652 Infima: Automated Security Awareness Training for MSPs

(0:02 - 6:27)
The podcast you are about to hear is a vendor profile episode for PitchIT, an annual startup competition and accelerator program organized by IT Nation, a ConnectWise community. This year, 26 companies from 7 different countries have been selected to participate. Companies go through a 16-week business transformation course led by industry experts and ConnectWise leaders. 

After the 16 weeks, each company will be required to complete a virtual pitch. From that, judges will select three finalists to present their pitch live at IT Nation Connect in November. The first place winner receives $70,000. 

The second place winner receives $30,000. Third place, a set of steak knives. This episode is presented by Thread, last year's PitchIT winner. 

Thread's mission is to help IT service providers deliver service magic. Visit them at ITBusinessPodcast.com slash Thread. Hello, friends. 

Uncle Marv here with another episode of the IT Business Podcast, the show for IT professionals and managed service providers, where if you're out supporting business, we're helping you do that better, smarter, and faster. We are here with another vendor profile for the IT Nation PitchIT contest that is happening this year, 2024. And we are joined by a familiar name in the industry, working for Infima, a cybersecurity company that provides fully automated security awareness training and phishing simulations for managed service providers and their clients. 

And I'm joined by our good friend, Uncle Larry. Larry Meador joins us from Infima. What's up, Uncle Marv? All right. 

So coming through loud and clear. Hey, that's a good thing. It is. 

That is. So here you are, Larry, this year back at PitchIT for Infima. And I gave a quick description of what they are. 

Give us a little bit more detail about what Infima does. Yeah, absolutely. Happy to do that. 

Happy to be here. I appreciate you giving me a little time. So Infima, we are a security awareness training company. 

Obviously, we also do phishing simulations. But, you know, we're a little bit different from some of the other ones out there. We really built our platform based off of behavioral science. 

And it's optimized and built from the ground up for MSPs. That's exactly who our target market is. We're 100 percent channel only. 

And we only sell to MSPs. And so when I say behavioral science, when Joel Cahill and Kevin Guyer, who are our two co-founders, built the company, they consulted not only cybersecurity experts, but they also talked to some behavioral psychologists to really get into and learn, you know, how do people learn? What causes them to retain information? Because obviously, security awareness training, the whole design of this is to change the user's reflex when they see a link in an email or different things like that, to get them to not click on some of these malicious links that are allowing bad threat actors into the company and getting hold of sensitive records, financial records, different things like that and putting the company under ransomware. So again, I mean, this behavioral science that we're doing is really built to help the user that takes our phishing simulations and our security awareness training. 

They know what to look for and they know what they need to do and what they need to be looking for when it comes to those phishing simulations and the security awareness training. Part of that really is focused on them retaining the knowledge that we're trying to impart on them during that training. All right. 

Well, let me start with a simple question from a user's perspective, because one of the things that I've gone through over the years is users kind of making fun of the cybersecurity awareness training with these, you know, long, boring videos, gimmicky little shock tactics, you know, with the emails and stuff. How is your product different in the sense of, you know, it's focused on behavior, but is it still kind of tricky in that sense or is it modern day? It's pretty modern day to tell you the truth. We do all the content that we have in-house on the phishing simulations as well as the actual trainings themselves. 

And we've got a good mixture of click to progress trainings. And, you know, the reason we do that is it's been proven most people retain that information far better than if they just click a, you know, start button on a video, let it play for a minute because, hey, I can tell you I'm guilty of it. I've used to have to different companies have to do security awareness training. 

I was the same thing. I'd click the play button, then I'd move over and do something else while that plays. And I just kind of hazard a guess when it came to me having to take the test. 

And usually I did pretty good. So ours is a little bit different. We do more click to progress type things, but we do keep it very brief. 

We keep it very relevant and try to make it as easy and unobtrusive as possible. So, you know, one of the other things that we really differentiate ourselves with is we were really the first to market with a three-click client onboarding for the MSP. It literally takes three clicks for you to go out there, onboard your client. 

You don't have to take care of the domain allow listing. You don't have to take care of the user sync. We're doing all of that for you.

(6:27 - 11:30)
We actually use the Microsoft Graph API. Excuse me. Using that Microsoft Graph API allows us to inject the email straight into the user's inbox. 

So we don't get caught by spam filters, different things like that. But once you've onboarded your client, we're basically a fully managed set it and forget it platform. We take care of everything else for you from user synchronization to reporting. 

We even generate security awareness training policies to satisfy cyber insurance, you name it. So are you sure you're telling me that I don't have to go into my DNS portal or the 365 panel and input a list of IP addresses or domains to allow, you know, to pass through so that these phishing things aren't caught in my spam filter? No, sir. We take care of all of it for you. 

All of it. So we're both Office 365 as well as Google Workspace. All right. 

So you mentioned a three-click startup for MSPs. That sounds pretty nice that it's click, click, click, and we're ready to go. What about the management down the road? Because obviously this is going to be something we want to do every month. 

We need to do reporting either back to the client or back to some sort of cyber security portal or something like that. Insurance requests each year and stuff. So what's the management side of it like for us? Yeah. 

Management, like I said, we're fully managed. So you really don't have to get in there and do a whole lot of things. You can go in there, like if you want us to generate reports for your individual clients, we do that. 

But you just have to go in there and say, okay, this report for XYZ Company needs to go to John Doe at XYZCompany.com. So you would go into your administrator portal and go in there and set that up. But after you do that, we take care of the monthly reports. And that client of yours is going to get a monthly report showing them how their team is progressing, who's lagging behind, who's failing. 

And incidentally, if anybody fails one of the phishing simulations, they're automatically retargeted so that they get targeted and hit more frequently to make sure that they know what not to click on. But yeah, all of that reporting is handled for you. And then of course, you as the MSP are going to get an aggregate report showing you all of your clients, who's doing well, who's not doing so well, who's lagging behind. 

So that way you can kind of focus on and see who's lagging behind and who you might need to spend a little bit more time with to get them to take this a little bit more seriously. All right. That sounds good. 

Now, when it comes to somebody that actually clicks a bad link in an email, I know some of the providers out there, an alert can be sent to the MSP saying, hey, you just had this user click a link. You may want to help remediate them. Others, you just wait for the report to come out and view it there. 

So what are the options when it comes to that? Yep. So when someone clicks on a link, and I hate to admit this, but I have fallen for some of our phishing simulations. They're that good. 

They really are that good. And it's funny. I remember when I fell for it, I was kind of like, oh man, I think this is a phishing simulation, but this is so good. 

I got to find out. And sure enough, boom, as soon as I clicked on it, it comes up and says, ah, you know, hey, that was a phishing simulation. And that right then and there creates a teachable instance. 

So we're teaching the user at that point what they did wrong, what they could look for in the future. But one of the things that we also do is 24 hours later, and the reason we do this, I don't know if you've ever fallen for one, but most people, when they fall for a phishing link, they hit it, and it pops up as a phishing link. They close it real quick, and they say, ah, darn it. 

You know, they got me, and they don't pay attention to what comes up on the screen. So 24 hours later, we're going to follow up and say, hey, Uncle Marv, yesterday at 10.32 AM, you clicked on this LinkedIn email that came in, and we want to show you why you shouldn't have clicked on that and what you should look for in the future. So it's a very personalized follow-up that you're going to get the very next day, because that's a second teachable instance at that point. 

Now, as far as the MSP getting notifications, they can see through their portal at any given time who has failed a simulation, but it's also going to be on that monthly report that we generate, both for the MSP as well as for the end client, if you have set it up that way. All right. So from the MSP perspective, this all sounds pretty good.

(11:30 - 18:24)
You've got the multi-tenant dashboard. What other features do you have in terms of, let's say, I don't know, integration or things like that? Because obviously, most of these programs are standalone, and then we either just find a way to bill our client for the total package or stuff like that. But what other integrations and connections do we have within FEMA with our other tools? Yep, absolutely. 

We've got quite a few integrations out there right now. Like I said, we already talked about the Microsoft Graph API. So we integrate with Office 365 as well as Google Workspace, but we also integrate with ConnectWise, Autotask Billing, Lifecycle Insights, which is now part of the fantastic ScalePad platform. 

We also integrate very recently with Acronis, and we're actually in talks with quite a few other platforms as well. It's been neat since I joined in October, because one of my functions is to go out and help us build alliances with other partners. But as word spreads about how easy our onboarding is and how automated our platform is, they're kind of seeking us out. 

And Acronis is one of them, and we're talking with a few other platforms as well. So you're going to see some more integrations coming down the road. All right. 

So what feedback are you hearing from MSPs? Because I mean, you're out in the community, you're at all the conferences, and you sometimes are at the bar, and I'm sure you are getting feedback. So what are you hearing that's great for Infima versus other products that are similar out there? No, it's neat that you bring this up, because I've been in the channel for a long time, as you well know. And before I made the leap to come to Infima, I talked to a bunch of my MSP friends, and I said, all right, give me the real skinny on Infima. 

And so they did. But all of our testimonials that we use are almost identical to what my MSP friends told me about Infima. And that really focuses around how much time savings they have seen as a result of switching from XYZ platform over to Infima. 

It's really about the time savings, the automation, and it's worry-free. Like you said, you were like, hey, I don't have to worry about going out there and allow listing domains or making sure that the user synchronization is done and kept up to date all the time. Again, we take care of all of that for you. 

And it's been really fun. I'm not going to name any names here, but we brought on a new MSP a couple of weeks ago, and I talked to him over and over again. And he goes, you know, Larry, I hear what you're saying, but I'm skeptical. 

I'm very skeptical on what you're telling me. But the next time I saw him at an event, which was just about two weeks ago here in Dallas, I went to shake his hand. But he's like, no, no, no, no, come here. 

And he gives me this big hug. And he said, you know, I told you I was skeptical. But he goes, holy cow. 

Once I saw how you guys do things, because I got to tell you, I'm incredibly impressed. He is now on board. He's still kicking the tires a little bit before he rolls it out to his clients. 

But he's like, you know what? You guys are as good as you say you are. And he said, and you say it very humbly. You just sit there and say you're very confident in your platform. 

And speaking of confidence in the platform and kind of differentiating ourselves from others. We are very confident in our platform, Uncle Marv. We have no contracts. 

You pay for what you use. Yes, sir. No contracts. 

You pay for what you use month to month. And we believe you should drink your own Kool-Aid. So we give the MSP free NFRs for the lifetime of their partnership with us, regardless of how small or big that MSP is. 

That way they can use the phishing simulations and the user trainings for their own staff. So that way they know what the clients are getting. So that's absolutely free. 

Again, no contract. Pay for what you use. So yeah. 

Nice. That's how we do things here. All right. 

Well, that all sounds great. But let me ask one last question in terms of future roadmap type things. You guys seem pretty focused and pretty direct in staying in your lane. 

Security, awareness training, phishing simulations. Any plans to kind of venture into some other lanes, add some stuff down the road? What's the future look like? The future looks great because we've got, you know, if I tell you I'd have to kill you and everybody else and we wouldn't want to do that because then you wouldn't have an audience. But we do have some. 

We wouldn't have that bar meet next week. Isn't that the truth? No, we've got some really neat things coming down the pike. Some of those are going to be announced at IT Nation Secure. 

So I can't really spill the beans yet. But we've got some neat stuff coming down the way. And I got to tell you, you know, I've been in this channel for 22 years and I've worked for some fantastic companies. 

Matter of fact, I'm still an advisor to one of those companies. But I don't think I have been as excited about working for an organization as I am here at Infima. And it's not only because of our platform, but it's also because of the folks that are running the company. 

We're a very small, tight knit crew. And one of the things that we do and I think we do really well is, you know, there's many vendors out there that say, oh, yeah, we're a partner. This is a partnership that we're putting together. 

But, you know, I often hear from MSPs that when all of a sudden it comes time for you to ask that vendor partner for some money to maybe sponsor a conference that you're holding or something like that, oftentimes that partnership seems to be a one way street. And that one way is when you're spending money with that vendor. And we truly, at Infima, believe in building a true partnership. 

And ultimately, we want that partnership to become a friendship. And we've been very successful with many of the MSPs that we have on board with us in having that friendship to where when they walk up to us, they're giving us that big bear hug. And they're just like, man, we just love what you guys are doing. 

It's fantastic. We don't ever have to worry about it. It just keeps going and going and going.

(18:24 - 20:08)
So I'm so excited to be here. All right. Well, there I was going to say, yeah, I was going to say you have been obviously known throughout the years, no matter where you are, a great partner, a great friend. 

So a lot of that comes from you and your personality. And obviously, it sounds like you found a place in Infima that resonates with that. So obviously, I'm going to wish you luck. 

And I can't show favoritism. So don't expect anything more than that. But we'll see you out on the trail. 

I'll shake your hand. Are you saying I don't get steak knives? If you get third place. I don't want third place. 

You keep those steak knives. I'm going for bigger and better. Right. 

All right, folks. Larry Meador is the channel chief at Infima. And their goal is to significantly reduce. 

See that? You made me lose my place here. I even had notes on this. Y'all could see this. 

He had put his glasses on to read this. So Infima's platform is designed to significantly provide dramatically simplified administration for MSPs with speedy setup and minimal oversight once deployed. How about that? Absolutely. 

How about that? All right. Larry, appreciate it. Thank you for your time. 

We will definitely see you out on the road. And good luck in November. Uncle Marv, I look forward to it. 

Thank you so much for the time once again. All right. That's going to do it, folks. 

We'll be back with another vendor profile or a regular IT business podcast anytime here in the future. We'll see you soon. And until next time, holla!