Listen to the podcast
Read Transcript
Erick and Rich discuss Evergreen Services Group’s M&A alternative to centralized MSP rollups and three strategies for enhancing your client onboarding process. Then they’re joined by Huntress CEO Kyle Hanslovan for a wide-ranging look at the current threat landscape, the role of community in strengthening security, and what software vendors should be doing to harden their products. And finally, one last thing: the incredible sum paid at auction for a Cheeto shaped like a Pokemon character.
Discussed in this episode:
The Goldilocks Strategy for Managed Services M&A
Huntress 2025 Cyber Threat Report
A Cheeto shaped like the beloved Pokémon Charizard is auctioned for $87,840
Transcript:
Rich: [00:00:00] And three, two, one, blast off! Ladies and gentlemen, welcome to our episode of the MSP Chat Podcast, your weekly visit with two talking heads talking with you. But the services, strategies, and success tips you need to make it big in managed services. My name is Rich Freeman. I am the chief analyst at Channel Master, the organization responsible for this show.
I am also a co host of this podcast alongside our chief strategist at Channel Master. His name is Erick Simpson. Erick, how you doing? Hey,
Erick: Rich. Good to see you. I’m feeling much better today than I was feeling on our last podcast when, if you’ll recall, I was under the weather.
Rich: Yeah, no, I was just actually thinking to myself, it just occurred to me now that, and even just the last time you and I spoke, you didn’t sound so great.
You sound a whole lot better today, so that’s great.
Erick: Yeah,
Rich: you know what,
Erick: I found to be the best way to overcome this little cold that I’ve been struggling with is a magical green elixir, Rich. I think it’s called something like NyQuil. A couple of nights with NyQuil and I’m feeling like a new person.
Rich: And just for the benefit of our audience, NyQuil is not a sponsor of this show. That was a completely heartfelt and authentic endorsement of NyQuil. I’m glad to hear. It was working for you there, Eric. Let’s dive into our story of the week because as we are recording this, I am back home here in Seattle, less than 24 hours since returning.
from the Evergreen Elevate Conference in Austin, Texas. Now Evergreen, which is short for Evergreen Services Group, this is a private equity investor. They are rolling up a bunch of MSPs like other private equity investors are. They are going about it in a different way, though. Elevate was their first ever that they did in Austin this week the the goal was very much to share business growth advice with MSPs as opposed to talking about MNA.
But there was a little MNA context, some of that was in the background there. I got an opportunity to interview some of their. Leaders and one of their partners again, as we’re recording this I am working on what will be the post about this conference that goes up on my blog, channel hawk at www.
channelholic. newstomorrow and haven’t written it yet, but I’m pretty sure the head, I know what the headline is going to be. I don’t know if the evergreen folks will love it, but I think they will. Agree with align with the underlying reasoning, which is I’m calling their strategy in this space of scaling large MSP or managed services organizations a Goldilocks strategy.
And here’s what I’m thinking, Eric, if you think about roll ups out there and I use that word in reference to evergreen, they don’t, they’re not really a roll up. In my mind, basically is an investor or some organization buying a bunch of MSPs and applying a cookie cutter template to them.
So everyone’s going to use the same tool stack. Everyone’s going to be part of the same brand. It’s one big company. And when you sell to that big company, you become part of it and you do business the way they do it. And I, I. Want to be clear. I am not criticizing or denigrating that model at all.
You and I are both very familiar with the 20. We’ve probably spoken about them on the show before I attended their conference about six months ago, they very much and consciously. A rollup and they really believe in the strategy that I just described to you. So think of that as one poll on a spectrum.
On the other end, you have the go it alone solopreneur MSP and they are going to have to compete with these larger and larger MSP Rollups out there right now. And they’re gonna, they’re essentially. Resourcing themselves outside of peer groups, figuring out how best to do things entirely on their own.
So if, if the roll up is the porridge that’s too hot and the solopreneur MSP is the porridge that’s too cold, whatever green is trying to do is serve up to MSPs who are looking to sell that just right option in between. And they are not alone in this particular strategy. New Charter Technologies is an example of another company out there, acquires MSPs, allows the owners to retain their brand and their culture, but tap into new technology.
Money and expertise and resources and efficiencies, economies of scale and so on that you get when you’re part of a large organization, and that is exactly what evergreen is doing right now. [00:05:00] It’s very much the same strategy. In fact, Eric you’ll enjoy knowing that. Peter Melby, the CEO of New Charter Technologies, was a speaker at the Evergreen show this week, and I take partial credit for that happening, because on this very podcast, I had somebody from Evergreen and Peter on the same episode, and they originally were a little leery because they compete with one another of doing that, but they came on, they I had a great time.
It was a great episode and now they’re doing events together. Miracles can happen. Thanks to MSP chat. But I want to get your your, the question that Tim Conkle, the CEO of the 20 will often ask in his colorful, but very sharp way is, do you want to be rich? Or do you want to be king?
Meaning, do you want to retain autonomy? Do you want to retain the brand you worked so hard to create? Do you want to retain the culture that you’ve built before? And be king of your fiefdom maybe tap into, some of what Evergreen or New Charter can do for you, but essentially remain king.
Or do you want to be rich? Meaning, do you, are you willing to sacrifice all of that stuff and do everything someone else’s way? If it means that ultimately when that company you sell into is acquired by some bigger. Investor out there later on, you’re going to get a very large second bite of the apple and one that is probably going to be larger than the second bite that you would be eligible for.
If you are part of one of these less standardized organizations because acquirers. Love, standardization. And Eric, I guess the question to you as somebody who works very closely and directly with MSPs is how would you advise them to think through all three of these options, continue to go it alone, be rich, be king, and, and the be king is about selling, but selling to an evergreen, selling to a new charter, retaining your brand, et cetera.
Yeah, Rich, it’s a,
Erick: it’s a great topic of conversation, and I’m sure we’ll have lots of comments below after we post this podcast, because everyone has their own desire what motivates you, and, Tim basically tries to remove all emotion and ask that question, and that is his, his mantra is look, do you just want to be in control?
And potentially not sell your company at the highest valuation and receive all these other benefits, or are you willing to join the, and I’m using air quotes, the collective in that scenario. And, I, Rich, and, maybe some folks in the audience don’t know, but I’ve participated in over four dozen MNA engagements with MSPs and a vendor or two, and I’ve seen it from every perspective.
And the best way to answer the question, Rich is. We need variety and we need choice because, I’m going to say, dang it. Some people just have an ego that says, I just want to be in control and I want to run things my way. And, I’ve subscribed to that. And so I’m going to either try to exit myself and not stay too long for an earn out and maybe even sacrifice a little bit more money because I.
Like Frank Sinatra says I did it my way. And that’s where, that’s what I want to do. Other folks like the evergreen philosophy is like, Oh, I like my brand and I am going to benefit. But I’m not yet ready to, just. Just be absorbed with a new brand and things like that.
Now I will say rich that there are really good reasons for an organization to maintain that brand. And then maybe the new naming of it is, my MSP a subsidiary of kind of a larger company because they have built such a an awareness in the community or the geography that they serve.
That is an additional value that the buyer wants to maintain, right? So there’s different ways to do it. Then, of course, I’m, on one day I’m a creature of standardization is the way to go. There’s so much more efficiency to be had by integrating platforms and people and and services. And then, just being very objective about.
Managing costs and that means you have to make some difficult decisions because I think that’s one of the things that some business owners rich just don’t feel comfortable doing is I’m going to release maybe 15 percent of my staff, maybe 20 percent because. I’m now part of this larger organization where we don’t need overlap and I’m getting my value, my earn out based upon how much more efficiency and profitability I can bring to my my business now here [00:10:00] as part of this organization.
So there’s a, there are a lot of questions around what makes the most sense for someone. And I think at the end of the day, Rich, two or three things are most important to the MSPs that I work with. When they’re con considering who they will be acquired by. And I, like I said, I’ve sat in enough engagements and across the table during valuations and negotiations.
To know the highest price sometimes isn’t as attractive to the owner when they feel that their customers might not be cared for with the same love and attention that they deliver. That their technicians may not be as valued or be seen as not as technically qualified and have less opportunities for growth within the large organization because they got all these.
Roles filled and things like that. Not that they think that they’re lesser individuals, but like the opportunity to grow might be less in a larger organization than a smaller organization that’s growing more, much more quickly, and then ultimately the legacy that the selling MSP wants to leave behind, like they, they have made a difference in their community.
Maybe they’ve been philanthropic. They participated in all kinds of. Goodwill in the community and things like that and maybe they want to maintain some of that stuff so like I say, it’s a coke and pepsi and maybe root beer and maybe sprite a Opportunity here, but the good news is that these options do exist now, like they’ve never existed before
Rich: and I totally agree and want to underscore that point because, one of the interviews I did at the evergreen event a couple of days ago With the co-founder and CEO of one of Evergreen’s portfolio holdings.
A pretty good sized MSP based on the northeast called Network doctor. The gentleman’s name is is David Burke. And, he was telling me the backstory to his decision to sell to Evergreen. And he was not looking. To sell, he and his co founder and the rest of the team, they were doing a great job of growing that business.
And they were actually acquiring other smaller MSPs out there. And when they sold a couple of years ago, it’s 130 employees, 30 million top line. But what he said basically is he and his co founder felt like it would be a good time to quote unquote de risk and this is that whole, equation that successful MSPs have to think through.
If you are growing the business and you continue growing the business for another year, two years, three years, when you do sell, you will sell for that much more. Basically you will make that much more money. But something can go catastrophically wrong between now and then you get hacked.
And, if you’re, if it’s your RMM, then maybe all your customers get hacked. And and all of a sudden, a lot of the value you’ve built disappears overnight. And that’s the risk he was talking about. And he and his partner decided we’re going to de risk, but they found they had an option. They found a way basically to continue growing the business that they had built.
They have access to expertise and resources and money. He was talking about how the evergreen team has really taught him about financial discipline and budgeting discipline. And he’s saving a lot of money that he was wasting before and didn’t know. And he’s been able to.
share some of that money with his employees by giving them racism and the like. It’s good that somebody in that position had that particular option. If you are, nearing truly an exit and retirement and so on, then the roll off option might actually make An enormous amount of sense for you.
So it, all of these options make the MNA decision that much more complex for the people in our audience. But it’s ultimately a blessing, Eric, as you were saying that there are so many of them out there. And if you ask the right questions you are much more likely today than before to find one of those options.
That’s the right fit for you.
Erick: And not to prolong this part of this segment of the MSP chat podcast, rich, but, you reminded me that there are, there are MSPs out there that still want to work in the industry, in the MSP practice itself, they’re just. Like you said, want to take some risk off the table and maybe enjoy life a little bit more, but still provide, value to the organization, the clients and things like that.
And if they can sell and then divest themselves of a few of the hats that are the noise. That get in the way of what they really are passionate about doing or enjoying doing, then that’s really an attractive opportunity as well. So I don’t have to worry about payroll anymore and HR and marketing and maybe even maybe sales.
If I’m a server, I’m more a technical person. I just want to manage projects, let’s say, or no, I just want to go out and. And cultivate more sales opportunities and work with our existing [00:15:00] clients and let somebody else manage the technical team and things like that. Just another thing to think about.
Rich: There are a lot of options, a lot of different ways to handle this particular decision about selling and who you sell to. There are a whole ton of different ways to handle the the subject of your tip of the week, Eric. And what is that?
Erick: So it’s. Continuing to improve your client onboarding process.
Rich, and I don’t, this applies to everyone, whether you’re, a standalone MSP business owner and you’re the king or you’re part of a roll up or a large organization, or you’re even working in the enterprise. When you are onboarding new clients, we are in a state of. Of exciting change right now, rich where manual onboarding processes soon will be handled more and more by AI powered automation, which means that we can be more consistent in our onboarding process, we can deliver the similar outcomes and experiences with clients and spend more of our time on the human element.
That is the biggest impact. To to create a high level of satisfaction from a new client that has just decided to sign an agreement and be and be serviced by your MSP. So the promise that we deliver through our marketing messaging and through our sales process is strengthened and reinforced through a consistent, structured time based onboarding process that then leads to the transition to ongoing support.
And that onboarding phase Rich is, could be the deal breaker. Of a client saying, wait a minute, if you guys are so screwed up here, then I don’t want to work with you guys or having something happen, or even worse, the onboarding process, not be completed by the team. And then the the the side effect of that is you’re not delivering service as effectively as efficiently and closing those tickets.
We mentioned in a recent. Podcasts about, first call resolution and kind of handling things without escalation and things like that. When you don’t have your onboarding process locked down tight and everything documented, then you don’t have all the tools to empower your team to deliver service effectively.
So let’s do three quick tips. So if you don’t have some onboarding checklist, Hey, they’re out there on the internet. I’ve got them too. You’ve got to have an onboarding checklist that. Does it merely address the technical components of onboarding rich, but also you’ve got to phase it just like a project.
So you’re having a kickoff meeting where you’re engaging with your point of contact or the folks that you’ll be engaging with a new client. And nowadays we can do these virtually, which is great. I would absolutely encourage folks to build a slide deck of five or six slides that walks that new client or that new point of contact through the onboarding process.
Not too much information, the Goldilocks, right? Analogy that you had earlier, rich, just right. Here’s what to expect. We’re going to need you to complete these forms. We’re going to need you to go on our online systems and enter the data. So everything that we have to do with that client, we start with a shared responsibility and accountability and action model, which if we do it right during onboarding, rich.
Then every project that we deliver to the client, they understand that there are things that they’ve got to do and things that we have to do in order to achieve success together. It starts with onboarding. So we’re conditioning them on what good project management looks like. So having a checklist broken down by phases and then having phase review, even if it’s two or three phases, we’ve got to, integrate everything into their Entra ID in the cloud.
We’re going to deploy our agents. We’re going to, on board them into our ticketing systems. We’re going to integrate them into our accounting systems. The things that we have to do on their side and on our side and then who’s responsible and then we document that and we allow the client to participate in that onboarding project by making that project.
Visible to them so that they are doing their checklist of things. You’re doing your checklist of things. And now you’re building that solid foundation of collaboration. That’s so key in maintaining a high level of client satisfaction and not churning clients out. We’re impressing them with the attention to detail.
It may sound complicated, rich. But it’s not really, if we’ve got a project plan, let’s just tweak it. And now we’re not going to give away, internal secrets or anything like that. But we can publish a project plan that clients can participate in and we are measuring, and then we have checkpoints every [00:20:00] week or every, however big the client is.
Maybe you’re, it takes them two or three months to onboard. And then you’re delivering service on a best effort basis during onboarding. So the understanding Rich is that you have SLAs. And response time that you’ve agreed to in your agreement with the client. And when you kick off with the onboarding process, you let them know that, Hey, we will provide service on a best effort basis until we complete onboarding.
And that’s going to occur at this stage. And we both agree that we are ready now to move forward and be held accountable to our SLAs. So getting the checklist done, having that human interaction, phasing it, and then automating as much of that process as possible. And then cherry on top, if you’re really growing at a rapid clip, or maybe if you’re not growing at a rapid clip, you need to have a dedicated onboarding manager.
So if you’re having everybody on the team manage parts of this project at some points, that leads to inefficiencies and it could potentially erode the satisfaction of the client because everybody does things a little bit different. So if you have someone that is in charge of that project, I am the point person during your onboarding project, rich, and I’m going to be relying on my team.
And here are the team members on your team are going to be relying on, but I’m going to make sure that we knock these things out in the proper order. Rather than leaving it to technicians and engineers because we get busy as MSPs and fires crop up, somebody has to be accountable to that process and it can’t be five people.
It’s got to be one person to lead us through. And that’s how we maintain that consistency and that standardization and gets us to a point where we are profitable much more quickly because we’ve onboarded that client. In the, during the time span that we expected and within our internal onboarding budget, which we should also be tracking.
Rich: Yeah. Cliche alert, but you never get a second chance to make a first impression and onboarding is really the first time that new client is encountering you at work. They have some experience with you. Through the sales process. But this is the first time they’re really going to get a taste for the kind of service you’re going to provide them.
And getting onboarding, it’s not just setting your team up well to support the client. It. It’s also a very important part of getting that relationship off to a good, strong, healthy start and increasing your odds of this being an enduring relationship. So this is important stuff.
I want to go to something you early on in that you, you said something I think is really important and interesting. And it reminded me of a conversation I had at the Evergreen show. You were talking about how down the road a little bit AI based automation is going to be doing more and more of this onboarding process.
And I think that’s very true. And I think it’s just a good example, like a good concrete example of the disruption that AI is going to bring to the managed services world. I one of the interviews I did at the evergreen shows with one of their executives there named Elliot Hyman.
And we were talking a little bit about AI and he was saying. This entire industry, not just our company, every company in this industry is going to look really different five years from now. And, this is a guy who’s been in the industry, had a lot of success in it for a long time.
And he basically said, I don’t know what it’s going to look like in five years. I don’t think anybody does. And evergreen, they they’ve acquired 80 some odd MSPs at that point. They’ve got 3, 500 employees across those companies right now. And Hyman was saying, I don’t know what all those people are going to be doing five years from now.
I, and his point wasn’t like most of them won’t be working for us anymore because AI will have taken their jobs. It’s just, I know a lot of them won’t be doing what they’re doing today because AI will be doing it. What will they be doing? I don’t know. And so this is just a little glimpse, a little, onboarding is a great topic for this show and our audience right now.
And there will come a time just a few years down the road where it’s something that our audience isn’t really having to think about all that much anymore, because that will have been so heavily automated. And and none of us knows exactly what it is that we’ll be thinking about and talking about instead.
So
Erick: here’s my silver lining in that future potential reality. That just means that we’ll have much more time to build and grow and maintain those great client relationships, right? Because it’s now we have more time to be more strategic, to grow those opportunities and not make the the client satisfaction metric, how, how great we are technically.
In the best case scenario, rich. We want to be unseen and unheard we don’t want clients to to open tickets because things are broken or not working or take long to close their, to incident [00:25:00] manage, whatever they’ve got going on, because we didn’t do a proper onboarding job.
So we want to have, by the way, of course. We provide helpdesk for the few tickets that you may have at this point and infrastructure management and patching and update. Of course, we do all these things, but the real value that we bring is the strategic focus we have in helping you achieve your business goals securely.
Leveraging the technology that you have and then introducing new technologies along the way that you may not be aware of that could be of value to you. That’s it.
Rich: All right. Folks, I hope you are enjoying the show here as much as Eric and I are enjoying bringing it to you. And the good news is, if you are, it’s about to get Even better, because we are about to be joined by an interview guest, and I have been looking forward to this conversation for a while.
Eric, we are going to be speaking momentarily with Kyle Hansloven, the CEO of Huntress one of the best known most respected names in security for MSPs. We’re going to be covering a wide range of topics with him. And like I said, it’s all coming up right away. We’re going to take a quick break.
When we come back, Kyle Hansloven will be with us. Stick around.
And welcome back to part two of this episode of the MSP chat podcast, our spotlight interview segment, where we are genuinely thrilled and delighted to be joined by one of the best known names from the best known vendors in the industry right now, he is Kyle Hansloven, the CEO of Huntress, Kyle, welcome to the show.
Rich, Eric, pumped to be here guys. Thanks. I just said and still believe you are one of the best known names in the security field. Huntress is also one of the best known names for the two people in our audience who are maybe new to you or new to Huntress go ahead and introduce yourself.
Kyle: Yeah, I think the way you could celebrate it shortly would be a long time ago, I was a shady hacker. I ended up learning that if I used my skills for defense instead of offense, we can make a big difference. And I found my fit in the MSP market. It turns out building a product that helps under resourced under, sometimes it’s just under availability, right?
Who has time to be able to do things to not only just chase down, find those hackers, but quickly get them out of your customers networks, make it makes a big difference. So we do that on the end point. We do that on the identities. We do it for your data and Sam, and we actually protect the learners with security awareness training.
So it’s a crazy 10 year synthesis. And I’m thankful to be here.
Rich: And it’s a 10 year journey that’s landed you deep in in unicorn territory. We won’t get into that on this interview, although it is an impressive story. I got a number of things we want to talk about with you, Kyle, but we’re going to kick it off with a few questions related to the Huntress 2025 Cyber Threat Report, which as we record, this came out just about a month ago.
And I’m going to read you something from the press release about that report that kind of jumped out at me and get some comment on it. It said, quote, In 2024, the gap between attack sophistication on large and smaller businesses nearly disappeared. Hackers took the methods and strategies tested on larger companies.
And apply them to organizations of every size. Tell us a little bit more about that. What is it there that changed with respect to the threat landscape specifically for SMBs last year?
Kyle: The way I think a lot of people could relate to it is something that’s not geeky. Think about back in the day when we used to shoot up the space shuttle, for instance, or the old school rockets.
They went, but they didn’t always return, right? And when they did, there wasn’t very reusable, right? It was a very non scalable but proof of concept. That’s what enterprise hacks had been for a very long time. The thing that has both, and I’ll actually say it, admirable about cyber crime is they really have understood they have to be a business.
They can’t just do these one thing funded by the government, but similar to other, there’s a dozen rocket companies these days. They figured out how to turn it into a commercial enterprise. And what’s neat about that is not only are they doing these massive, trips to the moon, but the technical version of that, obviously stealing all kinds of data, getting into places undetected and dwelling.
But the thing that kind of impresses me the most is they’re doing it with finesse. They’re doing it with scale. And a lot of that’s powered by really savvy automation. And some sprinkling of some AI. So as much as we love to say AI is helping us on defense, I actually think right now it’s largely being better used to improve quality of offense.
So a lot of things that went into that one statement.
Erick: Yeah, no doubt. These attackers, Kyle, are using every tool and technology. They are so far ahead of their victims. Just, there’s an advantage there, and it’s pretty insane to think about. This is what’s causing everybody in the industry to scale up, because we have to keep up.
With what these folks are doing now, typically we hear about these large scale attacks against enterprises [00:30:00] and things like that, but are you seeing the threat activity also escalate with SMBs at at the same pace? I get the sense that the SMBs are getting attacked just as much, if not more sometimes than what we’re hearing on the enterprise side.
What’s your take?
Kyle: Yeah I’ve been trying to keep everything, preparing for maybe some public readiness one day, so I’m trying to make sure that my analogies are simpler and I’m going to keep using that because I think a lot of this audience has to tell their own story right to their own non technical folks.
What’s wild about the sophistication that’s happening right now is. If you use my analogy earlier, shooting a rocket to the moon, the moon isn’t really moving in unpredictable paths. Gravity stays pretty constant, but threat actors are the most opposite of constant, right? They’re sporadic, they’re creative, and what’s really interesting is we’re seeing that creativity being used where I would actually say novel tradecraft and novel levels of automation used against small and mid sized businesses.
That is not happening in enterprise, meaning I actually believe quite a bit of unique innovation is happening only to target the small businesses, the midsize businesses. And the reason for it is when you’re going after a whale, you can go after it with these very manual, very, Hey, how do I get an almost surgical level, human level expertise, but small and midsize businesses, let alone, the partners that support them.
They often aren’t large enough to warrant a single human. So the innovation that I’m talking about is all in forms of how can I do this without requiring a human? And when I do require a human to maybe choose what data to exfil, or choose very specifically what path to move in the network to not get caught, the innovation that they’re doing is often, how do I do this with a very small team?
So that’s a long way of me telling you, I actually think innovation is happening in this world. An SMB specifically that is not happening in enterprise and as a result, we’re having to come up with our own tactics to defend against it. We can’t just use an enterprise playbook and adapt it to an SMB world.
Rich: Speaking of this might be an example of innovation. There were a number of different evasion techniques that your 2025 cyber threat report calls attention to. And this is all second nature to you. It’s unfamiliar to me. I don’t know about Eric, but it’s unfamiliar to me and I love to. Geek out on this stuff.
So I’m going to ask you about one of those in particular right now. We’re talking about three, three evasion techniques that define the new normal now, one of which is EDR tampering. So what is EDR tampering?
Kyle: Think about it. You’re robbing a bank and you want to be able to steal the crown jewels.
What’s ever in the safe deposit boxes. If you have a camera that is looking for the data, you might get away with the crown jewels, but they still know who you are. And maybe they can stop you before you get too far away. Still reclaim the money, right? It’s very similar to the security incidents.
Nowadays, we often have telemetry after they happen. And the goal is. Just because you break in doesn’t mean you’ve made it away, doesn’t mean you’ve been able to spend the money or be able to make the profit, doesn’t mean you’ve been able to steal the intellectual property, or sometimes it’s just enough to extort somebody, take down the payroll system so they can’t run payroll.
The tampering comes into place with saying, Let me blind that camera. Let me make it so you don’t have that telemetry. And so what’s wild is getting into networks, perfect prevention, just like in healthcare. If I told you’re not going to get sick, never get cancer. You wouldn’t believe me. Don’t believe anybody on cybersecurity either.
You’re not going to stop with perfect prevention, but what they’re learning is if they can get in past prevention and in that minimal amount of time, quickly neuter or disable features of the antivirus. Trick the antivirus or the EDR into thinking telemetry is correct, but it’s not and create these blind spots.
It’s like those Hollywood movies. We see with the great heist. It’s a lot like that of Oh, the camera looks like it’s on, but it might actually be off. And sometimes by the time you realize that, the camera isn’t working or the data isn’t being recorded Everything’s long gone or they’re in place well enough that you’re probably going to struggle to get them out.
That’s the highlight tampering and evasion is been reinvented big time and 2024 into 2025.
Erick: So Kyle, obviously that’s a supply chain or, up upstream vendor challenge for MSPs, which is interesting because. We should talk a little bit about, what should we be considering as MSPs when, we’re having those types of situations.
Another evasion technique in your report is bring your own vulnerable driver privilege escalations. Now, for those of us in the audience that aren’t, dragon slaying engineers and cybersecurity experts, can you define that? And then let’s talk a little bit about, also the positioning of that.
Like, how do we, guard against that?
Kyle: Yeah, let’s break it down for the layman. So a lot of us remember like when CrowdStrike had the blue screen, it happened because of a driver. And the reason that the blue screen happened, I’ll tell you, any vendor could do it, Huntress could cause it. It’s really hard to prevent perfect code.
And there’s a lot of things you can do, [00:35:00] but why I’m mentioning that instance is because that driver exists in a place called the kernel and the kernel, if you make a single smallest mistake. You can cause bad things to happen, but it turns out if you can safely operate inside the kernel, you can also blind to the operating system to a lot of telemetry that it should be seeing.
But for instance, you’re so low level that not only can you cause a lot of harm, if you’re a hacker, you get a lot of power. And so this idea of bring your own vulnerable driver, and it has a terrible acronym, whatever that is, B Y O V D. The idea is if somebody has a legit piece of software, it doesn’t even have to be security software.
It could be something that just maybe provides that access into the kernel. And if they have a flaw in it. Oftentimes your operating systems, if you abuse it the right way, a hacker now gets in safely into the kernel, doesn’t cause a crash, and can start blinding things. And what’s really terrible, that goes back into the, I got in quick, I made it past prevention, but before you could do your detection and response, I was able to bring my own, bring your own virus, but bring your own vulnerable piece of software.
It doesn’t look like malware. It just looks like an outdated piece of software. And boom, I’m in. And again, I’m doing that evasion. I’m doing that blinding. I’m taking down the camera so you can’t find my telemetry or by the time you find it, I’ve already accomplished my goal. So it’s a stressful time because if you think about this, we’ve all thought about software management, configuration management.
How do we prevent software from getting loaded that we don’t know about? And the nuance that most people miss is they’re not bringing the whole piece of software. They’re just bringing the tiny little bit of a driver. And oftentimes these software kits that try to tell you what’s installed and what’s not installed don’t look for this.
So again, that’s the cat and mouse game. That’s hackers doing it. And I’m telling you, you don’t get to that level of creativity. Without somebody really understanding there’s a problem. So I think we should also celebrate this is a win. We are now threatening hackers well enough that we’ve moved past old unmanaged antivirus.
We now have these fully sock managed EDRs and now hackers are having to change up their techniques to get around us. So I’m calling that still a win on the for the defenders out there.
Rich: Kyle I believe the last time I had a chance to interview you, I certainly face to face was at the RSA conference last year Eric and I are both looking forward to going to that conference again in a couple of months from now, but last year when we spoke it was at that conference that CISA launched the Secure by Design program, which they followed up a little bit later with Secure by Demand.
We had a chance to talk about Secure by Design a little bit. Huntress was one of the first the inaugural signatories to that. You had What a mixed feelings about at the time, I would characterize what you said as, Hey, this is better than nothing, but this is really just the beginning of what’s needed out there.
We’ll talk a little bit more about what’s needed out there, but let’s just, we’re about 10 months in on secure by design some smaller number of months in on secure by, by demand. Just give us a sense. How much of an impact have these had? How much good have have they done?
So I’ll start
Kyle: personal. We took that commitment as we’ve given our word. We publicly came out and said secure by design. And right away we started just because not only did we see hackers starting to bypass and trying to get around Huntress. There’s always opportunity for us to do more, meaning we even ourselves hack our own software and sometimes bypass it.
So we started with that secure by design, not only with the way that we did better quality assurance, trying to find more of these, improving our bug bounty programs of working with other folks, but we also. As I mentioned, a lot of some of the software that before we said, if a hacker gets here, they’re going to get it anyways, we decided that was a weak, nuanced approach.
It was maybe calculated, but considering the resources we now have, we buttoned down and batten down the hatches and really hardened ourself. And so I feel in many ways, we’re living the spirit of what CISA kicked off. The problem that I had at RFA, and it’s the same problem I still have today is.
It’s self policing, and if you think about intent, very few people have malicious intent. However, a lot of people, if it’s not a priority to them, they just other, business gets in the way of business, life gets in the way of life, and then you put these things off. So the same thing I said at RSA still remains true of, I want to see some stinking teeth.
I want to see people get, maybe there’s indemnification we can do for people when they are following some sort of baseline standard. Obviously with CompTIA going under their acquisition, and obviously we’re seeing some of the new organizations come out of this. I want to see some of these baselines that really applaud and award people when they’re doing the right thing.
And I also want to see a little bit of carry the big stick. Even if it’s just a list of here’s the for shame list. They do that by the way at the hacking conferences. The wall of troop, or the wall of [00:40:00] shame for people who have their clear text password stolen. I think that is a pretty okay way to self police.
That doesn’t have to get into such heavy regulation. So if I’m looking at 2025 and asking one thing, I’m hoping, obviously we’re in this time of government shakeup here in the U S but internationally, I’m hoping to see more of self regulated, let’s call it out. So even if the government doesn’t add teeth.
What can we do? Can we vote with our dollar? Can we get behind those people? And for instance, I saw plenty of vendors this year get better as well and announce when they did have a security vulnerability publicly, not privately under an NDA. And I think that we could probably as listeners and definitely as consumers lead with positivity when somebody’s doing the right thing.
Give grace when the inevitable happens. You get sick. Software developers are going to make a mistake, including Huntress. And then at the same time, when you see these things that are recurring, especially like what I’m seeing out there on some of the edge devices, VPNs, routers that constantly have these same vulnerabilities that are getting companies wrecked, it’s time for us to do more than just complain about it on LinkedIn, right?
It’s time for us to actually vote with some dollars. And to be very frank, I would encourage conferences. Being able to have some of that wall of shame, wall of sheep, but also the equivalent of, great job. So that’s where I sit in 2025, not too different, but feeling still glass half full.
We’re going in the right direction.
Erick: I love your positivity, Kyle. It’s refreshing in such a, I think a scary, topic for most people that don’t understand these things. It sounds to me. Like you may be calling for some sort of standards among vendors. What would you like to see those basic those basic standards be like, what could vendors do?
You make their products more secure. Like where would you start?
Kyle: I use that word intent earlier and I like, I live this. This is not just like a, put on a press piece and go do this. It turns out when you fail, if you’re willing to fail publicly and take the scrutiny publicly, The inverse happens than what most marketers think.
They think, Oh, when you had that failure, if admit to that failure, then somehow you’re a failure, but it’s the opposite. If you admit and come forward and talk about this is how we’re going to correct it, this is the specifics of what happened. You become more relatable, you become likable.
And so what I want to see is some level of standard of you have X amount of time to disclose publicly and maybe even some strong guidance of what does good look like on disclosing. And I know that’s such a weird place to start, because by the way, disclosing doesn’t necessarily make it better. But when you have a forum that encourages that level of scrutiny, You have all the other behaviors that you might not necessarily do if it was private.
You’re now very positively incentivized by having the light shine on you. And the stuff that I enjoy is when vendors have mistakes. I look at people like LastPass. They’ve had plenty of vulnerabilities and mistakes. They’ve corrected some of them, but some of their problems and the reason the industry doesn’t trust as a vendor is they didn’t handle the first incident or two very transparently.
And so if you could hear the one thing I want to see a little bit of like governance, whether it’s on vendors, but to be honest, even as us as an MSP community, There should be a really firm standard of this is what transparency looks like. This is what we tolerate. And when you step outside of that, I think it’s free reign.
I think it’s free reign for the press. I think it’s free reign for social media. And I think that at least gets to a standard that we’ve all gentle person’s agreement, right? Gentleman’s agreement of yep, let’s let’s agree to this. And when we step outside of that, mess around and find out, I think I can say that on this podcast, right?
Eh.
Rich: You can go all the way to the F word if you want. All
Kyle: I think people, I’ll find a way to sneak it in, but I appreciate that clearance. Yeah, that’s how I’m feeling, Eric. I am glass half full, but if you can’t tell, I, I enjoy the scrutiny that comes from public humiliation too, just as much as I like public celebration.
Erick: Sometimes that, that peer pressure is the biggest motivator, right? And that transparency and that, I don’t want to be called out. For not doing what everyone else has agreed to do. So I will, as much as it hurts and I’d be interested to understand what the attorneys might say about that approach, right?
Cause that’s a whole other conversation, but no, I appreciate that, that response.
Kyle: No, not for sure. Thanks for asking a darn good question. A slightly spicy, but we didn’t have to get too too aggressive, right? We got to be aggressive, but not abrasive.
Rich: And I will just point out cause we glossed over exactly what secure by design is.
We’ll have a link in the show notes. to a page about that on the CISA website. And basically it was just a bare bones list of seven or eight fairly minimal minimal steps that a vendor can take to harden their security [00:45:00] and yeah we’ll link to more details, but what the specs are specific.
Kyle: I appreciate Richie calling out. It’s a low bar. It’s not a high bar. It is if you have hands and eyes and breathe through your mouth, you should be doing these things in 2025. Good call
Erick: out.
Kyle: Yeah,
Erick: it’s pretty common sense stuff, right? You would think heck, that’s what if we could all just get there and that’s the big.
Needle move, right? If everybody would just get there anyway.
Rich: My recollection is one of the items on that seven or eight item list is, keep your software patched, right? It’s really? Are we at a point in time here where we’ve got, people have to take a public pledge to okay.
But we won’t beat that dead horse any further here. Yeah, that horse is out to pasture
Kyle: for sure.
Rich: Yeah. Kyle, I’m doing my part of this conversation here from a hotel room. I’ve been attending a meeting of the ConnectWise IT Nation community here this week. I’ve been working on an article about the role of community in the channel today.
You folks at Huntress have really made a point of being an active, engaged member of the channel community pretty much from the get go. Talk a little bit about the role of community specifically in, in security. What can and should what role does the community play in keeping the community itself safe and also the end users, those MSP partners are responsible for securing safe as well.
Kyle: Yeah, I pick up what you’re putting down. Community is one of those things that for instance, it’s so ingrained in Huntress, not by accident from the first day of Huntress, we’ve had a simple mission statement. It’s elevating small and mid sized businesses through education and community one hacker at a time.
And that. Double entendre at the end refers to taking down one shady hacker at a time, but also through education and community growing one ethical hacker at a time. And the reason that we started that way, notice there’s no mention of building software, there’s no interested no mention of making money.
It turns out all those things happen. If you lead with education and focus on community. And the reason for it is. Education I always look at is the initial splash in a pond. But when you look at community, they’re the ripple that takes that splash all the way to the, the water’s edge. And I don’t think most people seize and weaponize the importance of community.
And you can find all the different, quotes of the ages, right? It takes a village to raise a child. It takes a community to raise the security bar. I can tell you no matter what our size, Huntress will be one peer, not a leader, a peer in the community where there will be many other peers.
And what’s beautiful is a community You might need somebody to be more vocal at times than others, but also sometimes the best leadership is the best followership. So some of the places I’m trying to be most active in community right now are helping MSPs find their own voice and kind of creating maybe their own guidelines of for us, by us type scenario of where they don’t need more vendors telling them what to do.
They sometimes need vendors helping amplify their voices or helping fund some of their efforts if they haven’t found a way to monetize it yet. But some of the biggest places, if we really want to go against the multi billion dollar industry of cybercrime, you need other equally committed communities that can figure out how do we make money securing it?
And how does the money that we make securing it? Be far less than the money that we lose by, for instance, the opposite getting wrecked. And so community for me is it’s just simple math. I know for some people, they think it could be this lovey thing that we do. Cause we’re emotionally bonded, but you can’t make a global difference.
If you don’t have the strength and numbers, it’s just that simple. So that’s how I can generally feel about it.
Erick: Yeah, that definitely resonates with me, Kyle. I’m a big community believer, big thought leadership lead with thought leadership and collaborate the rising tidal lifts all, ships.
So that really resonates with me. I just got back from a GTIA councils and community forum, and that is representation one really strong community that’s striving to. Improve the lot of SMBs and MSPs from a cybersecurity perspective. I sat in on a really, a great session on on their Trustmark 2.
0 from a cybersecurity, so yes, it takes all of us to do this. So like I said I champion that. So appreciate that.
Kyle: Now, and if you look at that endowment that GTI GTI has, they have the real opportunity to make a difference. The other side of that coin is they have the real opportunity to squander that opportunity.
The part that I’m just so excited is we have people that are coming together. They’re understanding it does take money to make differences. And I am a huge fan of the potential of that opportunity. I just hope. That we also stay [00:50:00] like accountable when we slip, let’s slip publicly. So we can
Erick: get better.
Yeah. Let’s well, you and I will glass half full that part of the conversation. Cause yes, there’s a tremendous opportunity with great power, right? Great responsibility. Anyway here’s my last question for you, Kyle. We’re coming, we’re rounding the bend at the end of Q1 here in 2025. So we’re still a little bit early enough, I think for me to ask this question.
Because we still got three more quarters in 2025. What threat or security trends do you expect to see the balance of this year, anything different, unique, more of the same, what are what’s your crystal ball say to you?
Kyle: Yeah, I’m going to give it real talk and I’m going to give distractions just because I think those are the two polarizing views folks appreciate for me from me is the first one it’s a played out conversation.
Identity truly is the new perimeter that happened all the way back in 2023 with a lot of the enterprise companies. Just getting wrecked. Not because they lost an unsecured endpoint, but because they moved from the endpoint into people’s Microsoft 365, Google account, and they are so darn good when they move into your Google account or your Microsoft account from moving laterally.
That has happened 24 of the maturity happened 2025. And this year you will see bypassing two factor just become the norm. You will see script kiddies, right? Not just the technical cybercrime groups, but even some of the basic folks able to do techniques that quickly either circumvent or get past weaker implementations of two factor.
That is something that is happening. That is real. And it is only going to get more extreme and you’ll see this and measure this usually on more business email compromise or people not understanding how did they we know they got in, but we don’t understand how they got in. I think forensics are going to start getting a little bit mushier and I’ll tell you some of the, these technologies, Microsoft 365, Google, they don’t always make it easy to figure out how did somebody get in.
So expect that’s happening in the next three quarters. I will bet my paycheck on it. The opposite side, there is so much AI is doing right now to help somebody who knows how to ask it the question or has the domain knowledge to level up. It’s just like when the search engine hit, if you knew how to search, and he knew how to use the filters. You are more productive. You can find data. And I will tell you, AI is doing that, but the amount of emphasis being put on things like these AI agents, AI sock, et cetera. I just think we are watching the kind of an, I don’t want to be overhyping, but maybe a little bit of an endemic, right?
A situation that is not quite, it’s almost overhyped and we need some realism about what AI and these agents will be able to do. That is very real. What they’re currently able to do. We’re getting manipulated by marketers. And in some cases they’re doing phenomenal things. And some of these words of AI powered socks and some of the outcomes.
If you really focus on what we’re talking about, not output, but true outcome. Let’s adopt AI, but be healthfully skeptical of the marketers, just the way they’ve got us on just about everything else. The marketing engines and the amount of funding behind some of these technologies are real. And so it is in their benefit to get you convinced that they can deliver something that is substantially different than what we’re currently doing.
And so I just want to leave it with, watch out for identities, adopt AI, but be realistic, don’t be over overly enthusiastic expecting for world changing things in 2025.
Rich: Yeah speaking of somebody on the receiving end of a lot of agentic AI hype, I’m totally with you there. I, I’m a big believer.
In the future of agentic AI but I’m also well aware of the fact that it could take us a while to get to that future and and it may not look like some of the promises being made to us right now. Interesting technology and yeah, we haven’t even gotten into the the security implications of of having agents running amok autonomously on on computers.
Kyle, such interesting stuff. I don’t know if it’ll work out for Eric and me to get a chance to break bread with you at RSA this year, but if we can pull it off, we’d love to see you there. We certainly thank you for taking time out of a very busy schedule to join us on the show here.
For folks who want to get in touch with you, learn more about you, learn more about Huntress, where would you point them?
Kyle: If you’re into fucking f bombs, you can find me on LinkedIn. I dropped one or two and I promised I would stay true to myself in this. But I try to keep it real. I try to be very realistic and I have this phrase, I have very passionate opinions held very loosely.
So if you’re into that, you can find me on LinkedIn. It’s where I’m most active. Huntress. We try to be anywhere in the community. I would actually challenge you that if we’re not in the community, you should be lighting up my team, right? Whether it’s huntress on social or just huntress. com using the chat bots, asking why we are not in your community.[00:55:00]
Cause it turns out you don’t need to have your own community. You need to be a part of the communities that exist. And that’s the way that we believe hunters should play as a member and appear not as a community of our own. So yeah, chase us down, track us down.
Rich: So with with time expiring, you finally snuck the F bomb in, well done.
And thank you so much for joining us on the show again. This was really great and I do appreciate it. Folks, Eric and I are going to take a quick break now. We come back on the other side. We’re going to share some final thoughts about this very interesting conversation with Kyle Hanseloven from Huntress.
Have a little fun, wrap up the show, stick around. And we will We’re going to be right back
and welcome back to part three of this episode of the MSP chat podcast. It’s always informative to spend time with Kyle. It’s always just a pleasure, for somebody who is running. A company that, like I said, is in unicorn territory. A very valuable company right now.
He is about as down to earth as they come and approachable. And so it just a really fun conversation as well as an informative one.
Erick: Yeah. Rich, if you didn’t know anything other than you met Kyle at, a bar or something, it would just be just a great conversation to have over a beer.
Just like you said, down to earth. And I really appreciated, how he maintains a positive attitude and sees opportunity where others might be like quaking in their boots about, like he dropped some pretty like serious predictions on us there at the end and, I make me pucker a little bit in some areas of my body.
It’s wow, two FAA MFA is going to be, that’s not going to be effective anymore. That is that’s that’s. That’s concerning.
Rich: That is absolutely sobering information. I just want to quickly call attention to two, two things that came up there that kind of overlap a little bit.
This concept of holding the vendors accountable, this wall of shame idea. And also the idea of community being so important in security. And, you, you can imagine, you put those two things together and is there a way for the community, and maybe that’s through GTIA or maybe it’s not. It’s through some other community, but is there a way for the users of the security software, the MSPs to hold vendors accountable and to put some teeth in, in some of these ideas as Kyle was saying, and, call attention to the people who aren’t being transparent, for example, I don’t think either one of us has the answer to that question right now, but it’s a really interesting idea to to think about and and hopefully somebody in our audience steps up and make something like that happen.
Erick: Yeah, it is a very interesting concept. If you get enough vendors to subscribe to this, new accountability I guess effort where we, promise to do right and be more transparent and all that. If someone tells me that’s a lot of work, that’s a lot of heavy lifting the, and again attorneys and investors and all this, it’d be like we want to.
Control this, but I think if you get enough vendors to tip the scales, then I think you’ll see other vendors feel like I think we may be losing market share or may not be able to grow or our competitors are over there. Maybe we should adopt that too. So it’s that peer pressure that, that may be the bigger influence to getting things done rather than, any other.
impetus to do
Rich: yep. Yep. Absolutely. Folks, that leaves us with time for just one last thing. And Eric I like Cheetos as much as the next person. I’m not a huge Pokemon fan, but sure. I like Pokemon. I don’t know that I like Cheetos or Pokemon or the two of them together quite enough to explain this story to you.
And some folks may have seen this before a Cheeto, not just a Cheeto, by the way, Eric, a flaming hot Cheeto. That I guess, came out of the Cheeto factory shaped like the Pokemon character, and I hope I’m pronouncing this right, char Charizard. Charizard. Charizard. Okay. Char,
Erick: not Char. Yep. .
Rich: Charizard the Pokemon character.
So if you can imagine a flaming hot Cheerio Cheetos, excuse me, shaped like Charizard. Somebody found this a few years ago, hung onto it and then decided who would’ve thought to put it up for auction, and they got. 87, 840 for the Charizard shaped Flamin Hot Cheeto Eric, which is impressive.
Erick: Boy, oh boy, I’m gonna start going through all my old, stale potato chip and Cheeto bags and see what kind of stuff I can come up with, because it’s funny, we see some of these stories over time where, toast looks like, mother Teresa or something.
And we’ve seen that kind of thing before, but it’s funny though, that Charizard cause the Pokemon character is a little he’s got a fire comes out of his tail and he, it’s a little kind of a dragon kind of a thing. So he [01:00:00] shoots fire. So it’s appropriate, for a flaming hot Cheeto Charizard to I don’t know about 87, 000 worth of, flaming hot Cheeto Charizard rich, but It’s a funny story.
Rich: Yeah. Now, and you’re giving me an idea is that basically the next time I open a bag of Flamin Hot Cheetos, I’m just going to pour them all out. See if there’s any funny special shape in there that might be worth 87, 000.
And if not, I’ll just go ahead and eat everything.
Erick: And you did juxtapose Cheerios with Flamin So maybe, if anybody’s listening, maybe we have Flamin Hot Cheerios. I don’t know if I need that. In my breakfast.
Rich: Good
Erick: morning.
Rich: Yeah. Folks that is all the time we’ve got for you on this episode of the MSP chat podcast.
We thank you so much for joining us here. And we remind you, this is both a video and an audio podcast, which means if you’re watching us on YouTube, but you are into audio podcasts as well, go to Spotify, Google, Apple, wherever it is, you get your audio podcast. Cause you’re going to find us there.
And if you’re listening to us. But we’d like to check us out on video, go to YouTube, look up MSP chat. You’ll find us there too. However it is you find us, wherever it is you find us, please subscribe, rate, review, it’s going to help other folks find and enjoy the program too. This show is produced by the great Russ Johns.
It is edited by the also great Riley Simpson. They are both part of the team with us here at Channel Mastered. They’re ready, willing, and able to create a podcast for you if you are interested. And trust me, folks, podcasts are the tiniest sliver. Of what we do at channel mastered. If you would like to get the complete picture, please visit our website at www.channel mastered.
Com channel mastered has a sister organization called MSP mastered that is Erick working one to one with MSPs to help them grow and optimize their business. You can learn more about that at www dot MSP mastered. com. Once again, we thank you. We’re going to see you in a week folks until then, please, as always, please do remember you cannot spell channel.
Without M. S. P.
Check out more episodes
