Identity First Security For MSPs (EP 990)

[0:18] Welcome to the IT Business Podcast, the go-to show for IT professionals and

[0:24] managed service providers who want to run their business better, smarter, and faster. Each week, Uncle Marv brings you real-world insights, proven strategies, and stories from industry experts, vendors, and fellow MSPs,

[0:37] all designed to help you stay ahead of the curve and thrive in today's tech landscape. So plug in, power up, and let's dive into another episode of the IT Business Podcast with your host, Uncle Marv. Hello, friends. Uncle Marv here with another episode of the IT Business Podcast, the show for IT professionals, managed service providers, you know, anybody out there that's doing tech with business, and uh i see we have an issue posting to LinkedIn so we'll see how those people uh show up during the show this is the weekly live show we do this just about every Wednesday night at 8 p.m. eastern and uh i bring on guests that are either it business owners vendors leaders in the channel and we just try to come out here and have a good time tonight is let's see.

[1:45] Doesn't look like Lincoln is going to be working. So that means we'll have even less viewers. So we'll see how that goes. Some of my viewers that are normally watching are actually still over at the Omni Hotel. Today was the final day of N-Able's Empower 2026. It went for three days, started on Monday and goes through today. The after-hours party starts right now, 8 p.m. and goes until 11, which is the noise ordinance time here. So there will be some podcasts that come out starting Friday that I did here. I only did five, but they were good quality interviews. And I want to give a shout out to Mary Catherine Revels and Kim Caccini. They were with the N-Able folks and got me set up over there to do some podcasting. We got to sit through a nice lunch with the executives. And some of the bigger partners of N-Able and that was good as well so I’ll have those podcasts coming up um.

[2:54] I do also want to just give you a very quick recap the event itself now granted it's N-Able and it was mainly their partner show so it was not your typical big event where it was just all over the place uh in N-Ables own words uh the event was meant to shine a spotlight on what's working, what's falling short, and what's on the horizon in cybersecurity, specifically as it pertains to N-Able and their plans there. So that turned out to be pretty good with the attendees there. All of them talked about how it was actually a very good conference. There wasn't a whole lot of pitching, a whole lot of selling from the vendors. Now, there were vendors there, and there were a good number of them, and the booths were great. And in a moment, I'm going to tell you what I thought about the swag, but it was a mix of MSP owners, technical directors, security leaders from small and mid-sized providers that were a part of the event here. From a structure standpoint, it looked less like a user conference and more like a structured boot camp.

[4:15] The official agenda featured expanded technical and business tracks, so it's not your typical conference, not just people standing up on stage talking at you, not panels where they were just talking at you. There was a lot of interactive stuff. They were designed to improve AI and security outcomes. There were deeper product and roadmap sessions across the entire unified endpoint management, of course, data protection with Cove, and security operations.

[4:47] And as I mentioned, there were plenty of interactive workshops and hands-on labs. So on the keynote side, they brought together a couple of high-profile thought leaders. Tiffany Bova was there. She's globally recognized growth and innovation strategist with experience in Salesforce and Gartner. And then she's also got two wall street journal best-selling books to her name so that was good there and then N-Able CMO uh Vikram Ramish uh set the tone early and he said that Empower has always been where the industry's most forward-thinking MSPs and securities leaders, come to challenge assumptions and sharpen their edge this year the goal was to equip attendees, to lead the shift from reactive security to business resilience and if you hear, you know news reports and if you were there that was the phrase business resilience was said just about i don't know every hour there and it was basically giving MSPs a lot of strategies that they could act on immediately.

[6:06] Um, there's a lot of other stuff that I could talk about in terms of the event itself. I'll leave that to the podcast that I will be putting out on Friday. Uh, got to meet a lot of the head nerds. And those are people that you normally don't see that are out. They are in charge of all the individual components at N-Able. So those are going to be some of the podcasts that are coming out. And, uh, in short, if you want to dig into the details yourself, I will have links to, uh, the official press releases, uh, the eventual, uh, the official, uh, website. Um, there were a couple of other news agencies, much more equipped than I to give a full recap. So, uh, business wire, simply walls, um, and all of that stuff. So there'll be a lot of that out there, but I think what a lot of you are waiting for. What is going to be interesting is I'm calling the swag winner out now.

[7:07] Normally, I would like to wait and, you know, be able to analyze the swag. Of course, you know, I like to go through and check the pins, do the writing of utensils and all of that stuff. I'm not going to do that this time. I'm just going to flat out call it. Benji Pace had a good run. They tried to hook me with their passport holder and their brownies, and I had to remind them that, you know, food is not swag, although some people were trying to say, yeah, but this brownie's pretty good.

[7:46] This hat, this... As Seinfeld would say the walking sombrero was probably the hit of the show i know that when i got to the open text booth i grabbed their pin started to tweak it and i was going to give it some poor scores then i spotted the hat and i looked over to DePalma said how do i get one of those and he gave it to me i don't know if i can certainly know i can't wear this thing right.

[8:17] So i don't know if i was the first person wearing it but i think i was the first one wandering around the vendor hall with it and it must have it must have been a hit because before you know it everybody is walking around with these things um i hope i started a trend but it won't be a trend that I’ll keep up because I’m not going to wear the hat but that was probably the first thing that hit me the second thing is i think i talked the last couple of conferences about these back scratchers for some reason i like back scratchers all of a sudden I’m going to turn this logo around so you won't see who this so this was the last back scratcher that i said was pretty good this is the one that OpenText came up with. And as you can see, it's much bigger. It's more better. It is a bat scratcher to be proud of. It is long. So first of all, it reaches all the way down the back almost to the plumber area, which is fantastic. It is sturdy. I think this is going to last a long time. Uh and it's got a nice some of these have handles that they're a little slippery they're a little plasticky this has got a good grip to it i mean this is if you want to get in there and dig oh my goodness gracious um.

[9:47] Yeah. So, uh, between the walking sombrero, the back scratcher, listen, there was some good swag there. I'm not going to lie. There's some other good swag, but that and De Palma stepping up,

[10:02] um, open text wins the swag, no ifs, ands, or buts about it. So, um, that's it with the Empower I’ll have more on that with the podcast like i said uh i do want to give a community update one of the things that i was not uh keeping track of with the conference but i got a.

[10:29] I got a message text from jason Percival that junior is being discharged on Thursday so that of course is great news um i did ask if there was any other updates they're still waiting uh on insurance and of course because the house was empty they've had some issues there so um that's something else that now we're going to have to pay attention to uh with people breaking in uh stealing stuff now they're going to have to you know, get stuff again, apparently. So I know that I did not publicly put ways that you can help on the show. I did that for a reason. I want people that are officially a part of the community, officially listening to the show to reach out to myself or people that know Jason so that we can help. I don't want there to be any support.

[11:31] Yahoos out there doing stuff and things of that nature so that's why i did not put that out there so if you want to send me a message I’ll tell you what to do going forward so that is going to be the update there so we continue to keep him in our thoughts uh let's see here i think that's it I’ve got a couple of uh personal things business wise that um i think because i went long on the opening here I'm going to let go through and we will listen to our commercial and then we'll have our guest on the other side. So we'll see you right after this. Is your business truly protected from cyber threats?

[12:11] ThreatLocker is the gold standard. Zero trust endpoint protection, trusted by IT professionals everywhere. ThreatLocker blocks everything that is not explicitly trusted, denying all applications and scripts from running unless explicitly allowed, and also includes ransomware. Easy to deploy, easy to manage, and backed by a 24-7 support team that is lightning fast with response times around 60 seconds. Stop cyber-attacks before they start and sleep easier at night. Lock down your endpoints and say goodbye to ransomware. Click on the ThreatLocker link in the show notes and start your free 30-day trial today. Be sure to also check out our other amazing sponsors. NetAlly, whose handheld network test and analysis tools give IT pros fast, easy visibility into wired and Wi-Fi networks so they can quickly find and fix problems. OneStream, a unified communication and integration platform that centralizes voice, messaging, and contact center tools for MSPs with deep CRM and PSA integrations and automation. And TruGrid, your secure remote access platform designed to simplify delivering

[13:22] remote workspaces without VPNs or exposed firewalls. For more details on these partners, check out their links in the show notes.

[13:31] All right, my guest tonight, Mike Wise, the owner and chief engineer of Clockwork Networks. They are an IT services and managed security firm based in the Denver metro area, and he has a nice little niche where he focuses on small and growing businesses with a strong niche around tax professionals and other compliance-heavy firms. Mike, welcome back to the show. Hey, Mark. It's great to see you. and it's great to be back.

[14:03] So what, tonight is N-Able's after party. I guess we're going to have to have our own after party since here we are, and I guess others are having fun in sunny Florida. It's in Florida, right? It's here in Florida, yeah. Yeah. But you know what? There were people asking me why I wasn't going, and I'm like, I'm old. I mean, it's a Wednesday night. I'm not going to be all drinking and hooting and hollering till the wee hours of the morning on a Wednesday. So that's a, that's a young man's game. It is. It is a young man's game, but I gotta say that was some serious swag. That back scratcher for me, the bar is pretty low with swag. You know, I love cheap sunglasses cause I get, they scratch, you know what scratch lists or scratch resistant, sunglasses at a conference i think i would that would have my vote but the bar is low for me you know what i so i look at the sunglasses and i get we get a lot of them but the problem is, I’m not the type of guy that's going to wear these cheap plastic looking gimmicky looking colorful cartoon glasses and stuff but i do give them to the nephew.

[15:19] So, well, I drive with them, you know, I, I really don't walk around with them so much, but, uh, that's a good thought. Yeah. Yeah. Yeah.

[15:28] And they get scratched up pretty quickly. So I look forward to reloading when I go to a conference. Yeah. Okay. So Joe Kinocevic in the chat, I can tell what old is. Hey, Joe.

[15:44] Welcome to the show, Joe. It's been a while. Yeah. Yeah. So, Mike, it has been a minute. I did see you at the Threat Locker event. You guys came cross-country to Florida, hung out in Orlando there. You and actually several of, I don't know how to call it. I don't want to say the old guard. That's not right. The community as we knew it back from the Podnutz days. But you guys came out and hung around and uh somebody got their car hit um as part of that after show event yeah an accident yeah yeah yeah it was not our fault um but yeah yeah a number of us from like uh tech con from days of yore uh came out um actually part of the peer group that that i run, but we could talk about peer groups a little bit later. But it was it was a great time. It was great seeing you. The Rosen Shingle Creek Resort is just remarkable. What a great place to host, you know, thousands of attendees and it's just five star experience. And I got to say, I kind of like that experience. Yeah. What? You don't miss the days of sitting in a co-working space?

[17:12] No. I mean, I enjoy that a lot. But, you know, a 180 of that has its own appeal, you know? Yeah. They both are very special. Yeah, for sure. You know what I liked about the Zero Trust was the types of sessions they had. I think there's like three categories of sessions. It was like the main stage with keynote speaker style content. There was the hands-on hacking labs.

[17:45] And then smaller breakout speaker sessions. And you got to sign up for what you wanted to do, where you wanted to go. And I think that's scratched an itch for a lot of different attendees. Those that needed to geek out with something hands-on or those that, uh, which, which I think was, was some, I thought that was cool. Uh, the hands-on labs, because some were very advanced way beyond me, but some were, were, uh, you know, a lot more, um, you know, a lot more reachable for, for the rest of us. So I enjoyed it. That was a good conference. Yeah. I, I, you know, that conference and then the Empower, uh, this week, a lot of people were saying that it was a little bit more informative than most conferences. I talked to...

[18:33] And see i think i interviewed mike DePalma from open text and we talked about that and he said that he thinks that the shift is actually really starting to happen vendors have been talking about making the conferences more educational for years but i think they're just now getting the hang of it in terms of what that actually means to us as attendees and you know it's not just about product information it's not about roadmaps it's about what can i do today, to help my business what can you show me that i don't already know about the product that will help me be more efficient make more money and you know survive is what i think is what they're actually figuring out yeah that is great that's so important um yeah so i had some nice fun takeaways from that experience. And I got to say also, the speakers they had on the main stage.

[19:36] My personal favorite was someone I hadn't known of before, Marcus Hutchins. Oh, okay. And I probably should have. I mean, he just is best known for stopping the global WannaCry ransomware attack. And he had a great presentation on AI and really black hat LLMs and white hat LLMs and what his thoughts are on the future of cybersecurity and from a hacker's perspective. So that's cool stuff. Yeah. So why don't we take that and talk about when we first were, you know.

[20:27] Roaming around, you know, the UnConvention and early tech con days, you know, a lot of us were just kind of gathering ourselves in the industry with, you know, focusing on, you know, the start of cybersecurity, the true understanding of managed services and proactive care in the new, the new age, I guess. Uh, you're one of the people who like me, uh, stayed a one man shop. Right. Why did you do that? I didn't think he would be, I thought you were going to, you know, be like everybody else and grow and get some employees. And, you know, I knew you were niching down and I assume that with niching down would come the growth. Uh, explain why you decided to do that and how it became, you know.

[21:21] This, this thing that you're doing now? Sure. So, um, I guess, uh, um, a big part of it is, I guess at heart, I am a technician at heart. Um, and, um, I, and I, uh, maybe I feel a little hesitant to take on, uh, staff, uh, because maybe my skills as a manager, aren't that, aren't that great. Uh, I, I feel I have good people skills. Um, but I also feel that, um, the, the way and the policies I have for how clockwork manages clients is something that's near and dear to me. And I guess I've just been, I'll answer it this way. I've been focusing more on being intentionally efficient and standardization.

[22:19] And especially in those past couple of years with how AI can help, say, my background did come up through college with a lot of coursework in computer science, but I won't say that I'm an accomplished developer programmer, but you can go from zero to hero really quickly with AI, having your back and being able to standardize and make things more efficient on my own has allowed me to take on more clients without necessarily taking on staff. Now, I don't want to make my business come across as something bigger than it is. It is smaller and maybe deliberately so, but I like the idea that through standardization, I can maintain that one-man band. You know, if it starts slipping away from me, there are options to take on help, But, um, but I'm enjoying, uh, I'm enjoying being the owner operator. Yeah. Uh, are you using the, you know, any subs, any other partners, you know, to fill any gaps?

[23:40] Um, for, for certain types of services that I'm just not great at, but clients do have a need for, for example, website development. Um, I have, uh, you know, a strong referral, uh, relationship with, with a much larger MSP. Actually, it's Jason Miller with Unbound Digital. And he's able to make sure my clients have that website presence and either both develop websites from scratch or just maintain something that's already existing.

[24:22] You know, I work closely with them. so i try to work closely with those uh those in the industry that have the staff to uh to take care of things that I’m just it's just beyond me right yeah um let me pivot and ask you this question because, you know people ask me about you know my vertical of attorneys uh i just kind of ended up there it wasn't something that i targeted it wasn't something i set out uh i kind of before that was body shops of all things so it was weird how i ended up with my vertical and my niche, was this something that you sought to niche down in or did you kind of end up there.

[25:09] I had to think about it was at a i think it was a tech con that was a couple years ago there was a presentation that really wasn't about finding your niche that wasn't the point of it frankly i don't recall what the point but there was an exercise that i really had me thinking I'll share that with you. The exercise was take a sheet of paper and draw a vertical line and a horizontal line. So now you have quadrants. And along one side, say from left to right, this will be complexity. Low complexity to high complexity. And you can think of complexity of how easy or difficult it is for, I'm sorry, this is all with regards to your clients, your existing clients. So which of your clients do you consider low complexity or do you consider high complexity? And you drop some names in there that just jump out in your own head. And then on the other, going up and down, let's think about value, low value to high value.

[26:27] And value, of course, can mean, you know, how much money it is that you're getting from them. But what if, What really is a high value client for many of us is really the how long how well do we get along with this type of can we make generalizations about a category of business that they're easier to work with? Or maybe they're looking for the kind of help that you can provide and they're very receptive to having you more as a consultant than as someone to task with doing something that's urgent for them. So there's different... So anyway, I was like, okay, what are my high-value clients? My low-value clients, low-complexity, high-complexity. And it occurs to me, the magic quadrant, of course, is low-complexity, high-value. And just looking at those businesses and business owners that were in that quadrant, I was scratching my head and said, hey, it seems to me that these are my tax pros. It was my tax pros. It was engineering and it was nonprofits.

[27:55] And the reasons were very personal to me. And they would be for anyone doing this exercise.

[28:04] And so I went, you know, I started, I went to AI. I said, hey, what is it about these things? I have some ideas what I think it is. And so just having this conversation with AI about what it is about these industries, and there was a couple common themes. One is I happen to be really good on Windows platforms. And as a generalization, tax professionals, nonprofits, and engineering firms lean into windows. That's one thing. Tax pros happen to be an aging demographic. I'm an aging demographic. You know, lots of Gen Xers in that industry. And they need a little, sometimes they need a little bit more handholding. And that's great. It's a way to provide value. It's also a compliance industry. And I'm like, hey, if I can figure out as much as I can and learn as much as I can about FTC and IRS regulation for this industry, I'll have a lot of value to add. And there's other things, but that's how I went about it about two years ago, thinking that, hey, if I were to niche down, what would it be? How can I get more of the clients that I really like?

[29:30] And this, this exercise opened that up for me. Very nice. Very nice.

[29:36] Um, I remember that exercise and yeah, I don't, I'm trying to think there were two people that I was thinking of that could have run it, but we won't, we won't embarrass ourselves by missing that. Um, but I had done, I had already, when I was listening to that exercise i was like oh i already did this i pumpkin planned you know my way into my clients because i you know i was looking at the point of okay which clients are making me money, with the least amount of grief you know which kinds were you know sucking the life out of me, where i wasn't making good money and which ones were willing to listen you know and those are the big things for me so that's what i did and fired my business client you know i survived thank goodness so yeah now the question is you're dealing with you know like you said an industry where compliance is huge.

[30:36] And I imagine that that's one of the sectors where, I mean, they really can't go, you know, denying coverage, I guess, is the best way to describe. Whereas, you know, a lot of my attorneys, they can still say, I don't need that. I don't, because there's no teeth, you know, in not choosing to do what's right. You know, there's no organization that's going to fine them or anything like that. in your area, you know, you've got some federal laws and stuff like that. So I guess it makes it a little easier, but at the same time, I bet that they still fight with, you know, what you're doing, how much you're doing, how much does it cost? Where do you draw the line in terms of non-negotiables for the service you provide? Right. I, well, that's tough and that's going to be, well, Well, first of all, as we know with compliance, is that whether it's HIPAA or IRS FTC and the others, it's always written in a general enough way so that it applies to all firms. And the answer for a very large firm, of course, is not going to apply to the small ones.

[32:01] Something of note with what sits well with me, it makes me more comfortable, is that unlike HIPAA, for example, where you need like a business associates agreement and take on accountability for issues, with the IRS and the FTC, the real accountability lives with the firm. And I'm not saying I like that because I'm not accountable. I'm saying that because when I want to have them raise the bar for their security posture and be more compliant, I understand and they understand that this is their responsibility and they can do it as long as there's a plan. We can take our time and apply the regulation, the compliance requirements while minimizing friction to how the business operates and also on their budget.

[33:11] So a non-negotiable would be a prospect that was completely uninterested in following a plan. You know, one of the things that I provide for my tax pros and prospects is preparing a written information security plan for them. And that is a required document. And it's not... that big a deal. It is basically a written document that you can present to the IRS if needed that shows how the firm protects taxpayer data. I mean, in one sentence, that's what it is. And one of the things I do, one of the things I found is that there are a lot of expensive services to put together a WISP, you know, a thousand bucks will do your WISP, this kind of thing.

[34:15] One of the things that I provide in a WISP is not only having the firm be able to take credit for their existing security that they have but also offer what their next steps can be to improve their security posture and to become in a better place with compliance. And that serves a couple of...

[34:47] That serves a couple, um, important things. One is it gives the firm a roadmap of where they can go next. And secondly, if, if it's a prospect and not, um, a client, well, this is a decent chance. They'll reach out to me to, to make good on, on that roadmap. And, um, it's, um, Um, so baby steps are fine and, um, and I can, uh, I can be patient with the tempo of how fast they want to move in the end, the firm is accountable and, um, that's how I approach it. Interesting.

[35:28] I was just sitting there thinking of, I have the same thing where the firms are responsible for a lot of things. I can't make them do some of the stuff. I can make available the tools for them, but they have to choose to use them. And, you know, I have to write in language a lot of times that's like, look, if you don't do this, that's on you. You can't come back after me after for that. I'm giving you the tools. So very interesting there. You talked about things like the WISP and the things like there are services that we could use from other vendors and places to kind of do some of that stuff. However, I want to ask this question.

[36:10] Are there places where IT pros and MSPs are leaving money on the table when it comes to doing the services, you know especially if they've niched down um or if they're claiming they do stuff um are they leaving money on the table when it comes to you know practicing uh pricing uh guides packaging vertical stuff like that I’m sure I’m sure I’m leaving money on the table really um my um my pricing model, for example, is a fixed amount. I price per endpoint and- All in? Well, I caution them. It is a maintenance agreement, you know, and, but I provide like a WISP, for example, would not be included, but I give them a subscription client a deep discount on preparing and maintaining their WISP.

[37:15] A lot of things that I include in my maintenance is going to be a lot of services that, in my mind, are the non-negotiables. And it's usually ways to simplify, you know, to lower that complexity for me.

[37:34] And, for example, reliable backup is one example. Um, I make sure the backup is the tools that I'm really good at. I make sure that if, um, there's going to be redundancy in the backup, a cloud and an on-premise, um, um.

[37:57] I include that that's not an add-on i don't charge them extra for their backups um and maybe if i didn't wait like you don't charge when you say you don't charge them extra meaning that's that backup is included in the endpoint price and you don't charge for you know, storage of the backup or anything like that correct now this kind of you know with some, fair assumptions that most workstations are going to have the 512 gigabyte to a terabyte kind of thing. 512 or less, especially for tax pros. It's really not going to be like engineering firms with the huge CAD drawings and this kind of stuff. Or a photographer with all the large files. Typically speaking, these are workstations that have I have really a couple hundred gigabytes of data, so yes, I include that. And things like endpoint visibility and response, I put my EDR on it. I have my RMM on it, remote access.

[39:12] That's included. I standardize across all my clients with my tools.

[39:23] And it's easy to do when you've niched down to a certain vertical. And a big thing, and maybe we'll talk about task keys, but identity-first security is one way of saying it. My clients are primarily Windows-based, and they're primarily Microsoft shops. So I take advantage of Microsoft's Entre ID. I Entre ID join my endpoints, and I set up Passkey logins and that has been really, really reliable with that one login. They get connected as they should. When you log into your Windows computer, you should be connected to your Outlook and your Microsoft Office Suite and your OneDrive and your SharePoint, etc. And it should always reconnect and it should not be asking for authentication here and there because something hiccup and this kind of stuff. And I found from a complexity perspective, this was, when I did that.

[40:34] It was almost bulletproof. It just always, always works. Prior to doing that, it's like, oh, OneDrive isn't connecting for some squirrely reason. Stuff like that. Stuff like that disappeared. Well, when you've got, you know, your single sign-on set properly and you've got your authentication set properly, that's the way that should be. There are still a lot of places where, you know, that can't be the case. But in terms of that because a lot of people do that and stop short of other security things so i was going to ask you you're i don't think you're a threat locker user are you no okay because i find that a lot of people and when i say like us that are either solo techs small shops um less than, you know, five techs per se.

[41:30] Most are not doing zero trust. I am. So I get a lot of pushback, I guess, from stuff like that.

[41:39] Where do you sit in terms of your security, you know, on that scale? You're doing, you know, the SSO, you're doing the authentication, you've got the compliance stuff. Where do you sit on that spectrum? For zero trust? So, yeah, isn't it? The irony of the guy that doesn't do ThreatLocker, you know, just got back from the Zero Trust World show, right? Got to start somewhere. Yeah.

[42:08] Well, I've been adopting Zero Trust along the way, and actually inadvertently. When I started with passkeys, and this is more zero trust on the endpoint. No, this is more identity. Identity, yeah. Identity zero trust. Yeah. Not zero trust on the endpoint. But if we think recently, the big attacks on our clients have been web-based authentication, evil jinx, token theft, all through web browsers connecting to services, but our users are getting tricked into connecting to these man-in-the-middle web servers that are harvesting, they're collecting the credentials that our users just freely provide, they think they're logging in, and then their Microsoft environment gets breached.

[43:16] The, But this was kind of unusual. I took on a nonprofit a couple few years ago, and gosh, maybe four or five years ago, and their previous IT had them set up with Entra ID, or at that time, Azure ID logins, or yeah, Azure AD logins, right, into Microsoft, and I was not familiar with it. So I'm like, but this is peculiar, and this is cool. I want to learn more. And I set it up, and what I realized that by having them log in with a PIN, which is a category of passkey login, that the device was uniquely connected to the Microsoft sign-in. And that helped address shadow IT with regards to users logging in to company resources from devices that were not company resources, you know, personal laptop, kiosk, you name it. And, um, this, and since I charged by device, that was appealing to me where it's like, well, you know, I'm setting this up. So, and, and, you know, what do business owners want anyway? They want their staff to connect to business resources from business resources.

[44:45] And, um, most, most do. Sure. Most, because there are law firms out there. They're like, we don't want to, you know, we want people to work from home, but we're not going to provide them with the equipment. Yeah. Well, that's a tough riddle. That is tough. Yeah. Um, so.

[45:06] I was able to address some of this shadow IT of devices by using the PIN login. Users would come up with an easy six-digit PIN. It could be letters, numbers. If they just wanted numbers, fine. It's theirs. And they'd forget their password. They would just use this PIN. They forgot their highly complex password. Because remember, like four, five years ago, that was like clutch. which, oh, your password must be absurd. And then came the 2FA movement. Make sure there's 2FA on absolutely everything. Are all your users 2FA on their Windows login? And I had learned that, hey, for my clients that I had set up with passkey logins, with PIN logins, that is a 2FA login. The PIN married with the device, which is authenticated by the trusted platform module, the TPM chip on Windows devices, that's your 2FA. I don't have to start looking for other vendors to provide 2FA or rely on a personal cell phone for a staff member or have a hardware token that can be lost.

[46:30] I'm getting this included. And for budget-minded businesses, that's a strong plus. So...

[46:42] On top of that, then came, as time goes on, now our evil jinx era of token theft. And when you log in with a passkey, a passkey can be a pin, it can be a fingerprint, it could be Face ID. Those are all examples of passkeys in the Windows environment, Microsoft environment. And when they log in to their web browser, their OneDrive, not their Edge, you know, that's part of it. That's part of it as well. It automatically connects them to Microsoft Resources, automatically. And they're never asked for their password, which, by the way, they've forgotten by now anyway, by and large. So when they get hit, they get popped by this email that comes in, and it says, click here to read this important invoice. Um, and even if they do click it, um, they get presented with a Microsoft looking login screen that asks for their username. Okay. Well, whatever they put that in, but then what does it ask for their password? They don't use their password. They probably don't know their password. And then at that point, my phone rings.

[48:07] And now a second set of eyes is there for what's going on. And I have pulled clients off the edge, off the ledge, pulled them back, and saved the day. Otherwise, they would have provided their credentials, and it would have been a bad day. Yeah, it's a very good thing to tell them if there's something asking you for your password, you know something's wrong. Yeah. I mean, it's an easy way to explain it. Yeah, yeah. And it is. And we all know that, you know, there's limited benefit. There's limited efficacy of cybersecurity awareness training. You know, it depends on the individual. Some folks love the idea of understanding how attacks work. And many other individuals just want to click through and get through it as fast as possible because they have their job to do. And you never knew.

[49:15] Yeah. All right. Well, Mike, before we run out of time, I want to go back and make sure that we chat about the peer group because you mentioned that a couple of times. Let's talk about that. I've heard about it, never really asked you about it.

[49:33] Didn't like rush and say, hey, I want to be a part. But for people that might be interested in either what you're doing and how they can do it themselves or any other opportunity, tell us about your peer group. So if I were to go back in time and start my business, especially back in time when I did start the business about 10 years ago, Um, there was some, you know, forums, social media forums, and the occasional conference. And it was difficult to really get to bounce ideas off of folks. Um, and I was unaware really of the idea of peer groups. And maybe they, maybe they were always there and I just didn't know. But I always felt a little isolated until I could show up to a conference and meet people.

[50:26] That's something I would do now; is I would join a peer group early on. If I was starting over again. So I think what had happened was I was a part of a peer group, a part of a networking group, different peer groups, different networking groups. And for one reason or another, I just didn't feel it was working out for me. And I can't put my finger on it exactly why, because each case was kind of different. But I decided to start my own peer group by inviting some of the folks that I had met through TechCon.

[51:10] And I didn't know how to start a peer group, really. But what I knew is that I did not want to have it be an accountability group. This was not going to be about, you know, how fast are you growing your business? Are you staying on track? What are the numbers looking like? And I also did not want to monetize it. What I wanted was for folks to show up on Zoom, And I really wanted them to want to show up. But I said, “Look, you got to show up. It's every two weeks. It's for 90 minutes. And what I'm going to do is I'm going to send out an email the day of and have a call for topics. That's your opportunity to say, hey, what's going on? What do you want to talk about? It could be something technical. It could be something business-minded. It could be an experience that you had during your day. And you don't have to have something But this is what happens So I get the responses We all hop on Zoom.

[52:23] I'll start I'll share Oh, and this is also reply all With the email So that everyone knows What other people are going to be asking What their questions are So everyone has half a day to scratch their head About what the topics could be, And so we hit the ground running. The meeting starts. It's 90 minutes. Everyone has like about 10 or 15 minutes to share their thoughts. We go around. If there's time left over, kind of poke at those that didn't submit a question or issue. See if they have something to contribute.

[53:01] And the group started with about, I don't know, six folks. Now it's at 12 and it can't grow anymore. We've increased it from 90 minutes to two hours, and no one wants it to go any longer. And it's really that simple. And the thing is, Marvin, what's good about it is that we've gotten past the BNI networking group. You've got to show up, and if you don't, three strikes, you're out, that kind of stuff. With this, it's like people want to show up. They want to be able to share what, uh, what the issues are, what their issues are. And they want the banter, the back and forth. They want it. And, uh, because of that, it's, you know, it's, it's been, it's been working out well. I've been doing this for about two and a half years. And for those that are interested in a peer group, like forming their, their own, I, I, I think it's a great idea. And you just include the people that, that, that you want. And what happens if it's going well, you want to include more people, but it's just simply not going to happen. Now, could I scale it? Could I monetize it? Could I bring in vendors to speak? Yes, I could ruin it in so many different ways.

[54:20] But this is where we are yeah and my peer group i call it the nerd cave well good for you i like that i like the idea uh i have had two versions of a similar type peer group where it was organic, I’ve also been a part of you know some intentional vendor groups um but i like the idea of finding like-minded people that are willing to share want to share and are not afraid to share um i think are the big components and our current group um you know people are upset when they can't make it which is that's actually a good thing yeah i think yeah so all right my friend well congrats on that i know most of the people in the group so uh kudos to the group that you made there it's a so it's a who's who i think in the community so all right mike um we are coming up to the top of the hour here i do have some Florida man stuff i want to get out there uh let me ask you if there's uh any one last you know statement you want to make for listeners out there any last takeaway uh any you know one thing you want to leave people with that they should uh use to you know stay successful in their business.

[55:47] Well, I just want to poke at, well, I'd love to have something profound to say, but I thought you were going to poke the bear or something. Yeah. You're going to ask me a question?

[56:01] Well, I guess what I was saying is like, I just wanted to put like a period, I guess, on the end of the past key thing. What's happening now is beyond Microsoft 365, right? Why can't Evil Jinx trick our IT professionals into going to a fake QuickBooks Online login or a fake any website login? And the answer is they can. And I'm sure it's happening. It just hasn't had the exposure. So we've all noticed how websites, whether it's Amazon.

[56:37] Dell.com, Walmart, Google, they're all saying hey do you want to do a passkey and um it is an excellent idea to do it because the exact same method of attack that's popping our clients with their Microsoft 365 can do the exact same thing to these other web login it's true so it's beyond just Microsoft’s conditional access it's beyond that it's beyond Microsoft it's any website log in. So to have a passkey mindset is going to be, it already is really, really crucial, I believe. That's my opinion. But just be sure that you're going to the legitimate site to set up your passkey. Don't just do it because it pops up. So make sure you go to the source. And the fact that you brought up QuickBooks, I do have.

[57:36] I, you know, I know that we're all upset with QuickBooks. I wasn't going to ask you about QuickBooks tonight in terms of your tax pros and stuff. Cause, um, there's a lot of drama going on with the way that they've changed their subscriptions. They're going up every year. Ours just went up. Um, it's, I don't know, I think we're paying 1900 for two users and it's frustrating, but the new trick is that somebody called us two days before a renewal. Claiming to be from QuickBooks claiming that our card was declined. It did not go through. And, and I was like, uh, I don't think so. And I mean, luckily I was here and I pulled up my QuickBooks and said, yeah, we're not even due for two days. So how did, how would you have already told me that we're declined?

[58:33] And the card that I use would have sent me a little notification of an attempted charge or something like that. I didn't tell them that, uh, but I wanted to see how far they would go with their, with their rules.

[58:49] Because to have, for, for the bad guys to have that insight that you would do for renewal imminently. Yeah. So now I've got many of us. Well, and now I got to go through and think, okay, well, how would they know that? Where, where is the leak? Because it's gotta be from somewhere. They've gotta be getting it from somewhere. So into it, um, I hope you're listening and, you know, fix these things with all your purchases that you're doing with, uh, TurboTax and credit karma. Those are important things to not allow, you know, to be tricked and hacked, all of that stuff. So with all that money we're giving you, you need to protect us better. Yes. That's all I'll say on that. Um Florida man folks i am going to have, you know it's weird sometimes Florida man goes through these things and people ask me, if it's how often do these things happen and do they really happen in clusters and I’m going to say yes they do uh last week i gave you multiple gator stories this week there are three separate stories of Florida man naked.

[1:00:08] Three, so I'm going to quickly describe them to you. There will be links in the show notes, but the first one is a Florida man allegedly walked into a Florida meat market, completely nude, except for a face covering to rob the store.

[1:00:31] The second story is the guy is actually nicknamed the birthday suit bandit. This was in, this was in Flagler County. And apparently he's done this before because he already had the nickname as the birthday suit bandit. He allegedly tried to break into a home while completely naked. He was caught on surveillance and later taken into custody. Um, so there's that story. And then a third story. Uh, let me see if I have the dates on these. I don't have the dates, but these are all within the last week. Um, the third story is Florida man runs through Jim in the buff and hides in a tanning bed.

[1:01:24] Um, I don't, this was, um, I think he was running from Florida deputies and ran into the shop there. It's just so I'm going to have the full links to the stories on the website and, Florida man naked week is what we are here. So, so, all right, Mike, uh, thank you for coming in. What was that? There was one hat, one hat. I could be naked in my, in my walkabout sombrero hat from open text.

[1:02:07] Uh, all right, folks, uh, Mike wise clockwork networks. Uh, In the show notes, you can find him at the website. He's also on LinkedIn. And he did that personalization, LinkedIn, and his handle is at that Mike Wise. That's right. So, Mike, thanks a lot for coming on the show. We will be back, folks, with another show next week. May is going to be our money growth and marketing month.

[1:02:44] I have, I don't want to jinx it, but I have two names that are pretty big in the industry that have said that they will be on a show.

[1:02:54] So we're going to have our regular folks and I have gone big this year, folks. It is going to be a fantastic month. And I want to make sure that everybody knows April 26th, which is a Sunday, 4 p.m. Eastern. that will be our celebration of our one thousandth show of the it business podcast this goes back to the pod nuts pro days and i will have some people on with me uh doing a celebration looking back one thousand episode folks so be sure to join us uh April 26 4 p.m. eastern.

[1:03:33] So, Mike, thank you again. And for everybody watching, thank you. Be sure to share the show. Be sure to check out all of the upcoming podcasts that I have both from N-Able and Power. I've got a couple of demo shows coming up. I have two network testers in that I have an entire ingenious suite of networking products that I'm going to test in that I'm going to do a co-show with Kerry Holzman on that. So those are going to be some big things coming up. so stay tuned for that that's going to do it for tonight folks thank you again uh from our friends at threat locker we all thank you for watching we'll see you soon and until then Holla!