MSPs and Partner Selection with Dustin Cassar

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Does she now have access to that server?
Yeah, do you have protection onher personal device?
No, we're in a bit of a problemhere.
We don't need to send them areport.

Speaker 2 (00:14):
Welcome to Sell Me this Podcast where we explore
sales strategy and businessgrowth.
Today, we are diving intomanaged service providers,
otherwise known as MSPs, withDustin Cesar from Site
Technologies experts in ITsolutions that help businesses
scale efficiently.
We'll break down what makes agreat MSP, how to choose the
right partner and why MSPs aremore than just IT support.

(00:38):
They're key to long-termsuccess If you want to
future-proof your business andoptimize your IT strategy.
Stay tuned.
This episode is packed withinsights.
Let's get into it.
Dustin, welcome to the show.
It's a pleasure to have you.
I'm going to dive right intothings today and would love for
you to share a little bit aboutyourself, a little bit about who

(00:58):
you are and a little bit aboutsite technology.

Speaker 1 (01:00):
For sure.
Okay, so I've always been intoIT.
It's been my thing for quite awhile.
I go back super, super earlydays Again, this is back in the
90s, but from an MSP perspective.
We purchased a company.
A friend of mine from highschool purchased a small break
and fix break fix shop andcalled QuickTech and started
that company at around 21 yearsold, 22 years old, that company

(01:27):
at around 21 years old, 22 yearsold, and we grew that to 14
staff.
We hovered around 10 and 14 forquite a few years and then we
broke through the 20 barrier,probably about four or five
years ago, and then we hit acertain.
Our next ceiling more of arevenue ceiling needed to start
establishing some executiveteams and we weren't there.
We couldn't get past that spotand we ended up working with a
company called Site Technologyaround consulting and we didn't

(01:49):
have an ERP and ERP consultantsbut felt like we were starting
to be asked these questionsabout things like dynamics.
We are asking questions aboutpower, automate, business
analytics that we just didn'thave anybody on staff that could
manage this.
I would, of course, love tojump in, but it wasn't scalable,
I wouldn't be able to do itproperly and also as an entire

(02:09):
line of business within thecompany without doing something
different.
Business partner and I sat downwe discussed that maybe would
this be a time for us to belooking at either a merge, an
acquisition, potentially apurchase of another company.
And we've been working withSite Technology, which then
offered some of this, and theywere using us for MSP IT,
cybersecurity and things that wedid really well and they were

(02:30):
doing, of course, the ERP.
That relationship went reallywell.
Brandon, the president of SightTechnology at the time, was
like, hey, let's see if we canmerge and come together.
And we had a chat us three orme and my business partner and
then of course, I was Brandoninvolved and John decided that
he was like you know, thissounds like a good time to to
hang out my tool belt and I'mgoing to move on.

(02:52):
So he sold his portion of techto site technology and then we
did the merge and then had 17lawyers and accountants and
everything else that goes withthat and and started executing
that process back in around itwas June no, it was around April

(03:12):
of 24 is when that started.
The decision was made then June30th we really between January
and June is when we went.
January to April was when therewas a decision made.
April to June is when wedecided okay, now we need to get
all these ducks in a row thelawyers involved, the
accountants, tax advisors andthings of that nature.
All of that stuff was dealtwith on June 30th.
John walked away super happy,never having stress of an MSP
anymore.

(03:33):
And then I now have addedstress of now trying to merge
the two.
But that all happened in Juneand now Site Technology is the
new name.
Quicktech is coming up in allthe wrong places at all the
wrong times that I need tomanage.
But it's definitely fun tounwind 20 plus years of API keys
and logins that are tied to theQuickTech domain, but

(03:54):
definitely take some time.

Speaker 2 (03:56):
I know we had a chance to talk about this
briefly before the show, but Ihave those memories.
Three years down the line,you're going to find that one
QuickTech address somewhere.
It will be the gift that keepson giving, for sure, for sure.
So you started an MSP at 21.
So you're a young Dustin.
You've started this MSP.
What is that experience like?
Because I feel like the worldwould have been a little bit

(04:16):
different then, but also such anexciting journey to grow it to
where it is.
What was it like to start anMSP at 20?

Speaker 1 (04:23):
something years old, oh man.
And what's so cool is that it'sso fresh in my mind, because
when we were in because of thismerge, we had to go back on some
old emails from the originalpartners to get shares and that
sort of thing.
So I was going back to likeemails that we had back and
forth, like when I was 21,.
So that was in 2001,.
The world was very different.
But bronze silver gold was athing and Gary Pica talks about

(04:46):
it still to this day and theidea was we had that across
everything our computers.
We had a bronze silver gold, orwhat we now call good, better
best, and then we had a managedservices agreement and we felt
like we were a bit ahead of thecurve because nobody was really
doing that in the break and fixworld.
We were doing virus removalsand John and I were both.
This isn't sustainable.
We can't have this feast orfamine Now.

(05:06):
It did take quite a few years,in 21,.
It wasn't an immediate MSP.
We were quite literally, youmight remember and again you're
much younger than me but theblaster worm, which was this you
used to plug directly rightinto the shop or your ISP's
modem and no firewall, and theidea was that this blaster worm

(05:27):
could hit your LSAS and it wouldboot your computer.
It would just blue screen itand reboot it.
And Windows XP SP2 put in afirewall.
This was, or maybe it was, sp1,but one of them.
No, it was SP2.
And it added a softwarefirewall.
Anyways, we would just goaround, john and I, we had a
trunk full of routers.
And we would just go around,john and I, we had a trunk full
of routers and we would just putthem in the client sites and
these were like so you were therouter guys, you just went

(05:49):
around them, yeah, but we boughtthere was probably about 20 or
so of these Linksys firewalls.
Anyways, that was the Wild Westback then.
So 2001 was, it wasn'tmalicious, there was no, it was
because they restarted thecomputer.
But there's no ransomware atthe time.
So it was just really annoyingthat your computer just randomly
rebooted.
What's the problem?
They would call us.
So we quickly came out astechnicians and then fixed it.

(06:12):
Quicktek and virus removalswere a big thing, and then, of
course, just teaching people howto use the computer.
Again, we're going back to2001,.
Right, where the big issues waswhat's going to happen when
1999 turns to 2000?
Like that was a critical issue,like the world was.
You were part of the big Y2Kdecision.
Totally yeah, it was wild.
And then everybody's likestaying up late to see if their
computers are going to fry.
That was a very different timebut super fun because you could

(06:34):
really you could see that thingswere changing, even like the
web was changing.
There's a website calledDogpile.
At the time that you would doyour Googling, google was there
but it was old school.
Geocities was the name of whatwould be like a free web host.
Myspace was big.
This is the era that was prettyWild West.
You were truly anonymousbecause they, at least that we

(06:55):
thought we were, but it feltanonymous.

Speaker 2 (06:59):
It was back in like open internet right when it was
a little bit less controlled.
I remember I was having aconversation with someone the
other day around ask jeeves, Idon't remember ask jeeves yes, I
do.
Yes, he was like a butler.
Yeah, I feel like this episodeis going to have a small age
gate on it with some of thereferences here, but but, yeah,
like it was such a differenttime back then it was and fast

(07:20):
forward today and I can't evenbelieve we're in 2025 now.
It sounds made up when I say itstill, but how has the world
changed in terms of MSPs, interms of managed service
providers, even in terms of someof the role that you play at
some of those customers, sincethe router drop-offs in 2001?

Speaker 1 (07:41):
It significantly changed.
Our value was always there as atrusted advisor, which we
didn't really coin that termuntil a little bit later in this
MSP world.
But it shifted from thephysical server and we'd be
worried about doing thosereboots because you don't know
if that server is going to comeback online because Windows 2000
wasn't very stable or 2008, etc.

(08:04):
And it started to shift wherethe stressors now were no longer
on whether or not the hardwarewas going to come back online
and you were going to have aserver outage.
And even then internet serviceproviders were unstable.
So if the machine was up, theinternet was down.
Somebody would be like that'sfine, we can just work local.
But then, once everythingstarted to move to this cloud
and people started to reallyunderstand why and we had to

(08:30):
teach that it wasn't about justnow shifting your costs into the
cloud, it was to teach that allof those times that you've been
offline because of yourin-house server was because
you're investing $15,000 a yearon servers and hardware and they
only last three to five yearsand you run out of storage so
quickly.
And what if we were to usethese tools like the Googles and
the Microsofts or the Amazonsto store everything.
And they're like, yeah, put itup there.
So then we just startedthrowing it in there, right, and

(08:51):
that was probably 2015-ish.
Everything just went into thecloud and there wasn't really a
thought around security, like,how are we going to secure it?
Sure, we, of course, protectedit with the username and
password, but multi-factor wasalso still relatively new to
people and people didn't like it.
We positioned ourselves to bestill this is at the quick tech
days.
We positioned ourselves to bethe security first IT services

(09:14):
provider.
So we're like, hey, you putthis stuff in the cloud.
We need to make sure that we'reprotecting it.
Don't worry about the peopleinternally in the company.
You've just exposed all of yourfiles globally.
How are we going to protectthat?
And we've got pushback right.
Some doctors don't like to useMFA because it's annoying, or at
least that's what they say.
And that was where my focusbecame, where I was like we

(09:35):
really need to protect this.
And then, of course, then whatwas it?
2018, the first kind ofransomware came around and we
started to go, oh, there's ahuge risk to MSPs now that we
need to protect this.
So we started getting questionsright Like how are you
protecting me from ransomware.
To be honest, we feel likewe're really behind.

(09:57):
We don't know.
We have no idea how we're goingto protect from this.
They were ahead of us.
They're finding all thesevulnerabilities, like
vulnerabilities, although itwasn't new.
It was new for, at least forand I'm going to speak from our
perspective is we now need topatch for these things.
This isn't just windows patches.
Now there's third-party issuesand now there's firewall
problems.
There's iot devices.
You got people with shadow itthat are buying sass products

(10:20):
that get exploited, like all ofthese things that we now need to
protect.
And it became again the WildWest again because we had the
SaaS sprawl and then COVID hit2,000 people are VPNs.
Like it was wild for us.
That's six to eight months wheneverybody needed to work from
home.
We just exposed VPN because weneeded to get people on VPN and

(10:45):
they didn't have a firewall thatcould support it.
So now we've got these usersthat are connecting on the front
end of a FortiGate and we allboth know very recent for
whoever's listening to thispodcast very recent there's now
a major vulnerability on theFortiGate firewalls.
I'm not picking them inparticular, I am for the sake of
this conversation, but exposingthat is super dangerous.
So that's become now wow, okay,now we need to step back, now

(11:07):
we need to move into a maybemore modern VPN solution.
So it's this constant battlewhere it feels like we're always
behind.
And then, of course, thenMicrosoft makes a change and we
need to disable a toggle for newOutlook or else we're going to
get a bunch of help desk tickets.
So that's our focus now is thatend user experience and then

(11:28):
security.

Speaker 2 (11:29):
I really, first of all, I want to applaud you
because I feel like there issometimes this narrative that
the teams and the IT providersknow all right and that there's
this, but you just work, andit's technology.
And I do believe and agree withthe idea that technology has
come an incredibly long way.
I do believe and agree with theidea that the technology is

(11:50):
actually one of the easiersolves right now, sometimes when
you consider some of the humanchange elements.
But at the same time, I don'tthink that people fully
appreciate just the rollercoaster ride that's happened
over the last we'll call it 10or 15 years, with the sheer
amount of change that not justorganizations have had to deal
with, but the IT teams and MSPsand managers, writers having to

(12:13):
figure it out and really changethe tires on the bus.
While it's really easy to sayyou know what, we know all the
answers, trust us, but I thinkthat the honest and real answer
is we're working on it together,right?
And I think that idea ofpartnership, that idea of

(12:33):
building something together, isreally comes through in what you
said.

Speaker 1 (12:38):
Oh great.
I think that there's also twoways to look at it and I think
that most IT people they'll do,for the most part, good MSPs.
There's not a wrong way to dothings.
I'm saying that with anasterisk, because there is.
We both know that there's awrong way, there's very wrong
ways to do things, but most MSPsthey don't want a ransomware
ticket.
They don't want to see theirclients ransomed.

(12:58):
That doesn't benefit them inany way.
It's actually going to besignificant a number of hours.
Brand awareness is terrible.
So for the most part, everybodywants to install some sort of
protection.
Some are going to do it right.
Some people may overdo it, somemay cause end user experience
to be poor, some may roll it outincorrectly, but for the most
part, most MSPs want to not haveservice tickets.

(13:21):
And then the client'sperception is they want to sit
in a boardroom and go.
Am I protected?
And I have to answer that withyou are, but here are your risks
.
We've identified which are thehighest risk items.
Now we need to identify whereare those areas of risk that you
might not know exist and thenyou have to tell me whether or
not you want to cover them.
And I think that's what webecome.

(13:43):
We become risk mitigators to acertain extent, because we're
getting less and less of thoseblue screen issues and the
hardware failing.
Now we're just replacinglaptops instead of trying to fix
a four and a half year oldlaptop and then to follow that
up.
There's also some of our clientsare co-managed, or what we call
collaborative IT, and some ofthose guys have been at that an
IT director there for 15 years.

(14:04):
They don't know what'shappening in the space like we
would, so they're looking for usfor advice and we need to prop
them up, the IT directors, tosay, hey, let us help you, let
us fast forward yourorganization into the modern
world, and you should not haveyour firewall exposed.
You should not be only relyingon NTFS permissions.

(14:26):
There are things that you needto be thinking of.
Oh, my servers are protected.
They're behind a firewall, notreally.
You also just gave Mary Louaccess to VPN from her personal
computer.
Does she now have access tothat server?
Yeah, do you have protection onher personal device?
No, we're in a bit of a problemhere.
So then we talk to the ITdirector, right?
So I think that we're slowlytrying to raise tides, to raise

(14:48):
all ships across the, regardlessof size of business, but it is
definitely.
It's difficult, it's not aneasy process.

Speaker 2 (14:57):
So do you feel like the skillset and this might be a
bigger question, but do youfeel like the skillsets required
in being an MSP and runningsome of these organizations is
changing?
Because, to your point, even ifyou look back five years and
the distribution of tickets aresome of the things that are
becoming very important at thatmanaged service provider and

(15:29):
partnership level that companiesshould be looking for when they
are are evaluated in some ofthese partners, because I feel
like the scorecard has changed atiny bit.

Speaker 1 (15:40):
It has.
I think that there's still aneed for certain skills in
certain areas, but for the mostpart soft skills which are hard
to the soft skills are the hardones, harder to find in our
industry, but then also criticalthinking.
And critical thinking is reallydifficult to ask that in an
interview Because they have toactually go through the process

(16:01):
of going.
Okay, I've got to figure thisout.
I'm a guy that I started thiscompany.
It was just me and the businesspartner.
So if I couldn't figure it outand John couldn't figure it out,
the business partner at thetime it had to be one of us.
So you just have to go throughit and figure it out and that's
where the critical thinking isalmost taught.
But in the day and age of Appleand Android devices that just

(16:27):
work, there's no need to figureit out.
You just restart your phone andthat's it.
That's the critical thinkingprocess, right, and if it's
broken from there, that's maybewhen you would call someone like
us.
It is difficult to hire in thisspace, but I do think that soft
skills and critical thinking areone of the top needs at an MSP
from a skills perspective, atthe desktop support level, when
you move into cyber, obviouslyyou'd like to have somebody with
some certs that can understandhow to read logs, that

(16:48):
understand the black hat and thewhite hat style is that you're
defending.
So what are you going to bedefending against?
And you have to think like thehacker, and that is a unique
skill, I believe.
And in those areas, and then,of course, consulting, that's a
whole other thing.
Sitting down with a CEO to tellhim what he wants, it's not to
tell him that he needs Microsoft365, business premium and

(17:08):
Entune and don't know grouppolicies, like the CEO doesn't
care about group policies.
So how do you have thatconversation?
And that's a unique skill to beable to communicate.
And every MSP is going to be alittle different.

Speaker 2 (17:23):
So do you feel like the partnership that you talked
about at the beginning with sitetechnology is where they come
from more of the ERP side of thebusiness.
Has that enhanced thoseconversations?
Have you seen a difference inapproach or is that the perfect
marriage there that's reallycome together to be able to
combine those two worlds?

Speaker 1 (17:38):
I knew it was going to be good the partnership.
I didn't know how great it wasgoing to be able to combine
those two worlds.
I knew it was going to be goodthe partnership.
I didn't know how great it wasgoing to be.
Because now I think like a tech, I think like a CTO would, and
I love the details and I want toget into how I'm protecting
because I have passion about it.
I have passion about what I'mdoing.
But again, ceos, the CEO mightnot care, the CFO might not care
.
So I now have ears that I canask say, hey, if you were the

(18:05):
CEO that I was presenting thisto what would you think?
Oh, that's way too much detail.
Man, get that detail out ofthem.
They don't care about theirassets Okay, but I care about it
.
He doesn't, or she doesn't.
They don't want to see that.
So that's been really helpful.
So we definitely have thoseideas where I do in terms of
some of our proposals.
I'll have mock meetings withthem to say what is this?
Is this delivery good?
Is this 90 minutes?

(18:26):
That I'm asking the CEO or theCFO, is this going to be
valuable time?
No, okay, got to streamlinethat, slide deck a little bit or
give them more notes.
But then also, like I wouldnever be able to do an ERP
implementation.
I don't understand GL, likegeneral ledger, like I wouldn't
know that.
I understand the basics, butnot for a major organization.

(18:47):
That's $100 million in revenue.
I'm not going to be able tofigure that out.
But somebody that has the skillset that is around accounting
and the best practices ofaccounting and the best
practices around inventory ormanufacturing and things like
that and how they would tie intothe ERP.
That's what the site technologyconsulting arm has brought and
that helps in the businessdecisions around strategy.

(19:09):
Okay, let's talk strategy beyond.
How often we're going toreplace your workstation, that's
a great question, but that'snot the question you want to be
asking.
How is your organization goingto use and leverage AI?
How is it going to have the HRpolicies?
How are you going to preventSaaS sprawl where it comes into
the cyber side?
Sure, workstations areimportant, but that's not a

(19:30):
conversation that the C-levelswant to have.
They get it.
Yeah, replace them, that's fine, do that.
But what about everything elsethat we want to work through?
And if they're not going toleverage your lean on us.
They're going to find someoneelse, so why not be the one
that's that trusted advisor,right?

Speaker 2 (19:46):
Yeah, and I think that one of the things that
people often miss is that and Ilove that you've said this is
that there's this whole body ofwork that needs to happen around
your lifecycle managementmanagement, around some of the
security posture, and sometimespeople just want the answer.
They want to know that someonehas to look at it.

(20:07):
Right, there's not a scenariowhere no one looks at it, but is
it the conversation that needsto take place at the board level
around what our next laptoprefreshes?
And I think that a lot oforganizations miss that element

(20:33):
and I think that they have this.
That's right around where theseconversations belong.

Speaker 1 (20:39):
I don't know if I've had the aha moment, but I always
ask for constructive feedbackafter any time I do a meeting,
when I get to talk to the execsor even team managers or in some
instances it's general managersof a clinic, let's say and I
always ask for constructivefeedback so that I know your
audience before you deliver.
But for the most part, thingsshift over time as well.

(21:00):
Your conversation shifts Backin 2015, before pre-ransomware,
we'll call it, or pre-crazyvulnerabilities and things that
you were really affecting yourorganizations.
You were having that assetreport.
You were using the warrantymasters of the world and you
were going look, your serversare not up to date and your
workstations are really old.
Look at this and then you knowyou've got this number.

(21:22):
If you were using the oldwarranty master, you have this
number that tells you these areyour opportunities.
But it's different.
So the aha moment came from the.
We don't need to send them areport, a risk report.
That's 300 pages.
They're not going to look at it.
They're going to look at thesummary at the top and they're

(21:47):
going to go okay, I get it, I'vegot 300 pages, but tell me
where my real risk is.
And that was a bit of an ahamoment was around risk because
they don't sure.
Email protection.
That's important, but what'sthe risk?
Is this going to becatastrophic?
Is it going to be businessoutage?
How long?
That's another thing too.
Sure, if that server goesoffline, it was just archive.
So why am I putting a Datto BDRon it?

(22:08):
I don't need that, it's notcritical.
Have that conversation so thatyou know.
What is critical and that'swhere the aha moment came was
that we weren't asking the rightquestions.
We were just deliveringsolutions that tend to come from
the third party tool providers.
That's right.
They're like, oh no, you needBDR.
And I was like, yeah, youprobably do, but for everybody

(22:30):
maybe not.
Is it for every server in everyorganization?
Probably not RPO, rto.
Have those conversations.
Have you talked to your clients?
How long would it take to comeback up?
Do they know that it could takeseven days to get their two
terabytes down because you'rejust doing cloud backup?
If they know, that's fine, buthave you told them that?
Because you don't want to betelling them that when you're

(22:52):
starting the download andthey're on 1.5 megabits in some
rural city, you're in trouble torecover that.

Speaker 2 (23:00):
And this is where I feel like if that element isn't
aligned, the risks doesn'tnecessarily.
If you're a managed serviceprovider and you decide you're
going to back up everythingunder the sun and you're going
to the people that hold, therisk is the business and that's
a lost opportunity for cash thatcould be deployed elsewhere.
On the flip side, if you're notable to have that conversation
effectively and they gounprotected, a huge risk for

(23:25):
everyone and I feel the themethat I'm hearing from you is
really the skill that modernmanaged risk providers really
need to hone in on is theability to be able to clearly
and effectively discuss risk andbusiness opportunities.

Speaker 1 (23:40):
Yeah, totally.
And the opportunity doesn'tneed to come as a sale.
It doesn't need to be thatwe're trying to sell you
something.
It's a conversation of okay, wedidn't know that server existed
in that closet.
That's a risk to theorganization.
And we also didn't know that itwas keeping the I don't know
the HVAC system going, the HVACsystem that's got a back door

(24:01):
into your network.
We didn't know that existed.
So asking those questions isreally important because you're
going to get them out of thosemeetings and they have to feel,
when I try and have my meetings,they can't feel salesy.
You can't go in with numbers tosay you need the latest and
greatest tool here, okay, whatabout all the things that I have
now?
Can I leverage any of thesetools already?
Try not to sell that new stackof tools.

(24:23):
So it is.
You have to know your audience,but you can't go in as a sale.
You have to go in as that.
You're a partner.
You're partnering with them.

Speaker 2 (24:31):
I totally agree, and so a fun fact that I actually
learned at a conference recentlyis that Calgary, out of all
cities, actually has the highestconcentration of managed
service providers almost in theworld, so the highest number of
MSPs per capita in the world,which is a.
I'm not sure how I feel aboutthe stat, but it's a stat that
I've heard, and so there is anincredible amount of choice, and

(24:53):
so I know Vancouver.
There's a lot of differentmanagerless providers.
How on earth, if I'm a businessowner and I recognize that I
don't want to invest in buildingout my empire, but I do need to
lean on someone for these skillsets how on earth do I even get
started to weave through someof these things?
Because, as you're saying, thesolvism what tool stack do you

(25:14):
use anymore?
It's, how do you have thesebusiness conversations?
So how would you recommend thata business leader actually
starts to evaluate differentoptions based on some of those
things that you find reallyimportant?

Speaker 1 (25:27):
I think that there's probably every business is going
to be looking for somethingdifferent.
For the most part, they'reprobably looking for a new MSP.
If the help desk has failed.
They weren't responsive enough.
Maybe there was an event, anincident of some sort, and not
every MSP is going to be able toguarantee 100%.
If they do, if somebody saysthat they guarantee 100%,

(25:47):
definitely look at the next one,because there's no way to
protect 100%.
There will be a breach, forsure.
But I'd ask them what they focuson when they're looking at your
organization.
So, are they focusing on asecurity aspect?
Are they talking about Windowspatches and asset reports?
Maybe that's not as important.
Ask them who their accountmanager will be.

(26:09):
Do they have an account managerthat will be focused on their
account?
Again, depending on size ofyour organization, you may not
need a dedicated.
You may get some sharedresourcing.
But careful with any buzzwords.
They talk about AI and theytalk about we use automation to
automate everything.
That's great, but thatshouldn't be a selling feature.
They should be talking aboutwhat is their relationship going

(26:30):
to be like with you?
But I think every organizationneeds to ask this question
around what are they doing toprotect their own house.
So how do they protect theiremployees?
Maybe even give a scenario Iplay these to myself like in the
tabletop exercises, like whathappens if we had a rogue
employee?
What happens if somebody gotaccess to a password, what does
that do?
And ask them, and I would beable to answer them right away.

(26:53):
If a C-level asked me that, orwhoever was doing the
procurement of a new MSP, I'd beable to ask that and be like,
oh, that's a great scenario.
Let me tell you how.
I think we would have defendedagainst that because there's
unique scenarios.
So those are always funexercises.
Do referral checks, not the onesthey give you.
Go to their website anddefinitely look, but then see

(27:14):
who they're also following onLinkedIn and ask Just say, okay,
if you can't do that, becausesometimes OSINT will make them
so that they leave that stuffoff their website I would ask
them for their top five.
I'd ask them for somebodythat's been with them for over
10 years and somebody that juststarted with them.
That'd be a really goodexercise to start with, because
the one that just started willtell you about the onboarding

(27:34):
experience and the one that'sbeen there for 10 years is going
to also tell you about what theexperience is like after the
honeymoon's over?
Have they had some ebbs andflows?
And try and find somebody withintheir vertical.
If you're not-for-profit, forexample, ask for some
not-for-profit recommendationssize.
If your company is reallyaccelerating in terms of growth,
ask for one of those that theyhave.

(27:57):
And if they're not able toprovide it, maybe that's not the
right MSP for you, but you'llget really good references from
that or, pardon me, feedbackfrom references, and they'll be
honest and then obviously thankthem for their time and whatever
that may come from that.
But be careful with just thecost conversation because you
can't always compare.
Sometimes there's a bait andswitch there.
Yeah, we do it for 49 bucks auser per month.

(28:19):
Okay, great, but what does thatinclude?
If you're going to tell me that, what am I paying for that
outside of that?
What are exclusions to this?
I'd ask to see their agreement.
Tell me what I have to sign,not only how long is it going to
be for, but what aboutcancellation policy?
How much insurance do you have?
What risk do you have in yourliability, limitation of
liability?

(28:39):
That I have to assume, thosetypes of questions.
That's where I would start.
And again, feedback fromreferences is usually the number
one there.

Speaker 2 (28:49):
So one thing that's been happening a lot in the MSP
and managed service industry isthis consolidation, which I know
that you're part of that storyright now, but also this
standardization, and so I feellike the standardization is a
little bit of a double-edgedsword.
What advice?
A lot of these MSPs arestarting to adopt the same tool
stacks.
They probably have one of fourdifferent ticketing platforms.

(29:10):
They probably have one of fourdifferent automation platforms.
They're starting to look verysimilar from a technical and
software tools standpoint.
How on earth could an MSP setthemselves apart, and how do you
set yourselves apart when somuch on the back end is starting
to become cookie cutter?

Speaker 1 (29:30):
And I think that was the commoditization that they've
talked about over the last 10years.
It's like every MSP was racingto the bottom.
They were looking to get volume.
We had a lot of consolidationwith big MSPs in the last five
or 10 years.
You're right, we're not goingto be able to compare.
You know, my email securityplatform is better than your
email security platform.
That's not the conversationthat I want to be having.

(29:52):
It's going to be on the we nowhave, for example, at SiteTech,
site Technology.
We have now the ERP consultantsand business and data analytics
.
We have cybersecurity, ofcourse, we have our traditional
service desk and then we ofcourse we have technology
strategy and it's and it goesoutside of that box of just
providing that bucket ofservices that we've always

(30:13):
provided.
We have to provide that, butthat should be table stakes.
So if I come into a meeting andthey ask me about that, it's
yes, we provide that and Ipromise you it's best in class.
That's the reason why we feelconfident and guarantee the
performance of our products andour staff.
But let's talk about everythingelse, and we actually we just
had an executive meetingyesterday and we were talking

(30:35):
about when we onboard a newclient that's come from another
MSP.
Never have they ever had a riskregistrar or a register or a
technology strategy meeting thatthey've had on a certain
cadence.
We talk about them as QBRs andTSMs, but the ones that we take
over are usually ones thathaven't had that, so we try and

(30:55):
go.
Okay, clearly, this is amisstep.
Maybe that's what they weremissing, and that's where you
identify all those areas thatthey didn't know that an MSP can
provide services in, like SaaSsprawl.
We have the opportunity to lookat identity management on those
SaaS apps People that are usingway too many, like Adobe Chrome
, you've got Google Drive,you've got OneDrive, you've got
Dropbox but they're all locatedunder that personal account of

(31:21):
the receptionist that's leavingnext week.
Did you know that?
There are ways that we canprevent that?
And that's that story that, Ithink, goes into what an MSP can
provide, and I'm not sayinganything that's new.
We're all nodding, we're like,yeah, we know that's a problem,
that's a huge risk, but does ourclient know that?
Do we tell them that this is apotential risk for them?
So we can provide all thosesolutions, like you said, but I

(31:43):
think, to differentiate yourselfas a true MS, that can do way
more than just email securityand firewalls and Windows
patching and asset management is.
We can talk way beyond that andtell them, like to be honest,
have a conversation, set up ascenario for them.
Hey, what happens if, right now,the primary company that you do
your banking with getscompromised and they send over

(32:06):
an email and ask you to changethe bank routing information?
Do you have processes in place?
Oh yeah, we do.
Let me ask you that again Doyou have processes in place?
What does Dave do when he getsan email that tells him to
change bank routing information?
Does he have a process in whichhe needs to pick up the phone
and call them?
He's supposed to have youtalked to Dave, and that's where
those stories start to go.
And then it's almost scaretactics to a certain extent, but

(32:29):
don't use that to try and sell.
It's to just really paint thetrue picture of what's happening
.
Just recently we had a half amillion dollars no, not our
company, but a client that cameto us with an incident where
they had wired half a milliondollars to the wrong bank
routing and it was because itwas a legitimate business email
compromise and it was a vendorthat they do work with.
So they wired it out.
Nobody picked up the phone andit was like, yeah, I definitely

(32:53):
felt weird in the gut, but Istill sent it because it really
needed to happen.
We really needed to send thatinvoice.

Speaker 2 (32:57):
You did a really good job creating urgency.

Speaker 1 (33:00):
Yeah, for sure.
And then we talked aboutsecurity awareness trainings.
All you needed was an SATprogram?
No, you didn't.
You needed some policies, youneeded some procedures in place
there.
And that's where a true MSPthat does more than just asset
management and basicconversation we should be, and
that's another differentiator Ithink that we provide at Site
Technology, and I think that ifyou are looking for a new one,

(33:22):
that's what you should be asking.
What are some of thosequestions that they ask?

Speaker 2 (33:26):
What are some of the common misconceptions that
people have around managedservice providers Like?
I think that, especially inwe'll say that small and
mid-market space, these arebusinesses that are potentially
growing.
They've always had thisaspiration of having maybe the
guy that they call, or maybethey're used to, the one person
that kind of does everything andthey've said a managed service

(33:47):
provider is not for them.
What are some of the bigmisconceptions that you see
people having in that space.

Speaker 1 (33:53):
Some organizations.
An MSP isn't for them.
We're not going to align witheverybody, but an MSP.
I think that if you're lookingfor someone that can provide
just the asset report, theWindows patching, there are some
MSPs that can do just that.
But don't expect more.
Don't expect that they're alsogoing to be able to resolve all

(34:14):
those problems.
That's.
Another thing, too is MSPscan't solve all those problems.
But you can come to us and wemay be able to proxy and find
somebody that can solve thoseissues for you, but we can't
solve it all.
It would be one thing that I'dsay that I think a lot of people
have a common misconception ofanything that plugs into the
wall.
It can fix.
We'll try Most of the goodstaff that we have on our team.

(34:35):
All staff are good on our team,but everybody wants to solve a
problem.
We all are solutions driven.
We want to solve the issue.
So somebody does call us andsay my TV's not working it's
likely going to be an IT issueor my website's down.
They're not going to look atthe marketing guy or girl that

(34:55):
just changed the DNS records,but they're going to come to us
first, not to the marketingdesigner first, so we can be
available, of course, for thosethings, but we can't solve all
those problems.
That'd be one thing that Ithink would be a common
misconception.
And then also guaranteedsecurity.
It's impossible.
You can't.
So if anybody's guaranteedsecurity that you will never be
breached.
That's not possible.

(35:16):
So that is a misconception.
What we can do is we can limitthe blast radius and we can talk
through what it would be ifthere was a breach and we can
talk through what are theprocesses to try and mitigate
risk.
Going back to that riskconversation.
But we're not going to beperfect.
We're also going to hire wrongpeople.
That's going to happen.
We're going to have staffmembers that were great when we
hired them that aren't maturingthe way that we had hoped that

(35:38):
they do.
So there are some commonmisconceptions about us having
perfect staff.
We're not going to do thingsperfectly.
We're also a small businessthat's going to make mistakes as
well, and we have.
But so that's another big thingtoo.

Speaker 2 (35:50):
What's one thing that you wish every customer of
yours knew from day one, thatmaybe took them a while to learn
.

Speaker 1 (35:58):
One thing that I wish that they knew.
One would be that they can'talways get the same technician,
and that's part of the handoverthat we explain.
But I think maybe you'relooking at maybe a higher level.
I think that it goes back towhat I was saying with
misconceptions, like we can't,but our job is to tell you what
your risks were, are, rather andI think that's a failure on the

(36:19):
MSP side.
To be honest, it's not thatthey've come in not knowing
something.
That's why they're coming to us, because they don't know.
Or they're saying things likewhy am I always falling behind?
Those are the answers that weneed to give them.
I don't know if there's onething.
I'm actually just spinning mywheels now.
I don't know if there's onething that I could say that I
wish that they knew.
Maybe come back to me on thatquestion.

(36:40):
I may have something later.

Speaker 2 (36:42):
Okay, cool, I'll let it marinate a tiny bit there.
What about on the customer sideof things?
So I feel you've had theopportunity, as you've grown
your business, to work with awide host of different customers
.
What are some of the thingsfrom a customer end that really
make a good relationship for youand make some of the more
successful partnerships thatyou've been able to deliver?

Speaker 1 (37:03):
I think trust is a huge part of it is that trusting
that what we're coming in to dois for the greater good of the
organization and again, it's notcoming from a sales perspective
and that takes a little bit ofand there's a relationship
building there.
Going back to losing staffmembers internally it's
difficult when you lose, let'ssay, a technical account manager

(37:24):
for one of your clients,they're going to think, oh, I
just lost that relationship.
I think that's part of the yourrelationship is with my
organization.
Sure, there's people involvedin that and there's
relationships with the personthemselves.
But know that we have tools andsystems in place so that we can
make sure that transfer to thenew one is going to obviously

(37:44):
hit the ground running and itdoesn't have to start back at
zero.
But that is, I think, one ofthe big things that we are very
relationship driven, so that wecan have that focus.
So that'd be one thing that Ithink would be in that area.

Speaker 2 (37:58):
That makes sense.
When you look at the future ofthe managed services industry.
What are some of the changesthat you see coming?
Obviously, there is a ton ofstuff happening around AI,
around security, around allthose kind of buzzwords, but
things that are also are real interms of the technology
landscape changing incrediblyquickly.
How are you seeing that affectthe MSP industry and what are

(38:20):
some of the things that you'repreparing for as a business as
the world continues to change?

Speaker 1 (38:26):
I think there's going to be, unfortunately, some loss
of some of this.
Not, it doesn't.
It's not always about size thatI'm trying to be careful with
the words, but the msps that arelooking to just come in at cost
because they're not going to beable to service well and we're
going to end up where we'regoing to see ransomware of

(38:46):
companies because they didn'tknow that they were exposed,
which is going to sink thesecompanies and they're going to
try now they're going to getcyber to help them out.
They're going to recover andthen they're going to try now
they're going to get cyber tohelp them out.
They're going to recover andthen they're going to be looking
for an MSP, or they'll have aterrible taste in their mouth
about an MSP because they werethe one that caused them to lose
their business or millions ofdollars.
So I think that the space isgoing to ultimately start to

(39:09):
swallow those up, and I'm hopingthat comes from either
government influence orcompliance of some sort, which
is going to say you can't runthat way.
You are putting back doors intoabsolutely every device in
their network.
You can't be doing that becausewe have a global threat that is
coming from everywhere,regardless of where it's coming,
like different countries,people, et cetera, from your

(39:31):
neighbors.
There's threats coming fromeverywhere.
So I think we're going to seeless of those kind of the term
that we use internally the trunkslammers is what we call them
right, it's like that MSP I'mhoping doesn't make it through
this next five years, because itdoes make us all look bad and
we need to be very careful.
We need to secure our own house.

(39:52):
We do it every day.
There's something new all thetime that I'm also implementing
internally and our tabletopexercises expose areas of
weakness that I was like no, weneed to protect that.
Let's talk about it.
Change management how are wegoing to do this?
How are we going to trainthrough it?
How are we going to make sureour clients understand there's
been a change?
And that's expensive, and Idon't think a lot of MSPs are

(40:13):
going to be able to do that at asmaller scale without
increasing cost, so they'll haveto obviously increase pricing.
So what I'm saying is I hopesome of these MSPs that are
looking to just come in and tryand make a quick buck it's going
to be a problem because you'regoing to affect the organization
that you've installed backdoorsinto.
So that's what I'm hoping for,and I know that may sound doom

(40:35):
and gloom, but I'm also seeingthe other side, which is the
other light.
The end of the tunnel is thatmaybe we will have government
influence to force us to bebetter.

Speaker 2 (40:44):
It's a super interesting discussion because
if you look at a whole bunch ofother areas of the business they
are, they have either kind ofregulation or oversight,
compliance and rules they haveto play by and for some reason,
it as a whole has largelyskirted that and there's been
various attempts to put in placerules to play by.

(41:08):
But for all intents and purposes, I could end this call today,
put out a nice website andannounce that I'm an MSP and
just start servicing customersand that's crazy and bonkers and
a huge amount of risk.
And I fully appreciate whatyou're saying, which is the idea
that there is a little bit ofan entry point to actually being
able to play in this space nowand to do it properly, there are
investments that need to bemade, there is a base level of

(41:31):
security that needs to exist andthere's some base investments
that if those don't exist andyou mentioned it as table stakes
earlier if those don't exist,they run as fast as you can in
the other direction.
But I think that it will leadfrom my perspective and I'm
curious on your take to a littlebit of that continued
consolidation, becausepreviously the barrier to entry,
as you mentioned, to 21 yearsold to becoming an MSP was quite

(41:55):
low, but I think that world ischanging and there will be some
consolidation in that space.

Speaker 1 (42:00):
I do too.
However, the only thing I wouldnot argue I still think the
barrier of entry is low.
Anybody could do exactly whatyou just said.
You could whip up a WordPresssite in a minute and say that
you're a managed servicesprovider and there's no
regulation against that.
Now, again, I'm careful withthe regulation word.
I think what's happening isinsurance is asking the

(42:22):
questions of who is your MSP ordo you have an outside
consultant that does A, b and C?
I still think those questionsare too broad.
I don't think that they'reasking the right questions.
When they ask for do youenforce MFA, that's an
impossible question to answer.
On what?
On their switches or on theirlogin to their identity?

(42:43):
Right, like you can't answer.
I think that insurance still is.
I think it's helping becauseit's asking the questions, and I
think what's going to happen isthat they're going to have
people that will answer thosequestions with yeah, I use MSP,
abc Inc.
And the insurance provider isgoing to put them into the
registrar and go hey, abc Inc.
How many times have we seen abreach at ABC Inc?
We've seen 30 of them.

(43:03):
Okay, you do not get cyberinsurance, you're with ABC Inc.
I'm hoping that we get to thatstage where and that would be
again a really perfect world wemay, however, also see this in
the banking world, because thebanking world also provides
loans and they may start askingthose questions of hey, who are

(43:24):
you with as an MSP?
Because we don't want to givemoney out to a company that
could potentially sink, followthe money right.
If the insurance and thebanking is starting to ask these
questions, that could help usalso get rid of the fly-by-night
that was a better term to beusing fly-by-night MSPs that
don't have the best interests inmind.

Speaker 2 (43:45):
I completely agree, Dustin.
We've been talking for almost45 minutes here.
I feel like the time here flewby.
If people want to pick up thisconversation, if people want to
connect with you, what's thebest way for them to get in
touch?

Speaker 1 (43:58):
with you.
Sure LinkedIn, dustinkassar youcan get me there.
I'm also dustinkassar at sitetechnologycom.
I am an open book.
I'd love to tell you how we dothings.
I'd love to tell you what maybeyou should be looking at.
If you're looking for an MSPand it doesn't matter really
where you are, I don't care ifyou're Canadian, american or
even overseas Give me a call andI'm happy to help bounce some

(44:22):
ideas around with you as well,and even other MSPs that are
looking to come into this game,that don't want to be the
fly-by-night.
I'm in almost every conference,or at least I try and attend
every conference big conferencethat is and again, would be
happy to help anybody that is onthat journey as well.

Speaker 2 (44:38):
Amazing.
This has been an absolute blasttoday.
Dustin, you're clearly a wealthof knowledge in this space and
really appreciate you taking thetime, and thank you so much for
joining us on selling thispodcast today.

Speaker 1 (44:49):
Absolutely.
Thank you so much for theinvite.
I really do appreciate it,Keith.

All Episodes

Episode Transcript

Popular Podcasts

On Purpose with Jay Shetty

Boysober

Crime Junkie

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}MSPs and Partner Selection with Dustin Cassar

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}On Purpose with Jay Shetty

Boysober

Crime Junkie

All Episodes

MSPs and Partner Selection with Dustin Cassar

On Purpose with Jay Shetty