Growth Through Compliance: Bill Smeltzer of Focus Technology Solutions

Show Notes

Unlock the secrets of IT compliance as we're joined by Bill Smeltzer, Chief Strategy Officer at Focus Technology Solutions. Bill brings a treasure trove of expertise, particularly on the intersection of healthcare and IT. We explore the compliance challenges that small medical practices face and how these hurdles are steering them towards affiliations with larger entities. Bill's strategic insights reveal the pivotal role of outsourced compliance partners in today's complex regulatory landscape, drawing parallels to how hospitals adeptly navigate these waters.

This episode traverses the evolutionary path of Focus Technology, charting its course from a Value-Added Reseller to a titan in managed services. Their commitment to integrating security into every facet of their offerings, much like a general contractor would ensure every service from the foundation up, is a testament to their forward-thinking ethos. We highlight the adoption of the NIST 800-171 framework, a cornerstone that enabled Focus Technology to adeptly meet diverse industry compliance standards. The conversation underscores the importance of agility and customer-centricity in the constantly shifting realms of IT, risk, and compliance.

This episode was recorded at The Business of Security event as part of N-ables Business Transformation program in April 2023.

Get an in-person rundown on what N-able has to offer including products, insights, networking and more.

The N-able Roadshow is visiting more cities than ever before in 2024. Take a look at our first group of locations; we may be in a city near you! -> http://spr.ly/6000RsTOq

'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today.

Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.

This podcast provides educational information about issues that may be relevant to information technology service providers.

Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice.

The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent.

Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors.

The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe.

All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.

Chapters

• 0:00: Trailblazers in Managed Services Compliance
• 4:30: Focus Technology
• 13:24: Roadmap to Compliance and Sales Strategy
• 25:14: Comprehensive Approach to Change Control
• 29:06: Data Governance and Cloud Misconceptions
• 37:05: Understanding Value Added Reseller Services

Transcript

Speaker 1: 0:20

One, two, three, four. We saw this massive trend where all of these physicians had to start affiliating themselves with hospitals because they couldn't keep up with the compliance requirements. So I wanted to be that hospital that the organizations were coming to saying, hey, we can't keep up with this regulation. Please help me do it.

Speaker 2: 0:42

Welcome to Now that's it. Stories of MSP success. We'll be diving to the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn managed services into the thriving sector it is today.

Speaker 3: 0:56

He's a recognized thought leader and trusted advisor to his clients. He brings over 25 years of experience in the technology industry, including the identification and evaluation of emerging technologies. He's managed complex security and IT projects for thousands of clients in legal, health care, manufacturing, education and professional services. He's the chief technology officer and the chief strategy officer for focused technology solutions. Please welcome Mr Bill Smelzer.

Speaker 3: 1:24

Well thank you so very much for being here. This has been a fun couple of days and this is exciting because you came as a presenter but you also came as a participant, so you've been engaging over the last couple of days. Why don't you tell the group a little bit about yourself? And I know you've got to meet a lot of them last night and the last couple of days but for those that don't know, tell everybody a little bit about yourself.

Speaker 1: 1:46

Well, I've learned a lot the last few days, so I want to thank Chris and team and Rob. I think this has been phenomenal. Yeah, right, and you're a great child. I know not to play this guy in convolving yeah.

Speaker 1: 1:57

Ha ha ha ha. Look right. So, bill Smelzer, I'm the chief strategy officer with focused technologies. I've been there 19 years, been in the industry, almost 30 years relevant to the context of this conversation tried to get out in front of compliance. Sorry, coming in a big way, sorry to my personal life with my doctors and primary care physicians and what HIPAA did to them, which led to IT. So going a little off topic here, but I can say the stage, please.

Speaker 1: 2:25

So what I saw was, when HIPAA was released, all of a sudden I showed up at my primary care physician and there was a HIPAA compliance officer and they came out and asked me to sign all these records and all this stuff. Meanwhile, we're working with a large health care company in Boston and they're deploying a $4 billion epic rollout. So what's epic? It's an electronic medical records application and I'm saying to myself these guys are spending $4 billion to roll out this software that by law they have to. They have to meet the Electronic Medical Records Act. In addition to that, I'm seeing this primary care physician that I've been going to for 30 plus years is now taking a patient exam room and turned it into a compliance office room and this person's coming out asking me to sign forms every time I go in there. I'm like this is kind of seeing it grow.

Speaker 1: 3:20

And the next thing what we saw was we saw this massive trend and this isn't the medical industry, now, not me where all of these physicians had to start affiliating themselves with hospitals because they couldn't keep up with the compliance requirements. They didn't have the $4 billion, so what they were essentially doing is they were subbing out their compliance to the hospitals. That's really what they were doing, if you just break it down to nothing. So, out of our strategy, with focus and kind of looking at it, it said how do we allow our clients to sub out their compliance to us? So I wanted to be that hospital that the organizations were coming to saying, hey, we can't keep up with this regulation, please help me do it. And that was kind of the brainchild of what we're going to talk about today. That's great.

Speaker 3: 4:17

Why don't you tell everybody a little bit about focus? Boston Mass, I'm not saying it right. Boston, yeah.

Speaker 1: 4:22

So if you, guys can't understand me, just ask me to repeat stuff. My wife has a lot of family in the Carolinas and they consider me a Kennedy at this point. But that being said, a focus technology 25 years in business. We absolutely come from the VAR background to selling product. We morph the company and the services. Then we morph to manage services and I think the key thing I would suggest to you is that the name focus technology. We're not a risk management company, we're a technology company, and I'm going to argue that. Probably a lot of you in the room are technology companies and now you're struggling with how do I become a risk management company? And you have to take a very different approach to it. So there's four pillars we service, we do data center, we do security, we do managed services and then we do data analytics. So those are kind of the four pillars of what the company's built on.

Speaker 3: 5:13

That's fantastic and I've had a chance to talk to you and meet your CFO and a couple others in the organization, and you guys have a fantastic MSP out in Boston and I'm really excited to continue to work with you. So let's talk about this. You guys made a decision a while back. You had sort of a strategic decision around your security business. There's a couple of things One booning it around a specific framework, which we'll talk about in a minute but you had another one where you said at some point you really got to again think about the focus, like how far are we going to go? Like how much do we deliver? Why don't you talk about that decision that you made way back when?

Speaker 1: 5:49

Yeah. So we're a technology company, right. So I would kind of bust people in an organization. I'd say our approach to security is would you like fries with that? So we would sell an array. And we'd say would you like data encryption? At rest, we would sell a firewall, would you like encrypted VPN, remote access. So we never really took the approach of delivering security first. It was always the add-on. So again, do you want fries with that? So when we kind of took a look at it from the framework perspective and said you know, if we're going to lead with security and we're going to lead with compliance, we really have to be comprehensive. I'm a big analogy, guys. You can't tell yet. So I'll give you what I thought here. If you went to a general contractor to build your house because somebody talked about this earlier- too, right, Little different spin on it.

Speaker 1: 6:42

Yeah, I said I'm going to do everything for you, but I don't do electrical. I'm going to build your whole house, but you got to go find your own electrician. You'd probably go find a different GC. So when we looked at it from that perspective, we said we're a technology company, we got to create a boundary of what we can do, but on the same token, I can't leave the customer hanging and go well, I'm going to get you this far, but I can't help you, so pick it up from there. So again back to the house. I'll get the whole house for you, but you got to go find an electrician. That's not a lot of value proposition. So I think what we're building off of is the conversation you and I had where I talked about. When you approach this, in my humble opinion, you really have to do it from a comprehensive perspective. You can't do it just in a small piece, because the value proposition for the client falls away very quickly.

Speaker 3: 7:33

That's fantastic. So you also decided early on that you were going to build your offering around a specific framework NIST 800-171. You actually were one of the original sort of inspirations to be fine to be around our four box, which we'll bring back up here in a minute. But why was that important to choose that specific framework and how has that helped focus over the past several years?

Speaker 1: 7:58

So let me go on record again, I am not a risk management expert, right. So Dan can probably challenge me who was just up here. He was excellent at it. But what I was looking at, everything I kept going back to, was everything fell back to 800-171. Right. So if I looked at PCI compliance, they would say that the credit card data needs to be encrypted. Well, what does that mean? Is that a zip file with a password on it, right? Or is that 256-bit encryption? I don't know. But it would say follow 800-171 for best encryption practices.

Speaker 1: 8:32

And so if I looked at HIPAA, if I looked at PCI, the difference in the law was HIPAA might have said you need patient cradle to grave lifetime patient storing of the record and the record needed to be encrypted. The PCI might have said you need 18 months of logs on hand, encrypted. But the encryption mechanisms were exactly the same. It was just the length of holding the data was really what the difference was. So we felt that if we built on 800-171, we could really go in any direction that the industry went.

Speaker 1: 9:06

And Dan referred to that as cross stock. I never heard of it that way, but it makes a lot of sense. So what we see is that across all of these standards there's competing controls. But if you pick one control and you take care of it in HIPAA, then, as an example, if your health care that takes credit card, you'll find that you probably took care of that for the PCI requirement as well. So we felt 800-171 is the foundation, was going to let us go in any direction. That, the pen being mightier than the sword, and legislation came out.

Speaker 3: 9:36

That's great. What are the things that you guys have been paying attention to over the last year or so at focus? I mean, obviously there's a lot of things changing in IT and a lot of things changing and risk and compliance, and so what are the things that you're really keeping your eye on?

Speaker 1: 9:55

You know, I think we've always been customer-led right. You're only going to be able to sell or provide what your customers need. So I think, really the perspective of following what the clients are seeing out there. So I would say, first and foremost, just meeting with a lot of clients and really finding out what they're struggling with from a compliance perspective. What am I really paying attention to going on in the industry and I think Alex said it the other day like don't worry about CMMC, worry about 800-171, but we, being in Massachusetts, we have Raytheon, lockheed Martin, some of the biggest defense contractors, and I'm keeping my eye really close on CMMC. I believe that is going to get into the hands of Homeland Security and I think you're going to see a lot of government and state regulations start to fall back to CMMC.

Speaker 3: 10:50

That's great, let's talk a little bit about your sort of go-to-market and when you're talking to a customer, who are you talking to at a business? When you go in there, who's that person that says, like, when you've got the right person at the table, this is going to be a good conversation.

Speaker 1: 11:06

So this has been a huge challenge. Right, because our sales reps have sold technology and they're good at it. They're excellent at it, way better than me at it, right, but the reality of the situation is the buyer or the person who cares about compliance isn't the IT guy. It actually stinks at compliance. We did, as an organization, still do. We have a lot of room to improve Talk about that in a minute but I try to find out if it's a small customer that's not industry regulated who handles your insurance policy, not your cyber insurance policy.

Speaker 1: 11:39

Who handles your insurance policy? Who handles your HR? Because HR is only Use in life. As much as this will be sarcastic, but as much as they'll try to spend it, it's there for the employees, not there for the employees. It's there to prevent risk in the organization. Right, I don't want I'm gonna make you go through workplace harassment training because I don't want my company sued for workplace harassment.

Speaker 1: 12:05

So everybody up here has told you cyber security is a risk. It's an insurance. You gotta find out who in the organization really cares about risk. And you know a bank that's industry regulated. They're gonna have a formal risk group. So that's the group you want to get to, but a small business. It's probably the owner of the company, honestly, or maybe it's the person who, the controller, who's also handling HR, or the CFO who's actually handling HR. So you know, when we're trying to talk about security and drive security in the organization, the buyer is very much whoever's in charge of risk, it's not the IT and that's who's gonna care about it and IT is actually gonna push back on it because it's more work for them.

Speaker 3: 12:48

That's fantastic. All right, so we're gonna bring back our favorite slide, which I heard several folks shared, where they sort of point themselves to. You were one of the guys that sort of saw an early version of this, and one of the first things that I think you said to us was you know what? I love this because it's just really important that MSPs build their offering around a safeguarded framework. Can you talk about that? What do you feel like that?

Speaker 1: 13:13

and just some input for the team here Well, you know, at the risk of repeating what Dan said, I think you need a guiding light, you need to know a star, you need to know where you're going and that's what these frameworks give you is. They give you where you should be going and where you should be focusing your time. You know, we are very horizontal. We have every vertical you could name. I have a customer and that vertical, so I don't care if it's retail K through 12, higher ed manufacturing, blah, blah, blah. So I put us in the broad compliance area.

Speaker 1: 13:45

So really, just looking at compliance as a whole and how it's affecting every organization that's out there, rather than building something that was a specific offering. Now, that said, I am, as I mentioned, keeping my eye on CMMC. So, you know, I think down the road we might find ourselves doing a little more in the defense industrial base, but right now, you know, every one of my clients needs some level of compliance. But, to echo back, the framework is your guiding light that gets you to go in the direction you need to go.

Speaker 3: 14:14

That's fantastic, the roadmap, that's great. All right Back on the go to market, because that's what day two is all about. I want to share one of your slides and you know, I thought this was pretty intriguing because you were talking about when you go into a partner, you're asking them, you know where they sort of are on their, on their IT maturity, and you talked about a sort of a six step program. And again, it depends on who you are talking to there. But why don't you talk a little bit about sort of your go to market and how you talk to folks?

Speaker 1: 14:46

So a few things, and you know I took a lot of notes from what people have been saying for Friday. I want him, I can talk and I can go off topics.

Speaker 2: 14:54

He's got to release the end.

Speaker 1: 14:56

So one thing was people said I think this is really important. You know, alex said in others this is don't name products, don't name technologies. I absolutely agree with that. Until it's a competitive advantage, all right. So if you remember during the dot com boom, when PetSmart and all these dot bubbles that popped were coming out, they all had the logos at the bottom of the commercial ads that said powered by Cisco. And why? Cisco systems was the leader in networking. It was credibility that was brought with that. So we developed the program called IT Secure Manage and any offering from an MSP perspective Well, that's a good one too, right? So from an MSP perspective. So managed security provider falls under our IT Secure Manage. So we have legacy offerings that don't meet compliance and they're not very security because they were built 10 years ago, right. So anything we're building now, we're building under the brand of IT Secure Manage. And in the case of this example you can notice in the bottom I have it powered by Fortinet because I want the credibility of Fortinet behind me. I'm not using white boxes, I'm not trying to build my own stuff. I've got a you know, gotner magic quadrant leader. So when I try to sell to the customer or we try to sell the customer. It brings a lot of credibility, really, the regulatory bodies.

Speaker 1: 16:15

Part of this slide just talks to what I said. Everything comes back to NIST. So if you've got a good foundation on NIST, you're in a pretty good shape from that perspective. What we wanted to say to the client is we are going to take the burden of compliance off of you if you buy the service from us. Now you have to remember and this is really key it's in the confines of the service and AWS does a phenomenal job with this. If you've followed Amazon at all, they call it the shared responsibility model I cannot offer you compliance. It's much bigger than what I can offer as an organization, but what I can offer you is any pieces that you consume of this service will stand up against an audit. So change, control, log, retention, anything that goes into that, right.

Speaker 1: 17:10

The second thing was we grabbed a select group of engineers and, to be perfectly honest, they weren't almost talented technical engineers. They were people that I saw great organizational skills. They were excellent at following process. So the first thing we did was we ripped them out and we sent them through compliance training, and these people think compliance first right. So I was an engineer, so I'm not being hypocritical to it.

Speaker 1: 17:38

Problem with a machine? I'll show my age. I telnet it in, I fixed it and I left right. The reality of the situation is you can't do that in a regular. You've got to grant access, you have to document access, you have to have change control, you have to know why I went in there. I have to have an artifact, so an audit trail, that says this is what the problem was. This is why we went in. This is what we made the change to. It's got to be completely documented, it's got to be vetted, it's got to be verified.

Speaker 1: 18:09

So it was really a massive cultural change to the organization and it's why we're doing it the way we were. I couldn't try to take this in my humble opinion and go let's take all our managed services and immediately apply compliance capability to it. It was impossible. So we took what we thought were a couple hot ones to sell, we packaged them, we went about them completely different and that team is actually isolated from the legacy team, Not from a team corporate building, but as far as operating it. The person who's operating our legacy environment doesn't even have authorization to go into the new environment because they don't have the compliance training and the control that allows them to go into that.

Speaker 3: 18:55

That's great. The other thing I have in my notes here I remember the conversation about. Again, back to the who you talk into in the organization and you said it's got to be the risk management department, right, yeah, if they have one, because it's just the IT folks that are handling it. They just don't have the capabilities right. They don't understand the needs like risk management does.

Speaker 1: 19:18

Sure, you guys are managing engineers. How many like doing documentation Well, honestly. Well, compliance is all policy, process, procedure and documentation. Engineers don't like that. So I go into banks that have formal risk management groups and their frustration is the IT department. First is they can't talk their language, so when fan is to the engineers, they don't even know what the hell these people are asking for, right? And then, secondly, the audit team gets frustrated because, well, you're not giving me what we want. And the IT team gets frustrated because, oh, all they're asking me for is reports and documentation. That's not what they do, they're engineers. So we saw the opportunity to go in and say, listen, I'm going to take that compliance burden off of not only the risk group, but I'm going to take it off of the engineers, and let me tell you they welcome us with open arms.

Speaker 3: 20:11

That's great, fantastic. I think this is one of the other slides that you shared with me, and this is really just talking about again what you're delivering to your customers. Is that correct?

Speaker 1: 20:22

Yeah. So if you take away sort of the value proposition and you know, dumb it down right. So in this particular offering and we have multiple offerings but in this particular offering we're offering a turnkey network infrastructure. So you know, technology pot is really easy, guys. I mean, can you guys install firewalls and APs switches? Yes, that's where focus. Technology that's easy.

Speaker 1: 20:46

But what we're offering customers is a turnkey network infrastructure. We follow the cloud. A lot of our customers like the cloud. They like paying for what they're using, right. So we put in a flexible consumption model, just like the cloud, where they have the ability to scale up and scale down right.

Speaker 1: 21:05

We are. They're all three-year contracts and this is a good sales thing. But it's also good for the client is we do a wipe the floor every three years on the refresh of the contract. Now that falls back to compliance, because compliance says you can't run anything that's end of life or end of support. So the value proposition we have to the client is you always have the latest and greatest and it's always not end of life and not end of support. So when they re-up their contract we wipe the floor. In this particular case it's Fortinet We'll go to whatever the next-gen firewall is, we'll go to whatever the next-gen APs are and we'll go to whatever the next-gen switches are. And those are the only components in this specific offering. It's just that that's fantastic. And lastly, number four, it's compliance ready. So if an auditor comes in and says well, show me your firewall logs, yeah, they are Got it Great.

Speaker 3: 21:58

Let's. Before we go to the next slide. I want to take some questions in a minute, but talk a little bit about the rest of your go-to market. You guys have a sales team, right? You're a sizable organization. Yeah, I'm really interested in the people that don't.

Speaker 2: 22:09

Yeah for them.

Speaker 3: 22:11

Why don't you talk a little bit about that team? Who are the individuals, what type of personalities are on that team? Who are you hiring to work at sales? That seemed to always be the challenges. Very few former MSP sales folks were out and available, so you were hiring folks from different industries to sort of come in and be sales. I'm just curious of what focus had done to build their team.

Speaker 1: 22:34

Yeah, so I mean I'm not our VP of sales, but, with that being said, it is different. I mean, we're 25 years old, right, we had guys who were making guys and gals who were making a tremendous amount of money selling storage systems and things along those ways. So I think when we started to convert the business out of a hardware business over to an MSP, we realized that, first of all, the compensation models that it fixed. These guys love selling million-dollar deals and getting large commission checks versus going out and signing. You know, $14,000 a month reoccurring and getting drip-fed, right.

Speaker 1: 23:08

So we went out and purposely hired a team that could talk more around the MSP aspect. Same thing as we started to build more professional services, we looked for people with professional services backgrounds, not hardware technology sales. Now, some had the ability to adapt and cross there's no question about it but it was definitely a different skill set. In compliance, I would argue. You know, we're looking for people with MSP experience, but we're also looking for people with business intelligence, because it's much more of a business conversation than a technology conversation.

Speaker 3: 23:42

And how often do you, and maybe some of the other executives, how often are you involved in the actual sales process?

Speaker 1: 23:49

Often, yeah. So yeah, I mean I'm involved in a lot of presales Myself personally. You mentioned I was a CTO. A correction I'm CSO. The CTO, larry Vino. He's on a lot of calls. You know it's a nomenclature. In any industry, the best sales rep in the company is your CEO. He's got to sell the investors. So yeah, we use the whole executive team for that. That's great, awesome.

Speaker 3: 24:12

Before we jump to sort of the segment that Bill plays in frequently, any questions for Bill to this point and open it up to the room.

Speaker 2: 24:25

Bill, when you said that you took a group of folks and you trained them in compliance. Can you expand on what that means? Was there a specific framework, a specific training package, or did you make it up?

Speaker 1: 24:37

internally. We made it up internally and it was a lot of just basic YouTube videos that would find stuff around compliance. The other thing we had to do was we had to document formal training on specific products and the technology from the expertise. So, as an example, in this Ford and Net offering, we set the bar that for you to touch this, you need it to be if you get their exact acronym but you need it to be at least a level five engineer or you couldn't be part of this. So it was credibility. So if an auditor came back and said who's operating this environment from a technical perspective, it was that. And then these people understood change control. So one of the videos was just what does change control mean? How do you document that? And things along those lines. So it was very much home bro.

Speaker 3: 25:28

Any other questions you built?

Speaker 1: 25:47

Well, it hasn't right, it has to be Potivin. And that's where I said you have to be comprehensive, right? So let's? I mean I'm going to try to simplify it, right, let's just use an example. So one of the controls is access control. Who has access to your system? Okay, so we're putting a firewall in there that has VPN capability? Okay, so the access control is how do they access through the VPN? So who manages that? How's that documented and how is that controlled? Oh, you know no, and because that feature capability is there, then we have to take responsibility for that. So that's where it's got to be comprehensive and that's why I said you can't just go in there and say, well, I'll get you this far, but then I don't worry about who's coming in remotely. You know, you've got to worry about who's coming Now if they're coming in a way that is not part of the offering. So let's take that as a great example.

Speaker 1: 26:46

This is entry into your corporate environment, but they are using Salesforce. Their compliance says they have to control access to Salesforce, not my boundary. So for the organization to be compliant, they need to document how they distribute Salesforce. In this particular case, maybe as another example, how do they get off at 365? So what are they doing for multi factor 365? Who is the admin? How are they controlling all of that? That's part of the access control boundary of compliance. That is not my boundary in this offering Okay, but a remote user coming in from home over the VPN, then that's going to be in my boundary and I have to worry about that. Anyone else? Make sense. I feel like I'm lecturing. I'm not trying to lecture.

Speaker 3: 27:43

All right, we'll leave some more time for some questions here and a few. Let's spend a minute talking about a segment that and I think it was really healthcare that you know you mentioned, bill, that you guys sort of are a bit spread out, but when, if you look at your client base right now, you have a large presence in sort of the legal healthcare space, finance. So why don't you tell us a little bit about what that segment looks like and and how you deliver the services to, to that segment Any different than maybe any of your other segments? And I expect the answer is not very different, right? I mean, there's a lot of similarities.

Speaker 1: 28:20

I mean there is a lot of similarities, but if you look at like healthcare as a pretty again, unless you're working for one of the bigger clinics, right, you're going to find that they sub-delt their electronic records management to somebody else. So, as an example, one of our customers I'll mention by name is E clinical works, right. So E clinical works is a SaaS application that is given to hospitals. It's an alternative to Epic, it's a competitor to Epic, right? So if you're working with E clinical works that's holding all of this data, then that's a completely different story than the doctor's office that accessing E clinical works, right? Because at that point the doctor's office might not actually be carrying any of the PII. It's up in E clinical works. They're not controlling or encrypting any of the data in that particular area, so those ones are kind of easy. Usually, to be honest, right?

Speaker 1: 29:15

The law firms are a little bit different. Although they do use record management applications, we do find that a lot of the law firms are holding their own data. They've got it somewhere in the environment, whether it's case information or something else. So those ones we're going to do a lot more around. You know data governance and restriction controls and looking at that a lot deeper into the client. Now that may not be baked into like the turnkey offering, but to what Dan was saying that is part of our risk review with the client is how are you protecting that data and what are you doing with that data?

Speaker 1: 29:51

And then finances you know finances regulated pretty heavily, so that's really just and usually, again, in most financial firms they already have a mature risk working group. So you're just kind of trying to figure out what value you can bring to them. And it's usually not around policy processing procedure because they have a lot of that. It's how does your offering dovetail into feeding what they already have in place? I mean the banking, credit card industry, local regional banks that is so regulated. It's like the insurance industry. You're going to find they have a risk working group, committee or department and you just got to kind of figure out how you dovetail and that's great.

Speaker 3: 30:29

And then what are some of the ways that focus that the team sort of stays up to date on the changes in cybersecurity and obviously the regulations and legal and healthcare and finance are changing pretty much by the minute. So how are you guys keeping up with all the changes?

Speaker 1: 30:45

You know, honestly, from a leadership perspective, it's just stuff like this, right, it's meeting guys like Dan. I mean, you know, again, I came right up and said our company is focused technology. We're a technology company. We're not risk management, right? So, and I'm certainly not an attorney. So, for all the laws and legislation that passed, I don't understand half the stuff I read, right. But that being said, yeah, it's seminars, it's webinars, it's meeting with your clients on a regular basis. And how are you interpreting this law? How is this going to affect you? It's for the team, it's more because, again, we're a technology company. It's more technical based, it's just staying on top of the latest trends. You know, vendor training, manufacturer training, trade rags, internal training. So it's all of the above, but I mean, it's a wave. I'm not going to pretend that you know. Oh, if you, you know, do this one thing, you'll be on top of it all.

Speaker 2: 31:39

Go to this one website right.

Speaker 1: 31:40

Yeah, it's coming at you from every different direction. I will say it's divide and conquer, like my engineers aren't worrying about the same stuff that say I'm worrying about and my CFO is not worrying about the stuff that I did. So I think it is a divide and conquer mentality, no question about it. You can't fall in one person Awesome.

Speaker 3: 31:59

All right, so one of my favorite pieces. We've asked a couple of the different presenters this question and I think you had one of the best responses, so we're asked you, if I remember it. Ask you what? What's, what's an unpopular opinion that you might have around it? I think it had something to do with cloud.

Speaker 1: 32:18

first, yeah, and cloud first, right. So I would say that's definitely a very unpopular opinion. You know, I I've been in the industry for almost 30 years and you know Gartner calls it the hype cycle right it's. You know, a new technology comes out, it's hyped right, and then it falls down to you what is it really capable of doing? Okay? So you know, if you look at something that's at the absolute top of the hype cycle right now, it's chat GTP, right, it's gonna solve all the world's problems, right. But is it, I don't know? So it's gonna come down to the reality of what it can really do and what it can be used for. Now that'll morph and change. I mean, I'm not stupid from that perspective, but God recalls it, that's only.

Speaker 1: 33:01

I just find it Absolutely hilarious that I've watched all these organizations for years even despite the fact that we did Technology surveys that said, if you stay in your data center, it's still gonna be less expensive than going to the hyperscalers. It was just this mentality that everything had to be in the cloud and there was actually a, a term cloud first, we're cloud first, we're cloud first. And now what I'm seeing is the exact opposite. I'm seeing people coming out of the cloud saying, oh my god, we never realized it was gonna cost this much. This is crazy. My Amazon bill is now approaching a hundred and fifty thousand dollars a month. I just never seen that coming. So I would say that's probably one of the most unpopular Opinions. I see that everything needs to be in the cloud. Now. The cloud has its space. I am absolutely a proponent of the cloud, so I'm not the anti cloud, but I think you have to take a look at it and you know, even going back ten years ago, gartner said that they predicted the future would be hybrid, and I don't see anything changing. I really don't.

Speaker 1: 34:04

You know one thought on that right, netflix famously had a call with the analysts, the financial analysts, and it was their CFO, and you know I'm not being quoted here, but basically what came out of it is you know, we've lowered our operational costs to the point that we could get it as low as we possibly could. We got to figure out how we're gonna lower this AWS charge Right, and they went under a massive initiative to rewrite their software from the ground up so that they could move to any single cloud provider. Right, so that they could stop bidding Netflix, excuse me AWS against Azure against Google, right, who's gonna give us the best deal? The other big thing is you know, in that case study I find that hilarious be careful of who you get in bed with, right.

Speaker 1: 34:50

Who is net one of Netflix's top competitors, amazon Prime? What incentives do they have to give you a good contract? If anything, they want to drive your price up. All right, they want to beat you what. They want you to be a customer on this hand, but they're trying to kill you on the other hand, right? So I just think cloud first is just not very wise. Again, I think there's a place for cloud. A lot of applications belong in the cloud. I think something like Collaboration over 365. That's an absolute no brain, but some stuff really does need to still be with that it's great.

Speaker 3: 35:23

So you sat in the room for the last couple of days. You were participant, you had an opportunity to speak. Is there anything that? Any sort of captivating themes and I know you had a bunch of them, you got tons of notes but anything that you haven't shared to this point with the group that you'd like to, about just sort of when your mind's at and and things that you're thinking about that are really important to the MSP and what could be valuable to them.

Speaker 1: 35:47

Well, you know, one theme I heard was business outcomes, right. I think that's really important. I know that's a cliche, right, business outcomes, right, but it really is. I think the other thing we have to remember this that you know our industry is absolutely a service industry, right? So how, in that service I'm not saying is personnel customer service answering the phone, it's you know, you are providing a service, right, you're providing a managed service. It's right in the description.

Speaker 1: 36:13

So you grab that ass and and really making sure that you know the service as a whole is Sticky, right. So I'm gonna be selfish here, right? I don't want to lose clients, so I wanted to be sticky, I wanted to be my brand and my service. So, echoing what Alex said, you know I don't want an invoice that says you've got a fortinet firewall, even though my marketing tells you you do, I need to be able to flip vendors. So, as an example, we're actually new to enable, we're coming off of our continuum, connect wise continuum, you know. So I will want to have to go back and rewrite contracts that you know had Continuum called out in them when I decided that enable was better for my business, right? That wasn't a silo decision, I'm just kind of talking that through.

Speaker 1: 36:54

So I think you know, remember that you're in a service industry and and you need to really Continue to drill down to the customers is what's providing value in service. You know, back I've again, I've been doing this a while when we used to be called the var well, it was the V was a value added reseller. So I always would challenge people as to, well, what is the value we're adding? And what was funny was if you went to three different clients, you'd get three different value prop, is it? Well, you guys do this for us. That's awesome and it's the the same exact thing we're doing. It's just one customer found value in one area where another customer found value in another area. So you know, when I listen to Alex, I listen to Dan helping clients with compliance, I listen to you know the theme is just make sure that you really understand what is that in business outcome of that service that you're delivering. And I would always challenge you to sit in the chair of the customer and say would you buy it?

Speaker 3: 37:51

great, great advice. All right, well, bill, thank you very, very much. This is a real honor to have you up here and it's amazing to have someone that is a brand new customer Want to be part of this and and and want to be part of this whole group and share their Opinions and feedback and everything that's happened. I you know it's been really great to have you here, everybody. Please give Bill a round of applause. Very good package, very much.

Speaker 1: 38:16

All right, thank you. So I'm just gonna leave with. The privilege is mine. I've met so many people here and I've learned a lot. I think the presenters and, like I said, it was really good, the guys from the Ford S team, I mean phenomenal, so probably just mine. So thank you for having me. You.