title slide

Fireside Chat: Building Your Community in the Cyber Wild

Round Two…

How does one go about building a community in the cyber wild? It starts with networking and connecting with like-minded individuals in the industry. 

In our latest “Fireside Chat,” Ostra Founder and CEO Michael Kennedy chats with Evan Francen, CEO of SecurityStudio, and Frank Gurnee, SecurityStudio’s Channel Director, on the topics of AI and Cybersecurity Marketing. 

There’s lots of great information in the wisdom of these industry thought leaders, from their views on AI to thoughts on the importance of authenticity and honesty in marketing. Listen in and learn from the best on how to build a community in today’s cyber wild. 

AI and Technology 

The conversation begins with AI (artificial intelligence) and its impact on technology. While AI is still in its infancy, tools like Chat GPT have made this powerful technology available to anyone with a computer or a laptop. 

Our panel discusses both the upside and shortcomings of AI in output accuracy and whether it can (or should) integrate into automated processes in information technology and cybersecurity. 

Marketing and Community Building 

The discussion then shifts to marketing and community building. Michael and Evan devote a lot of time to the key elements that form the basis of any technology solution’s marketing strategy. 

Both cite honesty and relational sales methods focused on solving clients’ issues and/or providing quantitative value as the core properties of a sound marketing ethos. 

View The Entire Conversation 

Click on the video link below to watch the entire video chat or scroll down to read the full transcript. 


Video Transcript

Frank Gurnee (00:25):

So thanks for joining us again today, guys. We are excited. A lot of what we’re gonna be talking about today was based on your feedback from the last fireside chat we had. So with that, I want to introduce our my esteemed co-hosts here. So first and foremost, we have Michael Kennedy, who’s known as Kennedy. So Michael Kennedy runs Ostra, and Ostra is a managed Security-as-a-Service company. And so done a ton of amazing things in the industry. Been around a long time. As you can see, we all have the gray hair, and we’re just talking about our ages here. So their beards are a little longer than mine though, so I, I gotta catch up guys. So Michael Kennedy, and we’ll call you Kennedy, going forward here. How are you doing today?

Michael Kennedy (01:13):

I’m good, thank you. Thanks for having me. A little, a little cooler here in the office with a big fire back there, but then if I, I have a bright light shining on top of me, so you might get a little bit of that every once in a while, but

Frank Gurnee (01:24):

Yeah, we’ll have to figure out the name. Is it still fireside chat during the summer, right? What the change?

Michael Kennedy (01:29):


Frank Gurnee (01:31):

So also we have Evan Francen. So Evan is the, well, you’re the CEO of SecurityStudio. You are the founder of FRSecure. And just kind of changed spots there as, as CEO to step down, but still a integral part of the whole thing. And man, Evan Francen’s been doing amazing things in this industry for many, many years. And and we’re really excited to have you on as well. Evan, how are you doing today?

Evan Francen (02:01):

Doing well. I’m in Mexico. Looks, it’s good. Yeah.

Michael Kennedy (02:05):

Looks beautiful behind you.

Evan Francen (02:07):

Yeah, it’s good.

Frank Gurnee (02:09):

Yeah, look at those flowers, man. That’s awesome.

Evan Francen (02:11):

Yeah, my wife does those. She did the other ones too. So many flowers. Flowers and throw pillows.

Frank Gurnee (02:18):

Yeah. Love that. <Laugh>.

Evan Francen (02:21):

Not digging the throw pillows, flowers.

Frank Gurnee (02:23):

Well, awesome guys. So, you know, what we heard a lot in the last fireside chat was you know, guys are, are really wondering or wanting to pick your brains around things in the sales and marketing side of things. So we’re gonna get into a little bit of that today. But anybody have any opening remarks? Anything you guys have been seeing out there? Anything you want to talk about that’s kind of hit in 2024 where we kind of jump into those things?

Evan Francen (02:53):

That’s an open, that’s such an open-ended question, right? Yeah.

Evan Francen (02:57):

I don’t know. I was talking to a professor friend of mine this morning from the University of Minnesota, Master’s or whatever, and he got me started on AI and that, that led to a whole long discussion. Yeah, I mean, you could take this anywhere. I don’t even know where to start.

Frank Gurnee (03:19):

Yeah, well, what what Elon just just turned on a new link, so we heard that Right. And we heard obviously AI, man, that’s, that’s kind of going crazy these days, so you’re right. What impacts do you think some of that stuff’s gonna have this year?

Evan Francen (03:36):

Well, it’s like anything, you know, there’s nothing wrong with the tool. It’s are you using the tool? Right. You know it’s about being responsible with the tool. You know, there’s nothing wrong with a table saw, you know, but I wouldn’t give a table saw to a toddler, you know, so I wouldn’t get Yeah. AI is the same way, you know it. So what I use AI for, other than, you know, stuff that other people probably shouldn’t, but is you know, create ideas a lot. I’ll use AI. You know, I’m working on the latest curriculum for securing complex environments. And so I asked, you know, just work with Chat GPT to give me some ideas on what I can create for an exercise for this course. You know, stuff like that. And I was talking to a friend about bias and, and people don’t, and an un an irresponsible way to use AI is to, is to not be discerning with the input, with the output, to not understand where it comes from.

Evan Francen (04:44):

One of the things my father taught me as a child that was, thank God, was always considered the source. And so people, you know, will argue that, well, AI is not biased or whatever. But, so I, I did a demonstration where I asked AI to, if God exists, you know, let’s see the bias. And when you ask a yes no question, and this is a tip for anybody, when you ask a yes no question, the only unbiased response, valid responses are yes, no, I don’t know. Anything else is bias. And so, you know, this long discussion with AI before you finally get to a point where, and it’s talking about its beliefs, and I didn’t ask you about your beliefs. I mean it all the way to the point where it finally admitted it didn’t know. But I think somebody who’s not discerning and doesn’t think critically would’ve taken the first answer that AI would’ve given it, given them and just gone with it, you know? Yeah. And so that led to a whole discussion to this morning about, you know, where AI is going and what I think it’s gonna do to us.

Frank Gurnee (05:54):

Yeah, I think that’s a good point. The source, right? I mean, I mean, because it’s trained, so it’s trained on something from something. And, you know, how accurate was that information that it was fed? You know, what was it provided? That sort of thing. So that makes, makes a ton of sense. Yeah. As far as something that should be a concern to everyone, right? Because especially as you lean more and more on the validity, the information, you know, the, the, is, is this true? Is this not? Or, or you’re just blindly sending it out, right. Which I think a lot of people are using it for content and things like that, that you know, could essentially be completely wrong at the end of the day. And so, you know, that’s put out there and lives on Google and everywhere else as the truth, as fact, and it very well may not be. Yeah.

Evan Francen (06:42):

So go ask AI if God exists and, and play around with it. That’s one of, that’s one of the great questions because us as humans, you know, still debate that all the time, right? Yeah. Belief, belief in faith. But it’s, it is a yes no question. And so the, it’s yes, no, or I don’t know. And anything, you know, beyond that, and the same use, the same thing when you’re talking with people with humans,

Frank Gurnee (07:05):

Prospects, right.

Evan Francen (07:05):

You know, identify, you know, the places where there’s bias and, and then you get to choose which one to do with it. ’cause There’s nothing necessarily wrong with bias, but what’s wrong is bias, ignorance, where you ignore the fact that there is bias. Yeah.

Michael Kennedy (07:20):

Or the, the false narratives. Yep.

Frank Gurnee (07:22):

Yeah. And I, you know, so what’s interesting about this topic, and, and we’re just kind of, kind of talking here, is you know, I, we go to these shows, we go to events, we’re hearing lots about cybersecurity. And man, the buzzword in the industry is AI. I mean, every cybersecurity solution out there is touting some type of AI. We AI this, we AI that, right? So is that just a buzzword or is that, is it truly something that they’re building into these platforms that is good for cybersecurity or I know I know your, your guys take Kennedy as, as people, right? A lot of, a lot of eyes on, on things. So, you know, what’s, what is the difference there? And, and, you know, how would you guys differentiate those two things when we hear this buzzword about AI and cybersecurity so much?

Evan Francen (08:12):

You get to go

Michael Kennedy (08:13):

First, I think. I think I do. Oh, I think there’s a couple per, so it, it got overused in the beginning, especially last, I would say before the Chat GPT and all the different LLM models. Everybody was in AI, AI, AI. And when you look, when you would peel that back, it never really, there wasn’t really anything true, like in, and, you know, as AI stands for and differentiated intelligence, right? So what the way that we look at it is, and why, where we wanna apply it or apply it, is around patterns, noise reduction kind of more of the data analytics, automation, running scripts and putting scripts together, and then automating those scripts to have it look at to help us reduce the noise for our SOC team. I, I, I think that like what Evan was talking about with the Chat GPT and, and how people use it is really going to be where we see some of that, that differentiator of, are they using it for as a tagline, or are they actually trying to use it for a specific initiative?

Michael Kennedy (09:34):

And I think a lot of companies started with it as a tagline and to machine learning and AI, and really but most of it is, is kind of in that, that l lms, the, the language models, the putting, you know, Chat GPT on top of it. But for us it’s, I it’s gonna be probably, it’s gonna be a and it’s, I dunno, it’s like all of those, I think about it is operationally. So IUI use it, I use Chat GPT, you know, to figure out what kind of I itinerary, I want to go on a trip, you know, going down to Mexico, what do I want to do? What are the things that I can do? I look at it to talk about if I, if I’m struggling to write something, then use it as an outline. And it’s the same with the way we as an organization try to use those tools of it’s only as good as the information you put in. And it’s not, it’s not I don’t, I don’t know, I I don’t call it intelligence because it doesn’t, it’s not sentient to me. So I, I call it you know, a bunch of automation scripts that scroll through everything and then help you decide on different parameters that are set. So

Frank Gurnee (10:56):

Yeah, it seems like, it seems like that, you know, AI, at least in my mindset, when all of these vendors, you know, tout AI, it, to me, it, it, it’s almost like, I think of it like, like that’s doing the analyzing or it’s looking at things and it’s, it’s a person which, you know, both, both Ostra and Security Studio, I think think of their services as professional services with people. And people are doing the analyzing and asking the questions and doing all of those things where, you know, it seems like a lot of vendors out there are, you know, again, touting this, this AI type of thing, which makes me think of like a person almost sitting there analyzing or doing these things, which, you know, maybe it’s a misconception. Maybe it’s, we’re just thinking of it wrong. But that’s, that’s how I envision it. Is that how you guys see it as well? Like from a marketing standpoint, what they’re essentially doing?

Michael Kennedy (11:55):

Yeah. And then also from a, well, the way I look at it is, oh, sorry, I’m gonna keep talking. It’s

Evan Francen (12:01):

Operation mean What they’re doing is they’re doing their job, man. Their job is to sell. Yeah, yeah, yeah. And so, yeah.

Michael Kennedy (12:06):

Oh, you almost can’t

Evan Francen (12:07):

Blame them for, you almost can’t blame them for doing it.

Michael Kennedy (12:10):


Evan Francen (12:11):

But it’s, you know, it goes back to the buyer beware too, right? Why would I buy something if I don’t know how to use it, if I don’t know how to use it properly? So why would I even give two craps about AI if I don’t understand how AI would actually benefit me? Right? So, you know, it’s not only do you have to deal with the bias in any AI, any AI, every single AI ever will have bias. ’cause It was written by human beings, right. The, the algorithm. And the second thing about AI that, that I think we often overlook is the, the number of bugs. Mm. That in AI, right? On average, seven to 10 errors per KLOC. A KLOC is a thousand, a thousand lines of code. My truck that I just bought, I was telling you guys about today, has 150 million lines of code in it.

Frank Gurnee (12:58):


Evan Francen (12:59):

You know, and so a security guy like me being a weirdo like me, which, you know, it’s sad that it’s weird ’cause it shouldn’t be weird, is I’m thinking through as I’m driving this truck, like, what happens if the accelerator sticks? What happens if, you know, I don’t know what all the things that these, that the code controls, but I’m trying to think of things that I, I’m gonna do when it goes sideways.

Frank Gurnee (13:24):

Yeah. No longer. Is it just a, you know, a cable that attaches to a, a carburetor and you go, right. Yeah. Especially

Evan Francen (13:31):

Especially something like with AI, when you sell it early on, like they were doing in, in the marketing, that should tell you that there’s a, a rush to production. (Yeah.) Right. There’s a rush to get it out. Well, when you do that, you cut corners. So if in fact it is AI, which it probably isn’t, but let’s say, you know, benefit of the doubt it is AI it’s probably buggy as hell,

Michael Kennedy (13:54):


Frank Gurnee (13:56):


Evan Francen (13:57):

I don’t like buggy, I don’t like buggy stuff on my network.

Michael Kennedy (14:01):


Frank Gurnee (14:02):

Yeah. It’s something, you know, we combat a lot in the risk management side of things is the automated tools, the AI kind of thing, you know, people out there, oh, you know, you just run this on the network and you have a risk assessment done. And the reality is like, you know, I’m, I’m, I always kind of bring it up, like that’s all well and good. It might tell you there’s a backup on your network, but does it tell you how often it’s backed up when the last time you tested it? No automated tool can tell you that. So you have to ask questions, you have to have that professional approach and talk to people. And I imagine that’s the same, you know, when we talk about AI. So no, that’s fantastic. So down the marketing road, guys, like, you know, one of the things that came up in the last call we had you know, a lot of these businesses want more help in, in marketing and understanding in, in sales and all that good stuff. And you guys have both built, built, successful businesses. And so with that you know, what, what do you guys think are some things you’ve learned over the years marketing your businesses, maybe some failures, some things that you’ve run into that, you know, lessons learned, if anything. Do you guys have any of those? So I don’t, why don’t we start with Kennedy?

Michael Kennedy (15:20):

Oh, I got lots of them. The two or three things that hit the top of my mind is honesty and authenticity is, is the first one. When we are authentic, we go in and we’re transparent in our conversation and, and, and what we’re talking about then then, like our internally, we, if we don’t, we don’t lie. We don’t have to remember the lie, because it’s a lot easier to remember the, the honest truth. The, the other side of it too is I think where we, where we’ve struggled in the past is understanding who our buyer is in the business instead of, you know, we, we talk about, I’ve been in tech industry for quite a while, and where I’ll always end up going is very technical. Start talking about the packets and the widgets and, you know, the, the network design and the security tools.

Michael Kennedy (16:15):

Instead of and like Evan talked about, I think last time, it, it really, it’s pulling that back and it’s understanding the business drivers, understanding the business initiatives. How is that bus, where does security fit into their business plan? And then looking at it in that way, look, working with them as a a business entity rather than someone that’s just, just buying a widget. (Yeah.) And, and when we can, when we can get into that more of that thought leadership and that conversation with them around their business, then we seem to, we do better in that marketing and that, that stream, we get more adoption, we get more interest as well.

Frank Gurnee (16:59):

Yeah. I think that’s a good point, Kennedy, because the, the idea that we’re all kind of tech minded, right? And we, we love the tech side of things. We love everything we’re doing, and we tend to, if we’re the ones in charge of marketing, right? We’re, we’re usually like trying to drive the conversation around the tech and the, the high tech stuff and thinking about our product or our solution and what we do instead of thinking about the customer, what their needs are, who they are, do they even care about the tech, right? All of those things. And I think that’s, that’s one place where a lot of businesses, you know, have a, have the wrong focus or, or have bad, you know, spend money on bad marketing around the tech side of things sometimes. So That’s a good point.

Michael Kennedy (17:46):

I was gonna say, I was gonna say even to check a box too. (Yeah.) And they, they think they need an EDR, so they go buy an EDR, and then they, like we were talking about, they don’t, they don’t know what to do with it. Yeah. And now they have, and, and then they, it’s not configured, it’s not patched, it’s not updated, you know? Anyway, so, sorry, I’ll Yeah,

Frank Gurnee (18:04):

No, no, that, that totally makes sense. How about you, Evan? Any, anything that that comes to mind as far as failures in marketing or, you know, lessons learned things that you’ve done in the past with, with the couple companies that you have?

Evan Francen (18:17):

Yeah. Well, I’m not one, I mean, recognizing my own strengths and weaknesses. I mean, I’m not, I’m not a marketing guy.

Frank Gurnee (18:24):


Evan Francen (18:25):

You know, so, and it, it is funny ’cause when, when I started Security Studio, I, I had a call with Stu Sjouwerman KnowBe4, he’s the guy who started KnowBe4, people who don’t know. And I asked him, look, man, you’ve had so much success before. Where should I spend my next dollar? You know, gimme some advice. And he said, without hesitation, he said, marketing. I was like, marketing, what the hell would I spend money on marketing? That doesn’t make any damn sense to me. So I didn’t, and I think, you know, on, you know, I like, I know better than just do. I’m gonna do what I do <laugh>. And so that was one, what it reminded me is that there is value in marketing for sure. Right? And so then how do you create the right boundaries? And I think FRSecure, you know, on that side, they’ve done a fantastic job at marketing, you know, and they’ve grown enough to have a dedicated marketing team.

Evan Francen (19:22):

Same thing, you know, at, at Security Studio. And I think if you’re, if you’re a mission driven organization, it’s easier to market. (Yeah.) (Sure.) Because there’s things that we will never do. And if I find out about it I don’t know. I never had to, I don’t know what I would do, but it would be bad. And so you never lie to a customer. You never take advantage of a customer, right? (Yeah.) So there’s, there should be value in your service or in your product that you don’t need to exaggerate, that you don’t need to lie, you don’t need to take advantage. I’m, you know, this, this entire industry, the entire information security industry is a service industry. This is not a product industry. And so, keep that in mind when you’re selling products. If nobody knows how to use your damn product, or if it takes five people to, you know, to, to manage your product, weigh that against the value you’re getting out of the product.

Evan Francen (20:17):

I mean, go through this logical thought process because it, you’ll never, you’re never gonna be able to solve the people problem with technology. (Mm-Hmm.) (Yeah.) You won’t be able to solve AI won’t be able to solve it with any kind of spam filtering any other crap you’re putting, putting in place. You know, this is really a, a life issue. So from a marketing standpoint, it’s just tell people the truth. And we found that it only takes three things. I like simple, right? Don’t overcomplicate crap. It takes three things to get a customer trust, credibility, and likability. That’s it.

Frank Gurnee (20:51):


Evan Francen (20:52):

If they trust you, you’re credible and you’re not a jerk, chances are pretty good. You’re gonna get them as a customer.

Frank Gurnee (20:59):

Yeah. There, you know, there’s a few things that come to mind too in this conversation for me specifically around the business angle and, and marketing. You know, first and foremost, like you said, it’s, it’s, it’s not our wheelhouse, right? As business owners out there, as you know, tech-minded guys, you know, though, though, we’d love to do everything in the business, it’s probably something that we should either bring someone in or hire out to do. The second thing…

Evan Francen (21:29):

I don’t wanna do meetings. No meetings.

Frank Gurnee (21:30):

Yeah. (Right?) Yeah. I mean, and, and, you know, so many, so many business owners get caught up in the, in the little details because again, we’re, we’re tech-minded and focused. The color right? Or the (Right.) Or this you know, font or whatever. But that’s not getting your message out there. And the longer you sit on stew on that kind of stuff, the, the, you know, you’re not going very far while you’re doing that. But you know, another thing. So, so there’s that. Get outta your, get outta your own way, you know, hire someone to do it. The other failure I’ve seen a lot in business is you know, going out and hiring the wrong people and based on on promises, we’re gonna get you this many leads. We’re going to buy this date, have this, right, these, these promises of, of marketing and leads and, you know, generating X amount of business.

Frank Gurnee (22:21):

And you guys, I’m sure have run into this over time in both of the businesses where you’ve sank money into something and it just didn’t come to fruition. And of course, there’s no guarantees, right? They might tell you (Right.) there are, but so you, you really have to be careful there. I’d I’d say, you know, from that, that side, you know, going out and, and doing your research and making sure that, you know, you’re, you’re talking to people who can refer that, you know, a company to you that that’s gonna do a good job for you, I think is, is really important. The last thing I wanna mention, I’ll let you guys both comment on, on these, these things. But the last thing that I wanted to mention was just in that same kind of realm of things, the going out and spending that money and doing that is all well and good.

Frank Gurnee (23:12):

But there is not a guarantee, at the end of the day, you’re, you’re not gonna be guaranteed new business. So where you can almost guarantee business, especially in the MSP world, is your existing customer base. They’re the ones that are gonna refer 90 plus percent of your new business. So go back out to those guys and take care of your existing customers. It’s easy for MSPs to jump, always be looking for the next customer, but there’s so much that you can do with the existing ones. And especially as we build into this cybersecurity realm of things, that’s an area where you really can go back out to those existing customers and, and educate them on what’s going on out in the world. So…

Evan Francen (23:56):

Well, and I can promise (Any takes on that?) I can promise you, I can promise to any customer, and I can promise to any friend. I can promise to anybody that I’ll tell you the truth (Right.) (Mm-Hmm.) you know, and so value the truth, you know, the, you know, that’s why mission is so important to me. It keeps me honest. You know, if you focus on the mission, you’ll make money. If you focus on the money, you won’t make the mission. It’s that simple. And so, and you, you know, you live in a place like this, you know, it’s paradise and, you know, just bought a truck, you know, I mean, money’s not really a, it’s never been a focus for me either, but, but the, the coolest thing about it is I go to bed every single night knowing I never took advantage of somebody.

Evan Francen (24:36):

I didn’t sell them something they didn’t need. I didn’t lie to them to, to get them to buy some service that they didn’t need. I mean, and if I did, it was unintentional, and I need to know about it. You know what I mean? And that’s an open invitation to anybody at any time, because it goes against what I’m trying to be, you know, in the, in this, in this world. So you can always do that. You can always tell people the truth. You know, there’s always times when, yeah, can you do this one thing? No, I can’t do that. Or can I do this one thing? I think I can do, do it, but I’ve never done it before. You know, people love that. I’ve never had a project ever taken from me. I don’t do projects anymore, which is, well, I do projects, but, you know, weird shit.

Evan Francen (25:19):

The but it’s cool because I’ve never had a customer not take me up on that offer before when I was just honest. Like, I was asked to do an FDA validation. Have you guys ever done an FDA validation? Who the hell would ever want to do an FDA validation? But I was asked to do an FDA validation. I was like, so I read about it, I was like, I think I can do it, but I’ve never done it before. And they hired us, you know, and I think I did all right, you know, they still do business with us. But, you know, it’s stuff like that where I think we have to put up this facade like we’re something that we’re not in order to get customers, you know, we focus so much on our competition without realizing that 80% of the market ain’t even doing shit.

Evan Francen (25:58):

So rather than focusing on the competition and trying to beat them out all the time, why don’t you focus on yourself, be the best you can be, market that, and then then you’re not intimidated by your competition, right? Because I’m not competing against you. What I’m trying to do is partner with you so that we can go get the 80% that’s not doing anything, rather than fighting over the 20% that is. So, you know, I think so much of marketing is just, you know, trying to one up each other and it’s all, it’s all bullshit.

Frank Gurnee (26:26):

Yeah. Yeah. That makes sense. That makes a ton of sense. So yeah, with that, I mean, I think, you know, one of the things, so we talked about failures and, and things you shouldn’t do. And I think Evan, your advice to, to someone from a marketing perspective would be to tell the truth. So that, (Always.) that makes, you know, that makes a ton of sense. And I think you absolutely should.

Evan Francen (26:49):

And just to clarify on that too, really quick. ’cause There’s two types of lies. There’s lies of commission and there’s lies of omission. A lie of commission is something that I told you that was outright untrue, right? And then there’s lies of omission. That’s me not telling you something that I should have told you.

Frank Gurnee (27:06):


Evan Francen (27:07):

And so it’s on both sides, the commission, I have the lies of commission, I have like zero patience for. None. (Right.) And you get fired for that. You know, it’s, it’s our number one core value you can’t compromise ever. And then the second one, the lies of omission, I’m a little less of a hard ass on that one, you know? ‘Cause I do that to my wife. I mean, she would’ve left me on that stuff. But, but the lies of commission and, and it, and it’s, so you have to live it out. It has to be part of your being. Like I told I’ll give you an for example. Oscar, Oscar Minks over at FRSecure, he asked if I could run this query for him of on this database right? To get a whole bunch of data for reporting and whatever.

Evan Francen (27:50):

And I told him, yeah, for sure. And then he checked in like a week later, he is like, so, you know, where’s it coming? I’m like, I sent the email off to the developers, you know, I’ll I’ll check in again. And, and then I realized this went on for like a couple weeks. And then I realized on Sunday that I never actually sent the damn email to the developers. And so I called him up on Sunday night. I’m like, dude, I never sent the email. It’s like, oh, that’s all right. And I’m like, yeah, but I gave you the impression that I did. You know, and in my opinion, that’s a lie of omission. I need to come clean on that shit. So, but I mean, you have to have that, that fabric of integrity, I think. And, and if you, unless you want to be, unless you’re in this business to just take advantage of people and make a shitload of money which makes you a target for people like me, which is fine too. I mean, I’m probably not gonna do anything, you know, outright, but I don’t know how you can sleep well at night knowing that you just took somebody’s money and you didn’t provide any value. Value that was commensurate with that money. So,

Frank Gurnee (28:56):

Yeah. Yeah.

Evan Francen (28:57):

It’s gotta start at the top, man.

Frank Gurnee (28:58):

No, that’s great advice. And, and Kennedy, you know, thinking about, you know, our audience here, MSPs, IT business owners, cybersecurity consulting firms, you know, when, when we’re talking about for them going out and marketing to businesses, you know, what advice would you have to, to those guys? As far as, from a business standpoint, from a business owner, like, you know, getting out of their own way kind of thing. What, what, what’s your advice?

Michael Kennedy (29:24):

I mean, honestly, everything we’ve talked about, you know. Tell the truth. Getting out and doing QBRs, understanding the business, asking the questions of, you know, where is the business going? Where are they growing, what new systems they’re buying and, and then working, you know, do they have a compliance, really, they’re trying to win a contract for compliance. So I, I, I always kind of look at this, you know, you talk about the mission before money. I also kind of think of it as, you know, we talk about like servant leadership. It’s also kind of, we’re here to serve our, our customers or our partners and then their, their customers. So that that end business user or that client that gets the emails that does the day to day, that’s the one I’m trying to take care of. And if we, when we go in with that mindset and our, and our partners, MSP partners that have that same kind of mindset of they’re there to help make it easier for that business to do their job you know, really that’s when that net net revenue, net revenue retention just skyrockets, when you carry that mission, mission in.

Michael Kennedy (30:39):

So I mean, it’s, it seems like it should be common sense. I mean, again, going back to telling the truth, you know, I, I don’t, I don’t have to remember the lies. ’cause The truth is reality. So, so…

Frank Gurnee (30:55):

Yeah, I think you’re a hundred percent right. And, and it’s, it’s believing in what you do is, is such a big part of this, right? I mean, like, there’s no gimmicks. You don’t, you don’t have to rely on, on all of that. If one, you’re telling the truth and you truly believe in what you’re doing, if you understand that this is a necessary thing that, that every business owner has to look at, should be doing, should be dealing with, then I think it’s really easy at that point to, to, you know, have people believe you because you know, you, you truly believe yourself, right? It’s just not just something you’re selling. So that’s, that’s, that’s great. I think the last thing on marketing really is, you know, I wanted to hit on was, you know, do you guys think that there’s like specific target markets?

Frank Gurnee (31:41):

These guys should be hitting MSPs who’ve dealt with small businesses for so long or, you know, are we thinking of it wrong? And it really is an opportunity for every business out there. Like, cybersecurity to me is something that is necessary for all businesses. But you know, a lot of people are saying, no, it’s compliance, but it’s this, it’s that. Right? So, but to me, it’s, there isn’t a business out there. I don’t care if it’s the smallest business, the who, you know, it could be the coffee shop down the street. The threat is the same. So to me, that’s, that’s how I think. What do, what do you guys think about that?

Michael Kennedy (32:18):

Yeah. My kid would love to stick a rubber ducky in your POS machine at the coffee shop. You know, so Yes.

Evan Francen (32:26):

Hold on, lemme make a note of that.

Michael Kennedy (32:29):

Oh, yeah. We gotta lock some stuff up. So I, I, all business needs what the, the problem that I see in the news and, and the cybersecurity in, you know, that is that we get the noise is the big ones. MGM Tar, you know, somebody was just talking about Target again the other day. All of these big organizations that have a data breach. I’m not talking about my dentist who had a data breach that now all my pi, PHI data is now out, out for sale. It has been out for sale for a while, but it’s out for sale. And then there was a ransomware that he couldn’t recover from, and now he had to shut down. So we don’t hear about the hundreds or thousands of businesses, small businesses that close every day. We only hear about the big noisy you know, the, the big tech executives sitting in front of Congress.

Michael Kennedy (33:27):

And, and we don’t, we don’t see those small businesses. So I, I think it’s a, sometimes it’s a disservice that people are have the awareness. They think they’re, they’re, they’re too small. They don’t have anything that’s gonna be compromised. But one, you know, 15 minutes. I mean, probably most of the people on this webinar in 15 minutes could probably own five or 10 businesses in this office park and, you know, an ACH transfer, and then they have to shut down. So I don’t know where I was going with my rant…

Frank Gurnee (33:59):

I mean, this, this kind of rolls into sales a bit. Yeah. It rolls into sales a bit. Yeah, Evan, when, you know, when thinking about this and thinking about those smaller businesses who really need cybersecurity help, but are not convinced or don’t believe that it can happen to them, right? Yeah. They, you could tell ’em all day long, Hey, you need to be worried about this stuff. How, how do, how do you convince them or get them to understand that this is something that they absolutely need and should be part of, you know, just your normal tech package or, you know, whatever your offer, your offering is. How do, how do you convince those people that this is a real thing?

Evan Francen (34:40):

Well, it starts with a relationship. You know, I mean, information security is a relational, it’s a people thing, right? And so we track a lot, you know, like time-to-close and, you know, all these metrics and numbers, and it kind of doesn’t matter. You know what I mean? It shouldn’t, I mean, I understand that, you know, to make business, you know, to make money, you need to track that stuff and make sure, you know, you know, make it smaller, whatever they do. That’s obviously not my strong suit either. But the it’s establishing a relationship, you know, over the years there’s been so many companies that said no to us upfront for whatever reason. And, but we maintain the relationship and they came back later and did the right thing. You know? So I think from an MSP standpoint, if you’re newer to the cybersecurity industry, meaning you’re offering services or products that you haven’t offered before, one; have the confidence to know that whatever you’re selling provides value to them.

Evan Francen (35:42):

Right? Because that’s gonna help you defend where you’re coming from, right? And so, and if you have problems defining where those values come, that’s why people like us are here. You know, ask me, I’m not gonna steal your customer. I got too much work to do already. You know what I mean? I would love to help you serve the customer. What I don’t want you ever to do is to serve the customer wrong. I don’t want you to ever take advantage of a customer, because that’s more mess that I have to clean up later. Plus, I hate seeing people get taken advantage of, you know? So when you talk about the market to approach whatever market you feel comfortable, every single business, everywhere that’s ever existed needs a risk assessment. Start with that. Right? And that should point you in the direction of what other investments you need to make,

Evan Francen (36:25):

if you’re confused about that or have a trusted you know, relationship with somebody like, like Mike, that can be like, ’cause Mike’s never gonna sell you anything you don’t need. If he doesn’t have a product to sell you, he’s still gonna have the relationship point you in the right direction. And if there’s a need later on, he is gonna, you’re gonna come back to him. You know, those are the kinda relationships you need to have. What, one of the things I would never, ever do is ever buy a product from anybody who is trying to sell me something that doesn’t know me, right? So if you’re, if you, if I get a cold email or a phone call and you’re trying to sell me some, I was gonna mention a whole bunch of company names, but I’m not gonna do that. No.

Evan Francen (37:06):

You need to know yourself well enough to know what you want, to know what you need without a vendor telling you what you know, you know, what you want, what you need. Right? Right. And if you don’t know what you want or what you need, that’s where you need to spend your time right now. Yeah. Because it’s your business. It’s not my business. If, if your business goes under, it’ll break my heart, but I’m still doing fine. You know what I mean? And so we oversaw self fear, but, and what I’ve been going a lot more lately is trying to sell value, right? We’ve always in, in our industry being, ’cause information security is a risk thing. And risk is always based on a negative consequence. So it’s always a loss prevention sort of discussion. But now that we’ve been doing it wrong for so long, I think it’s a great opportunity for me to create actual value to actually add something to your bottom line.

Evan Francen (37:56):

And one, for instance would be to do an asset inventory, start with the hardware assets. Let’s find all the hardware assets that you’re not using anymore, that you don’t need anymore. Let’s get rid of ’em. We just saved you money doing that. And from a risk perspective, from a CISO perspective, we just reduced the tax surface. Those are systems I don’t have to patch anymore. I don’t have to maintain anymore. I don’t have to worry about ’em anymore, and then go to software, do the same damn thing, right? And you’ll find that in a 12 month period, if you’re just engaging with a, with a, a new customer, mid-size customer, you might be able to save them tens of thousands of dollars, maybe hundreds of thousands of dollars just in those two things where I’ve now added to your bottom line. You know, because the language of business, we talk about that crap a lot. The language of business, according to Warren Buffet, who knows, like business stuff is accounting. So start communicating to them on how you’re going to make them more money.

Frank Gurnee (38:52):

Yeah. A lot of us in the managed service world use that with with communications, telecom agents and things like that. We would bring someone in and let them quote out and look at the existing telecom network, communication network and in doing that, typically pay for our managed services because they were on old antiquated T1s and things like that, all this kind of crazy stuff, right? And they’d come in, they’d say, we can put all this new high-speed stuff in, and you’re gonna save X amount of money. And we’d say, well, right there, paid for our managed services. There you go. Right? So in the same, in the same respect going in and doing asset inventory and things like that…

Evan Francen (39:34):

I was talking to another business leader who was, you know, complaining about sales last year or whatever. He says, ’cause they cut information and security budgets across the board. And I’m like, hell yeah. It’s like, what do you mean? I go, that’s less money that they’re misspending. You know what I mean? If you, if you can’t, if you don’t understand how, I mean there’s so many classic examples, and I keep going back to like the SolarWinds breach, right? This super sophisticated attack, which it was pretty cool, could have been mitigated with a firewall. Chances are really good every one of your MSP customers has a firewall. So is it being used properly? Right. And it’s not ingress, it’s ingress and egress. Right? It’s both ways. So there’s a great opportunity right there. I could, and there’s something I could use for marketing as an example.

Evan Francen (40:23):

Everybody heard of the SolarWinds attack, right? Did you know that the SolarWinds attack was mitigated by the IRS? And this is all public information because they had egress filtering properly in place. We wanna do the same thing for you. And the reason why I wanna do the same thing for you is present the same kind of attack, but also maybe identify some command and control, maybe a place where you, you know, we can do some threat hunting with that information. Whatever. It’s just a prudent thing to do, but you already have the tool, why not use it right.?You know?

Frank Gurnee (40:54):

Yeah. I think the biggest sales opportunity right now for MSPs is to go and create that next QBR. Go out to that customer that you have today and talk about what you’re doing. Do a risk assessment. You know, use our core assessment or whatever you have. If you have a spreadsheet, use it. Whatever you gotta use, do a risk assessment. Right? And that opens the door to the cybersecurity conversation, which funny enough, most, most of the customers think you’re handling this for them. So you have to like, you have to communicate to them that you aren’t. And in your next QBR, you could do that. You could say, Hey, we’re gonna come out, we’re gonna do a risk assessment for your business. It’s just part of our, you know, new thing that we’re doing or whatever. Go out there, do it. And then sit down with that customer and say, here, you know, there’s some things we haven’t done for you, and this is fairly new stuff, but you’re hearing about these things, breaches all this stuff in the news. It’s real, it’s here and now we can provide a solution that covers you for that. It’s not something we’ve covered before. And it only costs you this much more to add it to your solution. By doing that, not only have you notified them, it’s not something you cover, maybe you get additional revenue, but on top of that, you cover your ass, right? Because…

Evan Francen (42:09):

Well, not only are you not doing that for your customer, you can’t do that for your customer. (Yeah.) The people who are ultimately responsible for information security in that organization is the customer. (Right.) So have that discussion with them. How am I responsible for this? What information should I know on a regular basis? And that’s how I serve you. Right? I mean, any business that, I mean, you know, financial risks, you know, compliance risks, you know, legal risks, you know, all these other things, why wouldn’t, you know your information security risks. It’s just another risk. And (Absolutely.) You know, the MSPs that are good at serving their customers understand that and help their businesses.

Frank Gurnee (42:46):

Yeah. Did you have something to add?

Michael Kennedy (42:48):

I was gonna say, I think it’s how you approach it too, with them, right? You don’t going in with them and saying, how, how do you, how do one of the things that like we like to do in the QBR is, how is your organization with security awareness training? Are they, do you think they’re doing pretty well? How do you feel that they’re doing, getting them to kind of think about it and buy in versus us coming in and saying, you guys are failing at phishing. You have all this stuff. You’ve gotten a couple of BBCs lately. You really need to get security awareness training because you guys kinda suck. Instead of taking that tack, I mean, that’s honest, it’s truthful, but..at the same time it….

Evan Francen (43:27):

Well, but it goes back back to the relationship too, doesn’t it? I mean, because some

Michael Kennedy (43:29):

Relationship Yep.

Evan Francen (43:31):

Because some of those customers, I do have that kind of relationship where I can just come right out and tell you, you suck. But some, some don’t. You know?

Frank Gurnee (43:38):

Yeah. But then at the end of the day, if you can give them the data, so for instance, like with Teams or with with S2ME, you can send out the, you know, those, those assessments to the employees and then all of a sudden you have the data to say, look, yeah, we’re not doing so well here as you can see, you know, we sent this out to the, to the folks in the, in the organization. And so, you know, what we think would be a good plan would be to get you on some security awareness training, which would, you know, help, you know, potentially cover those, those issues that we’re seeing

Frank Gurnee (44:09):

rather than less, rather than obviously taking that other approach, which is like, you guys just suck and, you know, we know you’re not doing this.

Evan Francen (44:13):

We’re supposed to be deifying people. Right?

Frank Gurnee (44:15):

Right. Exactly.

Michael Kennedy (44:16):

You de-suck. I guess, I guess what I was trying to say is, is I want them to, I want ask ’em the question in a way that they’re thinking about it. Rather than listening to me just tell them that they need to give security awareness training. I want them to, I want to ask them in a way that says, what do you, how do you guys think this is going? And, and I want to get their feedback. ’cause Then I also, I hear different things too. They, if I’m just selling in that widget of security awareness training or, or getting ’em onto it, but I don’t get the feedback that they all hate it. It’s cumbersome. If they got it tweaked a little bit, they would do better. Or they’re, they’re afraid and, and because they think they’re gonna be policed and get in trouble for it. So…

Frank Gurnee (44:56):

Yeah, I think one of the biggest, biggest failures, I think one of the biggest failures we have as kind of tech-minded people going in and trying to sell things is exactly that. We’re trying to sell a thing to somebody. (Yeah.) So instead of selling the thing, we should be talking to them about how we’re gonna help them, what we’re gonna do. (Correct.) You know, what, what is it that it’s not the tech, it’s not this EDR solution or XDR or SOC or whatever, or you know. This type of protection. They don’t care about the thing. So your solution stack of what you put together is not correct. The thing you’re selling, you’re selling them the, this mindset, this idea, this protection, this, this peace of mind. Right? That’s what we’re, we’re providing to them and selling to…

Evan Francen (45:40):

Focus on the Mission and you make money,

Frank Gurnee (45:42):

What’s that?

Evan Francen (45:43):

That’s focus on the mission and you make money.

Frank Gurnee (45:45):

Yeah, exactly. And yeah, so that’s, those are great. Alright. So cool. Just thinking about, you know, sales and, and things like that I think a lot of people get caught up in not understanding how to get educated, what to do, this is all new. Would you guys say it’s a good idea for them to lean on their vendors that are providing these services and solutions to help them? I know for us, we help beyond even what people understand or know. So things like sales trainings and talking to them about, you know, their solution and their stack and pricing it and all these things that you wouldn’t think would come from a vendor. Is that, I, I know with Ostra you guys do a lot of similar stuff as well. Do you think that these guys should be leaning on their vendors to help educate them on all this stuff?

Michael Kennedy (46:39):

I do. I think it’s you for sure. You have to lean on your vendors, talk to other vendors you know, get involved in different cybersecurity type events, attend stuff like this, where you can hear people talk about different products or, you know, solutions in, in our cyber industry. The, the more it’s kind of going goes back to it, and I think you had it, you were talking about the more you know, you know, it’s like those, those PSAs. Yeah. And, and, and be able to, because I think for me, the biggest problem is making sure you don’t the Kool-Aid. So, you know, I’m never going to ask you to and go out and take a picture or video of you. You know, that honesty, that authenticity, that, that kind of transparency. That’s what you wanna look for in these vendors. And when you go have those conversations with them, pay attention to that and, and, and judge for yourself go with, you know, like what I do, I always go with my gut.

Michael Kennedy (47:46):

I listen to it. If it feels squeamish, then I’m not gonna carry forth and then I’ll validate with that vendor. But lean on them to kind of help you understand the tool and the product. Understand. And they’re not gonna know your customers like you do though, right? I mean, that’s, that, that’s really, they’re not gonna know how to communicate into the industry or the, the market that you sell into. That’s your sweet spot. That’s why you’re successful as an MSP in there. But definitely leverage them to help you, you know, kind of convey that messaging why this product or the services is important for them. Like security assessment. You two would be, if, if I needed to talk to somebody about why they should do a security assessment, I would pull you two into a conversation and say, “here…”

Frank Gurnee (48:34):

Yeah. Yeah. I think you know, it’s, it’s, it really comes down to understanding as you choose your vendors and as you kind of get in bed with the vendor and you understand (wait a second, what?) if they’re focused on just them, it’s, it’s not a good relationship. Right. If if the vendors…

Evan Francen (48:49):

We’re supposed to get in bed with them?

Frank Gurnee (48:50):

What’s that?

Michael Kennedy (48:52):

We’re supposed to get in bed with them?

Frank Gurnee (48:53):

<Laugh>. Yeah. Yeah.

Michael Kennedy (48:55):

A a twin size bad.

Frank Gurnee (48:56):

You don’t, Evan, come on. What, where,

Michael Kennedy (48:59):


Frank Gurnee (48:59):

I thought that was a thing that you, you did.

Evan Francen (49:01):

That’s another thing I I haven’t been doing right then. Put that on the list.

Frank Gurnee (49:04):

Right, right. You gotta, you gotta try it. Yeah. It’s pretty good.

Evan Francen (49:08):

I gotta tell my wife.

Frank Gurnee (49:09):

No the, you know, the, the idea of like the vendors, if, if all they want to know is how many of my thing are you gonna sell? You know, I’ll help you sell my thing. They’re not interested in your business. They’re not interested in seeing you grow. It’s really, every time I get on a call with, with any of our partners, it’s really about me understanding how to make their business successful. And, you know, some of that’s gonna kind of involve our solution or our product and sometimes it doesn’t and that’s okay. You know, I’ll have that conversation with someone to help them as best as I can with the, you know, 25 plus years of knowledge in this industry. Right. So, and I’m sure you guys are the same way,

Michael Kennedy (49:48):

Right? It goes back to that kind of survey side that’s…

Evan Francen (49:52):

I don’t know, (unintelligible) I haven’t been sleeping with the vendors

Michael Kennedy (49:54):

<Laugh>. No.

Frank Gurnee (49:56):


Michael Kennedy (49:57):

That would be kind of funny though. But it goes, it, it goes back to that kind of, that that survey side of, you know, the mission before money really, it, it, that’s, that’s it.

Frank Gurnee (50:07):

Yeah. Absolutely. Well, awesome. Did let’s see if we had any questions come in, I’d love to get to those. So we had some in the Q and A here. I

Evan Francen (50:17):

Type your questions. What

Michael Kennedy (50:18):

Up? Amen. Evan

Evan Francen (50:22):


Frank Gurnee (50:23):

Yeah. So all we

Michael Kennedy (50:24):

Umin Evan.

Evan Francen (50:26):


Frank Gurnee (50:27):

So someone mentioned in when we’re talking about AI that they’re already seeing software developers using AI to automatically complete questionnaires for things like PCI, SOC two, et cetera. I mean, that can’t be a good idea. Is it <laugh>? I mean,

Evan Francen (50:43):

Well, I mean, I don’t know. I mean, I don’t know. It’s I don’t know what a, I don’t know what the AI is, you know, how it’s been set up, how it’s, you know, the algorithm, I don’t know. It’s plugged into, you know, so generally no, but you could, you could use it for that.

Frank Gurnee (50:58):

Yeah. Yeah.

Evan Francen (50:59):

Because that would be all, that would be all subjective data inputs. And the good thing about AI for compliance is it’s all, it’s all not subjective, objective. The good thing about a AI is it’s, it should be used for obje objective things. Check boxes. Yes/No questions. Stuff like that.

Michael Kennedy (51:19):


Frank Gurnee (51:21):

Yeah. Yeah. And, and in, in automation, I think there, there is a pla there is a place, there’s, there’s things that can, (bags under my eyes) can’t automatically been done, you know, be done.

Michael Kennedy (51:30):

Quit showing off your tattoos.

Frank Gurnee (51:32):


Evan Francen (51:33):

I have bags under my eyes, Does this look weird?

Frank Gurnee (51:40):

Does look strange. <Laugh>

Evan Francen (51:41):


Frank Gurnee (51:43):

So, Jason said amen to whatever Evan is saying right now. That was a little earlier. Or you know, maybe when you’re (Jason, check’s in the mail. I’ll…) talking about getting in bed with vendors…

Evan Francen (51:51):

I need the address.

Frank Gurnee (51:53):

<Laugh> could have been then, you know, when you’re talking about getting into bed with vendors, maybe. Amen to that.

Evan Francen (51:59):

I gotta get clearance on that.

Frank Gurnee (52:01):

So Lyle, ask the question. So for marketing, how would you explain the difference between information security compared to cybersecurity? Since most businesses think of cybersecurity as a tool. So how do you

Evan Francen (52:13):


Frank Gurnee (52:14):

Make that difference?

Evan Francen (52:16):

So literally cybersecurity is a subset of information security. So information security covers administrative, physical, and technical control. So the people part of security, the physical part of security and the technical part of security, right. And I use, like if I was going to attack an organization, I would attack the people. I wouldn’t attack your computer. You know, I could, but the return on the investment is much easier just to ask you for a password than it is to crack one. So the administrative controls piece is really important and it doesn’t really matter how great your firewall is if I come and steal your server. So we can’t negate the physical controls as well. And then you’ve got the technical piece and the difference between that and cybersecurity. Cybersecurity, by definition, cyber is over pertaining to computers. It’s technical. So, and if I only now, and that’s why I have to ask a lot. ’cause We don’t speak the same language in this industry. When somebody’s talking to me about cybersecurity, I have to stop them and usually ask, are you talking cybersecurity or information security? And I may ask it that way, or I may ask it a little with a little more tact, but I need to know if we’re talking about the same thing which, you know, usually helps. ’cause If you’re not talking about the same thing, if you’re treating this like, this is a technology problem, then we’ve got a problem.

Frank Gurnee (53:35):

Yeah. And I think everything is getting lumped into that cybersecurity,

Evan Francen (53:38):

Which is fine if you wanna refer to information security as cybersecurity. That’s cool.

Frank Gurnee (53:43):

Or as part of it, right, but…

Evan Francen (53:44):

We just need to be clear.

Frank Gurnee (53:45):

Yeah. Yeah. So, okay. That’s great. If you have any other questions, feel free to jot them really quickly. I know we’re getting to the top of the hour here. What final thoughts do you guys have as far around any of this sales, marketing, AI, any of this stuff?

Evan Francen (54:00):

My final thoughts are, I think Mike is awesome. I really dig him. I look forward to him coming down to see me. And you know, whenever you’re coming and you know, Frank, I think you’re awesome too. That’s all I got. Yeah.

Frank Gurnee (54:14):

I just don’t have as cool of a beard.

Evan Francen (54:16):

You never will.

Michael Kennedy (54:17):

You can work on it. Yeah.

Evan Francen (54:18):

Yeah. No, that’s how you get imposter syndrome. So be careful when you compare yourself to other people. That’s right,

Frank Gurnee (54:23):


Michael Kennedy (54:24):

That’s right. Stay away from that.

Frank Gurnee (54:26):

Kennedy, any final thoughts from you?

Michael Kennedy (54:29):

Tell the truth. Yeah, I’m gonna, I’m just, that’s my, that’s, I’m gonna tag that.

Evan Francen (54:34):

You can’t go wrong, man. I mean, sometimes you miss out on things like, yeah. We’ve missed many projects over the years, I’m sure. Where we wouldn’t compromise on that, right? Yeah. We’re not gonna tell the customer something that we’re not going to be able to do. And the competition did. And in that case, we’re not competing anyway. We’re playing different games. So, you know, sometimes it does hurt and you have to be prepared for that. But overall, I think you do get a reputation, which is important, you know, in this industry that you, you, you may not like to hear what I’m gonna say to you, but you know, it’s not gonna be a lie. (Right.) And, you know, I’m gonna be open to, you may not feel like it, but I’ll be open to criticism. I need to be criticized. I need to be held to account.

Evan Francen (55:25):

Like, if I tell you something that I think is the truth, I would never tell you something that I didn’t think was the truth. But if it comes out, turns out that it’s not the truth and you don’t say something to me, you’ve now, not you, you’ve, I, you’ve, you, you need to save me for myself. And you need to save the people that listen to me from me. So tell me when I’m not telling, you know, or challenge if it, even if you think what I’m saying just doesn’t seem right, get clarification either way, the conversation is gonna be awesome because you’re gonna come away smarter. And so am I. So, you know, tell the truth all the time. Don’t be afraid to question the truth. You know, ask your vendors, if a vendor’s ever, you know, really asking you, you know, trying to sell you something, ask them how it’s gonna provide value to your business.

Evan Francen (56:16):

Right? And, and if they say, well, it’s gonna save you from ransomware and billion dollars of losses or whatever, explain to me how that’s gonna do that. And is this my most significant risk? And if they say yes, call bullshit right there because they don’t know you. How the hell would they know that? Only you know that. And if you don’t know that, that’s the damn problem. You know? So I think, and, and that’s how you, that’s how I identify a lot of transactional salespeople. I’m not, I’m done with transactional, you know what I mean? I, I do relational. And so if I ask, if I ask you challenging questions about how your product’s gonna provide value to me, if it is the, where I’m supposed to spend my next information security dollar, show me how that is, ’cause according to my risk assessment that I just did last quarter, your shit’s not on here.

Evan Francen (57:06):

So tell me how it’s gonna solve any of these problems for me. And, you know, so I, you just have to be, I think more discerning. You have to be able to, ’cause at the end of the day, it is your problem. It’s not my problem. Right. It, it’s the same thing at like home, you know, we’re all CEOs of our houses, right? It’s just like little businesses, you know, we have budgets and we take money in and we spend it and just like a little business. And the risks are pretty close to the same. They just scale. And so you’re responsible for information security at your own home, right? The same thing would be at your business. It’s whoever’s at the top. And so you wanna make sure that if you, if you really care about your business, that you’re making good risk decisions. If you’re not sure there are answers to get those answers.

Frank Gurnee (57:55):


Evan Francen (57:56):

So that’s, that’s all I got.

Frank Gurnee (57:58):

Awesome. Guys, you know, really appreciate both of you being on today.

Evan Francen (58:03):

Neuralink. Ohh…

Frank Gurnee (58:04):

Yeah, exactly.

Evan Francen (58:06):

Who’s, who’s a Annie non any, any mouse,

Michael Kennedy (58:10):

Any mouse attendee,

Frank Gurnee (58:11):

Any mouse?

Evan Francen (58:12):

What do I think? What? Will you be (Chicken) getting a Neuralink? No, I will never get an implant.

Frank Gurnee (58:16):


Michael Kennedy (58:17):


Michael Kennedy (58:17):

I don’t like, yeah. I stay away from IOT as much as possible.

Frank Gurnee (58:21):


New Speaker (58:21):

You know, if I figured if you put something like that in here, like I have to you have to trust all these developers that they coded some good shit. And I don’t know if you’ve met many developers. There are lots of developers who don’t code good shit.

Frank Gurnee (58:35):

Yeah. Well, that, that may be a,

Michael Kennedy (58:37):

Using Chat GPT

Frank Gurnee (58:39):

The medical industry and medical devices and all that good stuff. So you know, we’ll keep that for, for the next one. Thank you guys so much for, for being on today and, and having this conversation. I think this…

Evan Francen (58:50):

We’re gonna do this again soon, right? This is a podcast. We’re gonna do this.

Frank Gurnee (58:52):

Yeah, yeah, yeah. So we’ll, we’ll continue these. With that, you guys all the attendees should be getting some surveys and, and questionnaires. If you receive that, if you have ideas for more topics you want to hear about, feel free to jot those down on those. So we’d love to hear from you and, and have these formulated. So when we do these, it brings you the most value that we possibly can. Thanks guys again for, for jumping on today, a ton of value. And and thank you everyone for, for showing up and taking your time with us. We really appreciate it.

Evan Francen (59:23):

Can you fly a drone on the next one?

Frank Gurnee (59:24):

What was that?

Evan Francen (59:25):

Can we fly the drone on the next one?

Frank Gurnee (59:27):

Yeah. Yeah, that’d be fun. That’d be fun.

Michael Kennedy (59:28):

Can we live stream it?

Evan Francen (59:29):


New Speaker (59:30):

Yeah, if you guys want to check out Ostra, ostra.net, jump over there. You know, tons of good stuff for MSPs with all this managed service and MSSP stuff. And then if you’re interested in learning more about risk management, feel free to jump over to SecurityStudio.com. We’ll take care of you. Thanks guys. Have a great one.

Evan Francen (59:49):


Michael Kennedy (59:50):

Yeah, you too. Thanks. See ya.

Frank Gurnee (59:51):