Chat Log
00:05:42 Rob Danser: https://trumethods.zendesk.com/hc/en-us/articles/4414335428115-TAM-Allstars-Greatest-Hits-Sept-Dec-2021
00:13:56 Jen Marcenaro: First Friday in a while.....
00:14:05 Dan Seafoot: What's the question exactly? You lost me
00:14:27 Craig Anderson, PCM (Detroit via VT): how to bring the dense content of NIST (etc) into understandable usable standards
00:18:06 Craig Anderson, PCM (Detroit via VT): you can't copy/diverge it (i.e. break the myitp link)?
00:20:15 Bob Tukin: Example of the first few questions on the list.
00:21:29 Craig Anderson, PCM (Detroit via VT): we'll get that in post
00:21:52 Dan Seafoot: We review other Frameworks and build our own Standards Library - Unless a client requests a specific audit or requirement, then we would look into having that done by an External Vendor
00:24:08 Craig Anderson, PCM (Detroit via VT): they'll have a lot of "yeah buts"
00:24:09 Bill Taylor: Does anyone have some type of metric or score to use to indicate where your clients are in terms of their security posture?
00:24:18 Bill Taylor: I'm wondering how people know they're increasing it
00:25:25 Bob Tukin: @bill We pull the data from the checklist I discussed into Brightguage and present to clients at QBRs.
00:25:55 DanielBuchanan: Audits have specific legal implications, I've been told recently.
00:26:12 Craig Anderson, PCM (Detroit via VT): I just focus on myitp standards alignment
00:27:19 IanThomson: Some of our regions compliance rules have not had a published update in 11 years, so we work to be able to answer those requirements but really we expect we need to be 10 steps ahead of what is published, so those CSF and compliance checklists are part of our TAM process, but the core of our regular reviews come from our standards committee
00:27:22 Bob Tukin: Looks like that when presented to clients. They like to see green things. It makes them happy.
00:27:23 Craig Anderson, PCM (Detroit via VT): that might be your problem then :)
00:27:52 Craig Anderson, PCM (Detroit via VT): ahh so the entire msp *IS* the standards committee
00:28:02 Bill Taylor: Factoring in their security score in MITP makes sense, I'm wondering if there are other variables too. Does anyone potentially even test end users at their clients? I know companies do that internally, I feel like if the DMs are onboard it could be a good practice for clients
00:28:54 Neil Murray: To add to a comment that Rob slipped in earlier, we're seeing more and more insurance reviews reinforcing the security topics that we've brought forward in the past. In some places where they've been reluctant, they've been pushed forward in the face of losing insurance coverage.
00:28:58 Rob Danser: https://trumethods.zendesk.com/hc/en-us/articles/4402603229971-June-2021-Unpacking-the-Standards-Committee-
00:29:10 DanielBuchanan: Great videos, I watched it last week
00:29:47 Bob Tukin: I recommend having a person from each department on the standards committee. Works great.
00:30:03 Blake Taravella: Does anyone have any data or feelings about how ticket numbers relate to increased security? Do you feel like you're quieting the noise as you increase security or quite the opposite?
00:30:07 Mike Rigel: @Rob are you going to post that Standards Committee video here?
00:30:27 Rob Danser: Hey mike its above but i got you https://trumethods.zendesk.com/hc/en-us/articles/4402603229971-June-2021-Unpacking-the-Standards-Committee-
00:30:48 Rob Danser: Thanks @Daniel
00:31:05 Neil Murray: @blake, depending on the security change you'll often see a spike in calls until users get used to the new environment / processes.
00:31:24 Bill Taylor: @Bob I agree 100%, perspective is everything. Also, shaking it up if you've done it for a while can be valuable too. Here's a shameless plug to expand on that idea: https://trumethods.zendesk.com/hc/en-us/community/posts/4413383829395-New-Year-New-Standards
00:31:25 Jason Montville: Standards committees and keeping them updated was a big soapbox for me last year … the last MSP I worked for had a good system going, and between staff turn over and COVID changes, we fell off right when we needed to be the most focused on keeping things updated with changes.
00:33:24 Craig Anderson, PCM (Detroit via VT): having somebody to own/lead/chair/spearhead/champion the standards committee is really critical IMNSHO
00:33:54 Jason Montville: Agreed!
00:34:45 Dan Seafoot: Yes.
00:34:58 Blake Taravella: I believe it is both for us, front loaded spikes that settle and then an overall increase in numbers to a lesser degree.
00:35:46 Erin O'Donnell: Agreed, Blake
00:38:55 Craig Anderson, PCM (Detroit via VT): you almost have to reset your baseline if that's common
00:41:34 Blake Taravella: We use to focus heavily on the half ticket per user per month numbers and we were typically close to if not on those numbers leading into/up to 2019 or so. As we've increased security since, we're probably around 1-1.5 tickets per user per month. Curious as to if the half ticket per user per month numbers are still a realistic goal as security has changed the tech world.
00:43:19 Bill Taylor: From a business standpoint, you have to be below .5 so it's about figuring out how to regulate it with tools (centralized services/automation) & alignment
00:43:50 Dan Seafoot: that was awesome! @Erin!
00:44:18 Erin O'Donnell: Thank you. I've missed you guys!
00:45:09 Bob Tukin: Sometimes I have to remind my clients that I’m their partner and that I don’t make any commission from selling them anything. If I make a recommendation, it means I think it’s the right fit, not because I want to sell something.
00:45:20 Peter - Yardstick Technologies: 100%!!!
00:45:55 Blake Taravella: curious as to how many of you deliver quotes or do you have a design desk deliver them on the company's behalf
00:45:57 Peter - Yardstick Technologies: Erin just hit the number one struggle
00:46:12 Jeff Solheim: Hardest thing i had to do was start telling people that I don't know something, but that I have techs who support me to take care of it.
00:46:27 Jennifer Berry: @blake we do both, small quotes go through our procurement specialist and he sends them, more complex quotes, the vCIO does them
00:46:32 Erin O'Donnell: I wish I had someone to deliver my quotes, that's the most tedious part of the job. We aren't big enough for a design desk though.
00:46:42 Bill Taylor: This is from the sales track but is 100% transferrable to the vCIO role: https://members.trumethods.com/step/understanding-your-prospects-business-3/
00:46:46 Jennifer Berry: Design desk writes the SOW , but the vCIO writes up the quote
00:46:58 Isaac Grover: @Ian - thank you for mentioning OML. That's such an underrated metric when determining client "fit".
00:47:00 Bob Tukin: @ Blake We work with client to get the right solution, then sent it up to the sales engineer. Then he sends it back to me for final approval before going to the client.
00:47:11 Erin O'Donnell: That link from @Bill Taylor is clutch, guys.
00:48:03 Craig Anderson, PCM (Detroit via VT): That moment when you start telling your friends and family you work for the post office instead of admitting you're in IT
00:48:41 Erin O'Donnell: 😂
00:48:53 Craig Anderson, PCM (Detroit via VT): get them to give you tours (if they have like a plant or a facility)
00:49:05 Erin O'Donnell: It's basically a black site. I just tell people I work at a black site. In my jammies
00:49:56 Dan Seafoot: good job Brad :)
00:50:15 Rob Danser: https://en.wikipedia.org/wiki/Business_Model_Canvas
00:50:56 Craig Anderson, PCM (Detroit via VT): anybody want to talk about clients that don't take our advice? ;)
00:51:09 Jennifer Berry: I don't think that's a quick question :)
00:51:15 Bob Tukin: Not a good fit. Get rid of them.
00:51:16 Bill Taylor: 2 words. well said, Erin :)
00:51:22 Peter - Yardstick Technologies: second that
00:51:38 Blake Taravella: what about the opposite, does anyone have any clients that are fully aligned...what to talk about with them then
00:51:46 Peter - Yardstick Technologies: they'll be happier, you'll be happier. OR maybe you like hairshirts...
00:52:03 Blake Taravella: retirement plans?
00:52:05 Craig Anderson, PCM (Detroit via VT): agree 100%
00:52:12 Craig Anderson, PCM (Detroit via VT): then you are in talking about the business
00:52:26 Bill Taylor: They're probably acquiring other businesses at that point, and then things get even more complicated
00:52:28 Dan Seafoot: Evolving your Standards - for clients that have reached their peak
00:52:39 Erin O'Donnell: we do ours every 4-6 months
00:53:03 JimMarable: I'm new to the group but would be interested in hearing about the top strategic initiative for 2022 from the members? We are trying to get past the Core and Security solutions and move into Productivity with the clients.
00:53:30 Erin O'Donnell: E👏X👏A👏C👏T👏L👏Y
00:53:36 Blake Taravella: awesome
00:53:46 IanThomson: and you need to be involved so you can talk with clients on why these standards are important
00:54:52 Isaac Grover: @Erin - we upgraded our last SBS2011 server last year. LOL
00:54:54 Blake Taravella: Cloud and DR focused solutions, thanks Hurricane Ida
00:55:22 Erin O'Donnell: Oh my goodness @Isaac.....it's about time!
00:55:54 Blake Taravella: Cyber liability insurance
00:56:02 Lee Wegener: Hate to admit it, but I am struggling to sunset 2008 R2 in a couple places
00:56:14 Jennifer Berry: Cyber Insurance is one for us too
00:56:18 Michael Sylvester: We did a SBS2011 last month as well. 😱
00:56:23 Bob Tukin: @Lee start charging for any work performed on outdated OS. Worked for me.
00:56:39 Lee Wegener: 👍
00:56:45 Craig Anderson, PCM (Detroit via VT): we've got a couple server stragglers here and there , even one 2k3 server, but we are continuing the put same pressure on these and they arefew and far between
00:56:55 Isaac Grover: Is anyone here requiring cyber insurance for their clients yet, or is the general consensus still a strong recommendation?
00:57:09 Jennifer Berry: strong recommendation for us
00:57:19 Craig Anderson, PCM (Detroit via VT): strong strong rec for cyber indsurance, toying with taking that more strict
00:57:23 Dan Seafoot: Migrating away form Terminal Servers to WVD where applicable. We used to host a datacenter - but slowing moving it all into Azure.
00:57:23 Blake Taravella: strong recommendation
00:57:57 Neil Murray: We're seeing our clients standard business insurance companies enforcing cyber security as part of their standard coverage. So it's not just coming from us.
00:57:57 Jason Culotta: Same here. It helps us sell more security services because cyber insurance is starting to require it
00:58:18 Dan Seafoot: We're reviewing all Insurance for our clients and reporting the risk they have with a basic commercial insurance VS cyberinsurance
00:58:25 Craig Anderson, PCM (Detroit via VT): I have a lot of clients I' have been taking serverless where possible If their LOB app has a cloud offering then we are going 365: file shares in Teams/OneDrive, computers in AzureAD/inTune, mail in 365 of course, and so on
00:58:28 J.Mac Brown: Cyber is a Standard to check for and we get a copy of their current policy and doc. In IT Glue
00:58:40 Craig Anderson, PCM (Detroit via VT): no servers.. either on-prem or in cloud
00:59:05 Bob Tukin: 100% Agree with Craig.