Listen to the podcast here
About Matt
As President and CEO, I have the opportunity to provide my clients with creative and transformative technology solutions that have a meaningful impact on their business’s success.
For me, the satisfaction lies in my ability to help and serve those in need, which in every case results in a variety of positive outcomes for a business.
—
Watch the episode here
MSP Mindset: Survive or Die with Cybersecurity | Matt Rosenthal
CYBER EDITION
My guest has been on the show with part 1 and part 2 around business and entrepreneurship because he is President, CEO and Business Technology Strategist at Mindcore Technologies. That’s why he’s on this show now to help kick this off. He started in his basement and ended up being a successful MSP in New Jersey. Mindcore Technologies offers cloud services, managed services, IT consulting, cybersecurity, disaster recovery, and more. Matt Rosenthal, it’s good to see you again.
We have so much fun because we talk about everything. Thanks for having me back.
We’re going to dive into a lot of what we do for our day jobs and talk about our industry a bit. We hit that a little bit in the show but we didn’t dive into it this deep as far as how cybersecurity, where that realm is going now and the transition of IT firms and how that’s happening. That’s what I’m excited to talk to you about. Tell me a little bit about Mindcore to start off with because I don’t even think we got into that before.
We did.
Where did it start and how did it transition into where it’s at now?
You’ve touched on it before. We’re business strategists and IT strategists. It’s one and the same but that was an evolution. What we’re going to talk about is how we evolved over the years through different businesses and different changes out there in the field. I started as an IT guy for a large company in New York City. I didn’t know anything about IT. Fast forward, I ended up running a crew of 35 people. I was Head of IT for a $2 billion company headquartered in New York City. I was the IT Director and I did that for quite a while. While I was doing that, like everybody else, I had an IT gig on the side back when it wasn’t cool to have an IT gig on the side. For me, the big transition was, it was discovered that I had a side business by the company. I wasn’t impacting anything. I was at the height of my career there and I couldn’t do any better. I was the rising star. They find out that I have that business and it became an issue. Long story short, I quit and that was the beginning of me finding out that I was an entrepreneur, which I didn’t know.
I took the side business little by little and turned it into what we have now. I took two pit stops along the way before I went full all in with IT. When you grow up as a poor kid, it’s multiple streams of income. It’s never enough because you can lose at any given time. I started a commercial pool company, out of nowhere. I built that up into probably a $2 million business and walked away from it because my IT business was too busy. I walked away from that and that was my final stop before I went full-time into doing what I have now. There were two other stops also along the way. I was a CFO for somebody. I ran somebody’s company in a big way for about three years. I made a lot of mistakes. I took a little bit of a zigzag journey but all along the way, the one thing that was consistent, I always had the IT gig going on. I always had more people coming my way. It was never because I was the most technical person, it was because I was able to connect with people. This business I’ve built has been through connecting with people.
You were talking about how you had several businesses at the same time because you were in IT. We’ll get to the cybersecurity portion here in a bit but I’m a member of a lot of groups on Facebook and there was a post I saw on the IT Business Owners Group. I engage here and there, but I never post because I respond more to what’s being posted. I get asked this question all the time like anybody else and apparently, this happens a lot. It was a customer or something who was asking this IT guy in MSP, “If it is your main business, then what’s your actual side gig?” IT is the side gig. Let’s rewind because I was the same way. I was installing cable modems when I was doing other things, back in the days when cable modems came about and there were one-way cable modems at that time. You had the downstream, which was your faster speed, which was ten megabits or something like that but then the upstream was still dial-up because that was the 56k. Those were the first cable modems years ago that I was installing when cable finally came around.
I remember that.
That was the next step up from dial-up. You got cable coming one way because it still wasn’t a bi-directional connection. At that point, it was one way but I’ve always had those side gigs in IT until I went all-in with IT. Even with you having that, that’s the business that took off for you while you still had a pool company.
It’s the title of your show, by the way. It’s all-in. You should do something with that.
Maybe I should. Maybe a little bit. I’ll try. When I saw this post, I was thinking that’s how a lot of small businesses see IT. That’s the phrase that we’ve had, “Who’s your IT guy?” It’s great now because there are more women that are getting involved in the space, which I love to see because they can see things a lot more abstractly and put some puzzle pieces together that men can’t. It’s been male-dominated and it’s always been looked at as a side hustle like a one-man show. It’s a gig, rather than an actual business. That’s most of our industry still. It’s sub $300,000 and sub $500,000 in revenue on an annual basis. You went to a point where you shifted and there was an evolution of Mindcore throughout the years.
You’re right about that. That is most of the industry still. I come up against them as you may when we’re out there competing and they’re bidding on something. There are always a few people that are like, “How could they be so cheap?” It’s the one band or a 1 or 2-person shop that doesn’t have any overhead. We started out that way but you and I found a way to evolve because you have a vision. You’re not afraid to go after your vision. You have a way to see a roadmap of how to get there and you’ve built a business. We’re in the minority, not the majority and it’s one of the reasons you do this show. There’s information that gets out there to people that are in those situations. We talked about that on the last show. How do they break through the $1 million mark? It becomes, “Have a vision, a strategy, get past the fear and execute,” but it’s so hard to do. It’s not common.
There is a transition too and we’ll get into how these correlates. I’d love to examine how this correlates to MSPs in cybersecurity and where that’s going now because there’s the stage, which you and I sound we both started out to where it was a gig to where it was the job. We were no longer working for somebody else and we were doing the job for ourselves. Because we both do multiple millions a year in revenue now, there are those we run across that were in our shoes to where they’re still charging by the hour. They think, “I made $30 an hour and $60,000 a year as a tech for this other company. I need to bump that up a little bit to pay for my taxes, and I’m going to charge $45 an hour, $50 an hour or some. I see it’s $60, $65 an hour and settles in there.”
That’s where we might find some prospects that are like, “I can pay this guy $65 an hour.” I’m thinking, “Go ahead if that’s where your mind is at. Please feel free because that’s the first stage of this business.” There’s then an evolution where you go into almost a lifestyle business. You’re doing $600,000 or $700,000 a year. Maybe you’re still approaching that million-dollar mark in revenue but you’re not there yet. You’re making a good living at that point. You might have a couple of people that are working for you. You can finally buy the BMW or the smaller Mercedes if you want to as your daily driver. You feel comfortable. You’ve got a decent size 3,000 to 3,500 square-foot home and everything’s comfortable at that point. You’re doing maybe $600,000 or $700,000 a year in revenue.
That’s the point I was at when that whole transition happened for me. I was at $800,000 or $900,000 and I was comfortable. I had way less stress. I was running at 35% margins. Growing up with nothing making a few $100,000 a year, that’s a lot of money. I could have stayed at that level but there’s something that happens when you transform and you get past that level. When you make a choice that you want to work with different types of customers, you want to work with people who have the same strategic mindset. They have a vision for their own business, they expect something different from you, which is why they pay you more. They expect you to be a higher-level professional, be able to strategically think, think critically, give them guidance, knowledge, experience and expertise. That’s where the next level of revenue comes in.
It’s like any other professional service. That’s a one-man band running out of his office to keep this guy, that’s great but he may be missing a lot of things he could be showing me. I might be missing a lot of things I could be using if I had a firm, a set of professionals, and had a broader experience. That’s the crossover. Most people in our business have a tough time with that transition because it’s a totally different way of thinking, that doesn’t come naturally and there’s nothing wrong with that whatsoever. However, you have to be able to cross that line if you want to go past $1 million, $2 million, $3 million, $4 million, or $5 million. It’s a way bigger thinking. It’s a different perspective and it’s scary as hell for everybody and for me to this day.
You do things and make choices. I let some people go and I’ve brought some new people in. I gave somebody a promotion to be the director of operations. He’s been here for a couple of years. I’m making a decision because I need to be freer to do things like this with you and to build our company, our brand. People can’t get past the $800,000 mark is because of that thinking, that mindfulness, that careful strategic planning, and execution that they can’t do it. It’s not their fault and that’s okay but they have to be able to accept who they are and where they’re going or where they’re not going. You ask yourself the question, “Who do I want to be? Where do I want to go?” It’s a big question to answer.
It is. That $700,000 or $800,000 mark in revenue on an annual basis we said that is comfortable. There’s not a lot of incentive to push past that unless you want to build something that helps everybody else around you because you’re still in that mode where it’s like, “I’m comfortable.” Myself, as the owner, I’m the one that’s comfortable with this. I might be able to provide a decent middle-class wage to a couple of other people with that to help fulfill the services.
It’s a wonderful and beautiful thing to do. It’s a great feeling. You and I talked about signing the paychecks. It’s a beautiful thing because somebody has to be the creator and you and I are creators. Everybody can’t be a leader. You and I found a way to cross over past that mark. Underneath it all, we struggle with fear and doubt and that might be underneath it for a lot of people. A million dollars is a nice number. It’s got a couple of zeros. It’s round and there’s a comma. That’s a great lifestyle. I want to go to $5 million. You can go to $5 million. Anybody can go to $5 million or $10 million. Anybody can do it. There’s nothing special about me or you. We’re good-looking smart guys. The thing is, it simply comes down to a belief. Who am I? Who do I want to be? Am I too afraid to make it happen? That’s what stops most people. It’s fear.
Those evolutions of revenue, too. I’ve seen much with the evolution of the business model and now here’s where we’re going to dive into where the industry is now in cybersecurity. Shifting from that low hourly rates into a true MSP, a managed service provider to where now you have subscription-based services. You’re charging per seat or per user and there are still people that I see that are charging $50 or even $10 a user or device. Our minimum is $300 at this point and it goes up from there because of everything that we’re able to do for that. It’s not based on what we’re selling. It’s based on the outcome that we’re providing. That’s why we can charge so much more. It’s not based on what we’re selling, it’s based on the outcome that we’re providing.
The outcome is more than just a technological outcome. You’re delivering such value that you’re educating and informing. You are making sure everything’s working, but we are part of our client’s strategic plan. We’re at the table having conversations. They may want to reach certain revenue goals, that’s great. If they’re paying the rates that we’re talking about, they do understand that they need serious guidance when it comes to technology. Cybersecurity is a huge part of it. If you’re not managing your risk, there’s a cost to managing your risk, but the cost of managing risk is a hell of a lot less than the cost to address a breach. People are paying these reasonable fees that you’re talking about because they’re getting a tremendous value from that and that’s what the next level is.
Do you have the confidence to deliver the messaging that, “Yes, we deliver real value to you and there’s a cost for it but here’s the reason?” That’s the messaging I’m sure that you have in your sales conversations. It’s hard for people. The people that are charging $50 and the numbers you mentioned, they’re not having those conversations anyway because they’re not equipped to. That’s why they’re stuck there. There’s a place for those people but there’s also a place for people you and I. People need the information we have. They need somebody they can rely on that has confidence and knows what they’re talking about. That’s what we do and there’s a value in that.
I affectionately call that group, and it’s a good place to start, the Plumbers of IT. I don’t know jack squat about plumbing, so I appreciate plumbers. I’m not the one that’s going to find where the leak is or anything. If I see water dripping out through the ceiling from a shower or something, I don’t know what to do and I don’t care. That’s why there are professionals. Plumbers charge $150 an hour.
I’ll tell you a quick story. My wife and I are going for a walk. I’m always working and my headphones are on. I don’t notice anything that’s broken in the house. We’re going for a walk and as you walk out of my house, you look to the right and there’s a sidewalk. There’s the hose, air conditioner, and stuff there. She’s like, “There’s water leaking over there.” I’m like, “Where?” I see water leaking out of the side of my house. It’s running. I’m like, “I don’t think that’s supposed to happen? I’m not a plumber. I know the air conditioner is supposed to drain a little bit but that’s what that pipe is. That’s a drip.”
No. The water was running, so I walk over and I’m like, “There’s a valve. This must be the valve for the house. It’s got to be.” I turned it and the water in the house goes off. My daughter’s in the shower and I hear her screaming. I texted a plumber that we’ve used in the past. The guy happened to be at the development next door. He’s over there in half an hour. It turns out that this thing was broken and it had been leaking for five days and my wife didn’t tell me. She noticed it earlier and she never said it. “It was not supposed to be leaking like that.”
He fixed it in twenty minutes and I’m like, “How much?” He goes, “$100.” I gave him an extra $50 cash for two reasons. One, it was a weekend. I understand what it’s like and I get it. I’ve been there and he’s got a lot of value to me. I want him to know that I appreciate him, so I gave him an extra $50 but it was $100. It was $150 like you said. It took the guy twenty minutes to figure it out but he knew exactly what it was. H was professional, reliable and responsive. It was worth it. A lot of people I know would have been complaining about that $150.
Let’s relate that back to where I was saying about the plumber and you had a leak. That’s what I look at that first stage of evolution. Something’s wrong, so you called that IT guy or that IT girl and they come out and fix it. Yet, they’re still undervaluing themselves, because they’re only charging $60 to $65 an hour or whatever. Let’s say they’re charging $150 an hour, for the sake of argument. That’s great but that’s still to what you said is all they’re equipped to do is react to the fires and be a firefighter.
They don’t believe they’re worth more.
When you transition into recurring revenue as true managed service provider, that’s when you’re that plumber that goes on to say, “I fixed this leak but while I’m here, can I look at some other areas of potential risk that you might have? Maybe there’s something else where I can address this. It might not even be my competency.” This is the business strategy part, “I can take a look around and see where you might have some other holes and make some recommendations. I want to be this person for you. I want my firm to be this for you to where you know that your back is always covered before something even happens.” That’s that business evolution. Now you’ve gone from $150 an hour, $65 an hour into MSP but the transition to get over that million-dollar mark, the only way to do that going forward is cybersecurity. That’s the only conversation to break through that and continue to grow.
It’s the tip of the arrow now. Is that the expression?
Yes.
It’s every conversation now.
In your analogy, the conversation has to be led with it. IT and managed services are a commodity now. The price that you can charge for those is going to continue to drop because you see internet service providers like Comcast offering “managed services.” Managed services are now $39 a month. T-Mobile does it for its business customers. I don’t know if anybody knows that but if you have a business account, you can tack on to each phone line for $39 a month to get help/support for your computer from T-Mobile.
They are getting those calls. It’s important to point that out. They’re not getting anything else. In my company, we’re forbidden from using the word managed service provider. We don’t use it. We’re a technology service provider, a TSP. We don’t talk about it in sales, you don’t find it in our presentations, and you rarely hear me use the term other than to say it’s a tool in the toolbox now. That’s all it is. Those people at Comcast weren’t delivering cybersecurity awareness and talking about your posture. They’re not delivering risk assessments. They’re not delivering anything. They’re fixing computers. I’ve got news for you. You’re not a customer, for me anyway.
Because you transitioned from the MSP into the TSP, which is the new phrasing too, Technology Service Provider or Technology Solution Provider, why do you think that MSPs struggle with cybersecurity?
It’s the shiny object syndrome. Every MSP, everybody that I know, that runs a small MSP are so busy running from whatever the biggest thing is at the moment. They don’t tend to focus on what’s happening or what the real issue is out there in the marketplace. How you can deliver the most value, stop, plan and put it into place and know that everything takes eighteen months to happen anyway. If you’re going to get into cyber as a service, it’s going to take you a year to do it right. You need people, strategic partnerships, how you are going to deliver it, update your agreements and what’s your messaging going to be. That doesn’t happen in two days.
You’re still busy fighting fires all the time as an MSP. You can’t focus on sales and marketing if you are developing something new. That stops people from doing. They got into MSP. If they didn’t, they were going to die off. They get into MSP, which is a comfortable place to be in. How do you get to the next place? What is it? If they believe that it’s cyber or if they believe that’s unified communications as a service or it’s Office365 and everything under that umbrella, which way do they go? MSPs try to do everything. They try to be everything and do everything to make a customer happy because a customer asks for something. If that’s the way you operate, you cannot latch on to something new and truly be an expert at and deliver it.
There’s no way. We’re doing a virtual comedy thing and there’s a joke that I came up with here and I’m going to tell you now because you’re talking about Unified Communications as a Service, UCaaS. There’s SaaS and IaaS, Infrastructure as a Service. There are all these aaSes that are around. It’s like, “The freaking MSPs need to pick one aaS and hit it hard.” It’s hilarious but that’s the truth. There’s no way that you can be everything for everybody.
MSP is out of fear and I’m talking about owners. They feel like they need to because they’re $800,000 a year. They can’t lose customers or they’ll lose their lifestyle. It’s all fear-driven. There’s nothing about it that’s vision-driven. It is fear-driven and that’s a shift. You must have made it at some point. You make that shift to like, “Here’s my vision, I’m going to execute. Yes, I might lose a business along the way but I know that I can get more. When you gave me your sales pitch before, I was sold. Why? Because you have confidence, the tonality in your voice is there, you have the words right, that comes through and you can feel it and I’m going to buy.”
That’s not common. These MSPs out there have to find that. They’ve got to train and learn how to make the pivot to something new and get out of their way. If they keep chasing every shiny object and doing whatever their customers want them to do, it’s not going to work. I had a lead coming off our website from a large global company, who needed some help with something and they wanted to outsource it. I get on a phone call with one of my top engineers and somebody else and we’re listening to everything. We can totally help them. It would probably be a big project.
We hung up the phone. I get back on the phone with one of my guys and we’re both like, “We’re not doing that,” because it would take our eye off the ball. It would distract us because it would be too big of a project. They would be too noisy. We’re just going to walk right past it. Maybe they need something else from us but we’re not going to do this. MSPs don’t do that. They’d be like, “Yes, we’ll take it. It’s a $100,000 project.” That project is going to derail my other seven projects I have going on and I’m not going to do that. That’s the mindset difference.
I’ve been doing that since I was at $200,000 a year since I was that one guy because it was always focused on building something bigger and understanding your own bandwidth. Also, having a direction and sticking with it.
If you’re not an expert and you’re not good at it, say no. It’s okay to say no.
I saw another post on Facebook. I haven’t been offering managed antivirus to my clients yet. What do you guys recommend? Bitdefender? I’m like, “Oh my God.” This was in one of the MSP groups. I see this but that’s also the state of the industry because you move to the point where they were trying to be this everything is what you’re saying. They haven’t focused on what’s going to help them grow at this point. What you’re telling me is what everyone needs to understand. What Matt is saying is if you don’t make this transition to cyber as an MSP right now, you are going to die.
The fear that Matt’s talking about is what I understand is the fear of what you don’t know. I’m sure you have this because you might be thinking, “I noticed it years ago, back before cyber was as big as it was now. There’s so much in this industry to keep up with from a technical knowledge perspective.” It was 2013, or something that is when I let my MCSE expire by choice. It’s because I moved to the point where it’s like, “My skillset is to where I can curate talent. I can lead the efforts and the energies of everybody else around me and I can put people in places to be able to do what they need to do.” We are natural CEOs but maybe there’s an owner that’s more of a natural operations person. It’s also okay because it isn’t about cyber but also about understanding how to build a business and it’s okay for you to hire a CEO if you’re not the one to do that.
I said to the guy that I just promoted, “I’m putting you on a two-year track,” which is the CEO mentoring program. He was like, “What?” I’m like, “I’m going to teach you how to be the CEO. When you’re ready to be CEO, I’m handing it over to you.” I wrote something down when you were talking. The word delegation, which you’re like, “You have to delegate. We have to be able to delegate and to know that people were delegating can hold themselves accountable and hold people accountable that they’re delegating to.” The key to bending time and to having your time is delegation. It’s one of the keys and an awareness that you need to delegate and the people around you have to be reliable.
Without that, you’re never going to get out of the weeds of MSP. You’re always going to be doing the work. You’re always going to get sucked back into the work. The fear that’s keeping you comfortable in that is always going to keep you comfortable in that. It’s a vicious cycle, because you’re afraid of success and hit the big numbers. In order to have to stay or not to have to deal with that fear, conveniently, you stay in the weeds and you stay tech. It’s a mindset that I’ve seen around me. It’s a mindset that my former partners had. It’s a mindset that is counter to growth.
I talked a little bit about the managed antivirus. What do you have? When you go to conferences and there haven’t been live events but there was a scenario at a bar that I went to because everybody was talking about this two years ago, “What’s your stack?” That phrase has been around for years. Everyone thinks this is a magic combination of products in order to deliver cyber as a service. There’s another aaS for you, too. Cyber as a Service. There is aaS for you, too. There are some I feel because even with what we have and this is probably subjective but there are some almost non-negotiables and those kinds of things when it comes to delivering cyber as a service.
From there on out, it comes to your unique skillset where you can offer. For ReachOut, we can dive heavily into internal threats. That’s because of my background, with training from the CIA, with having a private security company, gun and guards, doing investigations and having the tech side, too so it’s just natural instincts. Now, I’ve trained other people to look for. You can train those skillsets. I have. We’ve even done things to where there have been situations with the law firm clients where there’s been a fire on the 35th floor of a high-rise in the City of Chicago. My spidey senses go up and go, “How did that start?” “The watercooler shorted.” I haven’t seen pictures. This is all I’ve heard so far. I was like, “Was it moved at all.” “That was the craziest thing. It was moved from one side of the room to the other side of the room.” I’m like, “Do you have a photo?” “Yeah, in the security cameras that we put in.”
That’s a skillset that we have but then you see that there was an extra wire that connected the compressor to the power supply. It was arson from a disgruntled employee. We were able to match up some behaviors with the tech monitoring tools that we have and discover the individual that did it by an investigation using both instinct and people. Also, tying it to tech tools that we had to look at behaviors and productivity to match up. That’s a unique skillset that ReachOut provides. That’s not something that every MSP you’re moving into a TSP can provide but that’s okay. There are still foundational things that exist. What would some of those foundational things for cyber as a service be for you?
There are two things we do. One, we do things internally and two, we do have people that we partner with because we know that we can’t be experts in every aspect of it. I have two people that I do partner with for the more advanced things but we advise network monitoring. We put the devices in on-site and look for anomalies. That’s a big base for us. Real-time scanning of every device is a big thing for us. The vulnerability, the PAN testing and those assessments, at least twice a year. There’s a basic package, a basic set of things that we say to everybody.
These things don’t cost much but the cost of not doing these. In the six figures, probably when you get hit. At least quarterly reviews and we have clients that won’t do it. They still won’t put any of this in their budget. Some of these people that I’m thinking of are getting hit. We had a thing from Microsoft that came out. We went and checked every Exchange Server, we found two that had already been breached. We saw people doing things. We didn’t even ask our clients for approval. We just went on and did it, so there’s an element to where we’re proactive.
Behind me, there are the firefighter plaques. That’s me. There’s a part of my mind where I snapped into action and my guys were like, “Should we ask for permission?” I’m like, “No. Get in there right now and start doing what you’ve got to do. We’ll get permission later after fixing them and protecting them.” That’s part of the SOP, too. There’s a trust factor there. Our clients know that they’re going to get a bill for that because there’s nothing that’s asked as a service for that. That’s outside the scope of things, but we do it and I’ve never had a complaint because we’re protecting them. You don’t pull up to a fire scene and have somebody complain that you broke a window. You see each other, “Sorry. I broke the window.”
That’s an important point, too because I’ve been doing the same for the longest time is not asking permission. It’s forgiveness or you keep proceeding and I’ve always thought, “If they don’t want to do business with us anymore, because we are truly acting with good intentions and with their best interests in mind.” That’s it. In complete integrity, transparency and authenticity. They understand that’s the type of relationship that ReachOut has with our clients. There are some things, for example, we’re talking about the Managed Antivirus.
We use SentinelOne. They’ve got a big huge IPO that’s happening now and a couple of billion dollars or something like that for their valuation. You look back and their AI-based is Carbon Black. Those are the two best ones that exist and the only ones that have 100% protection rates on them because if you’re talking about old days Norton Antivirus, Trend Micro, Bitdefender like this post or something. That’s old school and it doesn’t work. You’ve got to do what works. I’ll tell you how the conversation went with our clients. It was this, “We’re doing this and this is how much it costs.”
We then go into why. It wasn’t even the ask at the beginning. It’s like, “We’re doing this because you need it. We’re shifting. There is an additional cost associated with this but here’s what happens if you don’t because it doesn’t work anymore.” Every single time we’ve done that, there are more things because there’s certain email protection that’s a foundational thing for us. It’s stopping things and sandboxing them and now we’ve even moved into integrated education and allowing humans to make decisions on each individual email with banners that come up. No more quarantine reports and it’s awesome because it’s, “This says it’s from this person but it doesn’t look like it. Make sure this is some act of communication that you want.” It’s training on the fly for every single email.
It requires user training too, which I left out from what I was saying. The most important thing, at least in my opinion, is user training. Because at the end of the day, a lot of the things we deal with cyber breaches are because users didn’t stop and think. They did something stupid and you can’t protect somebody from stupid. They have to be educated and informed. With a client, where we’re talking about cyber, I always end with, “We’ve got to train your end-users. They’ve got to be aware. They’ve got to know what to look for.” I’m going to tell a quick story. Hopefully, I don’t get in trouble. One of my favorite clients and one of our best clients are using Trend Micro. They have their own internal IT, so they said to me, “What do you think we should do?”
I gave my advice. My advice cost three times as much per seat as Trend Micro. Bear in mind, we’re talking about $1 versus $4. These are small numbers. My advice happened to be one of the things you recommended that you use. They said, “No, we don’t think so.” and I said, “It’s $3 more per seat. Look at the difference of what you’re going to get.” “It’s not in our budget.” “Is a breach in your budget?” We’re still having a conversation. We’re still having this conversation, and hopefully, this person comes over to my side of thinking and is able to express to the ownership, “It’s going to be an extra couple of thousands a month.” They had a breach a few months ago that cost them $100,000. It’s tough. It’s a big company. It’s a $100 million a year company that I’m talking about and I’m talking about a couple of thousand a month.
That’s got to be a unique scenario two because they already had the breach and they already had the dollars fly out the window and had the reputation affected and they still won’t move. One of the bigger objections I see in our industry is, “I’m too small. It’ll never happen to me.” “They’re going after government entities,” and all of that. It’s always like, “You have an insurance agent, right?” “Yeah.” “Is your insurance added in cyber liability lately?” “Yeah, we have that.” “Why do you think they do that?” Because it can happen.
If you have a breach, are you going to get covered because you have encrypted computers or MFA in place, what are you waiting for?
MFA is another foundational thing.
MFA is everybody that we put into our cloud. You have to have an MFA. If you didn’t have it, you had to get turned on. We are doing migration now. I have people in the field and we use Citrix Cloud for the cloud environment. We require you use the MFA feature. They’re like, “We don’t want to have to open up the app on our phone. It’s going to take time.” It’s not an option. You’ve got to do it.
What’s the biggest cybersecurity problem that you’ve come across throughout your career so far?
That’s easy. It’s not a technical problem. It’s an ownership problem that nobody wants to put in their budget. We’ve talked about it before. If I look at a second problem, there’s a small budget, but it’s not being increased every year, so we’re still not doing the full suite of things we should be doing to have a posture that’s strong. We still have vulnerabilities, so it’s always tied to money. What’s happening and what I’m seeing is it’s generational because the CEOs are the leaders that I deal with in companies where they may be a generation ahead of you and me, versus the ones who are in their 30s and 40s making decisions versus the ones that are in their 60s and 70s make the decisions. They don’t want to spend the money.
The younger people are okay with spending the money because it’s normal for them. They understand that you have to spend money on this and that I’m seeing it as a huge barrier. There’s a line in the sand with that generational perspective on cybersecurity. Thankfully, what helps us with that is things like the news that came out with Microsoft. That keeps it in people’s minds and helps us to overcome that challenge of not wanting to spend money because every time it happens, I send out an email from the CEO, to all my clients, and to 27,000 people, I have an email list, saying, “We’re still here if you need us. Let’s talk about it.” The challenge is the money.
That’s always it and that’s always been the struggle.
It’s the money mindset.
Here’s what MSPs will get caught in and this is another reason why it’s hard to cause that million-dollar mark. That scarcity mindset is contagious. When you’re in a sale engagement, it’s like, “We don’t have this in the budget.” This is something I always looked at, because still to this day, ReachOut has one package. That’s it. The only way it changes is if there are components that get fulfilled by an internal IT staff at an organization, but it’s still the same outcome and deliverables. It’s just that the work is being done or split responsibility. It’s still one single package and that’s why I never understood the MSP side of things.
It’s like, “Remember, you had all these metals.” It was platinum, gold, bronze, tin, and bottom of the barrel crap. From a sales approach, and this is something that will keep your sub $1 million, too, don’t have those multiple plans because if you go in, and they say, “It’s not in my budget.” It’s like, “It’s okay, I know I have the platinum, but you can take my crappy bronze plan instead if that’s what’s in your budget.” All of this is it’s going to create problems. It’s going to generate less revenue for you and it’s going to generate less confidence that your client has in you because now everything becomes outside of scope. Every single incident is a contention point.
It’s a self-defeating sales process. If you’re truly in there to help people because you know that you can help them and they need your help, to not help them out of fear of losing the deal is what creates these low-cost solutions and it brings it back to this. If you can’t have a conversation with somebody where they understand the risks in their company, they can attach a value to that risk and connect all that. Throughout this conversation, you’re bringing to their attention, the risks, and what those might cost if that were to happen. Not only that, the increase in revenue, productivity, and time that they’re going to get back by putting the solutions in place, and the mindset and processes and workflows goes back to find them. They’re not the right customer for you anyway. Let them go to the guy for $50. I don’t want to be around when this guy implodes. I don’t want to get those phone calls. I don’t want that noise. It’s because there’s a lack of alignment and a growth mindset versus a scarcity mindset.
The scarcity mindset is dangerous. I’m talking about Tony Robbins. It’s vintage but scarcity mindset is a belief that is self-defeating. I deal with a scarcity mindset every day. I’m up in New Jersey. I’m in my office here in New Jersey. I took the opportunity while I was here to drive by the Garden Apartments where I grew up. You’ll see a video coming out from me. I walked around and I started a video talking about why the way and how it all started. That never leads. I’ll have a conversation with myself about how I got to spend more money on marketing and sales. I have a podcast coming out, too. I invested tens of thousands.
I’m going to have a conversation with myself about spending that money because I know that I need to spend it but the scarcity mindset always creeps in, “What if I lose a few customers?” I always have that struggle but that doesn’t win. I used to when I was much smaller. In fact, I win that argument with myself every time it gets into my head. That’s a scarcity mindset versus an abundance mindset. The abundance mindset is going to draw things to me. Things are going to happen because they’re supposed to happen because I’m putting myself there. Cut the nonsense with those of scarcity and fearful thoughts. That’s the guy from the apartments that grew up having nothing. The guy that’s who I am today. It’s abundance. When you think of abundance, abundance finds you. It’s a big difference.
It sure is. I love that. Let’s end with this. Why do you stay in this field? What keeps you interested?
The same thing that has those things over my shoulder. I volunteered as a fireman for fifteen years. I never got paid a dime. I’ve got a tremendous amount of satisfaction out of the feeling and the emotion that you get from somebody that you helped. This is the same thing. We help people and we get thanks, praises, and pats on the back but what I get is me knowing that I’m protecting somebody who can’t protect themselves. It’s the firefighter. It’s the same thing and that’s a really good feeling. I can walk away from this tomorrow. I don’t think I’ll ever walk away totally. I don’t know what the future has in store but I’m having a great time.
Talking about helping, the people that work in my company, I’m not only helping them financially with a job. Mentoring and coaching are my true job. I’m a mentor and a coach. I had a staff meeting and I talked with everybody about mindfulness and awareness. There’s a guy I follow named Shawn Ryan. He’s a Navy SEAL. Look him up on YouTube. I watched something at 6:00 in the morning. He was telling a story about getting shot at. I’m watching him tell the story and I could see how calm he was. He was making fun of his superior, who was in the bathtub screaming for help as they were getting shot at. I’m like, “Put it in perspective. We provide advice, guidance and solve problems. We get a lot of calls. We’re not getting shot at.” Be calm. Be aware of your mindset. I had a whole conversation with my staff about how to stay calm, how to level set and how to keep it together even if it’s chaotic, we’re busy or whatever. Stay calm and you can control that. That’s why I do this. I’m always helping people and I get a tremendous amount of satisfaction out of it.
Thank you for bringing some truth bombs. I appreciate you being on this new show and we’ll have to do a number two on this one, too, at some point, because this is amazing. Thank you.
You’re the best. It’s always a great time and you. You touched on great topics. It’s valuable. Everybody should keep following you and tell everybody else about you.
I appreciate that. That means a lot.
Important Links
- Part 1 – I’m a Failure: And Here’s What I Want You to Know with Matt Rosenthal
- Part 2 – Can Past Traumas Turn Us Into Entrepreneurs? with Matt Rosenthal
- IT Business Owners Group – Facebook group
- ReachOut
- SentinelOne
- Citrix Cloud
- https://Mind-Core.com/
- https://TinyURL.com/aznnuj44
- https://TinyURL.com/59hffn7n
- https://www.TonyRobbins.com/
- https://TinyURL.com/vkv5cznn
- https://LinkTr.ee/mrrickjordan
- https://www.LinkedIn.com/in/matt-rosenthal-mindcore/
- iTunes – All In with Rick Jordan
- CastBox – All In with Rick Jordan
- Google Podcasts – All In with Rick Jordan
- Spotify – All In with Rick Jordan
- Stitcher – All In with Rick Jordan