Keeping with our sports theme, consider what coaches do, even at the elite level. There’s what happens in practice and training, and then there’s what happens on game day.

That is to say a coach is teaching and training during the week, and guiding/directing on game day. In much the same way, your MSP coaches need to be teachers as well as directors.

Today’s IT workforce is diverse – in almost every way: age, origin, experience/tenure, gender.  Your coaches need to be able to relate to all their players and meet them where they’re at so that they can continually teach the processes, techniques, and attitudes needed to win it all.

Naturally there are limitations to the sports analogy and those of us in the managed services game know that every day is game day. That means your coaches have to be able to switch into director mode and can ‘call the plays’ to put the team members into positions to be successful.

Who are your coaches in an MSP? How about a Support Manager? Perhaps a Sales Manager. In the same way it’s common for coaches to wear multiple hats (Offensive Coordinator and Running Backs Coach) – our MSP coaches often do the same. In our company, it’s not uncommon for even some back-office managers to have some direct revenue responsibility as a VCIO or some other capacity.

If you are just getting started or are a smaller company, you may find it daunting to establish a help desk. There have been, and continue to be several companies that offer to fill this function for you on a retainer basis – and we are not here to say those are necessarily bad options. Companies such as IT By Design and even distributors such as Ingram Micro can be “your” team. What we do want to convey to you is that whether you insource or outsource this function (my preference is insourced), that you double-down – scratch that – you triple-down on making sure the quality and consistency are there with that group.

Your helpdesk should be staffed by associates that are personable, conscientious and understand customer services. We have often mentioned to our team, we are *really* in the customer service business more than the IT business. It’s an important mind shift. We know by now you’re probably thinking that IT professionals that are both technically competent and personable are in the same class as unicorns and leprechauns. NOT TRUE! (but darn close!) They are hard to find indeed but do exist. While we have always tried to hire first for the “who” than the “what”, we have put even more emphasis on that idea when hiring for our help desk. We have tried to bridge the gap in technical shortcomings with better processes, documentation and in-house training, and we’ve noticed subtle trends of customer satisfaction and engagement improving, even if our Time to Resolve has degraded slightly. To us, it’s an acceptable trade-off.

To go further, within your helpdesk you *also* have multiple positions. (Just like an outfield has a Left Fielder, Center Fielder, and Right Fielder). In a Help Desk, you may have multiple tiers of associates that handle increasingly complex issues as needed. Traditional help desk structure is an L1-L2-L3 tiering system or perhaps a Triage-Resolution-Escalation. There are also recent trends in building focused groups within your help desk that work with only certain subsets of customers or industries. All models have their merits and you need to choose which one is right for you and your customers.

No matter what you choose, put in the necessary work to have outstanding processes for your help desk to follow so that your customers can experience the consistency we discussed in Part 1, with a personable and positive experience provided by your talented helpdesk team!

Most professional sports teams have a General Manager (GM). They are the ones responsible for assembling the team on the field, the organization behind it and overseeing the whole entity.

Correlating that to our MSP, this would be someone who, depending on the size of your organization, could be a COO-type individual that guides the day to day operation. In the scope of this would be ensuring there is an influx of talent (), and that the coaches are developing that talent (they would represent middle-management) as well as deal with upstream concerns.

Think about how key individuals in professional sports deal with things like contract negotiations, the media, salary cap management, union concerns – much more “business” related duties. In an MSP it would be no different.

Rounding out the organization, we have the key positions of leadership at the executive or ownership level, as well as support staff and outward facing functions to ensure there is accountability, productivity, and proper branding to the community.

In sports, you see this thoroughly as few industries or organizations are marketed more heavily. In an MSP, whether we insource or outsource, having an outbound face to the markets you serve is imperative.

Word of mouth is awesome, but only on rare occasions will that form the kind of business development that will sustain your pipeline as you grow. It’s a part, but not the whole. Your support staff is critical.

These are often your unsung heroes that ensure that processes are followed, services are billed (and properly!), and even the simple things happen to ensure success.

Your positions of leadership must be filled by individuals who can truly lead, but also (in the case of smaller companies) shift into “get it done” mode and manage outcomes. This requires individuals with high emotional intelligence, discipline, and ambition.

While those individuals are driving the business and leading the team, it’s the supporting staff positions like Administrative Assistants, Resource Coordinators, Inside Sales Associates that all help make the magic happen and keep the team on the field (think of the beloved Student Manager for the High School basketball team that makes sure the players have water!)

We believe there are some absolute core areas that you must address when building out a managed services practice. Often in football, you hear about a team building from the ‘trenches out’ meaning from their offensive and defensive lines, or in basketball you hear about identifying your scorers, defenders, rebounders and the like. We can equate these notions to our managed services team too! Let’s examine.

If you are just getting started or are a smaller company, you may find it daunting to establish a help desk. There have been, and continue to be several companies that offer to fill this function for you on a retainer basis – and we are not here to say those are necessarily bad options. Companies such as IT By Design and even distributors such as Ingram Micro can be “your” team. What we do want to convey to you is that whether you insource or outsource this function (my preference is insourced), that you double-down – scratch that – you triple-down on making sure the quality and consistency are there with that group.

Your helpdesk should be staffed by associates that are personable, conscientious and understand customer services. We have often mentioned to our team, we are *really* in the customer service business more than the IT business. It’s an important mind shift. We know by now you’re probably thinking that IT professionals that are both technically competent and personable are in the same class as unicorns and leprechauns. NOT TRUE! (but darn close!) They are hard to find indeed but do exist. While we have always tried to hire first for the “who” than the “what”, we have put even more emphasis on that idea when hiring for our help desk. We have tried to bridge the gap in technical shortcomings with better processes, documentation and in-house training, and we’ve noticed subtle trends of customer satisfaction and engagement improving, even if our Time to Resolve has degraded slightly. To us, it’s an acceptable trade-off.

To go further, within your helpdesk you *also* have multiple positions. (Just like an outfield has a Left Fielder, Center Fielder, and Right Fielder). In a Help Desk, you may have multiple tiers of associates that handle increasingly complex issues as needed. Traditional help desk structure is an L1-L2-L3 tiering system or perhaps a Triage-Resolution-Escalation. There are also recent trends in building focused groups within your help desk that work with only certain subsets of customers or industries. All models have their merits and you need to choose which one is right for you and your customers.

No matter what you choose, put in the necessary work to have outstanding processes for your help desk to follow so that your customers can experience the consistency we discussed in Part 1, with a personable and positive experience provided by your talented helpdesk team!

Contrary to some opinions, the good ‘ol Systems Engineer is NOT extinct! We have read and been in discussions where people will cite the overall reduction in complexity of technology today (primarily hardware and software) and use that to suggest that engineers aren’t needed as much as even five years ago. While we see their point and there is some basis when you consider say a Storage Area Network (SAN) five years ago would have been a six-figure equipment sale and likely a 50-100 hour project to implement and migrate data. Today, in most cases, it’s a $50K equipment sale and many are user-installable! Quite a shift! That said, we believe we are seeing an increasing need for those with technical aptitudes to stay up on technology interoperability and best practices while also wrapping everything around what a sound security posture looks like.

The reality today is that the majority of your clients-to-be for your budding managed services practices are going to have Windows servers, Windows PC’s (maybe some Macs), network printers, switches, routers, firewalls, WAPs, and the like. Pretty “traditional” stuff from an IT infrastructure standpoint. Thus far, we aren’t seeing any requests for us to put IoT or other smart devices under managed services. Given that, your engineers are still very much in vogue and will be for several years. Keep them sharp and develop them to be experts in more than one discipline. Do you have server/storage engineers? Then develop their networking expertise. Do you have ‘techs’? Grow them into engineers! We have found that the ideal “player profile” for this position is someone who thrives on variety and learning, is not afraid of trying new things (not recklessly mind you!) and has 3-5 years of experience building/deploying IT infrastructure. Experience is key in this role – so fill your roster with “vets” versus “rookies” as much as you can here.

More than likely, your new managed services clients will not have dedicated IT people, let alone IT management, or perhaps anyone that even *wants* to know about IT. They are hopefully focused on what it is their business does. That’s your opportunity to provide technical thought leadership to your client.

Think of this person as your “team leader” – the one with the “C” on their jersey. Your strategist should be informing your clients about emerging trends that can be helpful to their business (or avoid risks), establish roadmaps, budgets and get to know the business inside and out. Your Strategist will also help call the plays for your team to ensure they are in a position to succeed.

Drafting these types of players has its own challenges. They need to speak ‘business’. While not required that they are a techie, they should truly understand and also speak ‘tech’. Much like your engineer, this is not the role you put a rookie into. Find a professional – someone who has perhaps run an IT department before and give them this roster spot.

We firmly believe that building a strong team requires a strong foundation: an ethos. You have to determine what your identity and team philosophy will be before you can start building a winning game plan. In a sport such as football, you may aspire to be hard-nosed and physical. Will we be offensive-minded or defensive? When building your Managed Services team, we think you should aspire for a team whose hallmarks are first and foremost tremendous consistency, proactivity, and discipline. You might notice that while not exclusive, these may not be the top traits you’d normally think of when imagining your classic engineer-types from the T&M and project worlds. That’s because the MSP game is materially different. Think rugby vs. American football. Kinda similar. K-i-n-d-a, but actually quite different. So why those three? Let me elaborate:

• Consistency – Over the years we’ve heard some MSPs say they aspire to be like McDonald’s. For the most part, a Big Mac purchased in Sacramento, California should be 99.9% consistent with a Big Mac purchased in Grand Rapids, Michigan. The ingredients, the techniques, and the processes are done the same using equipment and tools that are the same. That’s what these MSPs are talking about – being able to deliver a quality product (not gourmet mind you!) with tremendous consistency client in and client out.
• Proactivity – There may be no other trait AS important as this one when you commit to delivering managed services. If you are consistently the dog getting wagged by the tail due to reactive support volume, you will question whose bright idea it was to get into this game in the first place. It takes people thinking a different way. Rapid response and technical competency are of course necessary and helpful, but someone(s) *must* be thinking about how any given problem can be avoided for the rest of eternity. If there are chronic printing issues – WHY, and what can be done to not just get things working but completely eliminate the problem from ever coming back. What can be done to ward off any potential circumstances that could lead to a reactive situation? This must be the dominant mindset.
• Discipline – Let me give you some small examples from our journey into Managed Services maturity. In any technical professional services practice, you’ll have numerous projects where you are upgrading, replacing, and installing new things – servers, switches, routers, firewalls, applications, operating systems – you name it. For many of you, this is something you do. Hopefully, when you’re done, you update your client’s documentation, maybe a Visio diagram, and away you go. In the Managed Services arena, those types of things, whether project-related/wholesale changes or a onesy-twosy replacement can cause some very undue stress. Imagine if you are monitoring the network equipment of ABC Company. Your well-intentioned engineer goes on-site to upgrade the firewall at 5 PM and forgets to suppress monitoring or advise someone on the team to do same, or mention that alerts can be ignored. All of a sudden at 5:10 PM several alerts come flying through your monitoring tools and e-mail boxes. Texts are sent and phone calls are made – probably indicating that ALL of the network devices at ABC Company are now offline! Yes, we learned this lesson many times over and even now, occasionally suffer a lapse in the discipline required to avoid unnecessary cycles getting spent. Another example of a shift in thinking relates to my above-mentioned case about updating documentation. If you are responsible for supporting this client for most or all of what they could possibly call in for, then *whose* documentation needs to be updated? That’s right – YOURS! YOU need to have updated documentation on all aspects of their environment. Every equipment change. Credential change. Address change. Location change. Point-of-contact change. You need to have the exquisite discipline to administratively maintain the key information required to enable your team to provide excellent support.

The first method is the old-school way: manually deploying patches. Many small managed service providers continue to use this method today for many reasons. The main reason would be the ease of getting into the market. It has very little upfront cost.

This method is very labor-intensive and slow. It is the ideal patching method for a small managed services provider. Applying patches in this way requires accessing each endpoint and conducting updates as needed. However, it’s not a method that allows a larger managed service provider to scale to a larger size or market. With that said, even with a large managed services provider, those “troublesome servers” remain within this patching strategy. This is primarily due to custom applications and other dependencies that will make patching a challenge.

Another issue with this method is that it is pretty much “patch and pray.” You are relying on the vendor to release patches, and they won’t bring the network down.  As a result, labor spent on testing patches is not cost-effective due to the many different system configurations and the requirement of having those resources available for said testing.

Combine the labor spent on testing with the labor spent to implement the patches, and things become cost-prohibitive for any managed services provider with more than just a handful of clients.  Most of your hard cost of goods will be in labor and will increase steadily as the endpoint base increases.

1. Low to no cost for system
2. Very customizable to accommodate specific client needs

1. Labor intensive and requires larger workforce
2. Time consuming when deploying patches
3. Less scalable with limited potential for growth
4. More risk in applying a “bad” patch
5. Decentralized management requiring additional resources

This cannot be understated; you cannot build a cyber-resilient organization without involving every single person who works there. This starts with the basic awareness of asking someone unknown who isn’t wearing a badge in the office to identify themselves, and if the answer doesn’t stack up, calling security.

When someone calls you claiming to be from the IT helpdesk and asks you to approve the MFA prompt you’re about to receive on your phone, don’t assume they’re telling the truth. Always double-check their credentials first to ensure that it’s a legitimate request.

What you’re trying to foster is “polite paranoia”, making it normal to question unusual requests, and understanding the risk landscape and sharpening instincts. Most people who work in businesses aren’t cyber or IT savvy and weren’t hired for those skills. However, everyone needs to have a basic understanding of how identity theft works in our modern digital world, both in their personal and professional lives.

They also need to have a grasp of the business risks introduced by digital processes, including emails.

By having this context they’ll be able to understand when things are out of context or unusual and have enough suspicion to ask a question or two before clicking the link, wiring the funds, or approving the MFA prompt.

And this isn’t a once-off tick on a form to achieve compliance with a regulation.

Often, the long, tedious, and mandatory presentations that organizations conduct once a year or quarterly, followed by multiple-choice quizzes, are perceived as time-wasters by the staff. They want to rush through them quickly and typically forget any insights gained.

Instead, the training program should be designed to be ongoing, consisting of bite-sized, interesting, immediately applicable, and fun training modules combined with simulated phishing attacks to test users. If any user clicks on a phishing email, they should be given additional training.

Over time, the system should automatically identify users who rarely fall for such attacks and interrupt them with infrequent training, while the persistent offenders are given additional training and simulations on a regular basis.

The other reason for ongoing training is that the risk landscape is continuously changing. Some months ago, malicious emails with QR (Quick Response) codes to scan were the exception, now they’re a very familiar sight, requiring ongoing awareness of staff not to scan them on their phones (outside of established business processes).

Security experts often lament the priorities of staff, saying, “if they only took a second to read the email properly, they’d spot the signs that it’s phishing”, or “they just don’t take security seriously”.

This is a fundamental misunderstanding of the priorities and psychology of the average office worker, clicking a link in an email will at most get you a slap on the wrist, not fulfilling an urgent request by the boss can get you in serious trouble or even fired.

And this is why the entire leadership, from middle managers all the way to the C-suite must lead by example. If they do and communicate their understanding of the basics and secure processes, staff will follow suit.

But if the CFO requests an exemption from MFA or bypasses security controls regularly because “it’s more efficient”, there’s no chance that his underlings will take cyber security seriously.

1. Decrease time in deploying patches with scripted patch delivery
2. One-time cost of software and hardware

1. Decentralized management requiring additional resource
2. There is no prior testing of patches before deployment
3. Requires network resources as each client’s location

The last method is to deploy a cloud-based patch deployment system. Many current MSPs offer remote monitoring and management (RMM) platforms, such as Labtech, Continuum, and Kaseya, as part of their bundle of services. Some vendors, such as Kaseya, just provide the centralized delivery of the patches, while other vendors, such as Continuum, provide additional value by performing quality testing of the patches prior to implementation.

This centralized method allows an MSP to manage patch deployment policies for multiple customers. An added benefit is maximized growth with less labor since the function is driven from one pane of glass and is well-automated. The burden of testing patches on a massive scale is shifted to the cloud-based vendor and away from the managed services provider. This reduces the managed services provider’s labor force needed to maintain this service offering because only after the patches pass the quality assurance testing of the servicer are they deployed to the endpoints.

Like third-party patching systems, many cloud-based patch deployment systems are price-based, on tiers. This method normally decreases overall costs as the managed services provider enters higher tiers.  In short – As the managed service provider grows and scales, the cost of this service decreases. Thus, this method will generally benefit the managed services provider with lower costs while maximizing the use of their system.

The second method would be to install a third-party patching system that would automate the installation of patches. Several third-party patching systems exist, such as Microsoft SCCM, GFI LanGuard, and Kaseya. However, this is a decentralized management method since the system’s administration is conducted in each client’s environment without a single pane of glass to manage multiple clients.

Testing is still required for the proper patches to be installed. However, this method does eliminate the labor of applying patches individually.  Many vendors will have a tiered pricing structure as additional third-party patching systems are deployed. With each new client, there will be a dramatic increase in price. Many of these third-party systems are low-cost for the software. However, they require network resources and a labor force to implement, administrate, and remediate.

1. Centralized management of patch deployment
2. Many services have patch testing prior to deployment
3. Low labor cost as a smaller workforce is needed
4. Less time consumed in testing and deployment

1. Higher cost and is normally a monthly expense
2. Less customization for specific client needs

Deciding on the right patch deployment method for managed service providers is a critical choice that hinges on various factors, including cost, scale, labor intensity, and specific client needs. Here’s a brief rundown to guide your decision:

Manual Deployment:

• Best for: Small MSPs or those just starting out due to low upfront costs and high customizability.
• Considerations: Labor-intensive and time-consuming, suitable for limited-scale operations or those with specific, troublesome servers needing careful patching.

Third-Party Patching Systems:

• Best for: MSPs looking to automate patch installation while maintaining some control over the process.
• Considerations: Requires network resources and a labor force for administration. Decentralized management might complicate things, and there’s an inherent risk of untested patches causing issues.

Cloud-Based Patch Deployment System:

• Best for: Larger, growing MSPs aiming for centralized management and reduced labor costs.
• Considerations: Generally has higher upfront costs but is offset by the scalability and efficiency it offers. Pre-testing of patches by the vendor adds a layer of security and reliability.