Hey, there's, there's 200 million adults in the United States. If we all pay $80 a person, we can just nationalize

[00:52:53] spirit airlines and make it a net. And I was like, Oh, interesting. I don't know if everybody would do that, but I hear what you're saying. Yeah. Let's buy spirit air.com. If anybody wants to go, um, let's see if he's how much he's raised. He doesn't really say how much he's raised so far. Oh, 437 million total pledge so far, George. So this guy might actually pull it off as of, as of yesterday. Uh, their audited amount is 214 million, but there's 400. So 214 million have

[00:53:20] come in and 437 million has been totally pledged. So he's got to play George. He's got to play. Well, I'll tell you what, um, you know, I do believe that not everybody should get a bailout, especially, you know, the government just loves printing money. I'm, I'm one of these people where it's like, Hey, I get in critical situations. It needs to be done like 2008 financial crisis, et cetera. Although that could have been avoided. There's also all sorts of movies out on that,

[00:53:47] but, um, you know, like you got to run your business to be healthy, right? Just like, you got to run your body to be healthy. It's got to run your everything else to be healthy. So, you know, at the end of the day, um, it's just very sad to see. It was like 18,000 employees. You know, that's a lot of people that are now, you know, on the street. Um, but back to, you know, how does the rest of the industry react? This is like any other industry, right? Like how

[00:54:17] do the big airlines react that are on the top of the food chain and, you know, like to Southwest used to be really cheap. They're not cheap no more. They're right in line with everybody else. So like, I think there is room for a low cost airline, just like there is room for a low cost cell phone company and a, you know, you know, low cost TV, you know, streaming service and so on and so forth. But, you know, if anything is unexpected in your business plan, it may not be room. Yeah. Yeah. That's a, that's the thing, you know, like I read this guy's

[00:54:46] website and he's like, Hey, we're taking the green Bay Packers model. So like in the green Bay, like 360,000 ordinary people own shares, no billionaire can move it. No hedge fund. You got it for parts, uh, spirit, spirit 2.0 is that model. Right. And so like, do we build of the community, like, uh, an open source community cloud productivity platform, right? That's

[00:55:08] that can't, can it work in theory? It can work, uh, in practice. Uh, let's, let's see. But like, I think, I think that's, what's going to happen. Like if they can, if you continue to raise your prices, uh, that the market can't bear and you're not showing value for it and there is a potential for you to move into the space and be an alternative. I think, I think that's gonna, that, that like provides what people want in like an enterprise, it's dollars and cents and small businesses, it's relationships, right? So it's a little bit

[00:55:37] tricky in the MSP space, right? Like your relationship is, is probably your most important thing, uh, next to pricing and the services you deliver. And I don't know, George, I think if you, uh, if you're struggling MSP already and you're struggling and you're like, AI is going to silver bullet this for me, like, I think you just, I think you're just, uh, delaying the inevitable. Um, and I think there's gonna be some really good players in this space who overuse AI and realize that like, Hey, it wasn't the right move. And I think there's gonna be

[00:56:06] some people who get it right and should be a model for how AI is being used. Right. There's some really good cases where like, again, like customer facing is a human, but what's supporting them was there is, is AI and it's invisible. That's the thing like AI to me, in my opinion, AI should be invisible to the end user, to the person that's, that's the, that's being helped by AI, either the technician or ultimately the end user client, like AI should

[00:56:32] be an invisible layer there. That's, that's helping out the situation, not hindering it. When it becomes to hinder it, we have a problem and that's going to be, that's going to be the make or break and there's no science behind it. Right. Like I can't tell you exactly what to do. You're the way you do business and the way you interact with your clients and you know, your clients is how you're going to be able to understand how you implement AI. Um, but again, if you're already hurting and you think AI is going to be the silver bullet, I don't think, I don't think you're going to think about it the right way. I think you got to think about it for

[00:57:00] a long-term like five to 10 year investment, not in a year or two, it's going to save me. I don't think that's going to happen. Okay. I like that advice. Roddy, I know we're coming off the time. Uh, I know you're a guy that loves being on the road, uh, often, or, or at least you are, whether you love it or not, um, where can people find a more information about the stuff that you're building, all the different, you know, catalogs and workbooks and, you know, frameworks to where

[00:57:29] they get to see on the road for the next little while. I don't know if there's anything that comes to mind where you're like, I'm absolutely going to be at this, this, and this come find me. And, uh, if you are open to people reaching out to you, like where do they communicate with you? Sure. Three things. LinkedIn is where I'm most active probably. So if they can find me on LinkedIn, it's easy. If you just type in R O D D Y, probably only one of me on LinkedIn. So, uh, add me, add Roddy Badger on LinkedIn. Uh, second thing is, uh, one of the things I have built is the cyber

[00:57:57] MSP community. So we built a community for people. It doesn't matter if you're a sure web partner or not. Um, so if you want to join that community, uh, reach out to me, I can get you access to it. We have about 450 members in it right now. And the third thing is I will be actually, I just left Casaya Connect, but in a week and a half, I'll be at MSP Geek Con. So me and Josh Hobain and Henry Tim and Michael Zaberski from Blacksmith InfoSec are doing a talk entitled, uh, CIS controls for people who don't give a shit about controls. Uh, and we're going to talk about

[00:58:27] like, how do you help your partners understand why control framework and security is important, even if they don't care about it. So we'll cover, it's not really a real technical talk. It's just like, here's some, here's some good advice for you. Okay. I like that. So if you like going to Orlando, like every other event seems to be, uh, you can find Roddy at MSP Geek Con, Google it.

[00:58:52] Um, this is, this is awesome. I love practical things, Roddy. I mean, a lot of the people who listen to this stuff, like not security people. Um, I feel like people have almost, I know I'm generalizing and it was like, oh, security was two years ago. We're, we're, we're past that now. And it's like, no, it didn't go away just because you didn't, you're not in the headline as frequent. Yeah. It doesn't mean that it's just checkbox, you know?

[00:59:19] Yeah. Yeah. And we're still, you know, security has always been at the, at the, a part of every business decision. I think like anything has to be taken into account. How does this affect the business? Risk management has always been a part of a business. I think we just kind of ignore it or we gut, we gut and feel risk management, but risk management, security go hand in hand, right? Risk models and everything else go hand in hand with security. Any action we do has to involve risk. I wake up in the morning, you know, I get my car and drop my

[00:59:46] kids off at school. Like I take a risk and like our whole life is risk-based. And my goal is to help people better understand risk in their organization and not, not take risky behaviors and anything we do, AI, cloud services, whatever the next iteration it is of technology, we still have to keep the idea of governance and good security posture and good security practices in mind. Fair enough, my friend. I, I'm sure I'll see you on the road sooner or later. I'm sorry,

[01:00:13] I didn't get a ton of time to chat with you last week in Vegas, but you know, Vegas does Vegas things. Vegas does Vegas things. Good luck with all of your extracurricular non-work things. Sounds like you got plenty of that going on. I know we didn't get too deep into it, but probably good that we didn't. And I will see on the flip side guys. This session was absolutely recorded. I love it. Connect with Roddy online.

[01:00:39] Absolutely great. Follow, listen to this episode, download, like share, subscribe on mspinitiative.com. And I'm looking forward to seeing you guys on the road. Catch you on the flip side. Thanks George. Bye.