Cyrisma Simplifies Cybersecurity (EP 833)

[Uncle Marv]
Hello friends, Uncle Marv back with another interview here at IT Nation Connect in Orlando, Florida. And I've got a gentleman here who drew the short straw from Cyrisma. I've got Liam Downward, chief product officer, co-founder, and we're going to chat about cybersecurity here.

So Liam, welcome to the show.

[Liam Downward]
I appreciate it, Uncle Marv, but I've got to say, how's the trip been so far?

[Uncle Marv]
It's been good. So you probably don't know. So I drove up from Fort Lauderdale yesterday.

Nice drive. I'm okay with the heat because I live here. Let me ask you, how are you doing?

[Liam Downward]
If I'm indoors, I'm good. Outdoors, I'm melting. But no, but actually I do like coming to Florida for business, especially with events like this, because I think it attracts a lot of good people to come because it's Florida.

And everybody wants to get the sun, especially being cooped up all winter and spring long. And it's nice to start getting that little vitamin D. But it's nice.

But I will tell you, getting here was a long haul. I had to fly from Europe to get here because right now I'm doing stuff in Europe. And then flew here.

It was like a nine-hour flight from Dublin to Orlando. Did you have to fly straight from Dublin to Orlando? I was doing good for about half an hour beforehand when my bum was getting numb and I was walking up and down.

But it was kind of, I want to land already. And he kept seeing the clock watching. Looking at it, it's half an hour later, and that was the longest 30 minutes of the whole ride, the whole flight.

But, yeah, I'm glad to be here. Those are fun.

[Uncle Marv]
I don't think I've ever flown for that long. I don't know that I could.

[Liam Downward]
If you prep yourself, and my key thing for me is I like to listen to audio books. Now, any time of the rest of the year when I'm not flying, I don't listen to audio books. But on the plane, it works out perfect.

Close your eyes, put the headsets on, and then you're out. But just remember that sometimes when you get so engrossed in it, you do miss dinner and drinks because you don't pay attention to the students and the flight attendants going by. But, yes, well worth it.

[Uncle Marv]
So we need to get podcasts into your listening on the planes and stuff. Yeah, absolutely. I've got some pretty good shows you can listen to.

[Liam Downward]
Point them in the right direction.

[Uncle Marv]
Yeah. Let me ask one other non-tech question here. Because in the prep here, you mentioned football, and then you corrected American football versus soccer.

I'm from Fort Lauderdale, and the stadium that Messi plays in is literally blocks away from my house. He has taken over South Florida and kind of given them a chance to win, but they're not winning yet or anything. What are your thoughts about Messi being in Florida?

In Florida, right?

[Liam Downward]
I think that's the kind of like where everybody wants to go to is Florida or L.A. Galaxy. But I think from a Messi standpoint, yes, in his day, he was the GOAT. He was.

You have him and Cristiano Ronaldo. But I think with David Beckham and into Miami, it's all marketing. It's all about money.

Of course it is. It's all about money. I think, to be honest with you, they've brought in some good players, but they've passed their prime.

And all the rest of it to try and come in as far as trying to win stuff. I think they get overconfident. And I think a lot of people are starting to see that.

All right? They get really frustrated. We're going to win a lot of stuff.

[Uncle Marv]
We got Messi. We got this. It would have been interesting if they had won something last year.

Yes. And I think that would have kind of made it over. But, listen, South Florida has done this before with our baseball team.

We've purchased baseball championships, and then they unloaded the next year. They didn't unload Messi. I know they brought in those other players.

I'm not a big soccer fan, so I don't really follow. But, of course, that's all they talk about down there.

[Liam Downward]
But I'll give it credit, though. It's kind of like one of the things about the NBA and all the rest of it, they're good marketing machines, right?

[Uncle Marv]
Oh, yeah.

[Liam Downward]
About generating revenue. And I think with the likes of Messi coming in, it's generating a lot of revenue for the MLS, not only within the U.S., but also outside with TV rights and all the rest of it. It's kind of like the English Premier League.

Okay. But they're doing that because people still want to see Messi. They still want to see Suarez.

They still want to see Levari-Giroud in L.A. Galaxy. All these different players that are coming from Europe when they're prime, they were very well known and coming into the MLS. And then now you see, like, Cristiano Ronaldo going to the Saudi League, right, to try and bring that up.

Because I think it helps that soccer is a worldwide sport. It's not only in Europe. It's worldwide.

And I think it's good for America. I think it's good, especially with the World Cup coming up in literally less than a little over a year. And that's going to be shared between Canada, U.S., and Mexico. And I think right now is a good time to get a lot of people interested.

[Uncle Marv]
All right. Very nice. Thank you for the quick soccer lesson.

You're welcome. I don't know if I like it or not. I'll be honest.

[Liam Downward]
One of my good friends, he says to me, he goes, it's not skill. You're just kicking a bag of air around the field.

[Uncle Marv]
There is a little bit of skill. I will say that. I mean, listen, some of the way that those guys can kick and get into the goals and stuff, there's some skill.

But it's really more a game of endurance.

[Liam Downward]
It is.

[Uncle Marv]
And all that running.

[Liam Downward]
Oh, big time. Big time. Now, one of the things, and I'll use this, I think it's funny.

Growing up in Europe, we were never big on American sports, right? Basketball, baseball, and American football. But when I emigrated to the U.S., I got an opportunity to watch college football. And I'll be honest with you. I actually prefer college football than the NFL. And I think it's because there's people driving to get to the NFL.

And when they get to the NFL, it's all about money at that point. It's like soccer. Same thing.

You see the lower leagues. They have a passion. But one thing I couldn't get over was I'm there with my father-in-law.

And we're getting up, and we're following. At the time, I was living in Hawaii watching the UH play. And this guy comes out of nowhere, gets on the field, does the little thing like this.

And I'm like, what's he doing? Oh, we're going to stop for commercials. That blew my mind.

I was thinking it's like soccer. It's 90 minutes. He goes, no.

So you take a 45-minute game and turn it into like three hours because of commercials. And I go, yeah. And I'm like, doesn't that really disrupt play?

And I couldn't get over it. I still can't get over it that a game stops for commercials. It was driven by TV.

And I'm like, wow, really? If that was in Europe, we'd have riots if they stopped an actual soccer game for TV commercials.

[Uncle Marv]
Oh, yeah.

[Liam Downward]
TV timeouts.

[Uncle Marv]
Yeah. That's probably one of the biggest disruptors in sports ever. Yeah.

I couldn't get over it.

[Liam Downward]
Because it was like thinking, what if they get to the one-yard line? And then you're in the motion. You're in the moment.

And you have to stop. And you lose that momentum. Yeah.

And then you lose that one-yard line. And you don't get a touchdown.

[Uncle Marv]
That's why there's strategy in when to call a timeout and what type of stoppage of play there is and stuff like that. So it is very huge. It's very big in basketball.

[Liam Downward]
Yeah.

[Uncle Marv]
If a team gets on a run, it's one thing to call a timeout.

[Liam Downward]
Yeah.

[Uncle Marv]
But it's another thing in college where every four minutes, there is a TV timeout whether you want it or not.

[Liam Downward]
I couldn't get over that. I was like, are you kidding me? Yeah.

And he goes, yeah, I'm just used to it. And then everybody just turns around and starts talking. I was a little infuriated because I was actually really getting into the game and enjoying it and then stopping for commercial.

And then everybody just stops to go to the bathroom or they go and get a beer or do something. But it was like, wow, I couldn't. Then I said to myself, so basically that's why it's a billion-dollar industry.

Yeah. For sports in America because of commercials.

[Uncle Marv]
Absolutely. Yeah. TVs, corporations, all that stuff.

[Liam Downward]
Yeah. Absolutely.

[Uncle Marv]
All right. Wow. We got into a lot of non-technical stuff there.

[Liam Downward]
Yes, we did. Yes, we did.

[Uncle Marv]
So for listeners who may not know, and I mentioned to you before, I know Cyrisma, the name. I've never actually looked at the platform. I know that you guys are a cyber risk platform.

Yeah. That's about it. Okay.

So I want to give you an opportunity to at least tell us about that. And it feels like you're more of a left of boom organization as opposed to a right of boom.

[Liam Downward]
But tell me more. So it's kind of like – I'll give you a little bit of a history of Cyrisma itself, right? So for me, I've been in cybersecurity for 20-plus years, right, myself.

So around 2018, I was doing a lot of consultancy work, virtual CISO work, and I saw an issue. And the issue still exists today. And what I mean by that is people can't afford cybersecurity.

Its tools are getting more expensive, more expensive, more expensive. And all of a sudden, there's so many tools to choose from. What do I do and how do I maintain or protect my cybersecurity environment?

And I'll throw this in there. A lot of them feel and look the same. You got it, right?

And that's very true, right? So I sat down with a focus group and I said to them, I said, okay, what would you do or how would you approach a potential application that actually allowed you to have access to multiple different functions or features that you have in 20 other tools but in one platform? They said, well, if we had that, that would be absolutely phenomenal.

But that was enterprise focus. And so when we developed it, we developed it in the mindset of – with the ethos, right? And what the ethos was to provide cybersecurity, make it simple, affordable, and accessible.

So basically, we don't have people turning their backs or doing the ostrich, you know, head in the ground and ignoring, thinking it's not going to happen to them. We wanted to give them the opportunity to buy a product that would give them the ability to protect and be that proactive instead of reactive, right? That's why we don't want to be left and boom instead of right, right?

We want to be that proactive. But the problem we had was that it's like people saw it and we focused on enterprise at the time. We got hit with COVID.

So basically, we had to literally pivot very quickly and that's why we started focusing on MSPs. Okay. And that's how it is.

And they have the same situation, right? One of their situations is tool fatigue. So many tools.

Yes. There's so many things coming out of the RMM. There's this, there's that, there's this.

Before you know it, you've got 20 items in your stack. Could be doing multiple things. But there's no tool consolidation.

Every year seems to be more and more and more. And then the margins get smaller and smaller and smaller because everybody is fighting for the same kind of clientele. So Cyrisma was able to kind of help organizations to evolve, right?

But also to generate additional revenue. And that's the key thing. And that goes back to the ethos.

Accessible, affordable, and simplistic. And rolling the cybersecurity tool. One of the things, Marvin, I'm going to ask you this.

Looking at it from an MSP standpoint, and myself being a previous MSP owner, is that how do I generate revenue, right? Because Feast of Famine and professional services, you have the times of year when things are going up and down. And managed service was like, it kind of helped to kind of ease the pain during that period of time.

But how did you, as an MSP, or even with the thing about from a podcaster standpoint, look at your stack and work out what your margin is? Without kind of like, well, I'm doing 20 jobs right now. I don't have the time, but I know I have to charge more money.

But then I'm having this issue of getting people to buy in that I have to charge them more money. And then you've got 20 other MSPs trying to take your business away from you. So the question, going back to you, is how did you be able to overcome that?

And look at cybersecurity as the next evolution of just providing normal day-to-day operational stuff.

[Uncle Marv]
Well, I'll be honest. I don't know that I've overcome it. Because I'm still having conversations with clients about why do we have to pay more money?

Because I do look at how I charge based on, well, here's what it costs just to give you basic IT support. That's before we talk about security and stuff like that. And then we talk about, well, if you want to do the security, here's the cost.

And I try to package it and bundle it the best I can. And you're right. I live in an area where they are undercutting price as much as possible to get the business.

And I tell my clients; I can't support you based on price. I have to support you based on what you need and what is going to work best for you. So I'm not sure if I'm answering your question.

[Liam Downward]
No, you are. Because it leads into the next thing. Because with the whole concept of Cyrisma and tools like ours is that it's one to be able to say, okay, two things.

I can either ask the customer for more money. Or I can look at consolidating tools into one single stack or one platform that allows me to increase my margin. But I actually start giving you Cyrisma without you having to pay for it.

And that was the mindset of what we want to try and do. But we still have this kind of like balance where a lot of people come around and say to us, well, I can't really utilize the Cyrisma tool until I actually hook a customer to pay for it. Because then you have that situation where they're not looking at their finances or how to generate revenue or look at their margin of stack and what they can consolidate and save.

Because what we want to do is for you to save money and generate revenue but also have an increase in margin without having to change costs. And that's the key thing with Cyrisma we want to be able to do is to give you those three things. Efficiency, productivity, and net new revenue generation.

And generation of revenue can come in two ways. Charge more, which is harder, especially in this economy as we currently are. Or looking at your margin and increasing your margin but still charging and you're making more profit.

[Uncle Marv]
So let me ask this because when I was trying to do a quick check, I mean, you guys obviously you do the vulnerability management stuff. You do the dark web monitoring. Tell me exactly how does that work?

I mean, am I literally removing other tools because I can do more in Cyrisma? Or is Cyrisma giving me more insight into what my tools are doing so I can show my customers, hey, this is where we're protecting you.

[Liam Downward]
It's a combination of two things. Number one is it allows you to remove tools and say, okay, I no longer need them. No offense to use some names like rapid fire tools, a few other things, or some other dark web.

But you look at it and say, okay, we use Cyrisma. What does Cyrisma provide within that one single agent? I can go out and do data classification.

I can find sensitive data. I can do the vulnerability management, both internal and external. I can do compliance.

I can do secure configuration and do dark web. And I can allow the customer to log in to the platform. Whereas a lot of the other solutions that are out there don't allow your clients to log in.

Right. Because what that does, it allows you to build trust and it holds accountability on both sides. And that's the key thing, is that level of trust.

Because one of the things that we discovered with some of our partners is that when they start allowing their clients to log in, it builds that trust that when you have this other ankle bite trying to take the business away, no. Because now they're letting them see what's behind the curtain and hold each other accountable and trust you. You build that relationship rather than being looked upon as a vendor.

You're now a partner. Because now they say there's nothing worse than a CEO at 2 o'clock in the morning saying, why am I paying Liam? The big bucks is my MSP.

And all he's doing is giving me a report once a quarter. Well, if you let them log in, now you're able to see exactly what Uncle Marv is doing, right? Utilizing Cyrisma.

And I can ask a question and say, hey, Marv, why is this happening? You know what, Mr. Customer? It's because your end user in XYZ is not removing sensitive data.

We've already issued that to them to go and clean it up and they haven't. So it allows you then to start putting accountability on both sides of the fence. Very nice.

And the other thing itself is that MSPs are fearful, right? They're fearful to actually show risk because it feels that they're going to lose the customer. The customer is going to fire them.

If you turn that negative into a positive by saying, that's why we invested in Cyrisma. Because we can't understand everything. But if we invest in a tool like Cyrisma, it's giving us more insight to protect you and reduce the risk of compromise or breach.

But it also allows us to use it as reducing your premiums for cyber insurance when you come for renewal.

[Uncle Marv]
So you mentioned the fear that MSPs have. A lot of times the fear is not letting the customer see because the customer is saying, oh, well, I can do this on my own. So let me ask about that aspect because that's probably one of the biggest fears in the last few years.

Not only do we think that AI is coming to take some of our stuff away, but vendors are also selling direct to our customers. So how does Cyrisma handle that?

[Liam Downward]
So one of the things we sell, we don't sell direct for us. Our business is based on the backbone of the MSP and basically to give them tools to be successful. Now, if the client decides to think about doing it themselves, we're already aware of this.

You've got the calculation, right? If they want to do just cybersecurity alone and they hire a cybersecurity professional, you're looking at $100,000, $120,000 fully loaded costs, right? Plus tools, plus education, plus compliance.

They're nowhere near the cost of what it would be that your fraction of the cost of providing that to them.

[Uncle Marv]
Right.

[Liam Downward]
Right. Even though they think that they can do it themselves, they're thinking, well, he's only charging me X amount of dollars per endpoint. They try to do it themselves.

They realize the cost is going to go way up. And then they have their own liability where they can have that relationship by saying, hey, I'm going to engage with the MSP. But that's why I was saying before, let them see what's behind the curtain.

Let them see and build that trust because now your level of accountability on both sides, they understand what's going on, allows them to work on the business instead of in the business because that's what they're looking at you to be. And that's a key thing in my mind.

[Uncle Marv]
All right. So let me ask this because you're able to answer some of these questions from the MSP standpoint. I know that you started as an MSP.

How much of the MSP is still in you? Are you still running your MSP and doing Cyrisma? Where are you at now?

[Liam Downward]
I got out of the MSP business in 2015 because I'm a cybersecurity head, so everything was around MSPs. I started cybersecurity, but I also at the time wanted to get cybersecurity really embedded into the MSP world and being part of that. But I was kind of a little bit ahead of the time.

After a while, I kind of got burnt out like every other MSP does. That doesn't happen. Because you are, in essence, it's kind of like you're a judge, jury and executioner, right?

You're doing everything while working on the business as leadership while getting down into the trenches. But in the modern day, you can't grow if you're doing that because then you're missing what's happening elsewhere. So I wanted to get back to my roots and that's cybersecurity.

So I got out of 2015 and went back to consultancy work. But I know exactly where the MSPs have the issue, like the RMM. They love it and hate it at the same time, right?

All these different tools, but it's a necessity. They know they need it. But the biggest thing itself is the tool scroll.

It's understanding what is going to help me to be more efficient, be more productive, not having to spend more hours. My utilization for my engineers, I'm getting more buildable work out of them than only them being 50 the rest of the time is working on reports that I don't. It's part of the agreement that they get a report every quarter.

But my engineers are spending half of their time building those reports. Because back then it was all about Excel files, bringing this in, generating a report and putting it into something. But how do we do that?

So I still understand where the MSP coming from. Am I in the trenches where they are today? No, but I think the basis is still the same.

A lot of our partners provide the information back is they are trying to understand and evolve to become cybersecurity experts. But they don't know how to package it or know how to sell it successfully because their mind is still focused on the availability of systems, which is their day-to-day operation, which is break, fix, bringing a system online, making sure it's successful, upgrades and little mini projects that way. But when it comes to cybersecurity, it's not a deer in the headlights scenario.

It is like I understand it. But from a business operational standpoint, for the last 20 years, I'm being focused on availability. I don't know how to take it and understand to bring cybersecurity into it and charge my customer for it or turn that into a major revenue, 30, 40, 70 percent availability, 30 percent cybersecurity and how do I grow that to make that bigger.

[Uncle Marv]
Right. Let me ask a question and I don't know if you're going to be prepared to answer this. But some of the shows that I've had recently have talked about the exposure that MSPs are having to where their clients are starting to sue.

Yeah. So a big thing that at least I'm looking at is the defensibility of everything that I do and that is there a way that Cyrisma can help? I know it can give insights and stuff like that.

But is there a defensible position that I can use Cyrisma to say, hey, look, this is why we're doing this for you.

[Liam Downward]
Right.

[Uncle Marv]
This is why we're protecting you in the way that we're doing.

[Liam Downward]
So there's two sides of it. One is actually presenting them, but it's also CYOB. Call your own ass.

Sorry. You can say that. All right.

So and the reason why that is, is because let's say you found a vulnerability. Right. And you go to your client and say, by the way, this vulnerability we need to mitigate.

They look at it and go, oh, that application, we're not upgrading the application. We've just terminated the contract. We're not going to upgrade it.

That's going to break it. Well, you know what? I'm going to suppress this.

I'm not going to bring that. You need to sign off on that suppression. So if something gets hit with that, I already got it documented to say you accepted it.

You're willing to do this. You can't come after me. And we have that within the system because it is.

It's you've got situations what's happening right now. You look at the look at the last one with the law firm going after the MSP and then going after the vendor going after Cronus. Yeah.

Because somebody went and said, oh, I'm going to uncheck encryption because it's there. And the MSP thought it would be a good thing to do that. All these things are happening.

And CISA is really pushing down to say you have a level of accountability to do better as an MSP. But they're also enforcing and giving education to the actual business owner to go after the actual MSP. Absolutely.

So it is scary. It's not going to get easier.

[Uncle Marv]
It will not. So I'm glad that you guys are doing this. I'm glad I had a chance to chat with you guys and expose you to more listeners here on the show.

Yeah. And I'm going to wish you good luck for the rest of the trip, because as long as you stay inside, you say you're fine. But outside, it's going to be hot and humid.

Humid.

[Liam Downward]
Thanks. My wife, I love her. She likes the word Florida but doesn't like coming here.

Even though she's from California and the heat area of California, when she comes here, the heat destroys her. It's a different heat. It is a different heat.

It's a different heat. Yeah. And I was there last year in California around this time, and it's 110 degrees.

And I said to myself, I'm not going back again at that time of the year. What are we doing in two weeks? Going back again this time of year.

[Uncle Marv]
You can't avoid it.

[Liam Downward]
No.

[Uncle Marv]
You just mitigate the risk as best you can. Exactly.

[Liam Downward]
Exactly. Right.

[Uncle Marv]
Well, Liam, thank you for stopping by. And actually, this turned out pretty good.

[Liam Downward]
Yeah.

[Uncle Marv]
Yeah. I'm happy you got the short straw.

[Liam Downward]
Me, too. I don't mind doing podcasts. I actually kind of love it, actually, to be honest.

But it's just with this thing here, we got a lot of podcasts, a lot of people doing them. Everybody wants to talk to Mark, and Mark can't be everywhere. Can't be everywhere.

Can't be everywhere.

[Uncle Marv]
So we'll track him down later.

[Liam Downward]
But I call myself the secret sauce. I'm kind of like the secret ingredients for KFC, right? So I don't have a business card.

They just keep me in closed doors and then bring me out every so often. They're like, oh, that's Liam. I didn't know what Liam looked like, right?

Sounds like an Addams Family thing there. That's why I was going to say this is a podcast. I'm glad because I tell everybody I kind of like to break the ice.

I have a face for radio, okay? And I only have a face that mothers can love, right? That's what I kind of look for.

All right.

[Uncle Marv]
I'm going to let that go and not get in trouble for helping you with that. But thank you very much. That's Liam Downward with Cyrisma, chief product officer, co-founder.

So they have to let you out.

[Liam Downward]
You're part of the reason. Only once in a while. Once in a while, right?

[Uncle Marv]
Thank you much, sir. And thank you all for listening. And we'll be back with more from IT Nation Connect in Orlando, Florida.