Blind humility can make you a poor leader.

Humility is often touted as the paramount soft skill for someone who leads, but used incorrectly it can tank morale with your people.

Let me explain.

Humility works *in concert* with self awareness and EQ.

If you're amazing at something, but "humble" about it, you might expect other people to execute that thing at the same level you can.

"If I can do it, why can't they? I'm not any better than them."

Only EQ shapes humility properly.

Knowing yourself well, that you're good at something, and understanding that's what makes you unique.

Not better; unique.

Then using EQ and holding that up against the uniqueness of others - showing them patience and stewardship - helping them to own their own greatness.

- Be humble.
- Recognize where you're great.
- Recognize unique greatness in others.
- Weave that into the tapestry of your team.

That's leadership.

#team #leadership #msp #mssp

#WorkLessDoMore

"If you don't want to do it, you probably should."

The words of one of my H.S. coaches (can't remember which) in regard to strength training - most likely for leg day 😂

I'm in the middle of a series on building a client-focused business capabilities model for your MSP, but I'm going to pause the technical details of that, and talk about why I think almost no-one does it (instinctively).

⚡ SIDE NOTE ⚡

Yes, we all know about the Operational Maturity Model ;)

Don't get me wrong - that's helpful - especially when determining the financial health and long term sustainability of your MSP. However, I think it's a bit of the cart before the horse.

🧠 CLIENT FOCUS 🧠

A business capabilities model is viewing your MSP from the outside in. It's goal is to clearly communicate the services you can deliver, and what problems they solve.

- How do clients see you?
- What do they expect from you?
- What do they want; what do they need?

And, most importantly, are you listening and delivering on those things?

🏋️‍♀️ DESIRE 🏋️‍♀️

Whether you're a founder from a sales background, or from a technical background, this is not going to be something you gravitate towards. It's not the thrill of closing a deal, nor the payoff and gratification that developing a new technology brings.

It is, however, one of the absolute best things you can do for your business - understand the client journey, be open to hard truths, and do the hard work to build a foundation that frees you to do what you love. (insert analogy about leg exercises facilitating you to play X,Y,Z sport better here).

It also helps you build a foundation to exponentially grow your business, incidentally ;)

So, I'm here to tell you, If you don't want to do it, that's normal - but you probably should.

🔶--------------------------🔶

✌️ That's all for now - more steps coming soon! Check back soon to make sure you don't miss the rest!

🔶--------------------------🔶

#WorkLessDoMore

#MSP #MSSP #business #strategy

Here's the one thing I know you're not doing - and how it's hurting you.

Build a business capabilities model - differentiate your MSP, win deals, and sell more services to clients.

Today, I'm starting my series in defining a shorthand business capabilities model for your managed services or consulting firm.

Doing this will allow you to better identify the right clients, have a high level of customer satisfaction, and deploy new services quickly based on market demand.

🔶--------------------------🔶

PHASE 1: EVALUATE

🔶--------------------------🔶

In the evaluation stage, you need to define what you're currently doing. Don't worry about the good/bad/ugly here. The goal is to define the status and level of maturity of the current services.

This is pretty simple. All you need to do is ask about each service you provide:

✅ What do we do?
✅ How do we do it?
✅ How do we prove we do it (to the client)?
✅ What is our process for continuously improving it?
✅ What do our agreements say about it? Are they in line?

🎁 BONUS: Are all of the above processes documented?

⚡NOTE⚡

You'll also want to develop some sort of qualitative rating system for these, but that's outside the scope of a LinkedIn post ;)

🧠 GAPS 🧠

Once you've gone through this exercise, the problems/gaps are going to become pretty apparent, but don't launch into solving just yet - we need to take a step back and think about the "why" - more about that in the next post.

🔶--------------------------🔶

✌️ That's all for now - more steps coming soon! Make sure to check back soon so you don't miss the rest!

🔶--------------------------🔶

#WorkLessDoMore

#MSP #MSSP #business #strategy

MSPs shoot themselves in the foot by not having clearly defined business capabilities.

It's unfortunate - business leaders I've spoken with taking a "never again" stance to outsourcing their IT and/or security - due to a bad experience with a previous provider.

It shouldn't be this way. A good MSP can be an absolute game-changer for an organization - when delivered properly.

I believe many bad experiences are due to confusion and assumption when it comes to the service management portion of the service.

- i.e. "Who is managing the managed service?"

MSPs typically provide a set of services (help desk, engineering, break/fix, project work, SOC, etc) and toss in a QBR for account review and touch-base. But that's *not* true service management.

That's setting up a poor relationship model with your client from the outset.

The quickest way to a healthy relationship (in any domain) is clear communication.

The managed services model is a team effort between the client and yourself. But if you aren't clear on your own capabilities, how can you expect that to translate to a healthy relationship with a client?

You'll inevitably be left in a situation where you are dealing with client issues because they believe "you aren't doing your job."

Sound familiar?

There's a way to fix this. Develop an operational capabilities and maturity model. This will allow you to see what you're actually able to do for your clients, communicate that properly, and *fix* where you're failing in any area.

This doesn't have to be some long drawn out process either. In the coming weeks, I'm going to be giving you some ideas on how to accomplish this in a crawl, walk, run fashion.

NOTE: This will also help you clarify when a client might not be the right fit, and help you dodge a bullet with clients that are going to be a losing proposition for your business (you don't have to turn them away; you can partner with other providers).

For now, this post is too long already, but here's a link to get the creative juices flowing for you. (This is going to seem like a lot - I'll be simplifying in later posts).

https://lnkd.in/gtN7fYvs

#WorkLessDoMore

#MSP #MSSP #business #strategy

🔶--------------------------🔶

✌️ That's all for now - more steps coming soon! Go ahead and click that 🔔 on my profile to make sure you don't miss the rest!

🔶--------------------------🔶

Super interesting read - helpful for leaders to examine their culture and ensure that personnel factors aren't putting them below the "poverty line"

"[the cybersecurity poverty line] It’s a point where legacy technical debt, lack of engagement or even understanding of the business strategy and general hostility from nearly all departments eclipse any desire on the part of the security team to improve the situation..."

#WorkLessDoMore #cybersecurity #business #culture #strategygame

https://www-csoonline-com.cdn.ampproject.org/c/s/www.csoonline.com/article/3686688/how-to-survive-below-the-cybersecurity-poverty-line.amp.html

Put these 4 sections in your vCISO report to impress your clients and move the needle!

Ok, this is gonna seem REALLY simple, but you'd be surprised at how many shops I've seen not do all 4.

🔶--------------------------🔶

1) GENERAL RECAP

🔶--------------------------🔶

Today we're gonna cover Step 1 - General Recap. This section is for the one-offs or adhoc items/questions/concerns that have popped up over the review period. This is a critical step to show the client that you've heard them, and have addressed or taken action on their queries. It's basically active listening put into report form.

💡SIDE NOTE💡

It's important that you have a defined and processed system for gathering these from all the different touch points in your organization throughout the review period.

⚡EXAMPLE⚡

If a stakeholder mentioned they weren't happy about the way something was handled, that should go in this section. A ticket should be opened up for internal review, and you should provide a status as to why it happened, what you've done to fix it, and an assurance that it won't happen again.

That's just one example, and this could be a wide variety of items, such as questions on reports, ideas or requests for simple items, etc.; bottom line is to show the client that you're listening and taking action on the little things. This goes a really long way.

🧠 RCT 🧠

Use my RCT task framework (Resource, Commitment, Time) to describe new takeaways from the convo, then you'll have a list of commitments from stakeholders on the call to iterate against over the upcoming review period. Make sure you come with updated status for anything outstanding assigned to your organization, and then ask for status from any client responsibilities. Update with RCT accordingly. This is huge to build accountability loops in.

🔶--------------------------🔶

✌️ That's all for now - more steps next week. Follow along to make sure you don't miss the rest!

#WorkLessDoMore

"We're just not seeing the value"

The kiss of death from a Managed Service customer.

But you've been killing yourself for them; how can this be?

It's one thing to do a great job, it's quite another to prove it.

Especially in infosec programs, your monthly metrics review might be the only chance to demonstrate value.

With that said, are you giving the proper level of attention to these meetings?

I'll be giving some of my tips on a value-centric approach to client reviews in successive posts, but from a 10,000 foot view, are you taking the first step of viewing these meetings as the critical touch points that they are, and making sure your teams do as well?

This is not the time to be reading from a stale, auto generated power point. This is the time to be drawing out context, asking the customer hard questions, and challenging them to improve; pushing the action - being a true advisor and value add to their business.

If not, you might well be doing a great job, and losing a client in the process.

#WorkLessDoMore

I have to be honest.

I don't "like" being organized.

This might come as a shock to most people who know me professionally. I'm known as *the* process guy in many circles.

It's literally why Managed Service Providers hire me.

It's true, I am excellent at process design, but it's a survival tactic. I'm more of an idea/visionary personality. I work in bursts of energy. I tend to procrastinate.

So I *need* to be organized - because it enables what I love: Watching my ideas come to life, watching the systems I design grow, and watching those systems add value to the world.

Just a reminder that knowing your weaknesses is as important as knowing your strengths.

I made a career out of mine.

#WorkLessDoMore

#msp #mssp

Conventional wisdom says you need to choose between customer value and profits.

I'm here to tell you increasing customer value is the only way you'll spike the profit curve.

- Think like your customer
- Personalize your services
- Stamp out repetitive processes
- Iterate, upgrade, repeat

#WorkLessDoMore

My quick thoughts on process improvement frameworks here:

https://www.linkedin.com/posts/secopswarrior_four-simple-steps-for-effective-process-improvement-activity-7019716332036210688-rKB4

TL;DR - Take with a grain of salt. Let them inform your approach, but action is king.

#WorkLessDoMore

I'm not interested in helping people succeed.

🌿 I'm interested in helping them flourish.

▶️ Succeed: To accomplish something desired or intended.

Succeeding is great; it's good to set a goal and accomplish it. But it's only part of the smaller picture of a flourishing life. It's single outcome driven.

▶️ Flourish: To be in a period of highest productivity, excellence, or influence.

Flourishing is a comprehensive view the desired macro state.

🚀 Don't just succeed. Flourish. 🚀

#WorkLessDoMore
#leadership #strategy #informationsecurity #cybersecurity

There's a secret to the way I inject effectiveness into a security program.

It's not glamorous. It doesn't require next gen AI.

- Sometimes it means doing really boring, thankless work to track down the why behind an operational process.

- Sometimes it means listening and admitting I made a mistake.

- Sometimes it means I take notes and follow up with folks like I'm their admin assistant.

What's the secret? Attitude.

Try to strip away every piece of extraneous bureaucratic nonsense you can, and push for action. Don't EVER say that's not my job. Find the "thing" that needs to be done, and then do it. Excite others to do the same.

#WorkLessDoMore

Longer article, but I encourage you to read it - gives the good, the bad, and the ugly of automation.

One note of caution: many were not seeing the ROI they expected - this is most likely due to too wide of a scope and/or murky process surrounding what was being automated. Discerning a narrow scope of WHAT to automate is critical to the success of these projects.

👇 bottom line, though 👇

“The number of CEOs now indicating that [robotic process automation] is near the front of their project list is enormous. It’s reaching front-office functions too. They’re just taking what was in their spreadsheet and creating automation to answer it.”

#WorkLessDoMore #business #strategy #leadership #Automation

https://www.linkedin.com/posts/powerpsa_automation-is-at-a-tipping-point-activity-7016635013588795392-62s0

A little story about (lack of) preparation...

As a CISO and cyber strategist, I am quite adamant about planning and preparing. I think incident response and disaster recovery tabletops should be part of every organization's continuous improvement approach.

Today I'd like to tell you about how I didn't prepare, and it cost me.

Being our first winter on the farm, I purchased an old pickup and a plow setup from Craigslist. I was ready to attack the snow when we had that cold snap a few weeks ago - or so I thought.

I had my truck plugged in overnight, but when I went out that morning to start it to plow our drive, nothing.

Now we were snowed in. Thankfully the issues we experienced with our home furnace (which you may have read about in my other post) didn't require a service call and we were able to make it through, but things could have been much worse if we had a broken furnace and no way to go somewhere warm.

I didn't trust but verify - I didn't make sure that the block heater was actually working for the truck, and I didn't check the batteries.

When the cold subsided over the next couple days, I found that the block heater cord was cut; replaced that, and that the batteries needed replacing, which I did also. I then set up a smart plug for the block heater with some #automation that proactively notifies me if it's not working. Simple, but this all should have been done prior to a crisis.

When we were hammered by another storm today, no worries, hopped in the truck and took care of the snow. Easy peasy.

So, learn from me. make sure you verify your security controls are working, that you have competent personnel monitoring them, that you have automation in place, and that you plan ahead of time for not if, but when a crisis strikes.

P.S., I highly recommend snow plowing, it's like being a little kid in a sandbox all over again 😂

#riskmanagement #informationsecurity #cybersecurity #leadership

#WorkLessDoMore

Ballooning payroll? Flat growth? Declining CSAT/ESAT/ARR?

Here are 3 things you can do to revolutionize your business.

👎 DON'T:

❌ Increase headcount. Throwing people at the problem simply increases the dysfunction.
❌ Add more tools. You most likely already have a negative ratio of technical/ops debt.
❌ Downsize. This is a band-aid approach, will tank both client and employee morale, and could create an unsustainable tailspin.

These problems all point to a failure of modularity.

👍 DO:

✅ Re-invigorate your workforce. Align people to their passions, give them whitespace for serendipity, then watch the sparks fly.

✅ Radically re-invent your processes. It may seem counterintuitive to use cycles on operational retooling during a crisis, but as Robert Frost wrote: "The best way out is through" - stop reacting, and start creating modular, repeatable success.

✅ Get quick wins - and build on the success. If you show your team you are committed to make things better, and show them the way out through a quick win using the new approach to modularity, you'll be surprised how enthusiastically they respond!

🥂 When you define and "modularize" process, then you can #automate - and that's when things really start to get fun.

Always remind your team of the rallying cry for the vision of the end result: "Work Less. Do More." Use crisis to shake you and your org into brilliant action.

#WorkLessDoMore