December 19, 2024 • 20 mins
In this episode of Now That’s IT: Stories of MSP Success, we sit down with Paul Cashmore, co-founder of Solace Global Cyber, to explore his incredible journey of transforming a traditional MSP into a leading MSSP. Paul shares how his passion for cybersecurity and a service-first mindset fueled rapid growth, while also addressing the challenges MSPs face in today’s evolving IT landscape.
Discover how Paul developed a risk-based approach to cybersecurity, handled high-stakes ransomware incidents, and built a culture of innovation and adaptability. Whether you’re an MSP owner looking to scale, an IT leader navigating cybersecurity complexities, or a tech enthusiast curious about industry evolution, this episode is packed with actionable insights and inspiration.
Key Topics Covered:
- Transitioning from MSP to MSSP: Lessons for IT leaders.
- Risk as a growth driver: Building cybersecurity services that scale.
- Handling ransomware recovery: Real-world examples and strategies.
- Recruiting and training top talent in a competitive field.
Join host Chris Massey as we uncover the strategies behind Paul’s success and explore what it takes to thrive in the fast-changing IT and cybersecurity space.
🎧 Tune in now and take your MSP to the next level!
'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today.
Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.
This podcast provides educational information about issues that may be relevant to information technology service providers.
Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice.
The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent.
Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors.
The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe.
All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
One, two, three, four .
My last year there I made 89people redundant.
I put 50 people in Kuala Lumpur.
I had 30 open vacancies andthey wanted me to get rid of
another 40 more and I was like Ijust can't do this, guys.
You know, the thing that we'reproviding is a service and if
you haven't got the people, youknow.
I just couldn't put my name toit and I didn't want to be part
(00:21):
of it.
Speaker 2 (00:21):
So L I couldn't put my name to it and I didn't want
to be part of it.
So ListCyber is a little bitdifferent right.
It's built around a risk-basedsecurity model.
Can you explain what that meansin practice and why you believe
that's crucial for business?
Speaker 1 (00:31):
today the biggest case.
We were on site for two months.
Speaker 2 (00:40):
We had 21,000 users to onboard, and that was a
pretty tough time because theywere just overwhelmed.
You're growing at a prettyrapid pace and you're having to
hire at that pace, right, Ithink when we spoke in the
summer, you were about 45, 50employees and you had expected
to be close to 100 by the end ofthe year.
What's that been like?
Speaker 1 (00:54):
The key thing for us in our growth has been about the
quality of the products andthen, most importantly, the
service.
Speaker 3 (01:00):
Welcome to Now that's it stories of MSP success,
where we dive into the journeysof some of the trailblazers in
our industry to find out howthey used their passion for
technology to help turn managedservices into the thriving
sector it is today.
Speaker 2 (01:14):
Paul Cashmore.
Welcome to the Now that's itpodcast.
Thank you, Chris.
Former director of a 250technical delivery staff
department for an over 240million pound converged IT
service provider, you co-foundedSolus Cyber in 2021 and led
explosive growth, building anover 10 million pound revenue
(01:35):
MSSP in just a few years.
Thank you for joining thePodball.
Nice to be here, Chris.
Thanks for the invite.
Came all the way over from thebeautiful UK and I had a great
trip.
I know you really enjoyed it.
We'll save that.
We'll leave that out of thepodcast, but, Paul, you had a
real—.
Speaker 1 (01:52):
I missed my flight.
Speaker 2 (01:53):
Yeah, but he made it in time.
He made it in time.
We're all here.
So you had a long career in ITand cybersecurity.
Can you start by sharing whatinitially drew you to this field
?
Speaker 1 (02:04):
So way back I used to have a fish and chip shop.
So there's National Dish inEngland and they have worldwide
following.
It was a family business and Iworked alongside my dad Three
generations of fish and chips.
My grandma had a fish and chipshop, my dad had a fish and chip
shop and I worked alongside andI love fish and chips.
But I didn't want to get out ofbed in the morning and I needed
to get myself into something.
(02:25):
I really liked computers atschool and we had a Windows 95
PC in the chip shop and it brokeand I couldn't fix it and that
was like really really annoyedme and we sold the business and
I thought, right, I've got toget into IT.
It was really starting to growmassively.
(02:45):
So I spent the summerretraining to my Microsoft MCSE
and that got me in the door atBlue Chip Data Systems.
That's great.
Speaker 2 (02:58):
So you managed a large team at a significant IT
provider before you startedSolus Cyber.
What was the tipping point thatmade you consider leaving a job
like that?
Speaker 1 (03:04):
I was really fortunate at Blue Chip Data
Systems.
You know I started not knowinganything.
I went in the workshop and thenI went on the service desk and
spent a few years on the servicedesk, then into projects and
then technical director and thenservice director.
When we started really great,just focusing on the managed
services it was kind of aroundthe time 2017, we sold to a
(03:25):
company called GCI and I stayedon as part of their SLT and then
I did three or four years worthof M&A, so we acquired a few
businesses and we integratedwhat they had and we ended up
with a really large team.
So answer your question, chris.
Cyber really evolved into somereally significant nasty events
(03:47):
with the evolution of modern dayransomware attacks.
Ransomware has been around forages, but it was really the
Conti group end of 2020, 2021,where we really started to see
the threat actors really goingout of their way to destroy
businesses.
My time at GCI was starting tocome to an end.
I felt that I'd taken it as faras I could and there wasn't
(04:11):
really the growth there for meto get excited about that future
Cyber was booming and I thoughtthis is what I want to do next.
Speaker 2 (04:20):
Was there a point where you took a step back and
you said I think I can do thisbetter.
Speaker 1 (04:26):
Well, the managed service as a business was doing
really well and in a large groupyou've got telephony
departments or all sorts ofother areas of the business that
were underperforming and as agroup they weren't achieving and
I didn't think they were goingto get there.
And the one thing that reallystruck a chord with me is, you
(04:48):
know, we never had any customercomplaints, or if we did, they
were quite sincere and we wouldreally understand any genuine
gap and turn them into realpositives, really tried to
improve our services.
But in my last year there Imade 89 people redundant.
I put 50 people in Kuala Lumpurreplacing seniors in the UK for
(05:10):
juniors in Kuala Lumpur.
I had 30 open vacancies andthey wanted me to get rid of
another 40 more and I was like Ijust can't do this.
Guys, you know, the thing thatwe're providing is a service.
It's not like a product, like aWAN or another type of sort of
like.
This is a people service.
And if you haven't got thepeople, you know I just couldn't
put my name to it and I didn'twant to be part of it.
Speaker 2 (05:31):
How did those help you shape your vision of what
you wanted Solus Cyber to become?
Speaker 1 (05:37):
I think, from the initial people that we wanted to
take as the team, we wantedreally flexible people and
multi-skilled people.
So you know, initially everyonedoes everything, regardless of
what type of work it is maybe afirewall install or installing
some EDR software everyone doeseverything.
(05:57):
That was kind of like our firstpick of people and we wanted to
acquire a team that could do afull-on ransomware right.
That's what we set out to do toprovide that sort of like
emergency incident response.
So when an organization doeshave that moment of need, we've
got some capacity to be able toput their way.
And ultimately, you know, whenyou're starting with no
(06:20):
customers, that's hard yeah.
Speaker 2 (06:22):
You brought in top talent right Right from the
get-go.
You had made connections sortof across the industry, but
obviously your past teams.
Why was that important?
To bring sort of the best ofthe best in when you were
starting out?
Speaker 1 (06:35):
I think with cyber accuracy is the most important
thing.
You need to have lots of skills.
Organizations have a variety ofdifferent infrastructure.
A lot of the kids comingthrough very much M365, azure
only focused.
They haven't built servers andconfigured RAID, installed
VMware and a lot of theincidents that we go to.
(06:56):
They've got on-preminfrastructure.
That's legacy.
So having people with a wholerange of skills has been really
important to us Most.
Speaker 2 (07:06):
MSPs say I sell IT or I sell uptime or something like
that.
Solus Cyber is a little bitdifferent, right?
It's built around a risk-basedsecurity model.
Can you explain what that meansin practice and why you believe
that's crucial for businesstoday?
Speaker 1 (07:22):
I can.
That's crucial for businesstoday I can.
So when we were starting tosort of define our services and
what we wanted to do, weactually worked backwards from a
ransomware attack.
So we looked at a few incidentsthat involved Conti they were a
big group at the time andresponsible for some really
devastating incidents for somereally large organizations and
(07:45):
we worked backwards of all thethings that you need to survive
a persistent, targeted attack.
So it's not just a drive-bySomeone's coming to get you, and
so we worked backwards on allof those key things.
It would be EDR, mfa, firewalls, perimeter security, patching.
That was the start of ourinitial services.
Speaker 2 (08:05):
So you've turned incident response from a service
into a strategic strength.
I'm sure you can't share anyspecific details.
Are you able to share any sortof high-stress stories of where
your team was involved and maybesaved the day at the end of the
day?
Speaker 1 (08:20):
Well, in the last year we've been involved in a
hundred and two cases Wow.
So there's been some really bigorganizations that we've gone
in and helped and some smallerones where it's the difference
between making it or not makingit right, and I think it's such
a rewarding job.
Going in I'm still first man inon some of the bigger ones and
(08:42):
understanding that business andtrying to work out what that
recovery plan looks like forthem to do that in a safe and
secure way and then working withthem for the duration of that
incident is really rewarding.
Speaker 2 (08:54):
Yeah, so you just mentioned your first man in.
I've seen that a couple oftimes where we've had meetings
scheduled and you're like I'm onthe road I got to get to a
customer.
That's a high level of service,right, like that's really
important for Solus Cyber.
But that also comes with a lotof pressures and that's probably
difficult to scale.
How do you handle that?
Speaker 1 (09:11):
Well, when we were supposed to have a chat because
I appreciate I didn't answeryour last question I was on my
way to a managed serviceprovider, so they'd had a
ransomware.
They had 1,200 customers thatwere down.
That's quite a significantimpact.
Some of those are banks and Iwas sat in there for a week on
their service desk floor andliterally customers calling up
(09:34):
and not very happy, but weworked with them.
They had a lot of talent aswell and on that incident they
needed the expertise to helpthem stay safe.
We put a whole load of securitytools in for them and did a
whole load of rebuild to getthem back as quickly as possible
.
But it's quite a common storywhere an organization has all of
(09:55):
their data encrypted.
The bad guys do go after yourbackups, do go after your DR and
they're left in a really tightspot.
We worked on this case.
It was in a medium-sizedcompany.
They're a charity, look afterold people and know they they're
they're all the data have beenencrypted that they had an
off-site backup that had beendeleted and they they had a
(10:19):
third-party service to providedr and they went to invoke the
dr and they called them up andit's gone, it's been deleted.
So they're in a tight spot andsomething that we'd you know we
we have as part of our run booksis to kind of go through all of
the infrastructure, look underevery stone, to sort of like if
there is a big data loss, youneed to exhaust everything.
(10:42):
So we were going through theirSAN and we noticed that they'd
had some snapshots on their SAN,so they didn't even know they
had them and so, from a nobackup, no disaster recovery
position, they had literallyeverything back and they were
really starting to be veryconcerned about their future.
And so, in the space of fiveminutes, to say that all your
(11:05):
data is recoverable was afantastic moment.
Speaker 2 (11:08):
Yeah, ups and downs.
Roller coaster of emotionsthere.
Absolutely, and for your teamas well.
Right, I'm sure, obviouslyyou're there to be brought in.
After the fact, it wasn't yourservice that didn't back things
up.
But how does your team walkaway?
Obviously they're excited.
They were able to help you guyssave the day.
But are they ready to jump intothe next issue, or is it like I
(11:30):
?
Need a day off, so I mean Imean the.
Speaker 1 (11:33):
They are very resource intensive, yeah, yeah,
because the business is battlingthe sort of like business
recovery requirements.
You also have the balance oftrying to perform the forensics
as well.
So we turn up with a whole loadof hardware and kit to kind of
like so we can crack on with theforensics and and then really
start on that rapid recovery forthat organization.
But it's around the clock,right, and you know so it's very
(11:56):
intensive.
Some of them I think the biggestcase we were on site for two
months.
We had 21,000 users to onboardand you know that was a pretty
tough time because they werejust overwhelmed.
The first part was aroundrebuilding all of their
infrastructure and getting alltheir services up.
I mean, they did most of theapp work and all the
integrations and a lot ofautomation, but they needed a
(12:16):
lot of help to get all of theirusers back on.
So we set up a sort of like aservice desk on site for them
and then we're providing sort oflike walk-ins to get all of the
users onboarded.
Just more around a bandwidthpiece, more than you know a
technical capability piece.
Speaker 2 (12:30):
How have AI and automation helped you improve
service delivery for yoursecurity?
Speaker 1 (12:35):
customers.
Okay.
So I think from a tool pointperspective, we go with tier one
products.
We like to have that kind ofconfidence in the vendor.
They're always leading edgewith the latest evolutions and
what they're trying to do for us, and we're quite strategic on
who we work with and whatpartners that we use.
The way that we're trying toevolve our security operations
(13:00):
is to have the tools thatobviously finding all the latest
threats.
But it's not just a singlevendor.
We've got a mixture ofdifferent tools that we kind of
blend to give the outcomes thatwe want.
But our next evolution isaround maturing our workflow and
automation, so using thingslike AI assistance to be able to
help the sort of like engineersto come to good decisions.
Some of the types of alertsthat we get are quite subjective
at times and you know we needto have some like robust
(13:21):
workflow around how we deal withthose tickets and the outcomes
that we're trying to achieve,you know.
So we're striving to have thatconsistency on every single
ticket.
That's great.
Speaker 2 (13:31):
So building and retaining a top team is
obviously vital to the successof most MSPs, but especially
someone like Solus Cyber that'sbuilt around security.
What have you done to sort ofcreate a unique environment at
Solus Cyber where people want tostay and grow with the company?
Speaker 1 (13:48):
So we haven't done anything yet really is the
honest answer.
Speaker 2 (13:51):
And.
Speaker 1 (13:51):
I think that's one of the areas where the biggest
improvement so far our journeyhas just been about land
grabbing new managed servicecustomers.
If anything that my previouswork has taught me is that it's
all about achieving that numberto be able to do what you want
to do in the rest of thebusiness.
So you know, our success fromconverting ransomware customers
(14:12):
to provide ongoing security andprotection has been really
successful for us, and that'sstill our core focus.
We've taken on a whole load ofpeople that we've worked with
before that wanted more interestin roles, wanted more diversity
, and I think that's key, thatit's always leading edge and
it's always exciting.
Exciting is probably the wrongword, but it's sort of like from
(14:32):
a tech.
It's interesting what some ofthese bad guys get up to, and I
think from an engineer'sperspective, being involved in
those types of recoveries isrewarding as well For us.
We must develop our people toretain them.
We recognize that and as wecontinue to evolve, that's an
area we need to put a lot moreeffort into.
Speaker 2 (14:51):
You're growing at a pretty rapid pace and you're
having to hire at that pace,right?
I think when we spoke in thesummer, you were about 45, 50
employees and you had expectedto be close to 100 by the end of
the year.
Yeah, what's that been like tobe able to find talent after you
got that.
Speaker 1 (15:08):
We've kind of moved past now, the sort of like the
previous gene pool.
Speaker 2 (15:11):
Yeah.
Speaker 1 (15:12):
Right.
So all the people that weworked with before we kind of
worked past that.
Some of the types of peoplethat we're after are very
flexible.
So if you need to get a site,then you have to drop everything
, and that doesn't work foreveryone, right?
So that type of person ischallenging to find, you know,
and we've got three incidentresponse teams now, which is
(15:34):
great.
You know they're all roundersand you know they can go off and
you know help that businessrecover.
Speaker 2 (15:40):
So, looking back on your journey with Solus Cyber,
what decision or moment sort ofstands out that particularly is
defining for you?
Is there anything that you'vedone or that you've accomplished
that really stands out?
Speaker 1 (15:53):
Well, I think, to be honest, that our journey is up
and down right.
I mean it's had more ups thandowns.
It's like we're kind of likeGhostbusters really, in that
we're sort of like waiting forthe phone to ring and then it's
all systems go and then you'rewaiting for the next one.
You know so as waiting for thephone to ring and then it's all
systems go and then you'rewaiting for the next one.
So, as we've matured the numberof managed service customers
(16:14):
that we've got now we've beenable to balance it out, get some
balance between the differenttypes of teams that are doing
incident work, then they may bedoing project work or they might
be doing some help on support.
So it's been really anevolution of all of those
different things that we're justexecuting the plan.
Speaker 2 (16:28):
What are the new challenges or opportunities that
are on the horizon, that arethe most exciting for you, paul?
Speaker 1 (16:33):
You have to evolve with cyber right, yeah, and so
we've looked at how we getbigger, how we continue to
double each year.
I said to you that we'd kind ofdoubled since last time I was
in Texas, which was in April.
Speaker 2 (16:45):
Yeah.
Speaker 1 (16:46):
So we're continuing to win new business all the time
.
So we have an instant.
We're converting that into amanaged service, that ongoing
support and protection piece.
We're winning sort of like fiveor six average new customers a
month, which is great, andthat's leading to the staff
growth.
Some of the new services thatwe're providing as well are also
really interesting, right.
One of the ones that I'm mostinterested in at the moment is
threat intelligence software.
We've just bought a volumelicense deal for a company
(17:09):
called Flare.
We have our risk platform andwe're integrating Flare into all
of our customers.
And what Flare does?
It looks for securityinformation outside of your
organization.
What's really interesting ishow people are starting to look
at their supply chain.
So one of the new modules thatwe have in our portal is around
managing your supply chain.
So one of the new modules thatwe have in our portal is around
managing your supply chain.
(17:29):
So we're using this threatintelligence to have a look at
external information about anorganization and how that might
impact your business.
Quite often we see very heavyintegrations APIs, vpns between
some of your key partners orsuppliers, so providing that
extra insight into what's goingon on something that's outside
(17:53):
of your business but couldimpact your business is really
exciting actually, and all ofour customers that we've shown
it to so far are super excitedabout it and all of our
customers that we've shown it toso far are super excited about
it.
But what we want to use thatfor is how we can then develop
the network of next lot ofcustomers.
So we have two, I would say, keyareas of new business growth.
(18:14):
One is our partners.
Partners where we provide 24-7stock services and instant
response.
They may not have 24-7themselves and they need someone
to watch that around the clock.
They might not have thecapacity or the skill set to do
the instant response.
So we partner and they bring uscustomers and we're trying to
grow that way.
We're also trying to growthrough new services and the
(18:38):
supply chain is a really goodway of being able to talk to our
customers, customers, partners,suppliers.
So if you've got, say, 10 keycustomers or partners part of
your business, what a great wayfor us to be able to open the
door, to be able to start aconversation.
What we've learned is when youbuy cyber, it's about that
(18:59):
trusted introduction.
I think the key thing for us inour growth has been about the
quality of the products and then, most importantly, the service.
We've always had aservice-centric ownership type
position for all of ourcustomers and we go out of our
way to make sure that customer'shappy right.
So we develop really greatrelationships during ransomwares
(19:21):
.
We want to maintain that.
But for customers that wehaven't been through that with
net new customers we really needto go out of our way to look
after them when they have thatmoment of need.
Let me ask you this lastquestion Paul when did you know?
Speaker 2 (19:33):
now, that's it.
Speaker 1 (19:34):
Good question, chris.
So we developed this riskportal and say it's a real-time
risk view of your organization'scyber status.
And the first time that webuilt the mark, we got some
great guys that are involved inthat Pete Jackson, adam Mitchell
, craig Sterling, lee Snyder andwe put it up there and we sort
of saw how to present risk to anexec, an exec team, the
(19:57):
decision makers to reallyhighlight real glaring gaps and
then demonstrate through actualdata and then be able to
articulate a scenario where theycould be breached or they could
be put in danger was to seethat I'm like this is great.
Speaker 2 (20:18):
This is what that was it.
Speaker 1 (20:19):
That was the moment.
Speaker 2 (20:20):
That's great, paul.
Paul, it has been a real honorto have you here.
I really appreciate you comingall the way from the UK to be
part of the podcast, be with ushere in Austin this week, and
it's been great to get to knowyou over the last year and stay
in touch, and so thank you very,very much for being here.
Thank you very much, Chris.
Speaker 1 (20:37):
Thank you, Abel.
One, two, three, four .
My last year there I made 89people redundant.
I put 50 people in Kuala Lumpur.
I had 30 open vacancies andthey wanted me to get rid of
another 40 more and I was like Ijust can't do this, guys.
You know, the thing that we'reproviding is a service and if
you haven't got the people, youknow.
I just couldn't put my name toit and I didn't want to be part
(00:21):
of it.
Speaker 2 (00:21):
So L I couldn't put my name to it and I didn't want
to be part of it.
So ListCyber is a little bitdifferent right.
It's built around a risk-basedsecurity model.
Can you explain what that meansin practice and why you believe
that's crucial for business?
Speaker 1 (00:31):
today the biggest case.
We were on site for two months.
Speaker 2 (00:40):
We had 21,000 users to onboard, and that was a
pretty tough time because theywere just overwhelmed.
You're growing at a prettyrapid pace and you're having to
hire at that pace, right, Ithink when we spoke in the
summer, you were about 45, 50employees and you had expected
to be close to 100 by the end ofthe year.
What's that been like?
Speaker 1 (00:54):
The key thing for us in our growth has been about the
quality of the products andthen, most importantly, the
service.
Speaker 3 (01:00):
Welcome to Now that's it stories of MSP success,
where we dive into the journeysof some of the trailblazers in
our industry to find out howthey used their passion for
technology to help turn managedservices into the thriving
sector it is today.
Speaker 2 (01:14):
Paul Cashmore.
Welcome to the Now that's itpodcast.
Thank you, Chris.
Former director of a 250technical delivery staff
department for an over 240million pound converged IT
service provider, you co-foundedSolus Cyber in 2021 and led
explosive growth, building anover 10 million pound revenue
(01:35):
MSSP in just a few years.
Thank you for joining thePodball.
Nice to be here, Chris.
Thanks for the invite.
Came all the way over from thebeautiful UK and I had a great
trip.
I know you really enjoyed it.
We'll save that.
We'll leave that out of thepodcast, but, Paul, you had a
real—.
Speaker 1 (01:52):
I missed my flight.
Speaker 2 (01:53):
Yeah, but he made it in time.
He made it in time.
We're all here.
So you had a long career in ITand cybersecurity.
Can you start by sharing whatinitially drew you to this field
?
Speaker 1 (02:04):
So way back I used to have a fish and chip shop.
So there's National Dish inEngland and they have worldwide
following.
It was a family business and Iworked alongside my dad Three
generations of fish and chips.
My grandma had a fish and chipshop, my dad had a fish and chip
shop and I worked alongside andI love fish and chips.
But I didn't want to get out ofbed in the morning and I needed
to get myself into something.
(02:25):
I really liked computers atschool and we had a Windows 95
PC in the chip shop and it brokeand I couldn't fix it and that
was like really really annoyedme and we sold the business and
I thought, right, I've got toget into IT.
It was really starting to growmassively.
(02:45):
So I spent the summerretraining to my Microsoft MCSE
and that got me in the door atBlue Chip Data Systems.
That's great.
Speaker 2 (02:58):
So you managed a large team at a significant IT
provider before you startedSolus Cyber.
What was the tipping point thatmade you consider leaving a job
like that?
Speaker 1 (03:04):
I was really fortunate at Blue Chip Data
Systems.
You know I started not knowinganything.
I went in the workshop and thenI went on the service desk and
spent a few years on the servicedesk, then into projects and
then technical director and thenservice director.
When we started really great,just focusing on the managed
services it was kind of aroundthe time 2017, we sold to a
(03:25):
company called GCI and I stayedon as part of their SLT and then
I did three or four years worthof M&A, so we acquired a few
businesses and we integratedwhat they had and we ended up
with a really large team.
So answer your question, chris.
Cyber really evolved into somereally significant nasty events
(03:47):
with the evolution of modern dayransomware attacks.
Ransomware has been around forages, but it was really the
Conti group end of 2020, 2021,where we really started to see
the threat actors really goingout of their way to destroy
businesses.
My time at GCI was starting tocome to an end.
I felt that I'd taken it as faras I could and there wasn't
(04:11):
really the growth there for meto get excited about that future
Cyber was booming and I thoughtthis is what I want to do next.
Speaker 2 (04:20):
Was there a point where you took a step back and
you said I think I can do thisbetter.
Speaker 1 (04:26):
Well, the managed service as a business was doing
really well and in a large groupyou've got telephony
departments or all sorts ofother areas of the business that
were underperforming and as agroup they weren't achieving and
I didn't think they were goingto get there.
And the one thing that reallystruck a chord with me is, you
(04:48):
know, we never had any customercomplaints, or if we did, they
were quite sincere and we wouldreally understand any genuine
gap and turn them into realpositives, really tried to
improve our services.
But in my last year there Imade 89 people redundant.
I put 50 people in Kuala Lumpurreplacing seniors in the UK for
(05:10):
juniors in Kuala Lumpur.
I had 30 open vacancies andthey wanted me to get rid of
another 40 more and I was like Ijust can't do this.
Guys, you know, the thing thatwe're providing is a service.
It's not like a product, like aWAN or another type of sort of
like.
This is a people service.
And if you haven't got thepeople, you know I just couldn't
put my name to it and I didn'twant to be part of it.
Speaker 2 (05:31):
How did those help you shape your vision of what
you wanted Solus Cyber to become?
Speaker 1 (05:37):
I think, from the initial people that we wanted to
take as the team, we wantedreally flexible people and
multi-skilled people.
So you know, initially everyonedoes everything, regardless of
what type of work it is maybe afirewall install or installing
some EDR software everyone doeseverything.
(05:57):
That was kind of like our firstpick of people and we wanted to
acquire a team that could do afull-on ransomware right.
That's what we set out to do toprovide that sort of like
emergency incident response.
So when an organization doeshave that moment of need, we've
got some capacity to be able toput their way.
And ultimately, you know, whenyou're starting with no
(06:20):
customers, that's hard yeah.
Speaker 2 (06:22):
You brought in top talent right Right from the
get-go.
You had made connections sortof across the industry, but
obviously your past teams.
Why was that important?
To bring sort of the best ofthe best in when you were
starting out?
Speaker 1 (06:35):
I think with cyber accuracy is the most important
thing.
You need to have lots of skills.
Organizations have a variety ofdifferent infrastructure.
A lot of the kids comingthrough very much M365, azure
only focused.
They haven't built servers andconfigured RAID, installed
VMware and a lot of theincidents that we go to.
(06:56):
They've got on-preminfrastructure.
That's legacy.
So having people with a wholerange of skills has been really
important to us Most.
Speaker 2 (07:06):
MSPs say I sell IT or I sell uptime or something like
that.
Solus Cyber is a little bitdifferent, right?
It's built around a risk-basedsecurity model.
Can you explain what that meansin practice and why you believe
that's crucial for businesstoday?
Speaker 1 (07:22):
I can.
That's crucial for businesstoday I can.
So when we were starting tosort of define our services and
what we wanted to do, weactually worked backwards from a
ransomware attack.
So we looked at a few incidentsthat involved Conti they were a
big group at the time andresponsible for some really
devastating incidents for somereally large organizations and
(07:45):
we worked backwards of all thethings that you need to survive
a persistent, targeted attack.
So it's not just a drive-bySomeone's coming to get you, and
so we worked backwards on allof those key things.
It would be EDR, mfa, firewalls, perimeter security, patching.
That was the start of ourinitial services.
Speaker 2 (08:05):
So you've turned incident response from a service
into a strategic strength.
I'm sure you can't share anyspecific details.
Are you able to share any sortof high-stress stories of where
your team was involved and maybesaved the day at the end of the
day?
Speaker 1 (08:20):
Well, in the last year we've been involved in a
hundred and two cases Wow.
So there's been some really bigorganizations that we've gone
in and helped and some smallerones where it's the difference
between making it or not makingit right, and I think it's such
a rewarding job.
Going in I'm still first man inon some of the bigger ones and
(08:42):
understanding that business andtrying to work out what that
recovery plan looks like forthem to do that in a safe and
secure way and then working withthem for the duration of that
incident is really rewarding.
Speaker 2 (08:54):
Yeah, so you just mentioned your first man in.
I've seen that a couple oftimes where we've had meetings
scheduled and you're like I'm onthe road I got to get to a
customer.
That's a high level of service,right, like that's really
important for Solus Cyber.
But that also comes with a lotof pressures and that's probably
difficult to scale.
How do you handle that?
Speaker 1 (09:11):
Well, when we were supposed to have a chat because
I appreciate I didn't answeryour last question I was on my
way to a managed serviceprovider, so they'd had a
ransomware.
They had 1,200 customers thatwere down.
That's quite a significantimpact.
Some of those are banks and Iwas sat in there for a week on
their service desk floor andliterally customers calling up
(09:34):
and not very happy, but weworked with them.
They had a lot of talent aswell and on that incident they
needed the expertise to helpthem stay safe.
We put a whole load of securitytools in for them and did a
whole load of rebuild to getthem back as quickly as possible
.
But it's quite a common storywhere an organization has all of
(09:55):
their data encrypted.
The bad guys do go after yourbackups, do go after your DR and
they're left in a really tightspot.
We worked on this case.
It was in a medium-sizedcompany.
They're a charity, look afterold people and know they they're
they're all the data have beenencrypted that they had an
off-site backup that had beendeleted and they they had a
(10:19):
third-party service to providedr and they went to invoke the
dr and they called them up andit's gone, it's been deleted.
So they're in a tight spot andsomething that we'd you know we
we have as part of our run booksis to kind of go through all of
the infrastructure, look underevery stone, to sort of like if
there is a big data loss, youneed to exhaust everything.
(10:42):
So we were going through theirSAN and we noticed that they'd
had some snapshots on their SAN,so they didn't even know they
had them and so, from a nobackup, no disaster recovery
position, they had literallyeverything back and they were
really starting to be veryconcerned about their future.
And so, in the space of fiveminutes, to say that all your
(11:05):
data is recoverable was afantastic moment.
Speaker 2 (11:08):
Yeah, ups and downs.
Roller coaster of emotionsthere.
Absolutely, and for your teamas well.
Right, I'm sure, obviouslyyou're there to be brought in.
After the fact, it wasn't yourservice that didn't back things
up.
But how does your team walkaway?
Obviously they're excited.
They were able to help you guyssave the day.
But are they ready to jump intothe next issue, or is it like I
(11:30):
?
Need a day off, so I mean Imean the.
Speaker 1 (11:33):
They are very resource intensive, yeah, yeah,
because the business is battlingthe sort of like business
recovery requirements.
You also have the balance oftrying to perform the forensics
as well.
So we turn up with a whole loadof hardware and kit to kind of
like so we can crack on with theforensics and and then really
start on that rapid recovery forthat organization.
But it's around the clock,right, and you know so it's very
(11:56):
intensive.
Some of them I think the biggestcase we were on site for two
months.
We had 21,000 users to onboardand you know that was a pretty
tough time because they werejust overwhelmed.
The first part was aroundrebuilding all of their
infrastructure and getting alltheir services up.
I mean, they did most of theapp work and all the
integrations and a lot ofautomation, but they needed a
(12:16):
lot of help to get all of theirusers back on.
So we set up a sort of like aservice desk on site for them
and then we're providing sort oflike walk-ins to get all of the
users onboarded.
Just more around a bandwidthpiece, more than you know a
technical capability piece.
Speaker 2 (12:30):
How have AI and automation helped you improve
service delivery for yoursecurity?
Speaker 1 (12:35):
customers.
Okay.
So I think from a tool pointperspective, we go with tier one
products.
We like to have that kind ofconfidence in the vendor.
They're always leading edgewith the latest evolutions and
what they're trying to do for us, and we're quite strategic on
who we work with and whatpartners that we use.
The way that we're trying toevolve our security operations
(13:00):
is to have the tools thatobviously finding all the latest
threats.
But it's not just a singlevendor.
We've got a mixture ofdifferent tools that we kind of
blend to give the outcomes thatwe want.
But our next evolution isaround maturing our workflow and
automation, so using thingslike AI assistance to be able to
help the sort of like engineersto come to good decisions.
Some of the types of alertsthat we get are quite subjective
at times and you know we needto have some like robust
(13:21):
workflow around how we deal withthose tickets and the outcomes
that we're trying to achieve,you know.
So we're striving to have thatconsistency on every single
ticket.
That's great.
Speaker 2 (13:31):
So building and retaining a top team is
obviously vital to the successof most MSPs, but especially
someone like Solus Cyber that'sbuilt around security.
What have you done to sort ofcreate a unique environment at
Solus Cyber where people want tostay and grow with the company?
Speaker 1 (13:48):
So we haven't done anything yet really is the
honest answer.
Speaker 2 (13:51):
And.
Speaker 1 (13:51):
I think that's one of the areas where the biggest
improvement so far our journeyhas just been about land
grabbing new managed servicecustomers.
If anything that my previouswork has taught me is that it's
all about achieving that numberto be able to do what you want
to do in the rest of thebusiness.
So you know, our success fromconverting ransomware customers
(14:12):
to provide ongoing security andprotection has been really
successful for us, and that'sstill our core focus.
We've taken on a whole load ofpeople that we've worked with
before that wanted more interestin roles, wanted more diversity
, and I think that's key, thatit's always leading edge and
it's always exciting.
Exciting is probably the wrongword, but it's sort of like from
(14:32):
a tech.
It's interesting what some ofthese bad guys get up to, and I
think from an engineer'sperspective, being involved in
those types of recoveries isrewarding as well For us.
We must develop our people toretain them.
We recognize that and as wecontinue to evolve, that's an
area we need to put a lot moreeffort into.
Speaker 2 (14:51):
You're growing at a pretty rapid pace and you're
having to hire at that pace,right?
I think when we spoke in thesummer, you were about 45, 50
employees and you had expectedto be close to 100 by the end of
the year.
Yeah, what's that been like tobe able to find talent after you
got that.
Speaker 1 (15:08):
We've kind of moved past now, the sort of like the
previous gene pool.
Speaker 2 (15:11):
Yeah.
Speaker 1 (15:12):
Right.
So all the people that weworked with before we kind of
worked past that.
Some of the types of peoplethat we're after are very
flexible.
So if you need to get a site,then you have to drop everything
, and that doesn't work foreveryone, right?
So that type of person ischallenging to find, you know,
and we've got three incidentresponse teams now, which is
(15:34):
great.
You know they're all roundersand you know they can go off and
you know help that businessrecover.
Speaker 2 (15:40):
So, looking back on your journey with Solus Cyber,
what decision or moment sort ofstands out that particularly is
defining for you?
Is there anything that you'vedone or that you've accomplished
that really stands out?
Speaker 1 (15:53):
Well, I think, to be honest, that our journey is up
and down right.
I mean it's had more ups thandowns.
It's like we're kind of likeGhostbusters really, in that
we're sort of like waiting forthe phone to ring and then it's
all systems go and then you'rewaiting for the next one.
You know so as waiting for thephone to ring and then it's all
systems go and then you'rewaiting for the next one.
So, as we've matured the numberof managed service customers
(16:14):
that we've got now we've beenable to balance it out, get some
balance between the differenttypes of teams that are doing
incident work, then they may bedoing project work or they might
be doing some help on support.
So it's been really anevolution of all of those
different things that we're justexecuting the plan.
Speaker 2 (16:28):
What are the new challenges or opportunities that
are on the horizon, that arethe most exciting for you, paul?
Speaker 1 (16:33):
You have to evolve with cyber right, yeah, and so
we've looked at how we getbigger, how we continue to
double each year.
I said to you that we'd kind ofdoubled since last time I was
in Texas, which was in April.
Speaker 2 (16:45):
Yeah.
Speaker 1 (16:46):
So we're continuing to win new business all the time
.
So we have an instant.
We're converting that into amanaged service, that ongoing
support and protection piece.
We're winning sort of like fiveor six average new customers a
month, which is great, andthat's leading to the staff
growth.
Some of the new services thatwe're providing as well are also
really interesting, right.
One of the ones that I'm mostinterested in at the moment is
threat intelligence software.
We've just bought a volumelicense deal for a company
(17:09):
called Flare.
We have our risk platform andwe're integrating Flare into all
of our customers.
And what Flare does?
It looks for securityinformation outside of your
organization.
What's really interesting ishow people are starting to look
at their supply chain.
So one of the new modules thatwe have in our portal is around
managing your supply chain.
So one of the new modules thatwe have in our portal is around
managing your supply chain.
(17:29):
So we're using this threatintelligence to have a look at
external information about anorganization and how that might
impact your business.
Quite often we see very heavyintegrations APIs, vpns between
some of your key partners orsuppliers, so providing that
extra insight into what's goingon on something that's outside
(17:53):
of your business but couldimpact your business is really
exciting actually, and all ofour customers that we've shown
it to so far are super excitedabout it and all of our
customers that we've shown it toso far are super excited about
it.
But what we want to use thatfor is how we can then develop
the network of next lot ofcustomers.
So we have two, I would say, keyareas of new business growth.
(18:14):
One is our partners.
Partners where we provide 24-7stock services and instant
response.
They may not have 24-7themselves and they need someone
to watch that around the clock.
They might not have thecapacity or the skill set to do
the instant response.
So we partner and they bring uscustomers and we're trying to
grow that way.
We're also trying to growthrough new services and the
(18:38):
supply chain is a really goodway of being able to talk to our
customers, customers, partners,suppliers.
So if you've got, say, 10 keycustomers or partners part of
your business, what a great wayfor us to be able to open the
door, to be able to start aconversation.
What we've learned is when youbuy cyber, it's about that
(18:59):
trusted introduction.
I think the key thing for us inour growth has been about the
quality of the products and then, most importantly, the service.
We've always had aservice-centric ownership type
position for all of ourcustomers and we go out of our
way to make sure that customer'shappy right.
So we develop really greatrelationships during ransomwares
(19:21):
.
We want to maintain that.
But for customers that wehaven't been through that with
net new customers we really needto go out of our way to look
after them when they have thatmoment of need.
Let me ask you this lastquestion Paul when did you know?
Speaker 2 (19:33):
now, that's it.
Speaker 1 (19:34):
Good question, chris.
So we developed this riskportal and say it's a real-time
risk view of your organization'scyber status.
And the first time that webuilt the mark, we got some
great guys that are involved inthat Pete Jackson, adam Mitchell
, craig Sterling, lee Snyder andwe put it up there and we sort
of saw how to present risk to anexec, an exec team, the
(19:57):
decision makers to reallyhighlight real glaring gaps and
then demonstrate through actualdata and then be able to
articulate a scenario where theycould be breached or they could
be put in danger was to seethat I'm like this is great.
Speaker 2 (20:18):
This is what that was it.
Speaker 1 (20:19):
That was the moment.
Speaker 2 (20:20):
That's great, paul.
Paul, it has been a real honorto have you here.
I really appreciate you comingall the way from the UK to be
part of the podcast, be with ushere in Austin this week, and
it's been great to get to knowyou over the last year and stay
in touch, and so thank you very,very much for being here.
Thank you very much, Chris.
Speaker 1 (20:37):
Thank you, Abel.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.