Focusing on Your Sweet Spot

PEER-TO-PEER GROUPS DON'T HOLD BACK telling you the truth. That's why I'm re-emphasizing our company's security solutions and services for SMBs and targeting two vertical industries we're already strong in: healthcare and financial. Not so long ago, when my peer group asked me what makes Complex Technologies different from other MSPs, I really couldn't answer them. So I said, "Well, I'm cool, I have great integrity, I went to RPI, my techs are great, we answer the phones, we show up on time …" All the qualities I could say were the same items the guy down the street could say. There are too many of us out there doing generic managed services, and big businesses are encroaching on the SMB IT market like Dell, Best Buy, and the telecom industry. A lot of MSPs can't afford to build out data centers and do it as cheaply as Google or Amazon. We need to differentiate by picking a product or a few products, and an industry, and attacking it. A provider that serves all industries is taken less seriously than the one that serves only one or two. My peer group helped me to realize this, and that it was something I needed to act on immediately for continued growth.

My Roots as a Teenage Hacker

Security happens to be my personal sweet spot. I received my first computer in '92, and thus began my unhealthy obsession. I only shut off the computer and went to bed when my mother insisted. I was given Internet access by taking a train to the worst part of Queens and volunteering at a local nonprofit ISP, where they gave me a free account. At home, I commandeered the phone line and started living online in a Linux shell. I started teaching myself TCP/IP, and soon found the 2600 organization, which had a magazine, a radio show, and a group of hackers that would meet monthly in New York City. Then I became part of Ethical Hackers Against Pedophilia (E.H.A.P.). My "handle" was "Mantis" and we gathered information about pedophiles we found online and fed that information to law enforcement. I co-hosted a radio show called Parse where a bunch of us would talk about hacking. One day Howard Stern caught the show and mentioned us on air. Next thing I knew, the New York Times wanted to interview me and others. Then came other media requests. That's when my mother started to understand the full extent of what I was doing in my room! At 18, I was making presentations to government "spooks" about how systems get hacked. Then the job offers started coming in.

"It's time to take it back to the roots of your specialization that brought you into the industry. It's time [for MSPs] to be a master of something."

My parents, though, insisted I go to college. I consulted my way through school, working with various companies on security, so I was able to graduate debt free from Rensselaer Polytechnic Institute with a B.S. in computer and systems engineering. My entrepreneurial yearnings were strong, but my parents insisted I "use" my degree and get a real job. So I built networks and other IT tasks for several years, but corporate America wasn't for me. In 2007, I relaunched Complex Technologies, which I had been running on the side, off and on, since 1998. In the early days we did a lot of break-fix, but today we primarily serve as outsourced IT for our clients. Soon, thanks to my peer group, which meets four times a year through the Taylor Business Group, instead of being an MSP that provides security services as one of its many offerings, we will now be a security company that offers managed services.

Today, there are security services companies targeting the enterprise—companies that can afford to pay—but the SMB market has been neglected. And SMBs are held to the same security standards in terms of compliance as the large companies. So we know there's a need. We offer security services at a level and cost that works for them. Initially we'll be catering to, say, the 10-to 15-person urgent care facility or the 15-person hedge fund. We're able to go after healthcare and financial due to our existing clients in that area, allowing us to dig deeper into those verticals. To start, we'll be target-marketing our security assessments, compliance audits, and secure disaster backup and recovery and business continuity planning. Eventually as we scale, we will add penetration testing, intrusion prevention, awareness training, and managed firewalls. But one step at a time.

And that's what I would tell other MSPs. Everyone has something they're really good at. Find the piece you're good at, pick your top three or four services, look at your client base, and narrow it down to an industry. Figure out a repeatable business model, set up processes and procedures for the client, and then go to the next client in that industry. It's time to take it back to the roots of your specialization that brought you into the industry. It's time to be a master of something.