Listen to the podcast
Read Transcript
Live from the Kaseya Connect 2026 conference in Las Vegas, Erick and Rich discuss Kaseya’s giant AI platform rollout and strategies for turning your renewal process into a retention machine. Then they’re joined by Cynomi CEO David Primor for an insider’s take on the future of CISO services in the agentic AI era. And finally, one last thing: Who comes out ahead when a thief exchanges pasta for Legos?
Discussed in this episode:
MSP Chat Episode 88: From the Server Room to the Boardroom
Police arrest man who replaced US$34,000 worth of Lego pieces with pasta
Some guests on this podcast are clients of Channel Mastered. Compensation plays no part in their appearance or the content of the discussion unless the episode they appear on is a “bonus episode” explicitly labeled as sponsored.
Transcript:
Rich: [00:00:00] AI adoption has already outpaced security. Your clients are using AI tools without visibility or control, exposing sensitive data across unmanaged systems and asking questions your current stack wasn’t designed to answer. Whether you planned it or not, you already own this risk. This isn’t just a new threat.
It’s a new service category. AI detection and response enables MSPs to deliver real-time visibility into AI usage, detect risky behavior as it happens, and enforce guardrails across users, data, and systems. And most importantly, it’s something you can package as a high margin recurring service. AI isn’t slowing down.
The only question is, will you be the MSP who controls it, guides it, and gets paid for it? [00:01:00] Wanna learn how early adopter MSPs are turning that risk into new, recurring revenue fast? Then join MSP chat co-host, Erick Simpson, for a webinar entitled The First MSPs to Own AI Detection and Response will win. It takes place Thursday, May 7th at 8:00 AM Pacific Time, and you can register at HTTPS Bitly/AIDRWebinar.
That’s
David: HTTPSBIT.ly/AIDRwebinar, all one word. We’ll see you there, and now onto the show.
Rich: And three, two, one ball last off. Ladies and gentlemen, welcome. Another episode of the MSP Chat Podcast, your weekly visit with two talking heads talking with you about the services, strategies, and success tips you need to make it big in managed services.
My name is Rich Freeman. I’m Chief Analyst at ChannelMastered, the organization responsible for this show. I’m joined side [00:02:00] by side physically this week by your other co-host, our CEO and chief strategist at Channel Mastered. His name is Erick Simpson. Erick, tell the good people where we are. Rich, we’re in Vegas, baby.
One more time. We just can’t get enough. And in fact, in between the last two visits that Erick and I paid to Las Vegas, I was here for a few days as well attending Google’s big Google Cloud Next event last week. So I’ve been spending quite a lot of quality time here in Las Vegas, Nevada.
Erick: Yeah. I think you might get another zip code added to your mail drop.
Rich: It would probably save me a lot of time. But we are actually here this time specifically to attend the 2026 Casera Connect event, their big annual event. You’ll remember Kasei used to do two events a Datocon event in the fall and the Kaseya Connect in the spring. They phased out DataCon.
So this is their one big opportunity a year, at least here in North America, to talk to their partners about strategy and products. And there was [00:03:00] certainly a lot that they were talking about on stage. We’re recording this about four or five hours after this morning’s keynote, about an hour and a half after I wrapped up an interview with Rania Sakara, the CEO of the company.
So this is all kind of top of mind for the both of us here. We’re both digesting a lot of what we heard today at the conference, but some thoughts. So first of all Rania was on this podcast six-ish months ago last August or September. It was on episode 88. We’ll include a link to that in the show notes.
I encourage you to go back and listen to or watch that interview because it’s very interesting for me to think back to a lot of what she was talking about in that August, September timeframe. And then to see that kind of come to life here at the show. So she talked not surprisingly about the importance of AI to the managed services world and therefore to Kaseya and its product strategy.
She talked about data quite a bit. The fact that they have a lot of it at Kaseya that is strategically very valuable because [00:04:00] data is so important to AI, but that it was scattered around in a lot of different places and she was gonna work on that a little bit. We spoke some about APIs and the ability of in particular, the ability of these larger kind of MSP roll-ups to connect their tools to tools from companies other than Kaseya.
And they were gonna start leaning into APIs a little bit in, in a way that they hadn’t before at Kaseya. And then she talked a little bit as well about how all of that is directed towards helping MSPs be more profitable and operationally efficient, but that ultimately down the road, Kaseya would be looking to help them sell AI-based services to their end user clients as well.
So how did that begin to play out in real life today at the conference? The big announcement from the stage was what they’re calling Kaseya Intelligence. Now, the important thing to know about Kasera Intelligence is it is not a product. It is a platform technology and enabling technology.
It is something that is [00:05:00] going to be steadily over time baked into everything Kaseya makes and Kaseya offers. There are, by the way, I learned going to brand it a little bit. So you will see and hear the name, even though you can’t cut a check and buy a Kaseya intelligence skew, you’re gonna see it show up in product names for example, as, our EDR application powered by Kaseya Intelligence.
But this is an enabling technology very much, and this is the thing that is going to make their tools increasingly autonomous, and therefore they hope increasingly powerful for technicians. Not surprisingly right out of the gate, the first place you will see Kaseya Intelligence in action is in ticketing and specifically in areas like triage.
The place they’re gonna move next, I’m unclear on the timelines, they’re not being too specific about that is in some of the security functions. We’ll beg- begin to see Kaseya intelligence there. What’s interesting to me Erick, is that in a lot of ways, the Kaseya intelligence announcements are very consistent with [00:06:00] Kaseya’s heritage, but also a big departure for this company in various ways.
And so the consistency is that they have for a long time made the argument that their core strength is they have a, an end to end selection of products that are deeply integrated, and that enables efficiencies for MSPs that no other vendor with, API based integrations can match.
And they believe as well that part of what makes Kaseya intelligent so powerful is that they have this deeply in- integrated suite of systems that it will be running in as an embedded component as opposed to a bolt-on and pulling together. And so this they feel is different than what you as an MSP will be able to assemble out of different systems from different products or even what some of their chief competitors like say ConnectWise, which has very deep integration relationships with third parties, even what they can do because they have third party relationships instead of owning end to end the product stack.
[00:07:00] But we’re gonna come back to that a little bit. They the announcement is a departure from what Kaseya has been about historically in various ways as well. The API that I alluded to before is very different from them. They were talking about this before as something that sophisticated MSPs could use to weave together their own bespoke kind of tool stack, and this was something that these roll-ups wanted and couldn’t do before.
But they’re talking now about this API as a way for Kaseya for the first time, really in the modern era, if you will, to pull together an ecosystem of vendor partners. There are a lot of vendors in the Expo Hall at this event right now. They really have only had second tier integration access to Kaseya.
Kaseya very much wants to create a much more dynamic, direct, powerful API connection for their ecosystem partners right now. And a big piece of why they want to do that goes to the core differentiator they believe for Kaseya intelligence and for Kaseya [00:08:00] in general, and that is the data that I was talking about before.
They have a lot of it, Erick. Three exobytes of data that they’ve corrected from security systems and backup systems and RMM and PSA. They believe it’s a deeper, broader pool than anyone else in the industry can match. They believe this is their competitive moat and this is an asset that they can monetize in various ways.
And so they’re doing that by making the Kaseya tool set more powerful and AI enabled, but also by opening up that data pool to these third party ecosystem partners via the API. They have no problem. They see it as an opportunity at Kaseya to serve as the system of record, the defining system of record for the managed services industry and to have the most relied upon, respected data pool for other partners to walk into.
You can imagine I specifically asked towards the end of my interview with Ronnie Sakar, “What is it that saves Kaseya [00:09:00] from the SaaS apocalypse? What makes you certain that you guys don’t have to worry about that? ” And she said, “It’s the data.” Nobody else has that. You cannot go out and easily assemble that, and it’s gonna be something that not only we are going to be able to take advantage of in powerful ways, but that lots of other people are gonna want access to as well.
Few other things, it did come up in my conversation with her. They are obviously competing with other managed service platform companies like Kaseya. So obviously we’re thinking ConnectWise and Enable and to some degree Ninja. On the other hand, they’re competing with what she characterizes as point solutions, companies like Pia and Thread for example.
She said she’s not terribly worried about the point solutions because they cannot even come close to duplicating the amount of data Kaseya has and it’s data that makes AI valuable. So no anxiety on her part expressed with respect to those companies, born in the AI companies out there.
And then she also believed both the data [00:10:00] and the investments that Kaseya is making in AI will from a longer term perspective be differentiating for them. I don’t know that we’ve talked about it on the podcast, Erick, but Kaseya has an office now in Silicon Valley. They talked about it a little bit from the main stage today.
They talked as well about how the fact that they’ve hired so aggressively into that office, they’ve physically run out of space. They need more space. This speaks to- But
those
Erick: are AI developers, right?
Rich: Those are 100% AI developers.
Erick: 100% AI does source, not just another case office. A office just with AI
Rich: developers.
They only an office in Silicon Valley so that they can get access to the exact same caliber of AI engineer that these companies like Shield and Titan and Treeline that we’ve been talking on this show have been hiring people, ex Google employees X-Palantir X OpenAI, you name it. They want the top flight AI talent and they know that they’ve got to be in Silicon Valley to get those people on staff.
So th- they’re making investments that they believe set them up [00:11:00] better than going out and buying an AI company. They looked at the possibility of acquiring a company like ConnectWise did when they acquired Zofik. They decided that long-term, they were gonna be able to move faster and do more and differentiate more if they built from within with these top tier Silicon Valley grade AI engineers.
A whole lot going on there for a few hours of activity here at the show. But and it is an interesting glimpse along many dimensions of the Kaseya that Rania Sakar is building. She’s been in this job for about a year at this point, and this is the clearest look yet of what we’ve gotten about the strategy that she came into this job with and how she’s rolling it out.
Erick: It’s shots fired. That’s what I’m, was absorbing everything this morning and it was announcement after announcement like, like setting the bar for, Kaseya’s dominance in this arena of, all the data and implementing it in ways that MSPs can find [00:12:00] really valuable.
The Kaseya intelligence component, if I were to give you what I’m thinking is it’s like the force. It’s gonna permeate everything, every platform, it’s gonna surround all the data, it’s gonna surround all the platforms, the endpoints, the user interactions and all that, and surface better intelligence across all of the tools and technologies that Kasey has acquired and has been assembling in the past.
So this is like a time jump with taking advantage of what’s already in the Kaseya domain and then looking at it much, much differently than some competitors out there are doing. And then integrating with this API and it, then, and they’re calling it the unified API, which is oh, it’s not just an API folks.
It is a unified API. And what I thought was really interesting for partners, I’m not so sure if they’re gonna expose this capability to the vendors. I know they’re gonna expose, better the unified API to vendors, but what the limitations are, I’m not sure yet, but [00:13:00] for the partners that are more mature, that are building their own applications, that are stitching together things and delivering solutions to their customers, what they’re exposing to these partners is not just access deeper integration with their platforms, but it’s also access to the agents that they’re building and their capabilities.
So all of the agents that Kaseya is building to power all of this next generation tool sets and capabilities for MSPs, they’re actually gonna expose those so these more mature MSPs can use those agents themselves in their designs and their solutions that they’re building and delivering to their clients.
So lots of big announcements today.
Rich: Yeah, a couple quick things about that. And one is i- the very first time that Rania ever spoke to me about this kind of AI, API idea, it was in the context, again, of these [00:14:00] the largest, most sophisticated MSPs PE backed roll-ups, et cetera. But yeah you’re right.
It was very clear from the main stage that this is open to anyone and particularly in, in this moment in managed services, there are some very small but very AI forward companies that are doing very sophisticated things with AI. And so it’s not just a question of something that the biggest MSPs can use, more or less any MSP that has the sophistication to start building its own kind of platform is gonna get value out of that.
And the other thing you mentioned limitations and we don’t know if there are any differences between what external companies get from that API versus what Kaseya itself gets. But they did make a point of stressing to me that if you look at the integration across their products and between their products and Kaseya Intelligence, all of that runs on the same unified API.
So it’s not like they created an API for ecosystem partners and for MSPs. They created [00:15:00] one for their own use and to at least some extent, you’re right, there could conceivably be some limitations. They are opening that same API up to the rest of the ecoverse out there.
Erick: Yeah. They didn’t get into lots and lots of details.
It was just, here’s what we’ve been building, here’s what we’ve been testing internally, and here’s what we’ve deployed to some of our early launch partners and design partners that are testing it. And for the the testimonial videos that they were running were pretty impressive from some of these MSPs I gotta say.
Rich: This is the, really the beginning of a long journey for Kaseya. And we will see where it goes from here, how quickly it goes from here. Obviously the story to this point in time until at least the last few months has been that there are these young, born in the AI sort of companies that are automating traditional MSP workflows and it was a matter of time before the big traditional legacy companies did something about that.
We’ve seen ConnectWise make a move. We’ve now seen Ke- Kaseya [00:16:00] make a very serious move that they’re obviously investing heavily in. And now, let’s watch how this rolls out over the remainder of 2026 and how much momentum and how quickly both the big companies and the smaller companies make right now and see where this shakes out.
Erick, my guess is between now and when we learn how this shakes out there, there are a lot of MSPs in our audience are gonna find themselves up against renewal deadlines, and that’s the best I can do to segue into your tip of the week.
Erick: Thank you, Rich. Rich, we’ve been talking on the podcast recently about, some of these additional metrics and KPIs that acquirers are now assessing when they’re looking at buying MSPs.
And, among the typical ones utilization, profitability, EBITDA and things like that. But we’ve been talking specifically recently about gross revenue retention and net revenue retention, right? This is how much of your revenue you keep quarter over quarter, year over year while you add more.
So it’s, [00:17:00] you’re combining churn, you’re trying to reduce churn, you’re trying to keep that revenue coming in while you build on that. And I made a bold statement, I think, on a recent podcast, and I said, “Net revenue retention is more valuable than net new revenue in the eyes of acquirers.” So here’s a few tips to ensure that MSPs are managing and maintaining that net revenue retention, and it’s all about not just waiting or assuming that a client will automatically renew their agreement when your agreement is up.
It’s strategically preparing to ensure that they not only renew, but you’re also able to generate an increase. So that net revenue growth from existing clients is also another metric that we have not yet talked about, but is also very valuable. So most churn from these companies that MSPs lose over time don’t typically happen suddenly.
They happen over [00:18:00] time and they typically happen we talked about one way that they happen is when an organization gets acquired and things like that. But even then they don’t just, break the agreement typically or else they’ll pay a penalty for that. What they’ll do is they’ll just wait for that agreement to expire and then, “Hey, we’re going with somebody else.
Thanks a lot. Appreciate you guys. See you later.” So what we want to do is make sure that you’re not waiting for that imminent renewal date to engage. Like you’re just hoping and praying, right? That’s not a good strategy for growth. So three things that partners can do today, Rich, review every agreement that’s coming up for renewal in advance, like 90 days beforehand.
So treat it just like a license renewal or a warranty renewal for your clients. You’re managing those, you’re managing your client renewals, review upcoming renewals 90 days out and identify any risks that may be inherent in that, review the history, how the sentiment of the users [00:19:00] and the business owner and also any opportunities early on.
What have we been hearing? What can we introduce in conversations to add more value and ensure that they renew? Number two, schedule that pre-renewal meeting in advance so it’s a strategy call and what you’re gonna do there is you’re gonna focus on what value you’ve delivered and what future needs that client is gonna want.
It’s kinda like a QBR on steroids, but the intent here is to make sure that we’re listening and we’re presenting to the client, our thoughts on how to support them as they move into this next, term. It could be three years. We’re hoping that we get a three year r- renewal every year Rich?
And the third thing is, make sure you put a, put together a roadmap, not just an agreement, and give clients a reason to stay and grow. So this is a great opportunity to start introducing concepts about moving those conversations from the server room, like [00:20:00] I say a lot to the boardroom, like what is it that’s really driving customer attention right now, customer concern, desire, we know that it’s AI, we know that there’s pull through with cybersecurity.
This is also a great opportunity, Rich, at renewal time, to try to true up some of those legacy clients that you’ve been trying to get them to get to a specific, minimum standard of service. And, again, it’s just a way for us to be more strategic about managing that revenue retention and revenue growth from existing client relationships.
Rich: Yeah. A lot of great stuff there. I like the idea of getting disciplined and consistent about that, about establishing a cadence both internally within the company, X days out of every client when the renewal date is approaching. We’re looking for the potential problems. You’re giving yourself 90 days, you said you’re giving yourself three months basically to get ready for that renewal pitch and make sure that there aren’t any issues that are gonna surprise you or potentially trip that up.
And the whole [00:21:00] thing you’re you’re getting your people into that rhythm, you’re getting your customer into that rhythm, you’re being disciplined about this and doing it both because, like you said, there’s incremental revenue potential you’d be had there and then there’s also the you’re reducing the odds of customer churn and therefore improving your exit value.
The only thing I would add, and I know we’ve spoken about this before on the show, is that you’ve, you do wanna be disciplined in all the ways you discussed around renewal dates and renewal discussions, but the thing you don’t wanna do, and I’ve seen software companies do this sometimes, is, go through that 90 day process, get the renewals signed, and then disappear.
Erick: Right.
Rich: Net revenue retention is a 365 day a year process. You’re always listening to the customer and dealing with issues that might become customer sat problems down the road and so on. But you are as well, not just counting on the fact that if there’s something wrong, I’ll probably hear about it.
You’re putting some additional measures into effect to make sure that when the renewal [00:22:00] conversation happens it produces a successful outcome.
Erick: And if the client feels that’s how you’re treating them, then low chance that you’ll get a renewal out and they’re probably outlooking because, the, what have you done for me lately, right?
It’s not … and it’s the last thing that clients remember is, it’s the last, bad thing that happened, not the million great things that you’ve done because you’re in the shadows. Like I remember those old conversations with clients when I was in MSP, Rich is you know what? We don’t see you guys anymore.”
That, yes. The answer is yes, that’s exactly correct. That’s great, right? We’re not coming in, things are running, you don’t need us to fix stuff we’re behind the scenes. And what we had to learn, Rich, was that we had to, sell the value of those services, to the clients.
Heck, we’re just a bunch of engineers thinking, great, everything’s running smooth, they’ve had no hiccups, they’re happy. Not until you check, you gotta check in with these folks and get that, take that temperature and make sure that you’re delivering the time that you used to deliver onsite, delivering it in a more strategic fashion and helping that business owner grow their business and deliver outcomes, not [00:23:00] solutions.
Rich: Okay. AI was the first order of business for Kaseya on the main stage today. One of the things I picked up listening to the general session today, but also in my conversation with Kaseya’s CEO is the degree to which they see cybersecurity as the thing that’s gonna drive growth for them down the road.
AI is being baked into everything they do, but where are the big new revenue opportunities? The vibe I’m getting is it’s not in, RMM and PSA and even in backup e- except to the degree that backup is part of their cyber resilience story. It is in that sort of security and backup kind of realm.
So this is a good opportunity for Erick and I to take a quick break and then be joined on the other side by somebody who can speak at a very high level with us about the security landscape and opportunity for MSPs out there right now. He is David Premore. He is the CEO of Synomi a VCSO, virtual CISO company, interesting platform very interesting perspective on security in managed services right now.
He’s at the show [00:24:00] and so he agreed to make some time and speak with us and with you and he will be joining us right on the other side of this break. Please folks, stick around. We’ll be right back.
And welcome back to part two of this episode of the MSP Chat Podcast, our spotlight interview segment. Coming to you live from Kaseya Connect in Las Vegas, Nevada, where we are joined by the CEO of Synomi. His name is David Premore David.
David: Welcome to the show. Thank you. Nice to be here.
Rich: We’re glad you could make the trip.
It was a long one for you, but we’ve been looking forward to it because it’s gonna be an opportunity for us to speak with you about AI and the CISO opportunity- … for MSPs. Before we get into that for folks in our audience who are not familiar with you, not familiar with Sunumi and maybe not familiar with your background, which is pretty impressive, tell folks a little bit about all of those.
David: Okay. Happy to be here after 15 hours [00:25:00] flight. So I’m out of Israel. Most of the time, professional time, I’ve been in the, I’m saying public sector, which is cyber intelligence in the army. I’m Colonel from 8200 unit, which is the main intelligence cyber intelligence in Israel. I spent about 15 years in between.
I had some time to finish my PhD in signal processing, electrical engineering, et cetera, the big political accelerator trying to help another 1000 scientists to find the HIGSbo zone there, the gold particle. Ooh. This is a good topic for a different session.
Erick: Sure is.
David: Not related to cybersecurity at all.
Moved back to to Israel some more roles in the intelligence and then move to the cybersecurity authority in Israel, doing completely the opposite trying to protect the nation against cyber attacks. And I think in that moment, I understood main challenges for SMPs [00:26:00] and mid-market companies trying to understand how to protect themselves against cyber cyber attacks or actually know how to do that.
And then I said, okay, it would be cool if we could demotro- democratize the CISO knowledge into those companies. I didn’t know anything about MSPs and MSSPs, but when I started to approach directly, they said, “Okay, interesting, but why don’t you talk with the MSPs and MSSPs?” And that’s why we are here in, in this space.
And Simon- Cynomia is trying to help MSP to MSSPs to bridge the gap of talent, CISO talent. We’re helping them to provide cybersecurity services, virtual CISO services, compliance services, re- resilience services to their customers, enabling them to standardize these processes, making more profit, making their customer more secured, and doing it at scale.
Erick: And you use the Synomi platform to help empower and enable these [00:27:00] MSPs
David: and SSPs? Yeah, so we, yeah, so we are a SaaS company-
…
David: Or our AI SaaS company.
Erick: Good catch.
David: Yeah. And we provide the service providers this platform and they use it themselves to provide services to their customers.
Rich: Yeah. It’s that AI addition to the story that sort of inspired this conversation because you’ve had the Synomi virtual CISO platform out there for a number of years now, just within the last few weeks you have introduced a product called CISO Intelligence- Yeah. … you’ve basically done is layered agentic AI on top of that virtual CISO role in, in a way that raises some interesting questions in my mind about the f- Future potential of AI and Agentic AI especially in security.
Tell folks a little bit about that product and in particular the sort of security workforce gap and skills gap out there that can help MSPs address.
David: Yeah. Yeah. So when we talk with different [00:28:00] MSPs, everyone wants to provide more services. Lots of MSPs, MSSPs understand that there is a gap.
Customers needs more security. They have third party risks, they have insurance challenges, compliance, and they need more help for the MSPs and MSSPs. But those MSPs and MSSPs does, they don’t have enough talent. So imagine that currently one CISO from the MSP and MSSP can deliver service, services to, let’s say, 10 customers in parallel.
Before using automation like Synomi, they could do it only for five customers. Now, with AI, I think that they could provide those services to 30 customers. Maybe in a year, because we don’t know anything what’s going to to be in, in a year, maybe to 50 customers. And it’s not only the CISO within the MSP, we [00:29:00] understand that this security information is needed for many personas within the MSPs.
A salesperson needs cybersecurity knowledge. Account manager needs cybersecurity knowledge to have a better communication and transparency and opportunities to sell with the customers. So we understand that if we can take this in CISO information, enable it in a different way to the CISO, to the sales person, to the owner of the company, they could generate much more revenue.
They can s- deliver services in a completely different level, and they can even use less talented people in order to deliver this these services. And I’m continuously comparing it to what I’m doing at home. So I have a new friend, his name is Claude.
And I’m spending about two hours every day with him for different purposes and I getting lots of skills that I didn’t [00:30:00] have.
Now I’m ex- expert in pricing, expert in financial, expert in travel and anything that I want the … I think that the main thing is that I need to understand how to ask the right questions and how to understand the answers and to be very conscious about the answers. And what we are trying to do with Synomy is to enable to give those capabilities to the service providers that they can automatically ask the right questions and get the right answers because you could get completely different maybe a right answer, but it’s not the answer that you are looking for.
Rich: So I wanna make sure people understand. What you’re just saying there is what the Synami platform has been very good at with or without AI actually for a long time. What the CISO intelligence product does like you’ve got four agents twenty four seven doing the work of a CSO [00:31:00] and the, those four functions that you identified fit together in a very interesting way.
So there’s a reason why the the people who are using this can now potentially support a lot more customers than they could before because they have this little army of very expert security people working on their behalf, behind the scenes, out of sight, out of mind but still, obviously-
David: I think it’s it’s two different levels.
It’s like Copilot and Autopilot. So Copilot is someone, an expert that can, you could click a button or ask questions and get the right answer. For example, you’re going to introduce in about few weeks remediation agent. And this is imagine that you can get the perfect roadmap or the perfect remediation plan to your customer.
And this is not something easy to do. For example, let’s say you’re doing a risk assessment and you understand [00:32:00] that you need to do 100 things in order to be more secured and, but you have the budget or the people or the interest to do only 10 things. How do you pick the 10 out of the 100? And there are so many constraints like if it, is it something which is easy wins?
Is it drives by compliance, by risks, by maybe the products that you want to sell them? So lots of parameters to take, and it’s a difficult problem. And when AI is helping you to understand what to do, it saves you several hours, maybe several hours every every month for, or every week for each of your customer.
So this is, let’s say this is the Copilot. Autopilot is somebody, like you mentioned, agents that doing this automatically for you, getting information automatically, looking for new prospects automatically, understand the cyber posture automatically, sending you emails [00:33:00] automatically. So everything, so it’s take the Copilot to the next level.
Erick: So David, staying with the Copilot autopilot analogy, the human in the loop then becomes the pilot, right? So my question is, we’re we know that, AI needs a little bit of governance, it needs a pilot at certain points. Where do you feel that a CISO or an analyst job cannot be automated?
Like where do you feel AI can go to this point, but then we absolutely need a human in the loop and then for what period of time? Is that a moving target as AI becomes more intelligent and, more effective at helping humans?
David: I think it’s a moving target. I think we don’t know.
If you make the analogy to virtual SDR, for example, so there are companies that taking it all the way [00:34:00] to SDR that talk with you via the phone, maybe talk with you with virtually in a conference or video. So I guess that it’s it’s a moving target. But currently, I think that the CISO or the security expert is responsible for the human engagement.
Currently the customers want to speak with someone to to see someone to make sure that the AI doesn’t make mistakes. And I think that this is if we could leave the human to do what’s considered to be humans and to give the AI the ability to provide the knowledge, the experience, the intelligence, because there’s so much intelligence security intelligence out there.
Imagine that we could have all the trends that all the different verticals different companies within verticals are doing. So we could collect so much information that CISO cannot understand. We, in Synomy, just currently we have [00:35:00] about 50 frameworks that are supported. Nobody can hold 50 frameworks.
But this is, but with AI, it’s done automatically and very quickly. So I guess that this is easy. What is more complicated is to understand the business in front of you, understand their motivations, hiding motivations that AI currently has a problem to do that, and to to make this relationship and we understand that with, especially in our MSP ecosystem, relationship is the key.
So they might for the MSPs, they might get a customer engaging with them, even if they don’t have the best service or the best products, but they have the best partnership or relationship.
Rich: Sticking again with the the autopilot kind of metaphor there, that, that sort of autonomous AI came first to the service desk and the journey for MSPs, it’s an ongoing journey basically is [00:36:00] can I, do I trust this AI to do the right thing?
If I’m not watching it, if it’s not checking with me before it takes action, can I feel comfortable that it’s gonna do the right thing for my customers? And I’ve gotta believe that kind of concern gets even more heightened when we start talking about security. And whether it’s, the CISO intelligence product or the other products that are sure to come along where some of that agentic intelligent, the a vendor is promising an MSP to apply some autonomous agentic intelligence to security, what would you say to MSPs about l- learning to trust that this system is doing the right things and I can actually put it into the loop with my customers?
David: Yeah. First we must understand that human make mistakes as well. And the problem, I think it’s a psychological problem that you can trust a human that make 30% mistakes and you cannot trust AI that make 10% mistakes. But I [00:37:00] think that the, we should be more tolerant to AI because this is, and I think that we get used to that, so we get we, we have, we ask question, we get an answer, it’s not so accurate, we ask it again, and we see it as a natural thing to do. I think that the AI will involve. Now we see some maybe challenges with AI. So you have to be to to ask more question, to to understand the results, I think that it will be better, but I guess that for MSPs, they that using AI, they should understand that AI sometimes make mistakes.
I think that it depends on the level of cybersecurity and actions that are going to be implemented after that. Can you trust AI to make real actions? Currently say NOMIs make recommendations the, there is a men in the loop. I guess that’s still even for AI which drives actions, there is still a need for men in the loop.
The question is, do we have to, will we [00:38:00] have a men in the loop in one year? We don’t know.
I think we, we will not have, but
Erick: let’s
David: see.
Erick: Place your bets, listeners.
David: Yeah. We are in Vegas. We can make a bet.
Erick: Appropriately, right?
David: Yeah.
Erick: So David, should MSPs position CISO intelligence as a, an additional security solution that comprises part of their bundle of services to their clients, or should they think about positioning themselves as a CISO because they’re leveraging the platform?
There could be a little bit of imposter syndrome if they go the latter rat. What are your thoughts?
David: I think that we understand that the security or the CISO intelligence should be across the company as a standard. If I go back to the vision, we believe that every company needs to have this intelligence because it’s required for the protection-
[00:39:00] Required for the, for them to be compliant. So I guess that what we are trying to do is to make it so easy that you can provide, that the MSP can provide this intelligence layer to every company, and different maturity, but for every company. And when the understanding is that every company should get something is a baseline, and every MSP should have this baseline to understand is my customer secure?
And and then if it’s, it is secure, if it’s in, in the different levels, maybe it’s a customer that doesn’t care about security, so give them something about the security, and then it’s customer that want to be secured, but want, don’t want to be compliant. And then the other layers, the virtual CISO.
So I think that what Synomi is trying to do is to give this baseline, security baseline and maybe some kind of compliance baseline because the baseline should be you should compare the baseline against something. It could be Synomi framework, it could be the NIS, it could be [00:40:00] CIS, whatever.
But being able to measure the different that MSP will be able to measure all its customers to get their portfolio knowledge and to get some insights about the portfolio, it’s very powerful and needed.
Erick: And that enables the MSP then to embody the role of the virtual CISO for their customers.
David: Yeah. Yeah. And I believe that you could call it virtual CISO, you could call it resilience, you could c- call it whatever you want. Sometimes virtual CISO is not the right word because it give you some kind of responsibility that you don’t want to have.
But you want to have the right baseline, you want to understand the gaps, you want to understand how to deliver the best cybersecurity program, and you want to be able to create a cybersecurity journey to your customer.
And when security is maybe the number one or number two if you take AI as a growing parameter for MSPs, I believe that every MSP should think about [00:41:00] what is the baseline, how I can take my customer from a low level for, to the higher level, and I can use this journey to maximize my profit and my growth, because security is a very important factor in the MSP growth.
Erick: Yeah, quick followup. You just identified a really important insight when you said, by calling yourself a CISO or virtual CISO, you may, add more risk to your relationship with the client. The expectation could be different when instead you can say “Here’s your regulatory compliance requirements.
We’re gonna help you achieve and maintain those with our relationship.” So that’s a very important distinction. Can you unpack that a little bit?
David: Yeah. From comp- compliance perspective, there are companies that needs to have a CISO or virtual CISO, so it’s very important for them to get a service, which is called a virtual CISO.
I think when you’re trying to unpack the roles of the CISO, many things [00:42:00] that are needed anyway. When we talk with our customers, some of them decide to call it virtual CISO because it’s adds some more prestige or give them opportunity to deliver different type of services-
Erick: Or distinguish themselves against their competitors maybe?
Yeah.
David: Yeah.
Yeah. And there are others that’s saying that they don’t want to get this responsibility because there is a ma- maybe some kind of negativity if they call themselves a virtual CISO, but they want to provide security journey. They want to provide this baseline. They want to help the customers to be more secured.
So they’re given actually the consultant, the advisory services, but they call it in different names and they have so many different names that they are using which is very creative.
Rich: I got to pivot just a little bit, and I’m going to ask you a tough one, and I tell you right up front, this is a tough one because I’ve been asking versions of this question to various people in different contexts for the last two years, and 100% of the [00:43:00] time the answer is, “I don’t know.
And I’m just curious to see if-
David: I don’t know.
Rich: You you are right there. Talk about baselines, right? So it, the version of the question I mostly asked to this point has to do again with the service desk. Today, AI can do pretty much e- everything that a level one technician can do, and a lot of what a level two does.
And this raises the question, of course, of where do tomorrow’s level threes come from? If nobody is learning the ropes and working their way up one to two to three, I’ve asked analysts at some of the leading analyst organizations, I’ve asked the CEOs of giant MSPs. I was at a conference late last year where the head economist of the economist magazine’s consulting arm was on stage.
Somebody in the audience asked that question. 100% of the time, the answer is, “I don’t know. ” You
Erick: haven’t asked me that, Rich.
Rich: Hold that though then.
Erick: I don’t know. So there, just to add.
Rich: You teased me. Why I bring it up, I, because I’m not gonna ask it in the context of the [00:44:00] service desk, but I’m reading, what about CISO intelligence and I’m starting to think to myself three years from now, AI is gonna be able to do a lot of the work that at least an entry level CISO can do.
Where are tomorrow’s CISOs gonna come from? Do you have any thoughts or concerns about, as AI becomes more and more capable autonomously in security are those sort of entry level security jobs that allow people to become true CISOs? Are the, are they still gonna be … Where are we gonna get the CISOs tomorrow if AI can increasingly do that work?
David: It’s a good question. And, I’m facing this question in different fields for we are a startup company, we have lots of developers, now everything is changing for us as well. You don’t need junior developer anymore. What about senior developer? So senior developer managing lots of agents.
Somebody needs to manage those agents, but you could say, okay, let’s have another Mastered agent that control all these [00:45:00] agents. So who control the Mastered agents? So maybe a very advanced developer and how can you be advanced developer, you are not starting as a junior developer.
I don’t want to say I don’t know.
But I believe that we’ll see more and more roles or, of the CSOC can be automa- automate and I believe that still the relationship building and the control of the different will, you will have, also with Sinomi, we’ll have the, a CSO that is specialized by understanding the gaps and making assessment.
And then a CISO that’s specialized in understanding the environmental for the environment from risk perspective, another auditor that understand from compliance. Now all this 40 compliance and say, okay, you are doing this from security perspective, you’re doing it in the right way, but from compliance perspective, you’re doing it in a I don’t know, you could approve.
And [00:46:00] now there is somebody that should be on top and understand what are the different agents thinking and then to understand what is the right solution for an orchestration. And I think that for this, you need someone. How can you find this one? I don’t know.
Erick: You’ve prefaced my next question perfectly, but first I’ve got to share that just listening to you describe the agent and the agent, the Mastered agent on top of it.
It reminds me of the movie Tron, the first movie, remember? The movie Tron and they had the Mastered control program that was orchestrating everything. So it’s the Mastered control part. It made me think of that. So listeners, comment below. But the platform itself has GRC built into it in the form of this auditor agent that you were alluding to, right?
Yeah. What advice would you give to MSPs both about the importance of governance expanding [00:47:00] on your answer here, but in a different direction, about the importance of governance and how to build it into agentic AI workflows, understanding there has to be a human in the loop at some point.
So how do you think about that?
David: Yeah. We believe that human in the loop currently is a must. So some, somebody has to understand the business, someone understand the motivations. W- when we are using AI and talking about the GRC and now we know that governance is very important and with the needs to, et cetera, that it’s on the middle.
So it’s not enough to to do. It’s, you need to understand how well you are doing that and to manage it in the government.
And I think that this is a thing which is actually related to the AI because AI is doing stuff and you need to understand whether it’s good enough. So do we need to govern AI?
I think that now this is the role of the person the men in the loop, to understand whether the answers that we get [00:48:00] from the AI makes sense, and maybe we should ask the question in a different way and to get more context that it will give us the, a better solution. And I think that this knowledge about, is the AI limited in the scope or in the data that it’s taken or maybe a bit of hallucination- this is the place that we need currently MN loop. So you could call it governance, AI governance.
Erick: You mentioned earlier your friend Claude, right?
David: Yeah.
Erick: And you have to have someone to push back because sometimes the answers that you get is and then, the AI typically says, “Oh, you’re right about pointing that out.
Then let me go to … ” But you, there has to be something- Yeah. … that pushes back to address some of the hallucination or just going down some weird rabbit hole, right? So they’re, that’s what you’re saying is you gotta have somebody there that kind of, is interpreting things to make sure that, is the correct approach.
And then by doing so, then the AI then learns from that.
David: Yeah, it learns. And I guess [00:49:00] that what I currently see with the agentic development, for example-
…
David: That you are creating lots of agents that check other agents from different perspective. So you could do it yourself or you could build agents that doing that, but you should do that.
You should understand what are the aspects that these other agents should check. So it’s, I guess it’s complicated and when I talk with different people, different developers or different people in the organization, everybody’s currently doing it in a different way. There is no standardization, creativity, lots of experience learned, and but for sure it’s very interesting.
Rich: We are still at such a young stage of the AI story, and everyone is figuring it out as we go along right now. I kind of wanna flip the script a little bit because we’ve been talking about the the power and potential of AI and Agentic AI on the defensive side of things, but obviously [00:50:00] attackers are using AI and Agentic AI as well.
And you have a background in defensive AI and anticipating threats and dealing with them. Do you have any thoughts or advice at all for the MSPs and our audience in terms of dealing with, anticipating and preparing for these AI powered and agentic potentially powered threats that they’re gonna be facing?
David: I think that we are talking about it every year about more advanced attacks and every year it becomes more frightening. I guess that there are lots of best practices that if we consider that the MSP world and the SMB in the mid-market, nobody’s specifically target you. You can think that they are doing that, but it they’re doing it at scale.
So I think that doing the best practices, but currently the best practices are continuously changing because of the AI. So you have a new AI regulations and [00:51:00] new AI threats. So I think that following the frameworks and having a good virtual CISO that understand that, actually AI virtual system.
Erick: David, we know that a lot of MSPs are seeing a huge opportunity to deliver a gentic AI solutions for their customers and their environments and things like that. So from your perspective, what kind of advice would you give these MSPs when they’re stepping into this unknown and taking on this role and maybe some risk in developing kind of agentic solutions for their customers and their businesses?
What are your thoughts?
David: Actually, we just talked about that, about the AI adoption within the MSP space. And I think the lots of MSPs that are afraid to take this action and lots of MSPs that try to do it. I believe, and I think it’s similar in other fields in the [00:52:00] market. And I think that if you want to to be more efficient, if you want to scale you must go to this AI journey.
Sometimes it’s not easy because the AI is in the first there are lots of things that are going to be improved, but I believe that MSPs are not going to, to the AI, not trying it, they’re not doing mistakes, they will be behind. So my recommendation is going as fast as you can.
Rich: David Erick and I get a chance to speak with you virtually now and again online.
It’s rare that we actually get to see you face to face. We were just talking off the air. It’s been about a year- Yeah. … since we last saw each other- Yeah. … in person. So great to see you. We appreciate you taking some time away and joining us here on the show. If folks on in the audience here, they wanna learn more about you, get in touch, learn more about Synomi, where should they go?
David: To the website, SinomiWw that sinome.com. Happy to to help. You [00:53:00] could approach me as well, talk about AI, particular physics, and whatever.
Rich: Well-
Erick: And Higgs Bowsen, yeah.
Rich: Yeah. Trust me, I’m gonna buy you a beer and you’re gonna tell me about the Head Boson at some point because I had no idea that was in your background.
Yeah. I’d love to learn more. But for now, folks, Erick and I are gonna take a quick break. When we come back to the other side, we’re gonna share some final thoughts about this very interesting conversation with David Premore from Sin Nomi. We’re gonna have a little fun, wrap up the show, stick around, we will be right back.
And Rob back, part three of this episode of the MSP Chat podcast, one last thank you to David Premore from Sinomi. I wish I was always that coherent and interesting after a 15 hour flight just for him. A few things. We, there all, there’s a lot we could discuss there, but one thing that I very much appreciated him pointing out, humans make mistakes too.
And this comes up a lot in the context of autonomous [00:54:00] vehicles and people are concerned they’re gonna cause accidents and get in accidents and then, the people responsible for these technologies remind us that people do that too. And in fact, statistically, the autonomous vehicles do it a lot less often.
We didn’t actually get into that, statistics, but but it’s absolutely right that yes as David said, yes AI-based and agentic AI-based security technologies will make mistakes, but so do humans. And I think getting past that sort of mental trap is useful and important for folks.
And then the other thing I would call it both reassuring and wise is just his observation that a very important part of what a CISO does is about some of it’s about understanding the business. I think AI will get better at that, but there’s a relationship component that it’s gonna be a long time before AI can compensate for that.
And so it does paint you a picture of what the job description for a future CISO is gonna look like. It, there’s gonna be less and less [00:55:00] of that sort of security blocking and tackling and product selection and management and just a lot more of that handholding security strategy convers- that relationship piece of that job is gonna get more and more important.
Erick: Yeah, and I think that’s the promise that we expect from AI Rich, is to take care of all this noisy stuff, surface the things that I need to be aware of, and I can have better, more meaningful conversations with my customers and make sure that, I’m taking an objective view of data in a way that, those other point that David made is like, how do you process all of this data?
A human simply can’t do that. But I think that’s the promise that we hope from AI is to empower us to have more meaningful face-to-face conversations and make those relationships even, more impactful and powerful in delivering the outcomes that our clients really want us to deliver rather than, [00:56:00] reports and data and things like that, right?
It, I think it empowers us. And I think that’s really what’s gonna, help the MSP channel move into that next level of value for their SMB and mid-market and even enterprise customers from a co-managed perspective.
Rich: That is the dual promise of AI, is that it is both driving efficiency and productivity and profitability, but also freeing up bandwidth and creating an opportunity for more of that kind of conversation you’re talking about.
I think that’s 100% correct.
And it leaves us with time for just one last thing, ladies and gentlemen, and it comes to us this time from Erick’s backyard, Irvine, California. I’ll be interested to, to get your take on who is the victim of this crime and the perpetrator of it because the police discovered that somebody stole $34,000 worth of Lego pieces from a store in Irvine, but I guess as some sort of ingenious plot to maybe [00:57:00] hide the fact that there were no pieces in the boxes after that or something like that.
They replaced the Lego pieces with dried pasta. So who came out ahead in this? The person with the $34,000 worth of lego pieces or the person who had dinner just right there for them.
Erick: Well, Rich, it’s a call back to our conversation with David from Sinomi. I don’t know.
Rich: Judge for yourself, people, and it’s okay to say, “I don’t know.
Folks, that is all the time we’ve got for you on this week’s episode of the show. Hey, good news. Erick and I are gonna be face to face on the next episode as well.That’s gonna be a week from now. Until then, I will simply remind you, this is both a video and an audio podcast, which means if you are watching us on YouTube right now, you can go out to wherever you get your audio podcasts, Spotify, Apple, or Google, you name it, you’re gonna find us there.
If you are listening to us, would you like to check us out on video? Go to YouTube, look up MSPChat. Wherever you find us, video or audio, please subscribe, rate, review. It’s gonna help other [00:58:00] people find and enjoy the show just like you do. This show is produced by the great Riley Simpson, part of the team with us at Channel Mastered, where we help vendors build thriving MSP channels.
You can learn about our end-to-end set of services for doing that at www.channelMastered.com. ChannelMastered has a sister organization called MSPMastered. That’s Erick and his team working with MSPs to help them grow and optimize their business. You can learn more about that at www.mspMastered.com. Once again, we thank you for joining us.
We’ll see you in a week from sunny Palm Springs, California. Until then, folks, please remember, you can’t spell channel without
Erick: [00:59:00] MSP.
Check out more episodes
