Scaling a managed IT service provider

The company that I work at is coming up on seven years old this winter. We’re a small managed service provider with about 4 employees and 25 or so clients. We provide IT support and project implementation services for small professional and service companies. We’ve been stagnant, growth wise, for the past three years or so, and my main focus in addition to taking care of our clients is refining our business processes so that we can scale to the next level. What we’ve been doing has brought us success, but it’s not enough to get us to where we want to be.

We’re part of a franchise system of independent operators all over the U.S. The home office is supposed to provide us with best practices and partner relationships, and the franchisees pool their purchasing power to get best deals with the partners. That’s how it’s supposed to work, anyways. What’s happened in practice is that the home office basically provides new franchise owners with a vendor for this, a vendor for that, and so on, and basically leaves the franchisees to themselves to figure out how to implement it. It’s completely inefficient. I can’t even begin to tell you how much time we’ve spent managing our RMM and PSA tools, or how much of my day to day is refining these various systems (some of which don’t have any API for automation control) to talk to each other.

Instead of pooling human resources, say to have a team of engineers that specialize in setting up firewall systems, for example, each location pretty much has their own teams. We rely on outside NOC and helpdesk partners to deal with first-line issues, and the local teams are supposed to be escalation support. But providing information to these various entities can be very difficult (ITGlue has helped tremendously!) but having a remote helpdesk is very frustrating for customers who expect some sort of continuity.

Unfortunately we’re just not able to provide that level of service for what clients are willing to pay. Especially the smaller clients. MSPs use a per-month contract billing, with rates for servers, workstations, and other IT resources, but that usually just covers keeping things running, remotely, and on site and project work is billed separately.

Things can really add up for clients, especially when they don’t follow our recommendations and shit goes south. Most of them are trying to balance the cost of having their own in-house IT resource, but hardware, software and human resource costs can quickly add up. This is even more true when you consider regulatory and compliance requirements. It’s really hard.

And companies that skimp on these costs always pay for it. Always. I’ve had my fair share of ransomware breaches, but one that I saw this week really took the cake. An firm who we have done business with in the past, that we’ve been under a limited engagement with, had a really bad attack which took down their entire Windows domain: three servers, including AD, Exchange, SQL, file services, and a custom database application. We stopped doing business with them three years ago because it was always a challenge to justify what needed doing over there, and things were usually such a matter of urgency that we would be forced to do things to keep them running. And then we would have to spent weeks having to pull teeth to get paid. We finally said enough is enough and just walked away.

So we got a call from them a few weeks ago. Turns out they had pissed off another MSP, and needed help. They had been through several in-house IT resources, but they needed RMM monitoring, AV and patch management stuff that we would provide. But because they were in dispute with the old IT company, we weren’t able to get access to their backup and data continuity appliance.

Long story short, they got hit earlier this week and didn’t have backups for half their shit. I had convinced their in-house person that they really needed to get some sort of local backup, and thankfully they followed my advice. But it was really too little, and they’ve spent the last 72 hours trying to recover. And let me tell you, it was the most stress-free disaster recovery that I’ve ever dealt with. I’ve damn near had panic attacks and probably lost years off my life from the stress of dealing with my own share of these disasters. Sometimes they were self-inflicted, other times not. But since I wasn’t the one holding the bag, I was chill as fuck.

I’ve saw the writing on the wall for MSPs some time ago. I don’t know if it will be ten years or when, but the business model is going to approach a race to the bottom. And our local market is already saturated with 4 or 5 decent competitors, and many more not so decent. Internal conversations around the future of our firm talked a lot about compliance auditing for DOD/NIST, and the question we’re struggling with now is whether we want to be an MSP that does compliance, or a compliance firm that does MSP. My gut tells me to go where others aren’t. Which is why I’m focusing my time on process automation, combining applications via API.

I was able to list several things to our no list, things we’ve done in the past that have gotten us into trouble in the past. That means setting boundaries for business that we deal with, and will likely involve cutting some of our clients who aren’t growing with us or don’t see the value of the service we provide. It means converting our services to product offerings in order to differentiate ourselves from the competition. And it means automating our processing so we’re not making the same decision over and over again.

Professionalism

Tomorrow marks the start of my last year at university, where I’ll be finishing up my bachelors degree in computer science with a computer science minor. I’m only attending half-time, and the two of the four classes I need to finish are a professional workforce development course. Obviously, this is going to take a good deal of time away from everything else that I’ve been doing, so I’ve labored to unload as many projects that I can. That said, these are writing intensive courses, and I don’t know what kind of time commitment that’s going to take. Obviously, taking thirty to sixty minutes a day is going to be hard to fit in, but I’m going to be staying on top of the assignments to be able to fit that in.

That said, there may be room for crossposting. In the past, I’ve published writing assignments from class to Facebook or Medium in the past, so I expect I’ll find ways to kill two birds with one stone. That said, one of the first tasks is to share my thoughts on what it means to be a professional. Specifically, the characteristics a true professional must have.


Integrity is doing the right thing even when no one is watching.

C.S. Lewis

My dad taught me his work ethic, and while I’ve been slow to get going some times, I’ve I’ve never had a problem focusing on a task once I’d made my mind up to execute. Obviously, there’s a difference between personal tasks and professional ones, but I’ve always hustled my butt off. Always. Even when I didn’t have the ability, or wasn’t the best, I could still keep going, driving toward the finish line. But beyond the drive, integrity is probably the most important trait one can have. Your reputation takes a lifetime to build, but can be destroyed in an instant. And taking shortcuts, or otherwise cheating a client or task will come back to haunt you.

There are lots of other answers that people will give as an answer to this question, but I think the question is the wrong one. When people talk about characteristics, they’re really discussing a trait, or a skill. One of the most valuable lessons that I’ve learned lately is about choosing the people that I work with. Whether you’re hiring for a position, taking on a client, or choosing a new job, the most important questions that ultimately need to be asked are around values.

Values are the deep-seated beliefs that motivate behaviors; people will fight for their values, and values determine people’s compatibility with others. Abilities are ways of thinking and behaving. Some people are great learners and fast processors; others possess common sense; still others think creatively or logically or with supreme organization, etc. Skills are learned tools, such as being able to speak a foreign language or write computer code. While values and abilities are unlikely to change much, most skills can be acquired in a limited amount of time (e.g., most master’s degrees can be acquired in two years) and often change in worth (e.g., today’s best programming language can be obsolete in a few years). It is important for you to know what mix of qualities is important to fit each role and, more broadly, with whom you can have successful relationships. In picking people for long-term relationships, values are most important, abilities come next, and skills are the least important.”

Ray Dalio – Principles, #45

I’ve been at my current firm for almost seven years now, and I’ve sat on the side through a number of hiring interviews during that time. Ultimately we’ve been disappointed with those hires that we’ve taken on, and I couldn’t really understand why until I read Dalio’s principles a few months ago. Every time I sat at that table with someone’s resume in hand, I was always focused on the skills. We were hiring for a position, an immediate need. And while I may have touched briefly on some of those deeper abilities, we almost never discussed the values that drove a person. A lot of your standard interview trick questions may have been originally designed to get into some of those values, but I think they lost meaning the more they became rote. And it’s hard to get to know someone in that short timeframe.

So while we may have chosen hires that were capable of performing the skills that were needed at the time, we handicapped our future growth. We wound up with employees who weren’t motivated to keep learning new skills as business needs changed, that were using the workplace as a dating pool, or who were incapable of documenting their work properly. And make no mistake, I’m no angel myself. Most of the jobs I’ve had over the years have been failures. And this may be my privilege talking, but I’m not afraid to be fired any more. And I’m not afraid to fire a client if they don’t align with our values. I’m at the point now where I can say ‘no’. I’ve realized that a lot of what comes my way is going to distract me from what really matters, and what I’d rather be working on.

I’m forty years old and still trying to figure out what my personal mission statement is. I may not be able to spell it out, but it’s there. I think ultimately it’s about service, and passing on what one has learned to others and helping them along. It’s about building connections and community. Hoarding knowledge is ultimately futile. I think lately I’ve been thinking that if I have an idea and someone else can do it better, then by all means, let them. I’ve got to focus on the things that I can do better than anyone else. What’s my niche? If someone brings something to me, the first thing I ask is ‘am I the only one that can do this,’ and that usually determines my answer. There’s other factors to be considered, of course, but I try to stick to that as much as possible these days.

One last concept that I’ll leave here is the concept of life as a multi-armed bandit problem, where we’re always exploring and experimenting and figuring out ways to exploit that knowledge that we’ve gained. Having this framework in mind and knowing when it’s time to put in the work to experiment build those relationships and reputation, and when it’s time to focus on that one thing that is going to bring you success — that’s key.

But hey, I’m no expert yet. I’m still learning too.