No Asshole Policy for MSP Clients (975)

Hello friends, Uncle Marv here with another episode of the IT Business Podcast coming at you live from Orlando, Florida, where we are at Zero Trust World 2026. We are into day two and it looks like lunch will be starting soon, but we are continuing on with interviews here and I have with me this time a gentleman from across the pond, Ian Dunstan, and we'll chat about a few things. He's got a couple of companies, big in the Kaseya family, big in the ThreatLocker family. 

We'll see where this goes. So Ian, thank you for stopping by. Thank you very much for having me.

So let me ask this question just to get that out the way first. Which company flew you out here to be a part of the event? Kaseya and ThreatLocker together. They did? Okay.

Yes. All right. So you're big with both? I am.

Nice, nice. So your company, we talked a little bit before, so I was going to talk about Cobalt, but you've got Cobalt Communications, Cobalt IT. It sounds like those were separate before and now they're going to combine into one? It's a bit of an interesting history. 

I started in 2001 in IT, very big then into Microsoft Small Business Servers, where I am in Devon in the Southwest. There's lots of small companies. Okay.

SPS was just an incredible product for us, and we did well with that. And then in about 2008, I got more into telecoms, and do you know what? It was just so much easier because there wasn't the same pressure on you. Back then, we were all break, fix. 

No one was really proactive. We were proactive. We used CentraStage, which is what Datto sort of bought and became, but it was hard work. 

So I ventured off very much into the comms space for a long time, kept the IT side running, and then about three years ago, I realized we were doing it really badly and that I either needed to drop the IT, but it was still my passion and I still felt I had a page that hadn't turned. Something wasn't there. So I went to a session and someone said, the best time to plant a tree was 20 years ago.

And the next best time? The next best time is right now. And it was weird how something like that can really start triggering your mind that head trash and fear holds us back from so many things in our life. And all of a sudden, that was like I'd just been given a code green to rip up my entire IT business and reinvent a new product and reinvent us because we had a great brand as Cobalt. 

We had a great reputation. We had everything there, just the product I wasn't happy with because we weren't doing it very well. Okay, so I want to dig into that because you brought it up. 

So great reputation, great brand, but you didn't feel like you were doing it well. I mean, you were obviously successful. So what was it that sparked that thought of we need to rebuild? I think customers stayed with us because they liked us because they were loyal to us because they've been with us for a long time. 

They had an idea that we weren't doing things as well as we should do, but they still stayed with us because they enjoyed dealing with us and people and everything else. And they weren't having breaches. They weren't having issues. 

Just we weren't enabling their business. We were just being an IT company that just looked after their stuff and delivered their email. And what I wanted more was a much more consultancy type business where we actually helped their business grow and help develop them. 

And we literally ripped up the book. I went into the biggest customers and said, this is what we're going to be doing for you now. I doubled their price and they went, thank you. 

And I was just amazed because they wanted us to do this for them and we haven't delivered. And then of course you get a bit of a spring in your step and then you go and visit the others. And they all said,  Thank you. 

And I think we lost one customer who just couldn't cope with the price rise because they were so conscious. They see the value. I say to my sales guys, they say, oh, we lost that deal on price. 

I said, no, we didn't. The customer didn't understand the value of what you were selling them over what somebody else was. Okay. 

So you made this big switch. Now, did you, you know, go full force into managed services at that time, or had you actually been doing some of it, but not wrapping it up in the right language? Exactly that. So we've been doing managed services. 

We'd looked after them that way. So they were on that 365 platform. They were on some of the security products. 

We'd been with Kaseya, with Datto for the RMM side of things. But to begin with, it was all just on servers. And then we made sure that was rolled out to every end point. 

And then we wrapped up the whole lot with backup, with EDR, MDR, and everything else that they kind of needed. But more importantly we then gave them the TAM role, so the technical advisor, so that they go in there and actually really find out what was holding their business back. And then the VCIO role, where they then put that together and actually sell it with professional services to develop them so that they didn't see IT as a chore. 

They saw IT as something that was needed for them to grow their business. So when I looked up some information on you, it talked about you starting out as a kind of your mom and pop fix-it shop. Now you're considered an MSP in cybersecurity stronghold and stuff like that. 

Do you feel like you're now in full swing and you've got a wave you're going to ride for a while? Or are you still evolving? If you don't evolve, unless you keep changing, you keep innovating, you're always moving backwards. So it's kind of like swimming against the tide, isn't it? And you will occasionally get caught by a big wave and get pushed back a little bit, but that's what resilience is. And that's what, having been in business since 2001, 25 years we've just celebrated, resilience is absolutely key. 

And are we where we need to be? No. Will we ever? I'd like to think we will, but that's only by hiring the right people, getting the right people in the right seats. We've kind of been working on the EOS platform for about six years, but again, we ripped that up and redid our vision, reworked our senior leadership team. 

We worked everything to get everyone rowing in the right direction and in the same direction. Okay. I do want to make sure I do this because we are at the Threat Locker event. 

So let me at least ask you about them. I know you talked about being involved with Datto, Kaseya for a long time. When did you hop aboard with Threat Locker? Just over a year ago. 

And it took a while because zero trust is something that had been spoken about and I think we've always wanted to do it. But when their product was new, it was difficult to configure and it would shut things down. And I think it was when learning mode sort of came in so that you were there and they've evolved massively as a company.

And our customers were just demanding more and it allows you to sleep at night a little bit better. Yeah. All right. 

So just a year ago, so you're still kind of in the honeymoon stage. I'm a baby. Did you do the whole bundle? Because a lot of people just kind of sometimes will start with, you know, allow listing, ring fencing, and then add on later.

We're still on that journey now. We don't have it deployed across all of our customers because a lot of it's education. So the customer doesn't really know. 

Nobody comes to us and asks for Threat Locker or asks for zero trust. What they ask for is to be protected and be looked after and know that they're not going to have breaches. So we're very much in this early journey still of where exactly it sits. 

Okay. I'd like to get it so that it's a de facto must. If you want to deal with Cobalt, you want to deal with us, you have to have Threat Locker involved.

That's what I did. Yes. I just, I went all in and half my customers, I didn't even tell.

It wasn't until they had a pop-up when they were like, what's this? And I would explain it at that time and they're like, oh, okay. So it was interesting. I know a lot of people don't do that.

A lot of people actually want to explain it ahead of time. Hey, you're going to start to see this and that and you're not going to be able to install and all of that. So how are you doing that rollout with those customers? We're rolling it out per specific customer that's on our managed service. 

So as we upgrade them and we move them through, it wasn't that long ago, we just moved a lot of them from standard to premium to give them all the extra bits in 365 premium. And then it's like, that's still not quite enough. But the customers often don't understand why. 

They don't know why they need it. Why is the Microsoft product not enough? Why is the Kaseya with Datto part not enough? And I guess it's once they've had a breach and once they've had something very, very close to them or a customer very close to them, there's a lot of compliance going on in the UK as well. Got a new cyber security resilience bill. 

So where it was just sort of law firms and accountants that used to have to have compliance with it. They're rolling that out to more firms and that's going to really help our journey. Explain that to me because I heard about it briefly, but I don't know the full thing. 

So this is now cyber resiliency. Is it a law? Is it a guidance? What exactly is it? So it's already a law for people who have compliance. So law firms, accountants, financial have to be compliant. 

They report back to the SRA, the Solicitors Regulation Authority, or the FCI, the Financial Conduct Authority. They're rolling in a lot more across different firms. So supply chains, after we had some big supply chain attacks last year with Land Rover and with Marks and Spencer, two big ones that were multi-billion pounds on the UK. 

And the cyber security resilience bill has been through the Houses of Parliament in October last year. Parts of it haven't been updated since the early 80s. Parts of it go back to the 70s. 

So it's a very out of date thing. The UK government have realized that they need to force compliance upon more people because the barrier to entry in IT is nothing. There is nothing stopping somebody starting up and becoming Ian's IT, which is pretty much what they did 25 years ago.

And I think those barriers to entry really need to be there so that a customer or a company knows the support they're getting is from somebody who has the correct training in place, who has the correct insurance in place. Now, I'm going to ask this in a way that in America, the compliance regulations for those industries you mentioned, legal, medical, financial, are all different. Have you guys found a way to make the same cyber laws apply across all those industries or are there still differences among them? There are differences, but I think if you have something that is top tier, then it works and it rolls out across any industry because it doesn't really matter what they're doing as long as you've got everything in there. 

And this is the problem that a long time ago, every company used to do this. They'd have a good, better best. So they'd have their bronze, silver, gold support and people would go, oh, that's a lot. 

I'm just going to go for bronze. You can't do that with cyber. You can't say, I'm going to half protect you. 

You can have a top tier product, but actually that should be, if it's there and that's your best, that should be something that goes to everyone. Hence we're saying about having threat locker as a non-negotiable, it's got to be there because that protects us as a company, makes us feel safe that we're doing the right job for our customer. So whether you say in medical or in law, we've got two sort of products. 

So there's the cyber essentials, which is something that you sign up to and there's cyber essentials plus, which is then actually where you're not marking your own homework. You have another test to come and do testing. But the uptake even of cyber essentials is very low.

Okay. Very nice. Yeah, I did that. 

That's why I've mentioned threat locker is not even a question. It's on everybody everywhere. So I've been redoing my stuff. 

So I don't have a good, better best. I don't even have a package A or package B. Here's your package. And then I've got some add-ons if you want to do some other stuff. 

So you can see I'm already down that line as well. But maybe this chat has just convinced me that I'm going on the right thing and just to take that step. Nice. 

All right. I want to get one question in before we ran out of time that has nothing to do with any of this. I saw that it was said about your company that you guys have a no asshole policy and that was out there on the internet, exactly like that. 

So do you actually tell people that or is that just something that came about? Hey, it's written clearly on my LinkedIn, isn't it? At the bottom, it says I operate a strong no asshole policy for my team. So the question is, what makes somebody an asshole that you won't deal with? Okay. So if you ask different departments that they can nominate one customer a month.

So they go to technical support. You can nominate one customer who's making your life really hard and to the finance department, you can nominate one customer that's making your life really hard or to the TAMs, so the people with professional services, name one customer. If that name appears in all three of those, then they're gone because it takes only one bad apple to rot an entire box. 

We know that. And actually, if that one person's dragging down your team and taking resources, we have an algorithm in the business, which I started, which is called pain per pound. Interesting.

The amount of pain it takes to earn one pound. So the pain per pound then algorithm kicks in and we talk to the customer. We'll have a realignment meeting with them first and say, this is where we are. 

It's not working. If you're miserable to my team and miserable to us, you're not happy. I don't want you being not happy to us and dragging everything down.

And they either then go, look, I was really out of line. I'm sorry. It could be better.

A lot of the time that fixes it. But actually, then it goes further down the line. So I have my rule one, which is make your last loss your first loss. 

You know, something's going to cost you emotionally or financially somewhere down the line. Just ditch the pride, ditch yourself, whatever else, and just do it now. Get rid of it and get it done.

Interesting. Do you have a PETA price? A pain in the ass price? No, I just will not deal with them. Life is too short.

All right. I asked that because I did that once where I said, listen, if you're going to be that troublesome, you're going to pay this much more. And they did.

That's exactly the problem, because they do. And then you have a moral junction with yourself where you say they are a pain in the ass, but they're paying me loads of money for it. Yeah.

Well, I'd rather deal with nice people. I can tell you this. I did that for, I think, two years. 

And then I said, OK, that's enough. There is no more. There's nothing beyond the PETA price. 

So we're done. It was a hard conversation. Your compromise there was that, yeah, I'd rather just stick with the no compromise. 

Let's just get on with it. And there's plenty of people out there. And if you don't align with them fully, you're not going to do a great job for them.

And they're not going to do a job or enjoy working with you. OK. Something I did not prep you for, which I didn't prep you for anything.

But when you walked up to the booth, you saw the equipment there and you looked all that up. Do you podcast? I do, indeed. Tell us about that.

So I've got two locks on a Cox. So a lock in rugby is the second row. They lock in the front row.

And as you can see from my appearance and my ear, I played a lot of rugby. So I do it with Sarah Cox, who's a professional referee. OK.

Ben Lee, who is a retired premiership rugby player. And we sit down each week and talk about extra chiefs, our rugby team and talk about refereeing in the game in general. And I then on the back of that sort of was looking at the kit, sat in my office and thought I better do a business one.

So we're only two in on the new one, which is talking tech beyond the buzzwords, which I'm doing with Chris Thomas, who's my new MD. OK. And we did the first one on Cyber Essentials, Cyber Resilience Bill.

And then we did the second one around EOS, Entrepreneurs Operating System, and the importance of core values and authenticity within a business. All right. Well, we'll have to get a link from you to put in the show notes, because we will direct some people to listen to that tech podcast.

We'll share some more value out there. That'd be very kind. That'd be somebody else apart from my mum listening to it.

Right. Well, Ian, thank you very much for stopping by. You didn't think we'd have a lot to talk about. 

And here we are. It was all dead easy. It's been emotional.

Yes. Don't go away crying. Hi, folks. 

Ian Dunstan there from Cobalt. Do you have a new name for everything or is it just... Cobalt Business IT and Comms. OK.

Work smarter, not harder. OK. That sounds longer than the original name.

Cobalt Computer Solutions and Cobalt Communication Solutions were quite long. OK. All right. 

So you'll find his information there. I'll get a guest page for him on the website. We'll get some links for his LinkedIn posts and all of that.

And you can check out the podcast that he'll probably be three or four in by the time this post. But I look forward to getting some people over there. Ian, thanks a lot.

Thank you very much. All right, folks. That's going to be doing.

That was a horrible etch it. That's going to do it for this episode. I think I've got two or three more here.

So we'll be back with more of the IT business podcast from Zero Trust World. We'll see you soon. Holla!