When a breach happens, do you know how to submit documentation to the FBI? Breach and privacy laws are changing how IT service providers/MSPs serve their clients. How will documentation empower businesses to stay compliant across different municipalities?
It’s no longer enough to understand the laws of operating a business. Going forward, IT Service Providers & MSPs are going to be devoting a portion of their business to managing the regulations and the municipalities that they serve.
Dave Sobel, host and thought leader behind The Business of Tech podcast and MSP Radio, and the team at Eureka Process, delve into the state of the IT regulations, compliance, and decision-making.
Video Transcript
Allen Edwards
All right, we’re now live on ITDUG. Cool. Veronica, you’re gonna verify we’re coming through. Hi, everybody. Feel free to comment.
Brook Lee
We’ve got some people in the waiting room that needs to be let him.
Allen Edwards
Let him in. Here we go. Hello, everybody. Sorry for the late delay. We’re still practicing live on Facebook so that those who didn’t have a chance to register can still take a peek in ITDUG. We’ll give it just 30 more seconds. Awesome frog. Any more notes before you begin? technical wise. All good. All right. Cool. All right. So today, for the ice condition users group webinar, we’re going to do something completely different. We’ve brought other folks in before for valuable content. We’ve occasionally had the sales pitch we didn’t like you Rika process has developed their own content as well related to documentation and the IT industry at large. So we thought we would invite Dave Sobel, who as he likes to say, it doesn’t sell anything. As our guest speaker today, we’re going to go into more about why he’s going to be interesting in just one second. Some quick housekeeping. Um, for those of you who maybe have registered who aren’t a member of ITDUG stands for it documentation users group, it is a Facebook group, pretty easy to join, ask you a couple of quick questions@fb.com slash groups slash ITDUG. And you can find some of our past webinars on both our YouTube channel and on our website. Tracy couldn’t be here today. She almost always has a conflict. And she says, Alan, why do you schedule them this way? Maybe that’s why I don’t know. But we were founded by Tracy harden, who owns a MSP called next century technologies out of Kentucky. She founded this group in 2018, originally for it glue. But then she decided to open it up to all platforms and invited myself and as a co admin. And we’ve been growing ever since. We just hit the 3000 members A while back. And it’s been great to see some of the conversations happening happening in there. Feel free to keep inviting Our goal is the more people we have the more great questions we have better yet, the more answers we might have to your questions to help generate ideas. Oh, we have a live poll. I don’t log into yet. So there’s a live poll coming soon. We’ll have a tech difficulty for a second when we get there. I’m Alan I founded Eureka process, which we do process for IT companies. Owned denied. I’ve owned an IT firm, which I’ve sold. And I’ve led some others I just like to share with you when I have information that you know, it comes in some level of experience. So you know who the background of the advice you may be taking or deciding to ignore, which is also fun. And our company, including a Brook, Adam and Veronica are in the room. This is what we do day in and day out for clients. We are inside of tools, we are inside of their processes. And we’re helping improve it related businesses. So hopefully, everybody has a chance to weigh in some opinions today. And of course, we have Dave as our special guest today. I wanted to start down by saying hey, I’m a longtime listener, first time supporter. Thank you appreciate that. Dave is the owner of MSP radio, which is producing some fabulous content regarding our industry. You can read the other points on the screen. And Dave, you can certainly add more information. I don’t have a lot of time these days to think about the industry at large so much I’m too worried about giving advice my grandmother would give at running your business, you know, processes KPIs. And Dave, you and I have frequently have conversations in our MSP vendor chat and on the Patreon about the bigger ideas I don’t have time for and I’m glad I have someone like you to go out and look at these trends and bring them back to me and digestible format. Would you like to give any more on your background before we do a live polls and dive in?
Dave Sobel
Yeah, sure. I mean, I the way I always say this is like I mean, I’m an MSP. I ran an MSP for a decade, and I was described as I was a moderately successful MSP owner. I don’t over blow it. And I don’t, you know, from my perspective, I didn’t want to preach that I know everything I ran one, I got involved with a ton of stuff. I was involved with the community and I did peer groups and I wrote books, I did a lot of that stuff. And when I had the opportunity to sell, I went, I wanted to go learn to be a vendor. And I had to rocket ship funds, I worked for a company called level platforms that people are starting to forget about. We sold that to AV G. Then I worked for a company I No one’s ever heard of their final name, this little company called solar winds, they’re just not in the news anymore. I was with company GSI logic now we were bought by solar winds. I was there a grand total of six years, and learn kind of went through the IPO process. And during my vendor time, I was all about like helping msps. And then what I wanted to do after that was, as you sort of said is I really wanted to think about the big stuff. There are so many smarter people like what you guys do with process like, I don’t need to do that I don’t need to do process. I don’t want to talk about like, you know, sales processes or how to market it’s like there’s so many experts that are so much smarter at that. So I said you know what I can go do is I want to go and start looking at the trends in the industry and comment on them then. So I formed a little media company, and I do a daily five minute podcast called the business of tech. It’s all the pod catchers. It’s a weekly show on YouTube, if you’d prefer to catch it that way. And where I cover news stories and I try and link them to the events of what’s happening. What I see is larger trends and why and pie and put in context and I do a segment called, why do you care for each each of the each of the stories that I cover. And that’s what I’ve been doing now. And you guys love it, I don’t have anything to sell, the only thing I sell is my actual content, like I want people to listen to it, it is free, I do not mind telling everyone I monetize that by selling old school ads is, is that I save a vendor can’t tell you their value in 30 seconds, maybe they’re not doing a very good job. So I give vendors an opportunity to deliver their 30 seconds of value within my five minutes of news and commentary. And that’s so I value everybody’s attention and delivering something really useful. And you got an ad as part of that. So you can sign up and listen to it. So that’s what that’s what I sell is is trying to give you good ideas.
Allen Edwards
Very cool. And while we did bring a topic for today, this is open format. Dave and I are just going to have conversations about whatever has been happening, see where it goes. So feel free to throw any questions you have about the industry. I’ll even make it 100% guarantee that if you ask about the future Dave will predicted for you.
Dave Sobel
Oh, I totally have predictions I just had and I always love to go like I have to be right more often than I’m wrong. I never claimed to always be right. My track record is pretty good, though. I’ve got a pretty good divining rod, but they’re not all gems
Allen Edwards
might be more accurate than the weatherman. Exactly. Alright, so quick live poll for our audience. Wait just a few minutes for those instructions are on the screen. You can go to swift polling calm and just type in number 14795. Or just text your votes, the number on the screen 205-883-8760. The QR code is actually brand new to the software. So I have no idea what that does. I assume you hold your phone up to it. And it lets you vote. But the question is, do you know how to submit documentation to the FBI? Answer one? Yeah, because I’ve had to do it. Or option two. Okay, well, I’ve looked into it, and I’ve researched it. And option three, it never crossed my mind. Now we’ve only got a couple people alive today. But I can tell you, it’s never crossed my mind.
Dave Sobel
I let’s let’s make this a non shame exercise. Like Like, I cannot say I’m surprised by this. But But what I what I’ve been if we talk, we’re always talking about the cyber stuff, right? We’re talking about cybersecurity. And I mean, I just I just was just working on today’s pod. And I literally like I spent the whole thing talking about fallout from colonial pipeline, and I feel like this entire week, all I’m doing is stories around security. And I’m kind of tired of it. Like I’ve gotten burning myself out on security stuff. But it’s all on our minds, right? Like, we’re the the the cyber gangs are coming on it at aggressive levels, and I’m just kind of come to the conclusion. It’s like, well, you can get hacked, you just totally gonna get hacked. So why don’t we’re all really good at process and procedure. Why don’t we have the process for calling the FBI? Like,
Allen Edwards
why are we supposed to call the FBI and I’m gonna stop the screen share, by the way, we’re going to start with this topic and the whatever else comes up, and we don’t need a slideshow for that. So if your screen shifts, but so what why do we even have to call the FBI for that? It’s not just the trouble ticket? Are we just fixing that?
Dave Sobel
Well, so that mean, the the question then is, is well, it doesn’t look like it’s going to stay that way. You know, like, particularly, if you look at what’s going on, from a regulation perspective, you know, the, if we’re just pulling the recent stuff, you know, the Brian Biden administration came out and has made it if you’re dealing with the federal government, in any capacity, those organizations are now required to disclose to authorities. By the way, like depending on the on your particular laws and the particular federal level, you’re probably required to do a disclosure in general, there are there may be you may be a regulated industry, you may be in you may have local laws, you know, we’ve talked to I’ve talked in my show about in Louisiana. Now, if you’re in Louisiana, you have to not only register with the state, but if you do business with the state as an MSP or an mssp. And you do business with the state, you have to also do disclosures. And that means talking to law enforcement, by the way, I’ll just sort of smile and go, you don’t think it’s going to change if you don’t actually help law enforcement go after the criminals, right? Like criminals just keep getting the walk all over us and keep getting money and time and energy from us. And we don’t let law enforcement do their job. Well, when it’s not going to change much like it’s a pretty awesome business for them. So even even if you don’t want to deal with it from just the regulation perspective, if you don’t push back and say you know, then let let law enforcement do it, but it’s not going to change.
Allen Edwards
Is law enforcement being effective.
Dave Sobel
They they are being effective. They it takes a long time. And it it is not here that the wheels of justice are not smooth, but I just covered a, you know a story going on for today’s pod talking about, you know, somebody who who went after the University of Pittsburgh, indicted, bound, pleaded guilty, gonna do five to seven years for his time ransomware gangs get taken down particularly after, you know, when they collect enough evidence and they work it through, it does happen. You’re doing it to make sure that law enforcement has the components necessary for their investigations, particularly when they’re looking at this systematic kind of stuff. You know, that I always talk about this analogy when I when I think about what’s going on in cybercrime. Because I say like, let’s put this in terms that make sense right now, gangs of criminals are breaking into businesses, and holding hostages for ransom. This was physical, we’d all be losing our minds. Like, like, if you think about the level of incidents, and I mean, the reporting that happens on this all the time, if these this was happening on the streets, small business owners would be absolutely losing their mind. But what’s interesting to me now is is that it is starting to change, you know, we are seeing, you know, you can take the two big ones from just recently, right, like solar wind. So the federal government is writing a very, very, very large check to clean up from the breach efforts that happened around solar winds. That’s making federal, you know, the federal level, take a look at that. But you also then look at what’s going on a colonial right colonial pipeline, consumers just noticed that they’re paying at the pump, because of cybercrime. Like that that gas went up. Now, by the way, we can have a whole riff on the fact that there wasn’t actually a gas shortage. That’s its own bit, but let’s let it cause an effect. So you know, ransomware happens, consumers pay more at the pump. I wait, there’s all this stuff in between. But that’s the effect. And so what what’s happening is this cyber warfare is falling is spilling out into the streets, and it’s spilling out into pocketbooks. And with the pressures coming from the insurance company, like this dynamic is just all changing. And so I you know, you’ve got to be ready for the inevitable breach that will happen and how you’re going to process it.
Allen Edwards
So any breach which includes crypto cryptocurrency, crypto, where that could go where
Dave Sobel
crypto Well, I mean, cryptocurrencies now, or, you know, any any yearly transactions over $10,000 now needs to be reported to the IRS. You know, I smile, as I’m talking to a group of people who take documentation Seriously, this should be your wheelhouse, is. But I think there’s a whole element of documentation now, around policy and procedure that we have not generally thought of in the same way, the poll gives you a little engines, a lot of people hadn’t thought of this, because we’ve generally taken the approach that we can protect, that we can actually be effective at security. And we can we can keep the bad guys out. I’m looking at it now saying, if you assume a zero trust architecture, you’re essentially assuming there’s a compromise, you’re assuming everything has already happened? Well, if that’s the case, you really ought to have all the policies, procedures and documentation for the inevitable breach.
Allen Edwards
So even a ransomware that is a breach? Absolutely. Those is the new type of virus that came out. I’m just a little old school. Well, I
Dave Sobel
mean, it’s, I mean, I like it and said, like, you’ve lost control of your own network, somebody is as taking control stolen your data. ransomware is even just the first version of this. We’re seeing so much they’re moving now to the extortion where model where they’re hold your data in ransom, and threatened to release it. Where you know where well, well, they’ll take that data, and they’ll release all your dirty, darkest secrets, out to out to the world and resell that information, which they will then make more money off of.
Allen Edwards
So I’m looking for this line, essentially, that is, what, where, where do you cross the line that you have to report this to the FBI? At what point?
Brook Lee
That was gonna be my question, are you required to do this? Or is this something we’re all pitching in and trying to make things better? And this is sort of a best effort to try to advance the community, because requirement is a much stronger word.
Dave Sobel
Well, so plus, so let’s let’s address it for a couple minutes from right now. It is industry by industry, state by state federal, like who your customers are, in terms of is it required? I believe very firmly, it will be required at the federal level in the not too distant future in the US. If I get to spend my time listening to Senate hearings. And if you’ve been paying any attention to what’s going on, they are intensely discussing disclosure notification as a law and as a requirement. Now, we can make an argument of well, it’s not required right now and just wait for it to be required. Or since it’s kind of hard, we can just start gearing up knowing that law is coming. It’s just a matter of how long it takes. And by the way, big tech is calling for it, you know, Microsoft fireeye, in testimony have come out and said, Yes, please, we want clear regulation around what disclosure is required, because we, they want to not only take the stigma away, but put forth the guidelines, so that liability is not also included into that so that they clearly defined the rules of engagement, so they can be better about sharing information. It’s just a matter of how long it’s going to take till it is a requirement.
Allen Edwards
Right. So I guess I’m still looking for that line between what is a computer problem like in the old days, and I’m dating myself and the 90s, we got this virus called the stone virus on our five and a quarter floppy disks. Sure, you know, that doesn’t communicate to the internet is spread disk to disk drive to drive. At what point? Is it a breach that listen say that? If it is even required? Now, by law, we’ll be in the future? Where does it become the type of breach you have to report in your thoughts,
Brook Lee
if email breaches, frankly, happen daily, somebody gets into some of these email, they start sending out emails as that person and that happens constantly. And I mean, as far as the number of that I can, I mean, that’s, that is not a number that’s going to be manageable. If you’re reporting email breaches to the FBI, because that literally happens daily.
Dave Sobel
Well, I will push back a little bit and go of email breaches are happening daily in someone’s organization.
Brook Lee
I don’t know I don’t mean like in the same organization, I mean, I see it happening across the board daily, people’s email gets hacked, somebody gets an email, it looks legit, they click on the link, we all know users are the weakest link. But I cannot imagine at a federal level that that is going to become something that somebody is going to be able to manage, and be able to give us direction on if we are reporting email breaches.
Dave Sobel
Well, so this is my statement here is is the the you have to now learn these things you each individual organization needs to understand for the industry for their particular locale for their state level, they’re going to now start having to understand the rules of engagement for that. The fact that most people don’t even know the details of the FBI is where we got to start, you’ve got to start with, they have guidelines for what you’re supposed to report. At that level, individual states will have their also their levels of what are supposed to be reported. I’m going to push back and say, if you say there’s just so much email, that’s all crime, all of that email breach stuff is crying. And it is not acceptable for us as an industry to go well, it just happens all the time. That’s good. I
Brook Lee
completely agree with you. However, we all know that the end user is the weakest link. And you cannot we can sit here and say all day long it is next to impossible to prevent somebody from opening an email and clicking a link that looks legit.
Allen Edwards
Is that is that using the physical example they’ve used earlier? If if somebody reached out of an alley and says, Hey, buddy, come here. And yes, I’ve done this before. And I came there and I got mugged. Is that any different?
Dave Sobel
it from my perspective? It isn’t. Right. It isn’t like we’re talking we’re literally talking about muggings, you know, and that are happening on a regular basis. And, and, you know, while while I am sympathetic to the statement, like I don’t entirely agree that it is completely unsolvable to solve this problem. I just don’t, you know, I believe that you can put in place tech, you know, detail your two factor authentication pieces, you can put in a certain level of screening to make sure that that certain basic cleanliness doesn’t get through, I think you can put forth the training to make sure that you’re, you know, teaching users on a regular basis. I mean, I think you can put you can invest in the communication, but but I don’t, I’m not willing to just resign to the fact that Oh, there’s nothing we can do about users. But that that said, If let’s just go to the standard phishing attack, right, the standard efficient attack someone targets in tells a user tells users to get out transfer money and do a wire transfer, you know, outside the organization. That’s it happens. That’s a crime. That has to be reported. You have to know that that’s it. That’s the way this works if you need to report a crime. That’s where my definition is going. We can get into I mean, I think it’s a red herring to go down into the will do. We You know, do we deal with every single user? Let’s just start with the major stuff. You know, let’s start with spear phishing attacks. They need to be reported when they happen.
Allen Edwards
You got to have a policy, you got to have a procedure, excellent transfer the money just receiving that email with that intent.
Dave Sobel
Right. And I mean, I think so I think you have to do I think you’re getting at that point. And do I think this is a big intensive process? Yeah. Well, welcome to security. Like if you’re going to, if you’re going to give any kind of claim to your customers, that you’re doing anything on their behalf, this is all the responsibility that goes along with it.
Allen Edwards
Um, so how do we stay informed? This is a landscape that’s shifting and shifting, as you mentioned differently for every person based on who they serve, and where they’re at? How do we keep on top of this?
Dave Sobel
Well, I mean, you have to dedicate time and resources to this effort. This is part of your responsibility in delivering it services to customers is to manage this. And I think we’ve all just obviously equipping the we over rotate too much time on products. And not enough time on this. I’m just gonna, I’m just gonna laugh and go, how about the IT industry spend less time debating which antivirus or RMM technology use and use that time on studying the laws relevant to their business? I think that’s a way better use of time. And, and I see a lot of time spent debating tools, and that and the components that don’t actually make a difference in service delivery, instead of instead of spending so much time debating that, why don’t we spend that time on making sure that we’re working on understanding the laws relevant to our to our space, finding, making sure you can sign up with Sisa for alerts for regulations, you can sign up for FBI alerts, you can you can read, you know, look at your local municipality and get their information. NIST has detailed information on what’s going on spend your time diving into that, because it is definitely going to make a huge difference if you’re outside the US things like the UK is National Cybersecurity center, like they all have the resources are available to you, you have to just go forth and take though
Allen Edwards
it’s a I realized that a lot of it vendors 510 15 years ago, we got into the business. We didn’t sign up for this. Yeah.
Dave Sobel
We talk a lot about this industry is constantly changing. Cut off. Like I mean, this, what’s interesting to me is is that I, I’m talking about this, like it’s completely bad, it’s not actually entirely bad. What I want everyone to focus on is you’re spending a lot more time in the actual guts of a customer’s business, the risks they take, what laws they’re compliant to how they do business, that is super valuable work. And it is worth spending your time in. That is a great investment to be spending your time working on those issues. That’s what your customer cares about. Way more than a lot of the things that we were debating Look, I will have to go I’ve got a video in on my YouTube channel entitled don’t start an MSP. And it’s not that I it’s not that I’m saying like I think this is a horrible business. I love this business. I love helping small companies with their technology needs. But Allah as you said, like the challenges are way different than they were 510 20 years ago, in terms of getting into this business, it’s a higher bar, the bits that used to matter and not as important anymore. As the as our reliance on technology has become more in depth. I mean, I can just about outsource my help desk, outsource my service desk, outsource project scoping and project execution. And just do this for a living. Totally good. You know, and I’m not wanting to get into the whole mssp versus MSP garbage. I don’t buy into that or that argument. I just make the statement of like, this is the valuable stuff, helping customers with their technology needs and their risk management. Think about it that way you are you’re dealing with the risks, understanding their risks, going deep with them, and helping understand and mitigate those risks. We’re not going to eliminate them, we have to mitigate them as much as we possibly can.
Allen Edwards
So let’s talk a little bit about documentation just trying to honor my audience here. Sure. Um, so first of all, before I dive into the details of document documenting these types of things, do you have the an overview of what is required to submit an incident to the FBI
Dave Sobel
so it you know the elements of the basics on that are is is you need to understand the before and the after situation. So documentation is going to play really nicely to that is the unit you will have documentation of this is what the status was before this is the these are the pieces of evidence that we have noted that alerted us to the, to the incident. And we can report that kind of information, one of the things you have to remember is they’re treating it like a crime scene. Right. So everything about that becomes evidence. So that’s a matter of maintaining the integrity of what was there, it was about making sure that you can give the insights. So the basics are going to be all of the things of Hey, this is our documentation of what it looked like before, these are the things that we saw. And we have recorded that let us know there’s an incident and we can provide all of the insights of what we’ve seen, that has changed in a way I can leave and go like, that’s all documentation, right? Like that’s, that is change management at its very finest. That’s the basics of what you’re trying to document it. So if you’re already focused on a policy and procedure for documenting these spaces, you will already have the skills to go forth and do this.
Allen Edwards
So there’s one document you have to create, which is how to deal with the FBI. And somewhere in your incident response. There’s a line item that says, here’s a link to the FBI article, or here’s our synopsis on it. And you have to behave in this way. But of course, you also have like, like you mentioned, all the documentation you already had is that up to the standards, to give the FBI evidence they need to prosecute to go after him if I use prosecution loosely, cuz I assume a lot of this is on foreign soil. Um, it all
Dave Sobel
depends. And by the way, and certainly that’s, that’s law enforcement job, we’ll let them figure that out. We just need it, we need to give them our before our a, your the records, and what and the incidence of what we’ve seen and we need to provide to them are after. And again, they’ve provided really great resources to make this process, you know, what they’re what they’re doing make this easier on you, you can embrace the resources they’ve put together to make this process easier.
Allen Edwards
So I mean, this is kind of a testament to even beyond all the other document in the network before and after. There’s your typical documentation we forget about called work notes, right, your your time entries, your work notes, so I take it those need to be pristine for this to work for the FBI. Yes. What did I do to resolve the issue? Well, that I see.
Dave Sobel
I mean, the answer is, is as much as possible. You know, the the same is, is look, we know, as with any kind of incident, you’re not going to have complete documentation for everything you’re not going. It’s simply unachievable, and in fact, the activities of criminals are not exposed to us, we’ve got to have enough of the pieces to help the FBI with the direction that they’re going to take in terms of their investigation. Let’s take the the super extreme case, right. So we know we’re why we’re all watching with interest and learnings and what’s going on at solar winds. You know, they have been doing a in depth analysis of what happened and they continue to unearth more and more evidence over time, they have clearly indicated they’re not going to know everything. Because those threat actors are behaving in a way that is incredibly sophisticated. The job isn’t to have everything, it’s to have as much as you can to give them direction and go from there.
Allen Edwards
Very good. Um, I’m gonna we don’t have any pending questions, though. I will. I will take a second just to encourage questions for a moment. Your questions don’t have to be about documentation. They don’t have to be about reporting to the FBI or threat actors. Feel free to ask us anything. Dave, take a moment if you would, what is the best way to witness your content?
Dave Sobel
Sure. So it’s designed a bit depending on how you look at it. I started with the podcast, there’s a daily five minute show, you can catch that on all your favorite pod catchers. It’s on Apple podcasts, Google Play Spotify everywhere, you might find it. blinks are all at business of tech if you want to make it a little easier. But you just open up the podcast catcher of your choice. Find the show and you will get five minutes of insight News and Analysis every single business day. If you’ve prefer that in video form you can visit youtube.com slash MSP radio and subscribe there. The show comes out as a weekly format as well as some of my interviews and bonus content that is released as bonus content on the pod is also available as video content online. So that’s the the major ways that you can find all my stuff. You’ve got all the social information, if you want to follow the news articles and announcements that come out. But if you’re already subscribed to the podcast, you’re getting all that content every day.
Allen Edwards
Alright, so short on questions you and I broke to another topic this week. Okay. pletely different topics. Perhaps even unrelated to documentation, we didn’t get a chance to finish that. Let’s go there. ronica Feel free to also add questions on or off topic as well. I’m, so I’m busy trying to write the recap process book on how we do what we do, why it works and how you can do it too. And I’ve written the six leadership superpowers and along that leadership power of decide, right? And it’s common wisdom, I have quotes from everywhere, that no decision is the wrong decision. You have to decide in fact, being wrong is better than no decision in most cases. Yep, I can’t find a lot of information on why?
Dave Sobel
Well, so I’ll give you my my sort of perspective, I always describe this as the difference between an active decision and a passive decision. Passive decisions, when I let things happen to me, versus an active decision, where I have done something about it is when I like to think about it, and no decision is a decision. It’s just the easy passive one that people let happen to them by not making movement. The reason that I think from my perspective, the reason why a decision is always better than non decision is by executing on some decision, you are executing a plan, that is an organized set of things that I am going to go do, versus purely reacting to the situation, if I make no decision, and I make no change, I am purely reacting and then is never as well organized as making a decision and doing something. So that’s for me where this goes, the context of this for that I’ve been thinking of a lot recently, is the idea of of what work is going to look like in the future. I’m completely fascinated by this topic. And I freely admit, I’m somebody, welcome to my home studio, I’ve worked from home for, you know, over a decade now. So when the when the pandemic hit for me, it was like, Well, okay, it’s Tuesday, you know, like, it’s the same day. As always, it’s been fascinating to watch the changes to work culture, as we, as it were, everyone was forced to that everyone was forced to that it was an active decision that everyone made it exactly the same time. What’s happening now as we as things as situations change, as we are finding those that are actively deciding to do something, versus those that are uncertain about what their next step is going to look like. The decision, you know, for example, are you going back to the office full time? Are you in? Are you staying remote, full time? Are you embracing some new hybrid thing, you know, my statement is, is go to one of them, any of them, pick the one that you’re going to go do, you will be better, I happen to believe in hybrid. Like I happen to think that those that some mix of the two is going to work for most organizations. And I kind of look and think I look at it from the sort of 60 2020 think about 20% of organizations will be fully remote and 20% of organizations will be fully back in the office and 60% will find some hybrid, some combination, that means something for them. The reason I think it’s important to make a decision is the success of any of those choices comes around the way you build accountability into your organization and how you measure work product, they use a horrible way of describing it as the outcome. If you just let it happen to you, you won’t ever really know if you’re being successful. But if you pick one, you can at least have some sense of what you’re measuring about an allergy or point like if you get it completely wrong. You’ll figure that out. But at least you picked something to figure out was completely wrong, that you will then continue to refine over time.
Allen Edwards
So I heard two things. And I hate starting a conversation that way, because I’ll forget the second time I get there. Sure. Um, but what was the word on certainty? I think maybe that’s the route that I’m looking for. Because the whole decision versus not decision. It’s like a logical. I mean, yeah, that’s the battle you’re winning. Because I know, you know, Dave, I said, Hey, we might go for ice cream in a couple of minutes. How do you behave versus saying, hey, refreshment two o’clock or, hey, we’re not going for ice cream. You know, you you immediately get into a specific action plan. You’re more of sound mind you’re not distracted. you’re focused versus that whole uncertainty around things. In fact, I’m, I’m probably an over decider. If you didn’t tell me what we’re doing next. I have to ask, I have to know. Right? And that’s my wife all the time, like, what are we doing this evening? Oh, I don’t know, that drives me nuts. I want to know, if you’re gone, and I’m playing video games Am I going to eat at five? that that might be a nice thing.
Dave Sobel
I’m actually, interestingly, the same ways I make plans all the time. The other statement I always do is I completely uncomfortable with changing. Like, it’s the, you know, I completely will do that. So my wife and I go for travel, by the way, we will, we’ll go somewhere, we’ll outline the plan. And if we’re doing things, and we decided to new plan, I’m totally fine with that. That is that the plan was some structure and guidance to try and get us onto something. But if we discover something new along the way, I am totally comfortable going that direction, because that is new data that’s been provided to me about what I want to do.
Allen Edwards
You just you just nailed it, because a common thing we see with some is they decide the opposite every other day, right, their team in a business somewhere where their team is trying to follow them and they’re getting this this whiplash and and it begins to feel like uncertainty all over again. But it’s not that you can’t change your mind. It’s not it’s that you have to have new data to make a new decision.
Dave Sobel
Right? Exactly. And, and as long as there’s a why, and it’s clearly communicated, you can change you can you can change. I like to sort of say like I plan directionally, you know, I think about things I think about, for example, my own business, I tend to think about it in quarters, right? I go, I kind of know what I want to do this quarter. And I have this vague sense of direction. For beyond that. I don’t build year to year, three year plans, I go, I know what I want to get done this quarter. And I got an idea that direction beyond that. And I will continue to refine as new data presents itself. And so I don’t mind if something’s a meander, like if I’m, if I’m kind of weaving towards something, and I don’t mind changing direction, I’m just sensitive to the fact that a complete change in direction needs to be data driven based on some new input. Otherwise, it’s like, well, I got a direction. And I don’t have to be so precise, as long as I’m going in the right direction. Now, I do want to set some milestones for myself, I want to set some measurements to get a sense of success, you know, success or failure. And then I measure and I move on, right? Like I move to the next point and figure out what the next adjustments going to be. And so I look at it from that perspective, the one thing that is most difficult than that kind of thinking is not making a decision at all. Because then I’m just spinning, I’m just unable to move in any particular direction without a decision.
Allen Edwards
That was that second point I was going to make was the indecision and sometimes actively deciding not to decide, is a decision. This is an Inception statement. Yes, it is. I mean, you look at the data and you go, you know what our best course of action is not to address this at this time. That’s a decision. Yes, it is. And it’s okay. But when you don’t make that decision, when you’re still agonizing over, you’re still wondering what’s next, you are creating that uncertainty both in yourself and in your team. And that’s what’s so dangerous and hazardous to your organization. Yeah, and I’m going to we’re just like a question. No one’s gonna know the answer, I don’t think but guess what my definition of process processes? What is it? What is your definition out the documentation of your decisions, it’s a great way to put it, it really is. That’s what a process is, when we’re in a room like this. And you have decided, you know, what, we’re going to work tickets this way. Write it down. You have this documented a process. Exactly.
Dave Sobel
Now, don’t be afraid to change it based on new data and new inputs as it is it is the directional guidance of what the way you want to do that you do stick to it, because it is useful and you change it when it is no longer useful. And, and that that’s a really good way but people get really hung up on this kind of stuff like is the like, you know, I must get it right the first time. No, you just got to get it the first time. And then you will iterate over time to make it better and better based on the learnings and the new inputs that you get. And if you are open to the idea of new data, check your changes my direction, you will be way more flexible. What’s interesting is people always say that we talk about things being so there’s all so much change actually don’t really buy into that is there’s a lot of things that I can feel reasonably comfortable predicting. You know, like I like if you make it really for those of us in technology. We like to think about like all it’s such a changing interest industry. Yeah, but there’s a lot I can really predict. I’m a big fan of Dale burrs and, and flash forward in terms of his way of thinking hard trends versus soft trends. If we’re in technology. There’s going to be a new version right? Whatever piece of technology we’re working on, right? Yeah, I can rely on that, it will be probably faster, maybe a little, maybe, generally smaller. It will be if we think about it, like from a computing perspective, the manufacturer will make a new computer, right? It will be faster than the last one, it will come with more storage, it will come with more memory, it may come like there are lots of trends I can completely rely on. Now, I may not know the specifics of it, I don’t know exactly how much faster it is, or how much more powerful it is. But I know it’s coming. I know I can bet on it. I can make plans around those basic bits. And I’m making sure that you’re good at understanding though, that reading is what I find most insightful and helpful. When I think about setting direction.
Allen Edwards
It’s actually amazing how often the specifics don’t matter. Yep, they really don’t matter. As technicians, we’d like specifics as part of what’s caused us to get to the point we are in our success. But there’s a point where I even call it you got to get stupid, I mean, the details don’t matter so much that the bigger picture begins to matter more.
Dave Sobel
But more importantly, they don’t matter to our customers, generally, we get really hung up particularly in technology, we get really hung up on things that customers just do not care about. They don’t care, right, I mean, look at we’re gonna geeks and and I don’t mind saying like, you know, over a beer or something like that, we might have a fun debate over some of these specifics. But in terms of the things that I’m thinking about in terms of worrying about directions and trends, think like customers, I just pick and choose this, the trends that matter to them. And that what they’re thinking about and make sure that I’m prioritizing what they want. And then I will find myself in the right place. Because I’m not worrying about these things they don’t care about, again, tangent to but uh, one of my very first business coaching exercises when I was hiring a business coach in my early days as a business owner, you know, you I hate trick questions, but he asked you a trick question like, hey, what, what’s the purpose of all business? And three fourths of us in the room said to make money.
Allen Edwards
The other four refused to answer. So we were all wrong. And it was even a more recent mentor of mine that helped me put it in perspective, you know, the purpose of all business is to solve a need. Yes. And that’s why you’re in business, you are not in business to make technology work, you’re in business, to make the customer accomplish some sort of task that they can’t do without you. Exactly. And as long as you’re solving a need, money is just a byproduct.
Dave Sobel
And if you think about it as a value trade, right, the the idea of I just need to deliver more value than I cost. Right? That that is if I if I’m doing that, that I’m doing something right, I deliver more value a little bit more value every day than what I cost, I’m doing something right. And people will trade, you know, they will trade currency for goods and services, by by preserving if they perceive that what I’m delivering is of higher value than the cost.
Allen Edwards
Absolutely. That’s one of our mantras here, when I run out of ways to explain our core values. My answer is always add value first. If you have to ask how much this is going to cost us? That’s the wrong question. Just add the value, right? The customer either see the value or they won’t. And we can put that in our goodwill piggy bank for when we need it.
Dave Sobel
Exactly. And I remember that it is up to the customer to determine the value to the customer will determine that value. So your job is just to deliver more like is it make sure that from your perspective, you’re delivering more value than your cost? So maybe that’s
Allen Edwards
I don’t know how to tie this documentation. But sometimes we don’t always know what clients value even though I bet we have really good intuition about it. So it’s a matter of asking sometimes, you know, do you value this service? What would you value more? In the pumpkin plan? I’ve already forgotten the guy’s last name, the author, Mike. long, hard last name. You know, he talks about calling your clients and you’re talking about our new service or better services. Hey, we’re looking at doing this. Does this have value to you? We’re not. Yeah, no. You don’t have it right yet. completely true. So Dave, how many people did you call getting started to see if MSP radio would have value for them?
Dave Sobel
So it was interesting is I started with the basic premise of like, really something kind of simple. Like, I’m going to talk about things that interest me and use my set like that and say, like, if I will, if I believe this is interesting, maybe I can get some my instincts will be right. And then I iterate a lot over that I started there and then I then I sent it around and sort of said, you know, like, Hey, is it useful? More, this little less of that and more of that and I And over time, just continue to iterate that way. Making sure that I’m thinking about it every single day. I’m like, Well, okay, are these people getting value out of it? For me, it’s I have a some supporters and Patreon. They get access to some of my stuff early and they get there. It’s a great sounding board to say like, Am I am I delivering value? Like, is this the right stuff? And I get something early? And I’ll put it out there with Okay, here’s the way it’s going out to the world. But did I nail is this one, right? Is this wrong? More questions. And I freely admit, some of my best pieces were, were one of my patreon has come and said, well, Dave, I really want you to think about this, like I want, I want you to spend some time and then come back with an answer to this. Okay, I will go for the doobly, do what I’m told. And it’s a certain degree of keep iterating keep the conversation going know that it doesn’t have to be perfect. Good enough to ship is usually the way that I look at it, and then go, okay, what’s the next one? beyond that? What’s the next one beyond that? And if I keep doing that process, it gets better and better.
Allen Edwards
And speaking back and processes and documentation? Is that good or not the ship, I also call it the minimum viable product. So many people get hung up and documentation and hacking trying to submit information to the FBI. Oh, it’s really complicated. I got to figure it all out. You know what, if you’re not doing it today, all you have to do is figure one more thing out. Write that down, document it in your process, even if it’s just the link to the FBI site, should it ever occur again,
Dave Sobel
right? And just what are the basics? Do I have the phone number who I talked to? What am I saying we’re probably that’s your that’s your first version. That’s, that’s better than what you had before. Because you had nothing before now I have something, then the next version will be what I add to that, and you just keep getting better and better over time, it doesn’t have to start out perfect. Because by the way, it doesn’t have to be it’s never fully done. The situation will change the inputs will change. The kind of information you’ve got to have will change. Like it’s just, it’s constantly evolving. So just don’t get hung up on it being finished.
Allen Edwards
Yep, it’s finished, if you’re any good at continuous process improvement. Exactly. never finished. Dave any parting thoughts on or off topic before we go throw a wrap up?
Dave Sobel
You know, so So for me, the the I spent a lot of time particularly when we started on this with this whole cybersecurity stuff. I’m both optimistic and pessimistic exactly the same time. I don’t want to sugarcoat where I think we’re at from a security perspective, we’re losing this war, like, like, we are not winning this war, it is getting worse before right now more than it’s getting better. That doesn’t mean that I think that there is an opportunity that I don’t think that you can actually do something with this, that we can’t make a difference on that. But I’m asking I’m asking and pushing people to say we need to be asking different questions and doing different things. If the previous behavior is not change is not causing change that we want, it is time to do something different. You know, it is time to pivot in another direction. And, and I The reason I think about this a lot is I’ve alluded to this whole conversation is risk management. I spend a lot of time right now thinking about the risk that IT services companies are taking on in regards to security. Because you’re the last stop, your vendors are not going to save you on this. They are they are not going they’re not taking the liability, they are not taking the responsibility, the buck stops with you. And then the end. So you want to make sure that you’re going in eyes wide open about the risks that you are willing to take and the risks that you are not willing to take and work that out with your customers about the way they’re going to behave. You know, my example on this all the time is I watched the forums, right. And every time somebody tells me, Well, my customers won’t do to FA I immediately go I do not understand why they want to do business with that. Because they’re just willing to take on a level of risk that I am completely uncomfortable with. It’s you can take that risk, but then you don’t get to complain about it at the end. So I really my last thought on this is is that you are way more in control of the behavior than you think you are. You get to pick and choose what you do make the choices that are comfortable for the risk level you’re willing to take.
Allen Edwards
And there is I mean, there is a market for everybody, even those who wants to be like the rest of the vendors and be sorry, we’re best effort. We don’t guarantee results, right? MSP model, and that’s fine. There’s room for you in the industry. But like you said, they be aware of what risk you’re taking care of and be crystal clear with your client what that means to each.
Dave Sobel
Exactly, exactly like just pick one and then go forth and do it and do it. Well.
Allen Edwards
Don’t hide it in the fine print, we got to be crystal clear.
Dave Sobel
Yeah, own it. It’s, it’s who you are. And that’s, that’s a good place to be Own your level of risk and then then be forward with customers on what to do. And if they aren’t willing to take that, then they’re not a great customer for you.
Allen Edwards
And if you need the revenue, maybe take your risk down a notch somehow offer a different service. And that’s okay, exactly. or have your clients step up. You can’t do it both ways. Exactly. It’s all variable you get to pick very good. Dave, thank you so much for coming on. I know you and I’ve had some some chats back and forth, I still have a mental picture frame of the day, you’re looking for topics and you took my topic and you made a podcast that it was like, Yes, I did these things.
Dave Sobel
And I always say these things personally with me for a little while, they’ll they’ll know me for a while till I write something. So you never know when it’ll appear. Just
Allen Edwards
ask you a question. Next thing you know, you’re answering in front of 10,000 people, so like, great. I don’t do.
Dave Sobel
That’s what I’m here. That is what I am here for i like i like chat. I like thinking through these questions. I love hearing from the community and what you want a little bit more thought of, as I said, I don’t necessarily presume to have all the right answers. I will give you all perspective, and I hope it is useful. And then you can take it and do something with it.
Allen Edwards
I mean, I’ve had a difficult time stepping out of my service delivery to my clients and making this larger perspective. So I have appreciated being able to rely on your videos to tell me what’s going on. I know you’ve even done some law recaps that impact our industry in various states sometimes, which are helpful to bring awareness. And I’m glad I finally got to subscribe to your Patreon this week, because I realized that every week I was going to go find your content. I’m like, Okay, well, I should I should be supporting this to make sure it continues.
Dave Sobel
Well, thank you for I do. Thank you for that. And that is that is certainly the goal. And I’m glad the community is responding well.
Allen Edwards
But the but the content is out there available for free, if you just need to check it out. So please check it out. Make your own judgments about the value to you. So thank you for joining your ITDUG webinar. Our next webinar topic undecided. I hope we can have somebody as cool as Dave on again soon. But the date is set Wednesday, June 30. Just before some holidays for North America 11am Pacific 2pm. Eastern and if you have ideas on what to what you’d like to hear about, we’ve done just peer discussion we brought in vendors, we brought in thought leaders like Dave, okay, maybe just at one time. And otherwise, you know, our team is trying to do some content that’s somehow related to documentation, just add some value and keep people coming back to see your questions on the forums to stay engaged. So thank you all for attending. recording will be up shortly and see you next time.
0 Comments