ERP113 - Cybersecurity Hype Cycle: Tools, Trends, and Realities

Take cable industry, right? People got so tired of the cable Empire. They got so tired of paying 90, $120 a month and you barely watch any of those channels. It's got to be a better way. So they cut cable, they get over the air, and then all of a sudden these streaming piracy takes off. And then you start to see these individual bundles. Oh, now I can just get Netflix, I can get Disney Plus, I can get whatever. Well, that sounds great until I was looking at my bill the other day, I'm paying for Netflix, Disney Plus, YouTube TV, uh two or three others. I'm now paying the same amount I was paying when I had everything bundled. Right? So so we go through these ebbs and flows of the market naturally. So what's happening right now in the MSP space? Let's take a look. What is every MSP on earth saying? I have too many security tools. I walk through the vendor hall and I see a sea of them. I want one vendor to do more. Welcome to Evolved Radio, where we explore the evolution of business and technology. I'm your host, Todd Kane. This episode is brought to you by Evolve Management training courses, a whole series of courses built specifically for your MSP training needs. There's a project management for MSP's course, an MSP service manager boot camp, MSP security fundamentals and an IT documentation done right course. Check out the full suite of courses at training.evolvedmt.com. Or look for a link in the show notes. Welcome to another episode of the Evolved Radio podcast. Today, we have an insightful discussion lined up with cyber security expert West Spencer. We explore the critical need for governance and how cyber insurance is a catalyst for improved security practices in small business. We also touch on the hype cycle of the cyber security industry and the need to move beyond a tool-centric focus. We also discuss strategies for protecting our kids in the digital age from screen time limits to open conversations about social media. Finally, we chat about the influence of private equity in the MSP market and if it's a net negative or a positive. Wes is a bright mind in our industry and is also willing to speak honestly and openly. I really enjoyed this conversation. I'm sure you will too. Let's dive in. Wes, welcome to the Evolved Radio podcast. Hey Todd, thanks for having me. So it's a busy day in the security industry. For when this gets posted, today is, what is it? It is July 19th and most of the security and IT world is having a awful, awful morning. uh because of a massive outage from Crowdstrike. And you have a a great background in security. So I I did want to get your perspective on maybe a good way to to relay this is I saw the news this morning. I was sitting there drinking coffee with my wife on the on the other chair and I kind of said to her like, oh my god, like it's a really bad day in the IT world. Airlines are grounded. Microsoft is blue screening all over the place. People are panicking, all kinds of busy work going on. And her response was like, how can one company affect so many things? So, uh you want to give us your perspective, I guess on the the current state of events and, you know, maybe answering that question. Like, how can one company create such a concentrated effect on the industry? And you know what's wild Todd, is there's many one companies that can do this same, have the same. It's absolutely mindbogglingly wild how many single points of failure uh the IT world has set up. I'll have to share with you an XKCD graphic that um had come out years ago. You may have seen it, but if you want to put it in the show notes, it's sort of like it shows like all of this amazing architecture and engineering that's been built, very complex stuff. And then at the very bottom of this this complex set is one tiny little pillar that's like some open source, you know, code-based library that a single developer has maintained since like 19, you know, 97 or whatever. And I know it's a joke, but it's awfully true. You know, so so we'll see what comes out in all of the news, you know, after today's news drops, right? So we're kind of talking now with what we know. But it's wild to think when I start getting text messages from my sister-in-law who leads a medical practice out of Louisville for a very large health insurance and she's like, I can't work. This crowd strike things. I mean, when I see those kind of folks that are non-technical texting me about their work being interrupted, it's wild. But Todd, we've seen this happen over and over and over again, haven't we? And it's in different areas. You see a single company that has a systemic supply chain effect. For example, like when colonial pipeline was hit and they shut down their gas pipelines. You see maybe a healthcare org and like change and they get hit and now you have loss of life. You have, you know, again, a single software provider like Crowdstrike, super reputable. They have one issue in their code base and they deploy and it blue screens all these machines everywhere. It's absolutely mind-boggling how many single points of failure we really have. Yeah. And what about sort of the the maturity of the industry? Like if enterprise can have such a bad day, I don't know what the material impacts for most of sort of the MSPs. I I've chatted with a couple of people. Crowdstrike, I would say is not a particularly pervasive platform that's used in sort of the SMB and mid-market space. It is definitely more enterprise, I suppose. But, you know, the state of security and the expectations of security profile seem almost intangible or out of reach, right? Like if this is sort of the hallmark of the industry that we're supposed to be striving for, and most people are not even close to this, but even that seems kind of broken, I suppose. It is broke. I mean, there's a and there's a lot of reasons for this, right? So I come out of enterprise. I came out of uh banking and finance. And so so I cut my teeth there and then in education, both very large orgs. And and what I've seen is there there's certainly a MSPs are are a little um fortunate, lucky, whatever you want to call it at this point because you're right. Crowdstrike is extremely prevalent in the enterprise space and not very well used down market. And in Crowdstrike, let me let me just make this really clear. Great product. I would say one of the top two or three, maybe the number one product on the market. So it's not a it's not a shotty product. It's just they have not come down well into the market. So MSPs consider yourselves lucky. But the same thing could have happened with a Sentinel One or any other type of tool that's so well hooked into the operating system. And and I'm just, you know, I I I will tell you this, Todd, coming out of enterprise, I hear from MSPs a lot where they sort of look up to their larger brethren and say, oh wow, you know, enterprise must be super mature. I'm telling you, I I talk to my enterprise security friends and just enterprise IT friends weekly. And they will tell me just how broken their org is. Just how wrong things really are. And and there's a lot of reasons for that. We can unpack some of that, but I'll just say this, security is really broken. We're not doing it well. We've never done it well. And it's just a challenge for us that I think um supersedes maybe we're just immature when you look that security is really kind of an offshoot of IT. It's a it's a young new industry. Um but we're not doing it well and never really have. Well, I think my perspective is part of that is the approach that we take around this, especially in SMB and midmarket is very tool-centric, right? Like that uh tools will will will save us all. Um and I think we we lack sort of the governance muscle that actually makes all of these things a lot more practical. And it's like that's not a knock on the tools. Like there's a lot of platforms that do amazing things. But that's not the be all and end all of the process. And it kind of reminds me of like the early days of of the security sort of gold rush, right? Where uh MSPs, I would talk to some owner of an MSP and they would say, we're going to buy X and X and Y platform and we're going to pivot our company to be an MSP. And I would always bristle at the comment being like, like, okay, do you actually kind of know what you're getting into here? Because the skill set, the frameworks, the approach to this is so fundamentally different from what your current skill sets are. That this is not just sort of layer this thing on, it's an additional service that we offer. It is kind of a foundationally different style of business. And I think maybe people are getting stuck between that of thinking like, you know, all of these great things that we can now offer and security is an expectation. But, you know, are we actually fit to to do these things and implement them the right way so that it it provides maximum value and maximum safety, I guess, right? You nailed it. Um and I want to come back to what you led in with there is, you know, give me a law library doesn't make me a lawyer. Give me a cat scanning machine and unlimited access to a pharmacy doesn't make me a doctor. Both of those industries in particular have seen such prevalence of importance in what they do that we have to license that and we have to say there's a minimum standard. And there's an education minimum and there's a testing component that comes in. At what point do we finally say with security, I'm just done with the fast and loose. I'm I'm a security person because I say I'm a security person. When we have loss of life at the hands of security, when we have global systemic outages costing billions of dollars. At what point do we say, why is security not treated in that same way? Why is there not a license? Why is there not some sort of state, at least here in the states, some state-level requirement in order to become a cyber practitioner? At what point does that happen? You know, and and I've heard all my buddies, Matt Lee and a lot of other friends are equally clamoring for some type of barrier to entry. I I think a lot of folks want that. A lot of folks of course would be very scared for that. Could we even do it correctly? But yeah, I think the governance angle that you attacked is exactly right. Like anyone can go deploy great tools. I can stick you in a cat scanner. I have no idea what that means. Right? And so I think we we do lack that capability. I can push a button. I can push a button. I've chatted with people in the past about uh like Dave Sobel talks about this a fair bit about the sort of the the the coming regulation that may uh arrive in the industry. And I think we have to assume that that will probably show up in the enterprise space, right? First, um and I think that's a lot more practical. But I think the actual, you know, one of the parts that that makes this difficult is the average uh SMB accounting firm or small manufacturing or, you know, uh a retail space or whatever it is. Like they don't know enough about this to be able to judge the capabilities of whoever they're uh assigning as a partner for their IT needs. Uh but to actually regulate the SMB space, I think is near impossible in a lot of ways, right? So I I don't like I agree with you. Um there should be some type of checks and balance of uh you know, uh what does a cyber practitioner look like and how are they licensed for for that matter, but to apply that across sort of the MSP space, I think would be detrimental at sort of best. Um and could be actually really damaging in a lot of ways, right? I think we would end up with a crisis of resource availability to actually provide these things to the people that need it, right? Yep, and I think because of that reason or maybe other reasons, but I I think you're right on that prediction of like, I don't think it's going to happen that way. Or if it does, it comes way after what what I'm about to say. What we're already seeing happening is industries sort of waking up and those that are already self-regulating as an industry. So, for example, take um, you know, what does it mean to be a a law firm, like we talked about before, how do I get through the bar exam, right? Um or other industries, you look at FTC safeguards for, you know, treating anyone who deals in financing, they now have a cyber security minimum. FTC has forced this. And so I think what we're going to start to see is more and more requirements to say, if you're going to be in this industry, you must be this tall to ride the ride, right? From a cyber perspective. And then what I think will follow on, and FTC safeguards is a great example of this. This is why I mentioned it. It mentions, it talks, one of the very first things it talks about is who is a qualified individual to run your security program. Before you talk about what you have to do, designate someone. And then they say, you can have a third party be your qualified individual, but you own the risk and they have to show to you that they are qualified. Now, that's where it gets sticky. But my point is, I think we're going to see more and more of that to say, we recognize MSPs exist, we have no problems with MSPs playing in our industry, but you better prove that you're this tall to ride, so to speak. And I think that is not a bad way to go because then it still lets MSPs do what MSPs do, but now you'll just say certain MSPs are just not a good fit for this particular industry. The burden to scale, the capabilities and cost of governance, their inability to handle, it's just not for them. That's okay. Maybe they can grow into it one day, but we now have a class of MSPs that can actually handle this. I don't think that's a bad thing that rewards those that build towards governance and build towards good security maturity. And it still leaves room for others that, you know, that's just not their world and they want to focus on nonprofits or coffee shops or whatever. I I think that's okay. The other angle that I think will will push the needle much further is just cyber insurance, right? Cyber insurance coming in saying, hey, look, if you want coverage, you're going to have to prove to us you're doing these things. No longer just checking a bunch of boxes, but let's actually demonstrate it in some certain way. And and I support all of that. And the last thing I'll say, I'm being wordy. Um last thing I'll say is I like what Comptia is doing. I think Comptia sees this as well and with them coming out with trust mark, you know, they're not trying to reinvent the security governance wheel. They're just saying what's already out there. Now let's build a framework for it that applies to MSPs and then let's have an assessment over top to watch over it. And I think if that comes in in force, that can be a differentiator as well because then you can have others like cyber insurance lean on that and say, you can provide to me a trust mark certification, we're good to go. That shows me that I have I've seen out of you the maturity I want. Yeah, I agree. Like that that actually makes a lot more sense. You've kind of convinced me that this is a practical roll out in that sense. And I think kind of it hinging on whether or not you can get cyber insurance is a is a really good sort of demark around this. That because there has to be a forcing function that allows organizations to justify the spend that's necessary for that level of governance and skill set and that's that's sort of the big piece of this. Because quite frankly, like it's not that these things are hard, right? Like it's not difficult. It's just it is like I said, it's a different skill set and requires a level of diligence and process that isn't inherent to the MSP business model. Because most MSPs are so reactive to spend that time in a proactive cycle of doing governance just doesn't come naturally to the org. But I think you're right. Like it's adaptable. You can do that. It's like I said, it's not hard to do it. You just sort of need like uh some some some pats on the bum and push people forward into uh to getting into that space and adopting those methodologies, right? Yeah, it's it's well said. And and I'll say the same thing has happened in the in like large enterprise. That that exact rationale is what's forced them to do the same thing. I've never met a board or a CEO that's like, yay, cyber. Let's just find ways to spend more money, right? Like it always has to be the teeth of regulation that scares us and mandates or some other driver like cyber insurance that says we're not eligible to go and get this new contract because they require us to have cyber and we don't have it. Cyber insurance. So yeah, there has to be, let's be honest, right? No one as a cyber person, no one gets excited about what we do. No one wants to spend the money. And and nor should they. I can't fault them for that. There has to be a driver that pushes them into it. So I completely agree. Yeah. Okay, so I mean that kind of lends well to something else I wanted to talk to you about and I recognize sort of the sensitivity of of of the next topic I'll get into here. You know, you you've been a part of uh cyber security companies and and software platforms. I think you you still support and potentially are investors in other platforms. But I I also appreciate that you're also very open and transparent and honest about your opinions about the industry. So I'm I'm interested to sort of see your take on this that uh one I wanted to bring up is what I see is sort of the security hype cycle, right? So people are not familiar, there's the Gartner hype cycle of, you know, that everything's like amazing, it'll be it'll change the way that everything works and then there's the trough of disillusionment and then there's sort of this plateau where it actually becomes uh sort of applicable and has real world uh use cases. And I think what I've seen sort of through the industry. You know, you go to trade conferences and things like that, there was a period where like everybody was an antivirus vendor, like every booth was an antivirus vendor. And then there was also a period where everyone was a storage vendor, right? And now like you go to conferences and I would say 80% of the booths there are security vendors. And you know, as a as a person in the MSP industry and having this podcast, probably three times a month I get reached out to by some security software or security platform. And the first question I ask is like, how are you differentiated from your peers? And most people have a tough time sort of giving me a tangible answer for that. And I I'm just feeling a bit burnt out on I recognize the importance and the continued importance of security. But I also feel like we've been fire hosed with so much stuff around cyber security in the MSP space. I'm feeling a little burnt out around like the hype cycle around this of of just sort of like, eh, is what we have good enough? And like how do people sort of look at this and say, I have some type of cyber security profile. I've got some decent tools. How would I be able to know or justify if I need something better, right? Like it's it's kind of like it's not really a question, I suppose. It's more just sort of a I'm I'm positing this to get your input on on sort of how I'm thinking about this, I think. There's a lot to say here and there's a lot of hot takes I think come into all of this. So maybe we'll just kind of split this into pieces of a conversation and we'll take with it where it goes. The litmus test that you're right on what you just said is the number one question that MSPs ask is what's in your security stack, right? At least that they ask me, maybe confirmation bias, right? But what's in there? Because there's this there's this message behind the scenes to that of, well, maybe what I have isn't good enough. And so if there's a worry in the market that the tools I have are not good enough, and that if I can just get better tools, then that goes and pushes the market to say, well, I can build a better tool. And if I can go grab market share by building a better tool, off I go. Now, there is some truth to that, right? Like in the old days, I was talking to Eric Woddard, um, Protech out of Utah, great MSP. And he said, you know, in the old days in 2012, you know, our security was like, you know, a BDR and some antivirus. That's it. That's all we had to have. So I fully agree there's a huge difference between Symantec and then the players we have today. Like no question. It's a better stack, no question. But but the difference is is there that much of a needle mover between that and what's coming out, right? And I say this as an investor in the MSP space, as a vendor partner, as a vendor myself. So I think you're absolutely on to something. I think it's important that we do recognize that in many ways, we are in the middle of probably coming up to the very top of a hype cycle. Do I think all of the vendors that we see in this swath of vendor hall will will all survive? Probably not. Now, interestingly, we don't see a ton of vendors like totally just go bankrupt and fail. A lot of them, you know, if you survive long enough, you'll get some kind of buy out and it really is not it's more of an aqua hire, right? It's more of a we're bringing this vendor on to grab their book of business and maybe a couple people there that are just really, really great, but it's not moving the needle in terms of innovation, right? So I mean, I agree. I think there's some we have to recognize this. The other litmus test I wanted to point to is one day when we have better insights into cyber incidents and we have the mandate of sharing cyber incident data better. I think one of the predictions I'm going to make is that it's very rarely a tool failure. Now, tools might be involved. But how often do we have a tool report and no one does someone does the wrong thing? A tool could report and no one's watching it. A tool was misconfigured and out of its configured baseline standard. So I think MSPs have got to wake up to stop chasing the shiny new tool thinking that will be your salvation. And understand that maybe your stack is good enough, you just need to focus on yourself, you need to focus on your team, you need to focus on better governance, you need to focus on, you know, wrapping good security maturity and following security frameworks and doing best practice and maybe there is room to move a tool here and there, but tools are not your salvation. Yeah, it just doesn't feel as sexy though, Wes, right? It's not. Yeah. There's very little that sells, right? Right. Yeah. The other litmus test is how often I as a security person will sometimes walk on not sometimes, often, walk into a vendor hall and I get confused. I don't know what that vendor does. Their their marketing doesn't make sense. And then I talk to them and I'm like, I'm really struggling with what exactly you do here. Can we point specifically to what this is? Again, I'm just continuing to use analogies. What if I went to a doctor, you know, and instead of talking about actually like diagnosis and referring out to like actual diagnostic practices and then getting to potential working diagnosis and symptoms to delivery. They come to me and they say, you know, well this medicine over here is the leading XYZ and here's all the buzz words around why this is so great and if you were to use the like like almost like health like here in the US we have these like commercials for medicines, which I think is just horrible. We should kill that. But imagine that's how doctors acted. You you'd have no confidence in them. And and I think that's why we have a lot of wrapped up marketing in cyber that doesn't make a lot of sense and is full of buzz words and blank and empty promises that can never be backed up because we don't know a better way to do it. So, throw something out there wild because it's a it's a it's a red ocean out there and we better chomp hard to get some some business. Yeah, just sort of land grabs at this point really, right? Maybe maybe that is a good indication of the hype cycle is like there's there's there's a sort of flood in the zone and and people are just sort of grabbing opportunity. And again, like that's not a criticism of of the platforms because as you said, like the tools are almost never the failure, right? Like these things generally do what they say, but you know, are again, are they differentiated from what you're currently doing or what sort of the other three booths next to them are, right? Yeah, what are the top three security products in the market right now? I'll just I I don't know if you're okay, you clip me out if I can't say this, right? But in my mind, let's say top five, three of the top five that come immediately to mind, there's probably many others, but Huntress, Black Point, Sentinel One, just three examples that come to my mind. All three are phenomenal. Great products. Right? Great products. So I don't know, does it mean that there's not room for someone else to compete? Of course not. This is this is the world we live in. It's capitalism. Go compete. Go go create a better product. Great. But but I'm absolutely with you. We're finally in a stage where we have great maturity. The question is, are you using those tools to their full potential? The other thing I wanted to say about hype cycles, and I think we had talked about this before, um Jim Barksdale made this awesome quote way back in the 90s. He was one of the creators of Netscape navigator, the old one of those old browsers. He said there's only two ways to make money in this world, bundling and unbundling. This idea of take cable industry, right? People got so tired of the cable Empire. They got so tired of paying 90, $120 a month and you barely watch any of those channels. It's got to be a better way. So they cut cable, they get over the air, and then all of a sudden these streaming piracy takes off. And then you start to see these individual bundles. Oh, now I can just get Netflix, I can get Disney Plus, I can get whatever. Well, that sounds great until I was looking at my bill the other day, I'm paying for Netflix, Disney Plus, YouTube TV, uh two or three others. I'm now paying the same amount I was paying when I had everything bundled. Right? So so we go through these ebbs and flows of the market naturally. So what's happening right now in the MSP space? Let's take a look. What is every MSP on earth saying? I have too many security tools. I walk through the vendor hall and I see a sea of them. I want one vendor to do more. And we're seeing this. We're seeing this with security acquisitions. We're seeing this with MSPs coming into the market and you know they're an MSP because on their board and there's nothing wrong with this. Come MSPs. I'm glad you're here. But you'll know they're an MSP because they have a whole list of 25 things they do and they're going to say consolidate with us, right? Now, you compare that to the IT industry, what's everyone saying? I'm tired of evil empires. I'm trying to bifurcate and split out all of my IT. I want to unbundle this. And so there will be a day when this will flip again. And all of a sudden we're going to say, I think I need to unbundle security. I'm just scared of having all my eggs in this one basket that's legacy and whatever. So let's just understand moods of the market too that are pushing us. And I think if we can recognize that, that doesn't mean that we move against the market. We maybe we still go with it, but we just understand what's happening around us and we're making educated and informed decisions. Yeah, I think that's really smart. The sort of the bundling of security suites and and consolidation of some of the vendors. I think we're kind of ripe for that. Uh for all the reasons that you listed. So, yeah, I I I think that that's uh uh high time and and probably in the in the current sort of market is will be a benefit, right? Um and as you said, there will come a time where the unbundling will also make just as much sense. So, that's interesting. You mentioned Disney Plus. You know, many parents will be familiar with uh the the necessity of having having Disney Plus. One of the other things that we wanted to talk about here is security for kids. And I'll get into this and I'll preface this with I am not shaming anyone for how you parent. Parenting like there's a famous quote, there's no impossible job in the world except parenting. Uh so everyone's out there doing their best. I'm not shaming or judging anybody. But as a parent who now has some preteen or some tween kids, I am constantly mystified and a little shocked by the lack of uh screen time or parental controls that that people put on their kids' phones. Never mind like giving a seven-year-old a phone, like sure, maybe, okay. But, you know, uh giving a seven-year-old a an unrestricted phone that has ungated access to the internet. Like maybe people don't realize all the things that are on the internet. I am a person who has grown up on the internet and I know that I would not give my kid unregulated, unobserved access to to things on the internet. But recognizing like it's also really difficult, you know, like like how do you actually regulate your kids' use of devices? Not only so that they don't get into trouble of what they're doing online, the things that they may see, but also the safety interactions of of what they bump into, potentially people that they'll meet, those sorts of things. I know you're a parent as well. I'd love to sort of as a security focused person, I'd love to get sort of your take and your thoughts on security for kids. Yeah, I'm with you. I I agree with your preface and I'll give my own preface. This is just my opinion, right? I am a father and I'm a husband and I have kids and this is just my opinion. So take it for what little it is worth. And I fully am with you. Each parent is going to parent the way that they see is right and I fully support that, right? So now that I've said those things, and so I'm not dictating to anybody. I'm not telling you what to do here, right? But let me just start with this. We struggle with the same thing everyone else struggles. I run into these conversation literally last week, um my wife said, you know, one of her friends says, can they chat with you because they know you're a cyber person and they're struggling with devices and all this stuff. I'm like, absolutely. But the thing I always tell people is we don't have this down pat in my house. Like we don't have this perfect. We are constantly figuring this out and re-evaluating and coming back and saying, does that make sense? Whoops, maybe we could have done this better, right? So I I just want everyone to know this is not a high horse that West is speaking from. This is something I struggle just like anyone else listening. But let's recognize what you said. This is a first generation of digital native kids that have grown up not just with the internet, not just with access to anything they may want to know, which is a wonderful, powerful thing, but also devices right in their hands. And I have seen with children, they just don't fully understand. They're they're struggling to understand and learn what's real, what's not. They're struggling because they're getting things pushed in front of them that they're far too early for. There's a guy on Instagram, I'll have to look at him up. I can give you him to in the show notes. He did a TED talk. I found out about him this way. And basically what he does is he lets kids DM him in uh like after they've grown up, DM him their like their stories of like what it was like as a kid going because we're just now learning some of these things. And some of the things the kids say are just heartbreaking, right? Like my parents gave me a phone and just no protections on it at all. And here I am staying up till 3:00 a.m. and I'm watching like these gruesome like murder things or whatever and you're just like like no kid is like, I'm going to go find that. But one thing leads to another and when there's no gates, I mean, think about it, like they're we we naturally protect our children from certain things that just not ready for. And one of the things we tell our kids is the internet doesn't know who you are. The internet doesn't care about you. And so because of that, it's going to be just giving you unfiltered tons of stuff that it is you children are not always ready for. And so I just think for us for it it's less about censoring, although we censor in our household. It's more about where are they at and what are they age appropriate for, right? And so some things take social media as a great example. And there's some things that I think as my children grow, I can say more and more and more, but I want to protect my own kids too. But I'll just say, you know, just in general, social media, I think is a thing I'm much more concerned about than anything else. Because what does social media convey? An image. Right. And we as adults, we're not good at handling the reality of the image versus what's happening in truth. But children even worse, right? So you see these Instagram influencers, everything's wonderful, everything's peachy keen, everything's beautiful. Nothing could possibly be wrong. And what does a kid see? I want that. I don't have that. Why is my reality not that? The truth is theirs isn't either, but they're just showing you an image that they want you to see for their own benefit. And so what does that cause? It causes jealousy and unhappiness and unfulfillment. And I have seen this Todd with my own kids. It's like Gollum in the ring. We have struggled with that recently and I I just I won't share all the stories, but we struggled with that recently with one of our our kids and we recognized where it came from. We ripped some of that out and we had a great conversation and my child agreed and said the same thing like I'm struggling with this too. So we did sort of a freeze and all of a sudden it was like Gollum's ring was gone, right? Like all of a sudden happiness comes back in and fulfillment and we talk to our child and our child said, I feel better now. I'm happier now that this is gone. And like it broke my heart that we had to go through this. But it was a wonderful thing to have gone through so that we all recognize there needs to be some limits for our kids. And I think I'll just say this, you're never going to know some of that until you learn to have a conversation with your children on it, right? It's not about being the NSA over your kids. It's about having a great conversation with them on what they're seeing and what's going on and, you know, all that kind of stuff. And just recognize it's hard. It's really hard. Yeah. Yeah, I think uh some basic controls and I think you're right, like the conversations about this, I think are a lot more powerful, right? Like the first time I heard about this that made a ton of sense is like setting screen time limits. Like how much time should you be allowed to spend on a device? And like we set screen time limits and they often get more than that, but there's sort of a base standard. And the way that we went about this was just having a conversation with the kids of like, how much time do you think is appropriate, right? And it's amazing when you have those conversations, they're actually pretty smart and rational about this. It's not like they say, oh, I want 10 hours of screen time. They're like, hmm, I don't know, like three. And you're like, how about two? Is that makes sense, right? Like you're kind of negotiating, but they're they're a lot more aware and and I think constructive in in the in the discussions around these. And being able to have those open transparent conversations of like, I came across something on the internet that is a little wild, a little freaky. Uh I I like I need to somebody to talk to about this. if you have sort of laid the groundwork for that, I think that that is also really, really powerful. The other part that I I think uh I think about on this is uh like I have I have two girls and a boy and the difference of the impact on social media is something that I think a lot about, right? I would be much more worried about my boy when he's older finding things and just sort of searching for things that are not age appropriate. I for some reason I'm less sort of concerned about that with the girls because uh just sort of the seeking mentality and more concerned about the fact that girls are bullied socially and boys are generally bullied physically. So you need to be in the physical world to suffer the negative effects of the things that come with sort of the social upbringing and and the slings and arrows that you'll get as a as a kid growing up. Whereas that stuff follows girls everywhere. Also, the fact that like there there's no sort of unilateral disarmament here either. Right? Because if you pull them off social media, then they're potentially ostracized and that's not good either. And you can't convince all of the other parents to pull their kids off of social media at the same time. And there's some sort of initiatives around this that are rising up. But like this is why this is so hard for kids and so hard for parents, right? Is like like how do I sort of like position this with my kids when, you know, say for example, like I don't want my kids to have access to Tik Tok. I want to agree to have them install it. But when their friends are over with their unrestricted phones, they're out there sitting on the trampoline watching Tik Tok. How can I control that, right? So it's really difficult all the inputs and and sort of outside uh restrictions and inputs that you get as a parent with you know, the kids having their friends with different access to different stuff, right? It's wild. Yep. Yep. And and this is why I think so much of it comes back to those conversations. So we have the same, right? My kids, maybe one of them one of mine was asking about Pinterest. Can I have Pinterest, right? And so let's talk about that, right? I don't know the answer. Let's go, let's discuss, let's research. What are what are you interested for? And it takes a lot of there I agree. Everything you said, I fully agree with. And and I think we have to have those conversations too of like this idea of being a hermit and, you know, just being a, you know, techno, whatever you call it, the opposite of a technophile, like completely away from all of it, a Luddite is not going to happen. Kids are going to be exposed to things. No matter how hard you try to protect your own child, the reality is if they're in this world, they're going to see things that they may not be prepared for from a friend's device or whatever it may be. And so we recognize that. So one of the conversations we have with our kids all the time is, hey, you may have not all the time, but an often enough is you probably have seen some things that may have shocked you or you were surprised by. You don't necessarily have to talk to us about that, but just know you always can. And you're never in trouble for those things. Never, never, never. We we never. We we appreciate your honesty and the ability to know you have an open door to chat with us about. Sometimes I have to prod it a little bit, right? And it's awkward. Sometimes they don't want to talk about it. That's fine. But just knowing that we're the kind of parents that like we know that this is a reality around us. We've accepted that and we're going to talk about it. We're going to have conversations around this is just so important for your kids. You know, instead of feeling like they did something horrible and they got to keep it a deep dark secret. The kids shouldn't have to feel like that, right? And so, yep, I'm with you. Uh completely with you. It's a hard, hard thing. It's not solved in this conversation. But I think the big takeaway for people listening today is take it serious, even if you're a grandparent, right? You know, and you've got your own grandkids. Take it seriously, understand that this is a a wild world. We're all new into this. We're all trying to figure it out and but we got to put some standards in. We got to assess and figure out what those standards should be. And then we have to have conversations around that constantly because this is difficult stuff. Yeah, agreed. So, uh another thing that that you have some uh maybe some experience with, certainly, I know you have opinions on this is uh what we're seeing a lot of in the MSP industry is influence from private equity. And we've seen certainly certainly over the last five years, but you know, as long as sort of like eight or 10 years that private equity has been uh sort of become this wave over the MSP industry. Both on the vendor side, but also more so now on the on the MSP uh services side. where we're seeing a lot of these consolidation efforts and, you know, we're we're sort of getting to the stage where some of the older guard, people that have been running a business for 20, 30 years are looking to exit. And private equity makes a lot of sense for that. But there's also a lot of sort of negative influences that I find as a result of sort of this gold rush of private equity money flowing in. From a vendor perspective, you know, do they actually care and understand about the products? Do they just sort of view this as a banker and, you know, as long as it works out on the spreadsheets, we're fine with this. And on same thing on the services side, you know, I've seen a lot of organizations that get absorbed by PE and there's there is just this pervasive attitude of more, more, more, growth, we have to grow, we have to cut costs and, you know, that can have a really negative impact. And I heard this this uh person talking about private equity in in not in the MSP space and the person asked him, you know, is private equity a good thing? And he said, well, it depends who who are you asking for? And he said, you know, if you're say uh a dentist trying to sell your practice and, you know, the the partner that you bring in doesn't have the sufficient capital to be able to acquire your business and take on that legacy, then yeah, private equity acts as a great bridge. Now, if you're a customer of that that group and that clinic that gets absorbed by a private equity, maybe you're having not such a great time. And I felt like that was just sort of like what I tend to see in this market. And granted, not all PE groups are the are the same. So I'm not painting this with a broad brush. But there is definitely these pockets of private equity groups that are are really just sort of bankers that are the pursuit of more cash and good cash flow and don't have a lot of sensitivity or care about the products or the services that those entities they're buying have, right? Yeah, it's true. I think that's a great insight. We're starting to see more and more of this. And I know a lot of folks just want to knee jerk and like you said, just all PE is bad. Not necessarily true. My experience, I've dealt with PE and I've dealt with, you know, working inside of different uh private equity groups for years now. You know, and even in my banking days, we had several companies that we worked with that were purchased or or acquired by private equity. And I even had experience of one going from complete meltdown mode to actually fairly good under the new PE who ironically was owned by Tom Bravo. And so not always bad. But I do think what what do we want to say? There's a lot to say about this. First of all, I want people to understand there's a difference between venture capital and private equity, right? So when we talk a lot of people a lot of times folks will just lump it all like anyone who gives money to somebody is bad, right? And it's not necessarily the case, right? Like there's a lot of there's a lot of venture capital out there. So one of the differences between venture capital and private equity is venture capital is typically investing in younger stage, they're not doing acquisitions themselves. They're they're typically in many cases not getting like full ownership of a company. You you're going to see them invest somewhere between 1 million and maybe 50 to 80 million, you know, is a good just rough number, at least in our area in the MSP space. Whereas private equity is coming in and it's representing, they're actually doing acquisitions, they're doing full ownership, right? And not always, but in in many cases, right? And the purchase sizes are much bigger and sometimes they leverage debt to actually be able to do what they're doing to to build their asset portfolio. And so they have a little bit more pressure. And one of the big differences that generally speaking, you'll see is a lot of times private equity lacks to use my t-shirt if you're just listening, empathy, right? They they operate in a silo and everything is a number and spreadsheets drive all and they forget that there are people behind the scenes, right? And we've seen this. And I'm not going to call out names today, but we've seen this with some of the private equity owned MSP companies, not all of them, right? So I'm going to leave it up to guess work for people, right? Intentionally because but but my perspective is I see this, right? And you see this impact of significant layoffs of 20% of of of a company just the PE comes in, lay it lay off the bloat, let's get rid of it. And then I am the one that ends up getting tons of people reaching out to be like, Wes, I lost my job. I don't know what I'm going to do next. I'm stressed beyond belief and I'm worried and I'm not sleeping, right? And I hear those stories and it breaks my heart, right? And that's one of the reasons I do on my LinkedIn channel. This is the main reason I do these whole like, hey, if you're looking for a job, this post is for you because it makes me feel great when someone DMs me and says, I found a job. Thank you so much. Like so we we need to remember that sometimes private equity lacks empathy and is operating purely off numbers and forgets that there's people behind the scenes. And for me, Todd, that's just not that's not the world I want to be in. And and we're seeing that infect the MSP space a little too much and I think it's important that we vote with our wallets and we make conscious decisions as MSPs to say we're not going to support that kind of activity. I'm going to put my money in with companies that I think represent my values. But also recognize that those companies may one day go against your values. And so your money today may not be the same money tomorrow. I think it's good to have these conversations because there are people behind the scenes on these actions that we're taking. Yeah, and I think it's an important cautionary tale as well. Like you said, like there are absolutely great PE partners to have out there. But there has to be sort of a cultural alignment. This is the same in any type of business partnership. Like if you're being if you're selling to someone, you're acquiring someone, you're entering into any type of partnership with other organizations, even if you're selecting vendors, you have to look for cultural alignment on the things that you believe. What are the values you hold and making sure that those organizations share those same values and truly actually sort of hold those values and they're they're somewhat demonstrable, not just sort of, oh, yeah, yeah, yeah, yeah, we do that. Yeah, yeah, yeah, yeah, just sort of selling you a bill of goods, right? Um so I think it is just important. Like if you're thinking of selling your business that you you're really diligent about the partners that you're entering into negotiation with and why you actually select one partner over another. It's not just sort of, well, this these guys are going to give me, you know, 8X and this other company only told me they give me 5X on my my company. So, you know, hey, well like just making it a financial decision. There are much bigger factors involved that go into the play of selecting partners and selecting an acquirer, right? Yep, uh you're exactly right. And you know what's interesting, um World Economic Forum did a study a while back and I think it's somewhere around 60% of millennial and Gen Z actually may say a deal breaker is these kinds of things. This whole idea of like how your company operates, your social values, you know, your sustainability, you know, ethics, all these kinds of things. They'll literally say for us, it's a deal breaker if we don't align. That did not happen with older generations. And so, you know, if you're listening today and you're an MSP, if you're a VC, if you're PE, if you're a vendor, recognize that's a big deal and it's going to become a bigger deal. When people say my wallet is being voted to for companies that I can stand behind. And I think that's a wonderful thing. I think that I I think that that makes all of us better when we say we're actually going to best of breed, nah, I'll choose one level under that if I can get someone that upholds my personal values or at least reflects some vision that's not conflicting with it, right? I think that's a a staggering data point that I think will only grow more and more beyond that 60%. Yeah, I I strongly agree. It's almost like that's a almost a whole separate episode about sort of company culture and things like that. But I see this as as something that generally lacks in the MSP space where you know, I'll I'll sort of uh do strategy planning with organizations and and sort of put to them, you know, like what is the the mission of the organization? And they just sort of like hum and ha and be like, I don't know, we're here to make some money, right? Like that's the point of it. And that's just not enough to get behind for a younger generation. And a lot of people love to shit on younger generations at every turn, right? Like like Gen Z and uh uh Gen Y and all those the labels that we put on this, all of these things have been true in past generations. It's just like that the things changed, the old guard moved on and therefore they're treated uh differently. So there's nothing different about the newer generations coming up. It is just a different value set. I agree with you that the fact that someone will choose to work at some place that they feel actually has sort of a social mission that they can get behind, right? Like even if you'd modify it slightly, like saying our mission is to create great customer experiences and to make technology simple for small to medium business. That is just slightly different from we're here to make money, right? It's the same thing. It's just drilling a little deeper to understand like why are we here? Why do I get out of bed in the morning and deal with the stress of working in the IT field? Because I actually understand like like that there's a value alignment and I feel like I'm doing good in the world rather than just sort of trying to fill someone's pocket and hopefully collect a paycheck, right? It's not a gigantic difference, but it's meaningful to a lot of people. I I absolutely agree. Where do we find our meaning and our significance? I I I don't believe it should be found in work, but I 100% well, largely speaking, it can to some degree, but but work should be a reflection. And work should be something that I know I'm making the world a better place. My job has meaning and significance in what I'm doing, right? And I totally agree. It is up to leadership to make sure that we reflect that. And I think any company that's making a dollar is proof that they're producing some kind of value, right? Otherwise it wouldn't make that dollar. So I think it's on us. I love what you just said there about that sort of just slight tweaks in what we're doing to make sure people see that there's a mission and we're solving for something. You know, it's not like the 1960s moonshot where we're trying to get to the moon or bust, right? Sure. But but we can still do small things that make big differences. And in transformation of of our lives and knowing that things are becoming better and different. Like I I I love that aspect and and I'm with you. I I see younger generations work as hard as older generations. I don't think there's a difference in work ethic and quality. But I think the difference is they want to know that they're doing something. They're not just plugging away and cranking, you know, some lever non-stop over and over and over on a factory line, but what they're doing is making a difference, right? And if you happen to be somebody that's a factory line, well then find other ways to make sure that you support them in whatever it is that they want to pursue to make the world a better place because you're right, we all are searching for some kind of significance in our lives and none of us want to go and hit our death bed and say, well, I made a whole bunch of money and nothing else. We don't want to be that. I think about that all the time. What kind of impact am I making in my own life, in the life of my family, and those that I talk and I'm with around because we have we all have 24 hours in a day. And there was a podcast I listened to recently, Alex Liberman, he does it, it's called founders journal, huge fan of it. Me and Alex and Kyle, my other co-founders, we we listen to it on the reg and are always texting and discussing it. And he did a deep dive on um I think it was called the your 4,000 weeks. And basically it's a startup guy that said your entire life is broken down into if you throw out the first 2,000 and the last 2,000, your first 18 years of life and your last 18 years of life, we have 4,000 meaningful weeks in our life. Yeah. Holy crap. Right? That totally changes who cares about how much money I make. I've got 4,000 weeks to do something. What am I going to do with that life and how am I going to find significance? So if we in work as leaders can establish a culture that lets people say in those 4,000 weeks, you're going to make a difference in your life, what a huge difference that makes. So, yeah, I absolutely love this this thread of conversation. Yeah. No, I think that's Derek Sivers that that has that uh the 4,000 weeks. It's a timeline of your life. They actually have like a poster you can print out and like visualize it, right? Maybe a little. I need to see that. Yeah. Well, Wes, I always love talking to you. I think you're putting incredible value out in the world and uh uh really appreciate your time. Thanks for coming on. You bet, Todd. Thanks for having me. Part of the MSP Radio Network.