MSP Cybersecurity Peer Group Kicks Off with Frank Discussion of Issues

The MSP Cybersecurity Peer Group kicked off Tuesday at Channel Partners Conference and Expo with more to come in the months ahead.

The meeting focused on how attendees can grow their cybersecurity practices and become more profitable. Attendees also had the opportunity to bring up and receive feedback on the most pressing issues faced by providers.

Sam Ruggeri (pictured above, foreground), founder of Advanced Vision Technology Group, and Kevin McDonald (background), Alvaka‘s COO and CISO, hosted the meeting.

“This was a brainchild of what we did over a year ago,” Ruggeri said. “And at that session … we were trying to get a gauge from the community of how do we do this as a peer group. Do we meet at the conference once a year? Do we do it at different conferences? But this is a peer session and we also have visions of possible cross-pollinating with other industry events. There will be some future things. We’ll have a group and there will be some new people joining that. And then, of course, there’s our event (MSP Summit, [part of the Channel Futures Leadership Summit]) in the fall coming up. We can continue with that.”

John Rucker, MSP channel development manager at Solace Security, was among the attendees.

“This was my favorite session so far this week, primarily because of the interaction between all the participants,” he said. “I think it was relevant and I think it was interesting. I wish more sessions were like this one.”

Rucker said he’s interested in further participation in this peer group.

Tom McKay, president of New Millennium Technologies, said this is a field that “we’re heading headlong into and this was very interesting and helpful to us.”

“When you’re branching out into a new area, it seems like you’re doing it by yourself a lot of times,” he said. “So it’s great to meet other people, and these guys are really helpful and open.”

McKay also is looking forward to more from this peer group.

Peer Group Discussion

In part of the discussion, McDonald told attendees not to be worried about being perfect or super advanced.

“If you just get the basics right, you’ll prevent about 90% of the cases that I see,” he said. “We’ve done 100 cases in the last three years that were what I would classify as mid-level to enterprise. You need to patch, you need multifactor authentication (MFA), and you need to stop allowing people to do things on business computers that they shouldn’t. And you need to make sure that devices are separated so that if one machine gets infected, the rest of the network doesn’t. It’s really basic.”

McDonald also said the key for MSPs is to make sure “whatever it is you’re trying to do, try not to be everything to everybody.”

“What I see a lot, unfortunately, in the MSP community is you want to be everything to everyone and do it all, and not trust others to do things for you,” he said. “We don’t do security operations center (SOC) services for a reason. We have one of the best network operations centers (NOCs), I believe, in the globe. We’re very good at field services, but I don’t have malware reverse-engineering talent. I don’t have high-end analysts. You don’t get to pretend to do security. You either do it or you don’t do it. And we decided that’s not something we’re going to do. So we partnered with a group out of Tennessee, a former Navy SEAL Six team, an amazing group of people. And I make net probably more by …

… getting their referral fees than I would if I did it myself. So that’s another thing I want you to be thinking about. Doing it yourself may not make sense one from a liability perspective, and two from a pure cash perspective.”

Cyber Insurance Challenges

On the topic of cyber insurance, Ruggeri said what’s happening now with cyber insurance is insurers are looking at all the claims that they’re paying out, but they’re not paying as fast.

“They want to understand what you have in place and if somebody else was responsible for it,” he said. “So with every typical insurance, it’s there when you need it, but when you have to get a claim, they really don’t want to pay it out that quick. So it’s something that you really have to be cognizant of. The fact that words do matter when you’re telling your client what you’re going to be delivering for them, they have to fully understand that alongside of whatever forms they’re filling out.”

It’s also important to examine liability, Ruggeri said.

“There’s nothing wrong with bringing in a cybersecurity organization that will take on that liability,” he said. “So you’ve got to have the best-of-breed cybersecurity company to assist your client. That takes the liability from you. You’re still involved in assisting your client, but you’ve assisted in the best way possible by bringing in that true cybersecurity firm. The other thing you have to consider is reputation. If something happens with your client, the client gets a bad reputation, he’s going to lose his business and guess what? If you’re that MSP, you’re going to get a black eye from it, too. So you’ve got to really consider what you’re saying. And what we’re really driving home is words have meanings. Can you really support those agreements?”

McDonald said there’s “sick” money to be made in cybersecurity.

“So don’t think I’m trying to talk you out of it,” he said. “By no means am I trying to talk any of this room out of cyber. One, we need more people doing it. And two, I’d love to see all of our peers making millions of dollars, honestly. Don’t try to be everything to everybody and don’t be what everybody else is. Find something that differentiates you slightly and I guarantee there’s more opportunity than you can consume.”