猫と一緒に過ごす夏の昼下がり【スコティッシュフォールド】 https://www.wacoca.com/pets/110506/

##まったり #cat #eoheoh #FB777 #KIKKUN-MK-Ⅱ #MSSP #neko #あろまほっと #ゴロゴロ #しぇる #シェルベッド #スコティッシュ・フォールド #スコティッシュフォールド #ペット #マーメイド #マッサージ #人魚 #冷んやり #冷却 #可愛い #夏 #女の子 #映え #最強 #楽しい #猫 #癒し #肉球 #貝殻

成長して遊び方が変わる猫【スコティッシュフォールド】 https://www.wacoca.com/pets/108975/

##まったり #cat #eoheoh #FB777 #iPad #KIKKUN-MK-Ⅱ #MSSP #neko #あろまほっと #スコティッシュ・フォールド #スコティッシュフォールド #ペット #可愛い #女の子 #子猫 #成長 #最強 #楽しい #猫 #癒し #肉球

I've written a guide for MSP's trying to determine if they want to build out a SOC:

No you don't.

End of guide.

#mssp #infosec #cybersecurity #SOC

手作り猫用プリンに挑戦！【スコティッシュフォールド】 https://www.wacoca.com/pets/98559/

##ネコ #cat #eoheoh #FB777 #KIKKUN-MK-Ⅱ #MSSP #neko #あろまほっと #お祝い #ゲーム実況 #スイーツ #スコティッシュ・フォールド #スコティッシュフォールド #プリン #手作り #猫 #猫用

Blind humility can make you a poor leader.

Humility is often touted as the paramount soft skill for someone who leads, but used incorrectly it can tank morale with your people.

Let me explain.

Humility works *in concert* with self awareness and EQ.

If you're amazing at something, but "humble" about it, you might expect other people to execute that thing at the same level you can.

"If I can do it, why can't they? I'm not any better than them."

Only EQ shapes humility properly.

Knowing yourself well, that you're good at something, and understanding that's what makes you unique.

Not better; unique.

Then using EQ and holding that up against the uniqueness of others - showing them patience and stewardship - helping them to own their own greatness.

- Be humble.
- Recognize where you're great.
- Recognize unique greatness in others.
- Weave that into the tapestry of your team.

That's leadership.

#team #leadership #msp #mssp

#WorkLessDoMore

"If you don't want to do it, you probably should."

The words of one of my H.S. coaches (can't remember which) in regard to strength training - most likely for leg day 😂

I'm in the middle of a series on building a client-focused business capabilities model for your MSP, but I'm going to pause the technical details of that, and talk about why I think almost no-one does it (instinctively).

⚡ SIDE NOTE ⚡

Yes, we all know about the Operational Maturity Model ;)

Don't get me wrong - that's helpful - especially when determining the financial health and long term sustainability of your MSP. However, I think it's a bit of the cart before the horse.

🧠 CLIENT FOCUS 🧠

A business capabilities model is viewing your MSP from the outside in. It's goal is to clearly communicate the services you can deliver, and what problems they solve.

- How do clients see you?
- What do they expect from you?
- What do they want; what do they need?

And, most importantly, are you listening and delivering on those things?

🏋️‍♀️ DESIRE 🏋️‍♀️

Whether you're a founder from a sales background, or from a technical background, this is not going to be something you gravitate towards. It's not the thrill of closing a deal, nor the payoff and gratification that developing a new technology brings.

It is, however, one of the absolute best things you can do for your business - understand the client journey, be open to hard truths, and do the hard work to build a foundation that frees you to do what you love. (insert analogy about leg exercises facilitating you to play X,Y,Z sport better here).

It also helps you build a foundation to exponentially grow your business, incidentally ;)

So, I'm here to tell you, If you don't want to do it, that's normal - but you probably should.

🔶--------------------------🔶

✌️ That's all for now - more steps coming soon! Check back soon to make sure you don't miss the rest!

🔶--------------------------🔶

#WorkLessDoMore

#MSP #MSSP #business #strategy

Here's the one thing I know you're not doing - and how it's hurting you.

Build a business capabilities model - differentiate your MSP, win deals, and sell more services to clients.

Today, I'm starting my series in defining a shorthand business capabilities model for your managed services or consulting firm.

Doing this will allow you to better identify the right clients, have a high level of customer satisfaction, and deploy new services quickly based on market demand.

🔶--------------------------🔶

PHASE 1: EVALUATE

🔶--------------------------🔶

In the evaluation stage, you need to define what you're currently doing. Don't worry about the good/bad/ugly here. The goal is to define the status and level of maturity of the current services.

This is pretty simple. All you need to do is ask about each service you provide:

✅ What do we do?
✅ How do we do it?
✅ How do we prove we do it (to the client)?
✅ What is our process for continuously improving it?
✅ What do our agreements say about it? Are they in line?

🎁 BONUS: Are all of the above processes documented?

⚡NOTE⚡

You'll also want to develop some sort of qualitative rating system for these, but that's outside the scope of a LinkedIn post ;)

🧠 GAPS 🧠

Once you've gone through this exercise, the problems/gaps are going to become pretty apparent, but don't launch into solving just yet - we need to take a step back and think about the "why" - more about that in the next post.

🔶--------------------------🔶

✌️ That's all for now - more steps coming soon! Make sure to check back soon so you don't miss the rest!

🔶--------------------------🔶

#WorkLessDoMore

#MSP #MSSP #business #strategy

MSPs shoot themselves in the foot by not having clearly defined business capabilities.

It's unfortunate - business leaders I've spoken with taking a "never again" stance to outsourcing their IT and/or security - due to a bad experience with a previous provider.

It shouldn't be this way. A good MSP can be an absolute game-changer for an organization - when delivered properly.

I believe many bad experiences are due to confusion and assumption when it comes to the service management portion of the service.

- i.e. "Who is managing the managed service?"

MSPs typically provide a set of services (help desk, engineering, break/fix, project work, SOC, etc) and toss in a QBR for account review and touch-base. But that's *not* true service management.

That's setting up a poor relationship model with your client from the outset.

The quickest way to a healthy relationship (in any domain) is clear communication.

The managed services model is a team effort between the client and yourself. But if you aren't clear on your own capabilities, how can you expect that to translate to a healthy relationship with a client?

You'll inevitably be left in a situation where you are dealing with client issues because they believe "you aren't doing your job."

Sound familiar?

There's a way to fix this. Develop an operational capabilities and maturity model. This will allow you to see what you're actually able to do for your clients, communicate that properly, and *fix* where you're failing in any area.

This doesn't have to be some long drawn out process either. In the coming weeks, I'm going to be giving you some ideas on how to accomplish this in a crawl, walk, run fashion.

NOTE: This will also help you clarify when a client might not be the right fit, and help you dodge a bullet with clients that are going to be a losing proposition for your business (you don't have to turn them away; you can partner with other providers).

For now, this post is too long already, but here's a link to get the creative juices flowing for you. (This is going to seem like a lot - I'll be simplifying in later posts).

https://lnkd.in/gtN7fYvs

#WorkLessDoMore

#MSP #MSSP #business #strategy

🔶--------------------------🔶

✌️ That's all for now - more steps coming soon! Go ahead and click that 🔔 on my profile to make sure you don't miss the rest!

🔶--------------------------🔶

Unpopular opinion: Always sign month to month contracts with your software vendors.

If you're packaging different software products along with your labor services, then selling those in monthly or yearly agreements to your clients, trying to save money by going for one year or three year contracts with your vendors is going to become a bookkeeping nightmare.

Always sign month to month and make sure that you have the proper margins to cover that slight increase. the savings in terms of back office efficiency will more than pay for itself.

It also helps when clients add services in and don't have to set up complicated coterm stuff - Just makes it easier to work with you.

#WorkMoreDoLess

#msp #mssp #cybersecurity

I have to be honest.

I don't "like" being organized.

This might come as a shock to most people who know me professionally. I'm known as *the* process guy in many circles.

It's literally why Managed Service Providers hire me.

It's true, I am excellent at process design, but it's a survival tactic. I'm more of an idea/visionary personality. I work in bursts of energy. I tend to procrastinate.

So I *need* to be organized - because it enables what I love: Watching my ideas come to life, watching the systems I design grow, and watching those systems add value to the world.

Just a reminder that knowing your weaknesses is as important as knowing your strengths.

I made a career out of mine.

#WorkLessDoMore

#msp #mssp

@malwarejake @the_hofmann An related anecdote from my career; a ransomware attack originated from phishing. Luckily it was causing limited damage. The #mssp we had at the time offered also phishing training and by chance we found the affected user(s) on the phishing training reports backlog list. At least the affected users then had the motivation to complete the training.

Here's a simple 2-phase approach to launching a managed cyber offering.

I was recently asked what the first 30 days should look like when building out a net-new cyber practice for a #msp moving into the #mssp space.

1️⃣ In my opinion, the best thing you can do is to create a matrix of controls to services. This helps your org clarify and execute quickly.

This picture below of the basic NIST controls is a good place to start.

Take each one of these bullet points and identify if you have an offering, or have the internal skillset to deliver an offering for it.

I would start with a few core services that you're already positioned to build out reasonably quickly, and then identify partners for the rest.

This is going to be your playbook, and will give your team a frame of reference, facilitating proper communication through sales, implementation, and support.

2️⃣ Then identify the 10 top existing clients you want to go after for cyber. Run risk assessments for those clients, and use the resulting gaps to plug into your paint by color offering matrix.

You'll (of course) discover problems as you iterate over this, but the point is to get something reasonably ordered, moving quickly, and then iterate and improve on it as you get more feedback.

💡Regarding planning, don't get lost in trying to create a perfect plan for this. Hatch a solid, general plan, and then refine it as you iterate. I saw a post today from Maarten Dalmijn with a quote I loved - "plan more, later"

#business #strategy #cybersecurity #leadership

4-step shortcut to evaluating products/services you want to add to your org's portfolio:

You should be asking:

✅ 1) What does it take to sell this?
✅ 2) What does it take to (successfully) implement this?
✅ 3) What does it take to support this?
✅ 4) What does it take to bill for this?

▶️ Assign each one of those points to the subject matter expert or champion for that process in your org and get their feedback.

❌ If you identify anything that's going to be inordinately problematic for any one of those points, you've dodged a bullet.

🚨 If you miss on any one of those points and launch an offering or service, you're in for some pain.

👨🏼‍🔧 Now, if you've got a highly compelling sales driver, and need to work out some problems/difficulties with billing, implementation, or support, you can identify that prior to launch, and avoid the catastrophe of a promising offering falling on its face because you're unprepared to take it to market.

There's much more to it, obviously, but I would posit that you could build out your entire go to market strategy from these four points.

#sales #strategy #leadership #msp #mssp

RT @vemsistemi@twitter.com

@Certego_IRT@twitter.com, unica italiana, tra i Top 250 Managed Security Services Providers mondiali 2022, secondo la ricerca di @msspalert@twitter.com, di CyberRisk Alliance.
Guarda a questo link la lista dei primi 250 MSSP al mondo: https://lnkd.in/gbW_FeZ
#MSSP #CyberSecurity #ThreatIntelligence

🐦🔗: https://twitter.com/vemsistemi/status/1605207695245598720

Microsoft Sentinel’s Technical Playbook for MSSPs is out.
Some of these updates in this version include:

- Repositories to deploy custom content
- Codeless connector platform
- Ingestion time transformation
- Normalization and ASIM
- Sentinel health
- New long term storage using Archive
- Search and Restore for Archived logs
- Basic logs tier

To download the latest updates to the MSSP playbook version click here https://aka.ms/mssentinelmssp

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/update-to-microsoft-sentinel-s-technical-playbook-for-mssps-is/ba-p/3670838

#microsoft #sentinel #mssp #microsoftsentinel #siem #soar #asim #pipelines #repositories #automation #devops #bicep #api #CIDC #json #github #azuredevops #pipelinetransformation #enrichment #azure #threatintelligence #azurelighthouse #basiclogs #correlation #ama #logstash #normalization #architecture #soc #globalsoc

The best part about not working for an #MSSP? No more RFP’s to write replies to 😄

#introduction
A quick intro post as a recent twitter transplant though I didn’t use it much. Looking for alternatives and the whole concept of federation perked up the tech geek in me. Have more than two decades in the infosec industry but always looking to learn. Love all science and technology related subjects. May post a pic or two of my pets as well. Currently Director at Fortinet with a team that focuses on MSSP services.
#infosec #MSSP #dogsrule

https://www.nicovideo.jp/watch/sm41394140
その一方で様子がおかしいご本人のサムネ #ゲーム実況 #MSSP

Scenario: You're asked to provide security monitoring on logs from a bespoke system or one that uses technology that there isn't much in the way of security tooling or rules for already, say an API interface.

What's your approach? I guess it's going to be a 'it depends' depending on how it's deployed right? (e.g. facing internet), or do you reject it and only take on logs you know have a known security value? Or keep them but just for incident response?

#detectionengineering #detection #siem #securityquestions #blueteam #mssp

Still struck by how few #Infosec folks are aware of the work @MEF_Forum is doing building #SASE and #ZeroTrust security standards for the telco #MSSP community. #SDWAN22.