723 Insights from Cynomi's Tim Coach

[Uncle Marv]
Hello friends, Uncle Marv here with another episode of the IT Business Podcast presented by NetAlly. And if you're watching live or watching the video on the backside, this is the regular Wednesday live show. And we are taking a break from Hurricane Milton coverage and we're going to talk tech, like we always try to do.

And we're doing this so that we can help you run your business better, smarter and faster. Tonight I've got Tim Coach coming up. He has a new gig and we're going to chat all about that and see if he can answer the tough questions about why he left and what he's doing now.

Um, if you have not been paying attention, I have been doing update shows throughout the week on Hurricane Milton. So if you have questions about that, you can go to those other shows, 719, 720, 721. Those will be available both by audio and video, and that'll get you all your Milton updates.

The only thing you really need to know is we are not in any immediate danger where we are. Most of Florida is, and my mom is home and hunkered down and I will be checking on her soon. So let's do this.

Uh, we are going to say hello to our good friends, Bruce. Hello. Hello.

All right. Let me go ahead and I'm going to be doing something a little different with our Florida man tonight because of Milton, we're going to have a ton of Florida man, but um, let me go ahead and bring out my good buddy Tim and we'll get to chatting. So here he is folks, Tim coach.

[Tim Coach]
Hey, it's always good to be on the Uncle Marv show.

[Uncle Marv]
Thank you, sir. Thank you, sir, for coming in. And, um, thank you for, for braving Hurricane Milton.

[Tim Coach]
Yeah, it's easy for me. I'm in Kansas city, right? So I'm just looking down there like, oh, we're not getting hit by tornadoes.

So, you know, certainly thoughts and prayers with those people. And it's, it's been an interesting, you're just talking about your mom. I've had a couple of four or five conversations last couple of days where people have evacuated except for the parents.

Of course the parents are like, nah, we're good.

[Uncle Marv]
Yeah. Cause they think we're going to stay and take care of them.

[Tim Coach]
So it's just funny because it's like, you're, you're good because you're not worried about it on whatever level. But I don't think that they realize and why would they write that the, the angst isn't so much just the house and the property as much as it is for the children, as much as it is about their parents as well.

[Uncle Marv]
Yeah. Oh, it's been fun. It has been fun.

Especially I had to get her home. You know, she wasn't even home to plan for this. She's been in Louisiana for the last week.

So she was supposed to fly today. And when we found out that the airport was going to shut down, scramble to get her home late last night. So that is where we are.

So Tim, let me do this. Let me first make sure I got your title, right? Cause it's a little longer than your last one, chief evangelist of community and channels.

Is that correct?

[Tim Coach]
That is correct. So it's, it's just one of those things where when they were talking about the title, it was something where, you know, in the old days when we were just, you know, channel chiefs, right. You really just worried about like the events and how the events pulled off and, and you had some stuff in involved with other groups, but, you know, over the last several years, we've really seen much more of an emphasis on the community, not just events.

Right. So it's, it's one of those positions that just naturally developed where we're really more about the community, but the events and the channel is just certainly part of that.

[Uncle Marv]
Right. And the company is called Cynomi.

[Tim Coach]
Yes, sir.

[Uncle Marv]
And if you put a transcript into AI and it tries to spell that out, it comes up with tsunami some of the time. So tell us about the name just so that we can get that it's spelled C Y N O M I.

[Tim Coach]
Yeah. So the, the name, when I talked to him, it was kind of a, it's, it's when we were having that conversation, there's it's, they land on the name just through some, some different scenarios and some translations. But the real story that he, that David, the owner of wants to get across is that is the manta ray as, as the symbol of the, of the company.

And when we, when we were talking about that, he, he re he literally referenced finding Nemo movie about how, you know, the, if you remember in finding Nemo, the, the manta ray or the C ray was, was the teacher. And when they were going out beyond the reef, right? Like the, the teacher was the one, the C ray was the one protecting them and keeping them all safe.

So, so David's pattern as he was looking at this was, okay, well, that's really what we're doing is we're, we're helping the community be safe by showing them where they're at and their security posture. So that's, that's for him was, was really kind of an important piece of it was the manta ray and the protecting of the community.

[Uncle Marv]
All right. So I do have a tough question for you, but before we go on, I have to acknowledge our friend in the chat, Keith, my title is chief cigar smoker. So I think if I remember, I did not see a show of all things MSP.

So he must be bored tonight and he hung out for this show. So I love Keith.

[Tim Coach]
He's always, you know, I always try to have a cigar with him, but man, it's like, it's sometimes it's just taking that, that 30 or 40 minutes to enjoy a cigar with Keith and some of the other people outside. It's just, there's so much else going on that I get pulled away.

[Uncle Marv]
Yeah. So let me ask the hard question to get it out the way. Um, why'd you leave your previous place and wander around the desert for 40 days and end up here?

[Tim Coach]
Yeah. So it was really, so if I go back and I talk about Pia, so one real, still really good friends, right. Christian and Nick and all those guys, you know, my, my best buddy, Joe's still over there.

Um, you know, it was, I, they had dedicated that by the first of this year, they're going to bring a new CEO in. Right. And as you know, when you bring a new CEO in, they got to get their feet under them, right.

They got to figure out what they want to do and where they want to go. And, and they brought the new CEO in January and he spent quite a few months trying to figure out what the path of the company was going to be. And in the process of that, he decided that, you know, there need to be some focus internally on the company and money.

At that point, you know, you got to know where your funds are going and what you're getting out of your funds. And they wanted to focus on the product, which was going to remove a good size chunk of cash from the channel program from the events. Well, that's what I do.

So it just wasn't an alignment to where my path and their path was going to continue because they wanted to focus on the product. Nothing wrong with that. I actually applaud them for that.

Right. I think every new business should focus on their product from time to time and stop worrying about being, you know, so, so visible and so promising and just focus to make sure the product was good. But it was really just that point where, you know, some things needed to be focused on.

They were going to pull back or pull some of that money back out of the channel, the events team, which is fine. So it just wasn't an alignment anymore. So we shook hands as friends.

And, you know, like I said, Christian's still a friend and, you know, Nick that's over there running whatever Nick's running nowadays and Joe and I wish him all the best. It just was no longer an alignment.

[Uncle Marv]
All right. So now let me talk about Cynomi because, I mean, it's basically a VCSO company, at least that's, that's my summarization of it. And there's already a ton of others out there.

What makes Cynomi so, so special?

[Tim Coach]
I think for me, it was, so, so I've said this a couple of times, I'll continue to say it is for the life of me, I was trying to stay out of the security side of the house.

[Uncle Marv]
Okay.

[Tim Coach]
We already have some great personalities out there in the security world. That's doing a really great job at pushing that. And it's, it's just one of those things where I just didn't want to represent another widget.

Right. And if you look at the, if you look at the owner's background and the people who are the foundation of this company, they certainly could have created a widget with, with very good ease. Right.

And probably something that would have been a really good, but instead they went down the path of, okay, well, how do we look at what they're trying to do and make the MSP life easier. And that became, it's, it's really the VC so thing, but it's more than that. A lot of people say like a bit of a GRC thing and a VCU.

And I think it's much more than that. So, so as I was talking to David and I got talking to the rest of the team, we got to dig it into this. Quite honestly, I was just having a ton of flashbacks.

So from some pretty horrific MSP days, because back then I was working heavily with banks and you go through all these audits and exams and there's five every year and you can't get away from them. So the more you're stacking banks, the, that number just multiplies. Right.

And I just remember that process being a very, very manual process. So when I sat down to actually go through a demo and look at the product, it was just the ease of use to get to what used to take us day or hours and days and so much time to get to where the reports actually were, struck a chord with me because I remember those days of writing the Excel spreadsheets and making all these notes for all these security postures and all these compliance frameworks to get our clients secure. So for me, what it came down to was one, if you go into the software and obviously we're having a conversation, this isn't going to be a sales pitch. If you go into the software, you do like 15 questions that sets up a profile for your client or yourself.

I think people should be doing it on themselves as much as they should do it on the clients. But then you go in and pick whatever the framework is or, or the five frameworks that you need answer a series of questions. Of course, there's internal and external scanning that creates the dashboard of the reports of where these companies are in their security posture on their way to compliancy, right?

So that's where you start looking at that vCISO piece of it is these are the reports. The problem is when you're looking at this, when you're looking at a spider graph and it says in order for, you have all these scores and you should be like an eight or a 10 or whatever scenario is, but maybe you're a two. Well, how do you get from the two to the eight?

That's something we struggled with as MSPs and you did a ton of research and you were working with auditors and everybody you can to figure out how that is. Well, this actually gives you those steps. So you know what steps to take to get from that two to that eight or from the five to the eight or whatever scenario is.

The other thing was it; you know, everybody has a whole list of policy documentation that you give out, right? Everybody has a document repository that all their clients have access to, but you still have to go in as the MSP and manipulate those to the framework and to the client. And what I liked about the Cynomi product is it actually spits out those reports already unique to the client and the framework they've chosen.

So now I don't have as much work to do. And then further on, obviously we can get into, you know, it keeps a history of how you're doing in your security posture and in your compliance posture. So there's just a lot of pieces there that push that VCSO revenue stream for the MSPs to say, you know, here's how you can actually do this.

I think it's great on multiple levels because one, you can test security, right? You're not actually going out and paying for a SOC 2 audit. You can prepare to get SOC 2 beforehand.

You can prepare to get HIPAA or PCI or GDPR or whatever it is beforehand. So it's like I got the cheat code to getting everything set up before I get there. Now, when you go into that VCSO conversation, we have to understand that there's just not a lot of high-end CSOs out there, right?

That hasn't been a path historically. So there's very few out there. So you still need that intellect at the very top of that VCSO offering to have those conversations with the businesses.

But it's like all that work that takes so much time and all that effort on the engineering side to fix all the issues, it's really streamlined all of that to make that very easy. So you actually expand the capability of your CSOs to do more for your clients. So that's kind of what hooked me in was the easy use, the pain of what I used to have to go for, and what just gets put out by default.

[Uncle Marv]
All right. So does some of the work that is made easier, is that because of integrations, being able to pull information from all these different places? Because I'll be honest, when I've looked at some of these products, you're right.

It's a ton of work. I mean, it's... Let's, well, let me rephrase it this way.

It's a pain in the butt to do documentation. It's just as much a pain in the butt to prepare for VCSO stuff. So how does it make that easier?

[Tim Coach]
So that's... And you hit it, right? The short answer is the integration.

So we obviously have the internal and external scans, but you can also use other people's products and import it into our product to work with the Cynomi reports and how it's working in the framework. So it's not just our proprietary stuff, but we're actually partnering and we continue to partner with these others that we have that ability to pull the information in, to put that in the report.

[Uncle Marv]
OPP, other people's products.

[Tim Coach]
But see, that's why we invent the wheel, right? How many times do we see somebody out there that there's already something there and it's like, I don't like it, so I'm just going to go completely redo it. We're currently working...

Covello has a great... They have a great product as far as scanning tools go. So for us, it's like, okay, why are we going to go out and build an entire scanning tool when there's RapidFire and Covello and all these other products that already do a great job at that?

Why don't we just partner with them and pull it into our platform? Because now what you're doing is you're making it easier for the MSP so they don't have to go out and continue to put in new products and add onto their stacks when they may already have overlap in some of the products they have.

[Uncle Marv]
All right. Now, I went to your website earlier and I don't think I saw a list of the integrations. Do you guys not have a list that you share or is it just...

[Tim Coach]
I don't think they have that list publicized at this point.

[Uncle Marv]
All right. Our chat room is ridiculous tonight. What is going on?

[Tim Coach]
Which one are you looking at? Because I'm on the stream yard, so I'm not seeing it.

[Uncle Marv]
Well, you're probably looking at the private, but it's go up to the top to the comments. So going back to the great insight to do yourself and then your company.

[Tim Coach]
Well, so this is one of the things that I say, right? We can set the proofs in the pudding. I'll use that all day long because obviously I'm a fluffy man and I love pudding, right?

But the point is, I can say I'm secure. I can say I'm compliant, right? But this is what drives me crazy.

If you haven't done the checklist for somebody else to confirm that you are, then are you really? And then you're trying to provide these services to other people. So the first person you should worry about your security posture is yourself, right?

Because if I can go out and say I'm secure, here's the third party that's auditing me. This is another one I've been using lately because it fits well here. One of my colleagues used to say the prisoner should never check the bars.

If I'm the MSP and I'm doing my own work and I'm doing my own audit and I'm saying I'm secure, then who's checking the bars, right? So I think that's where it comes important for to have someone outside check your work to make sure you are secure and to make your clients secure. And what I love about it is we can simply provide a link to anyone that the client chooses and they can go in and see the historical security posture and how you've improved or not improved depending on where you are.

Just show them that proof.

[Uncle Marv]
Right. But isn't the problem with that price, which MSPs, as much as we talk about put everything in your stack, bill for it, blah, blah, blah. We are, I'm going to say we're more guilty than our clients when it comes to not doing stuff because it costs too much.

I mean, how many MSPs do you know that will not do a risk assessment on themselves?

[Tim Coach]
Oh, a plethora. But it's also got to do with OML levels, right? Like we see it when you're, when you, when up to about a million, you're just trying to get that thing to create some revenue so that you and your employees can, you can make that paycheck and you're not robbing Peter to pay Paul and you can pay those vendors, right?

Once you get to about 3 million, then you start seeing, you know, real levels of OML coming in because people continue to try to improve that along the way. So I think that's why, and this being so easy, right? Because every MSP on some level should be looking at SOC 2 at a minimum, right?

So if I can go in, set up my profile, and then go put myself through a SOC 2 audit, right? Now I'm not, we're not certifying you as SOC 2, but if I can put myself through that framework and know where I need to improve, then that, that saves me possibly some embarrassment of somebody else doing it. It also shows that I'm being proactive with my own MSP and my own business to be secure.

[Uncle Marv]
All right. So since we brought up price, let's go ahead and get this out of the way too, because I don't want anybody to be surprised if they hear this show and then they go looking at Sonoma and they see the price and, you know, they basically, you know, lay a deuce for lack of a better phrase.

[Tim Coach]
Right. They have a small coronary.

[Uncle Marv]
Yeah. Cause I, I, I don't think, and I'll speak for the smaller MSPs, most of them are going to look at that price and, and, and, and freak a little bit. And I looked at it now, granted, I deal with law firms and the numbers did not scare me.

I know some people that it will, and I've already figured out, okay, well I can fit that in. Other people will look at that. And, you know, when you're talking about per client, it starts to add up.

So how do you, how do you address that?

[Tim Coach]
Yeah. So for me, it's one of the, so, so this is the first product that I've aligned myself with. That's a sell through product.

And part of that was because I can sit, I can sit at a table full of MSPs and we can talk about how to create an MRR structure for, for a new line of revenue with this product. Now, if we want to talk about price, let's get this out of the way easy, right? So essentially the price is $250 per instance or client, right?

And that's per month. And there's a minimum, there's a minimum of six, which is $1,500 a month, which is an annual commitment of about 18,000. Now we understand that not every MSP is going to have a whole line of, you know, law firms or pediatricians or banks.

We understand that. So part of that is that's the reason why we went out and partnered with PAX 8. And we actually, we actually have, we actually pulled a PAX 8 employee to lead that partnership with PAX 8 was so that these MSPs that do have the onesies or twosies, or they're just getting into this, you know, VC.

So, or, or really pushing the security playing with the idea of an MSSP, which is a whole other conversation, right? Like they can start out with a single license through PAX 8 and build it as they grow.

[Uncle Marv]
All right. That makes a lot of sense. And another reason to applaud PAX 8 for working with you guys to do that.

So.

[Tim Coach]
Yeah, no, it's like, look, we know like, so, so there's, there's an, there's always alignment issues when you're talking about companies, right? Part of one of those alignment issues is everybody wants the wells, right? MSPs are the same way.

They all want the big client. The problem is the big clients are, are kind of few and far between, right? So we know in our industry, 60% of the industry is a million dollars below and 70% of that 60 is actually half a million and below.

So the big wells are up in that top 5%. And our sweet spot is like that 40 to 45% in there. And in order to help these MSPs grow and not come in and be financially burdened on them, but still allow them into that compliance and that VC.

So platform to figure out that security piece of it, they need an avenue to get there. And that's where the partnership with PAX 8 made the most sense.

[Uncle Marv]
All right. Sounds good. Let's not gloss over the fact that we haven't really talked much about, you know, the features or pros and cons and stuff.

Everything seems pretty out in the open. If you go to the website, so Cynomi.com, when you look under the VSO, VCSO platform, it's got tabs, assess, plan, remediate, manage, measure, optimize, report. So it looks like you've got everything laid out.

This is what you should be doing if you're going through this process. And each step of the way with the tailored security policies and then the remediate, which is probably the thing that everybody gets stuck at, right? Because once you get to the remediating, you mean we got to fix all this and how much is that going to cost?

[Tim Coach]
Mm hmm. Well, and that's the thing is for, so this is where this is, this is a great conversation because this is whereas the MSP. So like, I'll tell you right now with banks, I charged a double onboarding fee.

Why? Because I knew when I went in and assess them that it was a rat's nest from the word go. And I knew it was going to take me 80 to 120 hours to really get them where they're ready for those audits and exams on a regular basis.

So what I would do is I would take that initial piece of it, especially for a client. And you can set that initial piece up as like, you know, if you want us to take you on as a VC, so as a security, there's a project up front where we have to get you there. Or we can take all these hours we would charge you for a project and this roll that into an MRR situation where we're actually being your CISO as well.

And we're partnering with these people in the CISO platform to make sure you're getting the best information you could get as you're moving forward. Because in the end, the government's going to regulate everything. It doesn't matter.

That's why I like banks. They have all the money in the world. They never want to spend it, but guess what?

The government will tell them. So eventually I'm getting that money. It just may be on the government's timeline, not mine or the bank.

[Uncle Marv]
Right. And under the way that a lot of my law firms are, the same way. They've got money and they didn't want to spend it, but the insurance companies are making them spend it now, making my job easier.

I want to go back to something. We're going to take a left turn here because you mentioned charging a double onboarding fee. I just want to dive into that because I don't want us to gloss over that.

Okay. That seems to be a bone of contention with MSPs. One, because they feel like if they charge a super onboarding fee, they're not going to get the client.

And on the other side, they don't want to pay a huge onboarding fee to the vendors. So I won't get into the story, but I had a big old deal with that. Talk about your onboarding situation.

[Tim Coach]
Over time, we developed an extremely efficient onboarding, and there's some hardware in here and I'll get into that. Our onboarding process was four weeks long. Every week there was a piece of our onboarding process.

The reason why week three and four was maybe a firewall and the Datto product, the Datto hardware back when we used Datto hardware is because we had to wait for that stuff to come in. But we spent about a year and a half with four companies in that phase every week. So we had four companies at any given time, and we were actually telling people like, listen, we can bring you on, but it's not going to be for six weeks is when we're going to be able to start your onboarding.

And what we found is with specifically the banks is a lot of them, because we dealt really with community banks. That's who we loved. And there's a big group of them.

They're not being quite bought out as of that time. So we would go in and these people would have had like a one man shop that wasn't really up because it's hard, right? And there's nothing wrong.

I know some great one man shops, but to stay up to date on all the technology, all the regulations, having a deep bench so people can come out, like at any time, whether who's on vacation or not, that's important, eventually in your business growth. So what it was an easy explain when you go there and say, look, here's where you would sit in audit right now. Here's all the things that got to be cleaned up.

So I can do a project for you, which is going to be way more hours, or I can just charge you the double onboarding rate, which is one month's fee. And it was normally cheaper, and I'd take a little bit of a bite in the butt on it. But I also took a bite in the butt, where most companies take six months to calm down.

I overemphasized every new client for three months and took it in the shorts on the revenue side. But I got them calmer faster. So I started seeing, I started seeing my green in the fourth month.

But that double onboarding fee was just because banks need so much attention, and it has to be done in a specific way. And they get it. So when you have that conversation with them, and you can go in there and pull the old, I'm only taking on five clients this year, and I'm not sure you qualify.

As soon as you say, I'm not sure you qualify, the tie gets a little tighter, and the jacket gets a little more jackety. And they're like, what do you mean I don't qualify? Well, we got to bring you up to current standards before we can guarantee you that your audits and exams will go as easy as they should.

[Uncle Marv]
Yeah. That's always a way to weed out customers as well, too. When you say, look, it's going to cost us this much to get you up to speed.

And if they just really balk at that, then you know, listen, if you're not going to spend the money now, you're not going to spend it later either. So that's a good thing. So the chat, again, let's see what Keith say here.

You must charge enough to offer the level of security and service your clients demand. That is true. Simply stop being a cost and focus on business outcomes for your clients and increase your income by multiple.

That is true.

[Tim Coach]
I like the two down from that too, where he says, when you sell stacks, you're selling commodities. I agree with that a thousand percent. Listen, I am telling you right now, that business owner you're talking to, they don't care what bit or Bob you're using.

What they care about is you provide them the commodity of I can turn on the light and I can turn the light off. That's what they want. They want that utility like their computer.

So I can tell you now. So if you go into a pediatrician, first off, they're not called doctors, they're called providers. So understand their language, talk in their language, not yours, always talk in the audience's language.

They don't give two flips on what firewall you're putting in. They care about, they can treat them babies. So they're depending on you to bring them a solution that takes care of their entire infrastructure, which is that security piece.

There are, the smaller ones are emerging because they're trying to protect themselves from the big monstrosity health units that are coming in right now. So as they're doing that, they need the security posture. They need that, the compliancy and understanding where all that sets.

And they need someone telling them how that happens as they're going into those conversations. You don't want to be looking at them post a merger and say, listen, the company you just acquired is a decade behind current standards. When we talk about sitting at the table, let me tell you something, a QBR is not going to get you a seat at the table.

Tell somebody how many tickets they had last month. Nobody cares. Tell them as you're moving forward in business, these are the things you need to do to get yourself in the correct position to grow and meet those goals that you've set for this company.

That gets you a seat at the table, not telling them how many tickets they had.

[Uncle Marv]
Absolutely. Absolutely. I just had a conversation with, I can say this, I don't care.

So the building that I'm in, it's a two-sided building. We have one half; the other half was by the owner. They haven't been in here for years.

They've been leasing it out. And people have heard the stories where we took over part of the space because there was a tattoo parlor in here and they were making too much noise and it was just a mess. So we got them out.

Well, the other side has been empty for the last four years, except for one. And then that bottom line is they're selling the building and I can't afford to buy the whole building because I'm not going to go through the hassle that they have of can't get a renter in the other side of the space. So the realtor came by and was walking through people, which is annoying, but we did it.

And so I was talking with him afterwards and he asked me what we did because every time he comes in, I don't understand how he doesn't know. We're just full of computers. I mean, it's stacked all over.

He goes, so you do IT? I said, yeah. He goes, I see you here a lot and you guys must really take care of your customers and you can do it all remote.

I said, yeah. And he goes, well, our guys, you know, they take care of us, but we're having some trouble. And I'm like, okay.

And he was telling me about the fact that he goes, look, we pay him a lot of money and I don't care about paying him the money as long as when we need them, they're there. And he started going to all these things about, you know, it's five o'clock on a Saturday, you know, they're realtors. So they're working all the time.

He's like, I got a contract, you know, I'm selling a $10 million building. I need to make sure something works. And it was just that mentality of, you know, a lot of times it's not about the money, it's about making sure they can do what they need to do.

[Tim Coach]
So I'll just give away a ton of secrets, right? Like old habits I used to have in ways I used to, like people avoid non-for-profits because of money. I love non-for-profits, but I know how to work with them.

You're going to go in and you're going to build them. And I will guarantee you that your bid is going to be over what they're paying almost a hundred percent. And they won't be able to go with you.

And they'll tell you that. But what nobody tells you is they're very strict with their budgets. That's the reason why they can't afford it.

So if you go in and you say, listen, okay, we're at about $1,500 difference here. I'm willing to give you an in-kind discount, which is perceived as a donation, right? So they can write it off and we can write it off until we get to the, until you get to your new budget year.

And then let's talk about how over the course of 12 or 24 months, we're going to get you up to our price. They'll bite on that all day long. But the problem is, is because people perceive non-for-profits as having money issues.

It's, it's, they don't want to work with them. And the reality of it is, is they just don't know how to work with them. They don't know how to work in their world.

[Uncle Marv]
Well, that's, that's one, one way to do it. The other way is who's asking for the work? Because if it's their board members, you just say, well, your board needs to know this is the cost.

And if they look at what it cost their business to do what they're asking you to do money, it shouldn't be the issue. And I've taken that approach. So I, I have two not-for-profits that I still work with.

I've gone through several and trust me, they come up with the money. When, if a board member asks, you know, when they kind of walk in and like, why are these systems so slow? And they're like, well, you know, they're old and we can't get anybody to donate, blah, blah, blah.

I'm like, stop looking for donations. If your board wants you to have new computers, have your board find the money.

[Tim Coach]
And that's, that's the thing. It's a lot of it. It's just knowing how to work with them versus, you know, it's the same thing when I'm on stage, right?

I can write or I can put together a presentation. That's the way I want to hear it. But that doesn't mean it's what the audience needs to hear, right?

I think that's part of the reason why some of us that are recovering MSPs do so well on this side of the line is because we understand and we can speak the proper words and the language that they understand and sometimes call BS when it's BS, right? That's, that's part of it. And like I said, to go back to it, that's part of the reason why I liked the Cynomi piece of it was as, as my first product that's actually a sell through is because I can work with MSPs to show them how to do it.

I don't think on the vendor side of it, we do that enough. We go sell them a product, right? And you look at the MSPs kind of the same way.

You go sell them a product, but what you're not doing is helping them understand what the product does or how you use it or where it benefits you, right? On the vendor side, part of our responsibility, especially when you're selling through is to help them understand how to package it, how to put it together and how to sell it through that their clients hear it properly. Because like I just said, you know, you talk to, you go to any doctor's office and they're called providers.

They're not called doctors, right? You go to a lawyer's office and you talk to the principals. Knowing the language of the people you're talking to, I think is important and knowing how they speak, right?

There's a reason why when I'm talking to financial piece people, I use the word fiduciary, right? Instead of finance or financial, it's because it's their words.

[Uncle Marv]
And the fact that they heard you say it means that, Oh, this person gets us.

[Tim Coach]
Exactly.

[Uncle Marv]
I can work with that.

[Tim Coach]
And that's, that's it, right? Like, like that's, that's where you want to land. You want to land with somebody that gets it and understands who they're trying to, to help and how they're doing it.

And that's, that's what I loved about, like, like the story is. So for those that don't know, the owner of the company's name is David. So, so, or he's the, the CEO, right?

There's a, we have another founder, Roy. So David wrote or is responsible for the framework that protects a country from cyber-attacks. So think about that for a minute.

I'm not talking about a company. I'm not talking about a state. I'm talking about an entire country that like, that's what he did in his military service.

And then he turned around and he cherry picked the best of the best out of his military unit. And then he cherry picked the best of the best out of the government unit and created Cynomi. And instead of creating another security widget, he created a product understanding where the MSPs need to go.

That security is, is still an issue and that we still need to figure out a way to get there. Cause I had this conversation with Matt Lee. I don't know how long ago, I think it was that, well, we were together up at a tech con and plug.

I'm like, it's amazing that we're still talking security and it's not just at the root of what we do. So when David was looking at what he was going to do next with his life after his military career, it wasn't, let's create another widget. It's how do we help them get to where they need to be?

[Uncle Marv]
So let me ask this because I know from your perspective, this is MSP first, but is that the way this company was started from the beginning where it is going to be MSP first, or is it going to also have a little B2B in it or sell direct?

[Tim Coach]
So it was absolutely not started as a channel first company. It was actually started specifically to help out the legal entity, right. To go into law firms.

That's where it was started. And then what happened is every time they would go into a law firm, that law firm would say, you need to talk to our MSP. So then it was like, okay, maybe we're talking to the wrong people.

So then they started talking to the MSP. And then that's where you see the evolution of, okay, this is how we can help the MSP. This is where we can bring in those VCSO service, the VCSO as a service, right.

I see it as, not just VCSO services, just a security posture, understanding where you are in your security path. But then that's when it really turned to, okay, MSPs don't really, they're not, there's not a solid solution out there that's kind of GRC plus, right. That's really showing them as you mentioned earlier on the website, all the different pieces to the puzzle.

Like they'll give you two of the five, or they'll give you three of the five, but why can't we just give you all of them? And that's where it ended up going was once they seen the MSP community as a place to go and how they got involved. Now, as far as the future goes, it's always meant to be a channel first through the channel.

Now we do have some companies, very large companies that specialize in like, they've got like five CSOs, right? Like all legitimate experience, education, everything you, every tick mark you want, that's who these people are. They're using the product from a standpoint of it gave them more bandwidth to take on more work because they're no longer doing the Excel spreadsheets and all the labor that it takes to get to that point.

But even those large companies are going through MSPs to get their license.

[Uncle Marv]
Okay. All right. Before we run out of time and get, we got way off track.

Part of that was my fault. I apologize.

[Tim Coach]
When do we not go off track? That's why I like this one so much.

[Uncle Marv]
I'm owning up to it at least. So I want to make sure I get the basics of this. So we're talking about a product that is customizable by client, customizable by platform, and simple to use for the MSP rather than, you know, a thousand questions that they've got to go through and answer.

[Tim Coach]
Right. And it's, it's, so it's kind of funny. So it's not just a framework.

So let's say you're, you're, well, HIPAA wouldn't work, but let's say you've got, you've got a couple of three in there, right? You got three different frameworks that, you know, if you're a U.S. company and you're trying to do SOC 2 and you're trying to do PCI and you're trying to do HIPAA, then you can select all three frameworks at the same time. And it will, it will combine those frameworks into the report.

And it will actually show you, hey, if you do this one thing, it will improve all three framework scores.

[Uncle Marv]
Okay. So, so I was working with somebody the other day and what they did was they took NIST 800-171 and they took, so they get from the insurance company a document that says security requirements, which means that for this law firm to work with us and get cases, you have to do these things. And they match the two together, put that into AI and came out with their list.

So that sounds more along the lines of what Cynomi is going to do, but in a much better, much efficient and not AI generated, which could be, you know, 50% right? 80% right?

[Tim Coach]
Yeah. So we're, we are doing, so I'm careful when it comes to this topic, just because of my, my history.

[Uncle Marv]
Okay.

[Tim Coach]
We do use AI. I'm trying to better understand because of Pia, right? And, and, and Pia wrote their own AI engine and they're using that to, you know, so when I talk AI, I talk making the human decision in place of the human and providing the action that takes care of the problem I'm taking, I'm experiencing.

That's what I, that's what I'm used to with Pia. Now, if you go to something like Roost, Roost is AI. They're just pushing more, you know, and Charlie will correct me if I'm wrong.

And I'm perfectly okay with that. They're using more of the RPA piece of it. Right.

So when I start talking about how we're using AI in this manner, I need a deeper understanding because I have the background there and I want to make sure when I'm talking about it, I'm talking correctly. Okay. And I'm not quite where I'm comfortable saying this is how we're using AI, but I know we are using AI to generate some of the stuff.

And I think it's more on, on the report side of it. And that's how you're getting the customization to the company with the framework.

[Uncle Marv]
Okay. Gotcha. All right.

And I'm going to skip over some other stuff and I'll just kind of ask you in terms of what we've discussed and what you want to make sure people understand, what other key benefits, features should we know about Cynomi?

[Tim Coach]
For me, it's like, obviously, so we, so we have the path of everything we've talked about. It also provides a path to the security verification you need in order to get your cyber insurance, right? Like we're, we're lining all of those things up.

I think the biggest thing for me when I see it is obviously there's this VCSO as a service that we're preaching, right? And you can absolutely 1000% use that. I think at the smaller level at the MSPs that are still growing and they're just trying to figure out their security posture.

They're trying to figure out where their clients are, right? Like a lot of times we go into these new clients, we onboard them. We have no idea where they are from a security perspective.

It allows them a new avenue, a new revenue line, because now they can actually use the product to say, okay, well, here's some security pieces that you don't have in place that you need in place. And it allows them to know that, right? I think the only way that you can say that you're X is if you check a, if you have a checkbox, right?

So like Henry Tim and another gentleman, I got in this big conversation about MSPs, right? And there's this conversation going on about this grassroots movement where they're going to be able to certify companies as an MSSP. This entity is right.

This is a conversation that's going on. I think that's wonderful because when you have a checklist that says, not only do I say I'm secure, but here's the checklist that I'm using from an outside entity that shows you I'm secure. I just proved it to you.

So I think you can certainly use it as it started out as a VC. So as a service platform, but I think there's a really good opportunity for MSPs to use it as just an understanding where your clients set on a security level and how to improve that.

[Uncle Marv]
All right. I'm going to sidebar something. Weren't you at a table a little while ago saying that there's no such thing as an MSSP?

Everyone's an MSP and you can have a focus in security?

[Tim Coach]
See, I knew somebody was going to get me on this. I knew somebody was going to get me on this. Yeah.

So I mean, but I can go back to our friend, Bob Coppedge, that will throw a stick in anybody's front wheel on the bicycle and say, there's no checklist for an MSP.

[Uncle Marv]
Not right now, not yet.

[Tim Coach]
So I think that's what we're, and that's like, and this is the conversation that's having at CompTIA and at like the tech degenerates. And quite honestly, some of these high L-level CISOs that I'm having conversations with now, it's how do we help provide something that certifies them as an MSSP? Right.

Because there's companies out there that provide nothing but vCISO services, right? They don't do any of the MSP work. They just do this.

So I think it's one of those things where I got to be more open-minded about the MSSP thing, but I still think on any level, because I come from a SOC 2 world, because I come from auditing and exams and I come from PCI and I come from governmental backgrounds, that there's got to be a checklist at some point that certifies us as what we say we are.

[Uncle Marv]
All right. I'm going to let the chat brew for a little bit and I'm going to give you a little bit of time to rest and recover. I'm going to say thank you to some sponsors here.

So while we're doing that, I will just simply say that the IT Business Podcast is presented by NetAlly. They are a wonderful partner. In fact, I used them this morning at a client to verify some network connectivity and prove to them that Comcast was their issue.

They can simplify network testing with rapid, reliable tools for seamless connectivity and instant visibility. Trust your network with the industry's leading handheld solutions and everything from the LinkRunner to the EtherScope. And our partners are SuperOps and TruGrid.

So with SuperOps, you can streamline your operations, elevate your service, and it is your all-in-one platform for managed success. And TruGrid offers managed services providing a streamlined solution for remote desktop access without the firewall. And you can see on the screen, we have some patrons that are paying $10 a month as supporting the podcast.

And I want to say thank you to all that. And let's see, what is the...

[Tim Coach]
I think we got a couple of LinkedIn users that hit it down there, right? Like CompTIA has...

[Uncle Marv]
Yeah, the trust mark.

[Tim Coach]
In our industry, they are the people that like, like how long have they been certifying? How long have they been providing tracks for us to learn, right? I mean, I started my IT career technically in 2000.

And A-plus was a thing obviously back then and way before then, right? I actually met the gentleman; I think I was in Atlanta at ChannelCon that helped do that. I think he's a Senator now in Oregon or something.

But it's one of those things where anything we do, there should be someone certifying that we're doing it correctly, especially when we're talking about security. I mean, that's the thing. Even if we just go back to backups, right?

There should be something that's being done every day to ensure those backups are done because no matter what we do in the other 90% of our business, if we don't have good solid backups that we know work and we can certify that the equipment has done its job and everything goes to hell in a handbasket or a Milton in a Florida, then none of the 90% does us any good.

[Uncle Marv]
Absolutely. Absolutely. All right.

Well, Tim, we went off track there a lot, but I appreciate it. I'm going to make sure we have in the show notes, the link to Cynomi and let's see what we're going to do here. That should be good.

They're still talking about Trustmark and stuff, so I'll let them do with that in the chat. Okay. Let's get ready for one of the favorite segments that people love, Florida man.

And so it's usually Florida man or random question. Tim, did you come with a story to challenge Florida man or you just want to answer a random question?

[Tim Coach]
Oh, we can do all of it. I'm good with whatever.

[Uncle Marv]
All right. Let's see here.

[Tim Coach]
It's a random question. We're asking all these hard questions. Why don't we just keep up with the questions?

[Uncle Marv]
Okay. Well, here's a good one. This should be fun.

What's the most difficult thing about being you?

[Tim Coach]
Just being this damn sexy. Yeah. But no, the most difficult thing about being me is being at home, right?

Like I don't get me wrong. I love my kids, right? My son's a senior and I'm spending as much possible time as I can with him before he gets out, right?

But the not being on the road and this really hit me hard in that time period where I was doing some call it consulting and I hadn't decided on a company, right? When you get used to being on the road all the time and then you're not on the road all the time, man, it is just difficult to sit here at a computer all day long and beat away. Now, I will tell you right now, the hardest part of being me is working through all the Excel sheets spread to get budgets ready for 2025.

Once we hit 2025, I can just execute the plan. I'll be much happier. But man, this is the time of year, right?

Everybody should be in their budgets right now and it sucks. I get it. It's not fun.

But with that being said too, you need that data, I think. We see a lot of people make these unobtainable goals on their sales department or their ops department or whoever it is, and they're not using the data to predict where they should go or to make those smart goals or those BHAGs that are reachable. So I think this is a tough time of year for everybody just because they're going through budgets, trying to get ready for 2025, trying to predict where they're going to need employees, trying to predict where new revenue streams are, so on and so forth.

[Uncle Marv]
Yeah. All right. So I was in a little conundrum earlier because we're going to have a ton of Florida Man stories surrounding Milton as they come through.

We've already had a Lieutenant Dan who was trying to stand his ground on his boat off the coast of West Florida and not evacuate, who eventually was picked up. But I want to share the screen here. I cannot play this because there's music involved and every time I play music, I get dinged.

But HBO is actually coming out with its own documentary. It is going to be called It's Florida Man, an upcoming series that will premiere in 2025, and it is going to feature some talented actresses and actors, Anna Faris and Jake Johnson, Randall Park and John Grease. The show is inspired by the infamous Florida Man meme, which highlights bizarre and outrageous headlines and quotes.

Every story that they bring is true. It is going to start with six episodes, the mermaid encounter, the toe eating incident, alligator shenanigans, extreme fantasy. Let your mind run with that.

Witches and magic and feral bunnies. And you asked, why are there so many things done about Florida Man? And if you're able to watch the video, it's a little weird.

Um, Netflix did a series and basically here's the reason. Florida has a thing called the sunshine law, which allows easy access to public records. And that is what contributes to the abundance of unusual incidents reported.

So, uh, in summary, Florida man, it's Florida man promises to deliver a comedic yet respectful exploration of real life events that have become a defining aspect of Florida's cultural landscape. And I am so sorry that I cannot play the sound live here, but if you are watching the video, it's, uh, it's pretty hilarious there.

[Tim Coach]
So it's, it's absolutely a security violation on every level, but still to this day, one of my favorite icebreakers is asking somebody's, uh, month and year there, their birth month and year. But of course you can just say, just give me a month and a month and a day, or I'm sorry. Yeah.

You want the month and the day, right? You don't want to hear, but just ask that and then Google that. And it will bring up 24 demand stories that every one of them are funny and it's just the best icebreaker on the planet because everybody starts out by laughing, right?

You share a laugh with someone that's the best.

[Uncle Marv]
And they're true. I mean, that's the funniest thing about it. They are true.

Even the ones where they come up with, you know, there's my radio station tries to do a thing called Florida man or not. Um, and even the ones that are not, there's actually a little bit of truth in all of them because somebody always goes, wait a minute. That did happen, but it was with this and not that.

So it's funny.

[Tim Coach]
The more outrageous, the better.

[Uncle Marv]
Yep. All right, Tim. Uh, thank you for coming on the show and promoting your new gig as the chief evangelist of community and channels.

[Tim Coach]
Thank you for having me on. It's always a pleasure to be, to be on the podcast. I enjoy all of our conversations.

At some point we're going to have to get the original crew back together and, and just have another music night.

[Uncle Marv]
We do. We do. We'll have to figure out how to make that happen.

And, um, let's see, I'll figure it out. I I'll, I'll reach out to you offline. We'll find out when we're all going to be together.

Cause I've got some, some live surprises coming up that maybe we can do.

[Tim Coach]
Yeah. Joe actually got, for those that don't keep up with Joe, Joe has a new band called freaky things. Um, and you can find it on any platform and it's quite a bit different than his stuff.

But they were actually, he had actually nominated him and his, his partner, Chucky were nominated for, I think it was like song of the year. So they were just in Atlanta at a big industry show. And let me tell you, Joe's outfit, I'll have to share with you at some point.

It did not disappoint. He was a rock star to the nth degree that he should be. I was going to say going good.

I mean, they're like, they're hitting the charts in Europe and over an APAC. And it's, it's just been a really, I can, I can see how much happier he is now that he's really back into his music and he's back creating. So I love it for him.

[Uncle Marv]
All right. I was going to say, don't tell me he wore like a three piece suit and you know, all of that stuff.

[Tim Coach]
No, I'll send you the picture. I mean, it's a, it's leather pants and red boots, this vest thing with the guns out. And of course his hair's down like it, he, he, he's living his best life.

[Uncle Marv]
Nice. All right, folks. Well, we're going to get out of here.

We were right at the hour mark and Tim coach was with us and Cynomi, a software solution for MSPs and MSSPs to assess client security posture and provide compliance roadmaps. So thank you for coming out. I appreciate everybody in the chat tonight.

And I saw Bruce and Brian and Keith and Lewis, who else was out there? There was a bunch of you out there. I think maybe Tim popped in for a second there.

He probably popped in and popped out. Tim Golden, I think was in there guys. Thank you very much for coming out to the show.

We try to do this every Wednesday live. And of course we have the audio shows that you can listen to at any time, head over to itbusinesspodcast.com and pick your favorite pod catcher. So they'll download when they're released.

I mentioned the supporters on the show. Today was a prime day. If you shop on prime, use the link that is at the website as well.

And rather than you giving directly to the show and worrying about, you know, spending more money, just shop on Amazon, whatever you do, Amazon will kick off a little percentage to support the show. And I appreciate that. So that's going to do it, folks.

I want to say thank you. We'll be back soon. And until next time, holla!