<div>Sorry if this is the wrong place for this!</div>
Hello all, I have a few questions/suggestions/comments and would embrace a discussion.
- This ORG can also act as a network and might be useful for companies to network within their respective counties/states. Can we add a county option, in addition to the state based in. I think a city option would be too granular.
- Add a company name option in addition to the member name. Should it be required or optional?
- Require a profile picture? As anonymity may work against us.
- Companies may want to hire each other for certain levels of outsourcing. An MSP/ITSP may refer clients to or outsource the installation of low voltage or cybersecurity…etc. Can we tag companies by services offered.
- Perhaps tiers? Such as, tier 1 a full service company, tier 2 low voltage, cctv only, tier 3 break fix..etc. Note: Is there an approval required for tiers? As listing tiers can lead to mean the ORG approves a companies tier.
- Non-competes for certain companies or code of ethics for companies taking on or talking with clients of others in this ORG.
- What membership oversight is there or should be?
- A Slack account (or similar) for the org may be wise, as we can have a room for each committee to speak privately and perhaps a room for members to address each committee. This keeps questions directed per committee/subject and doesn’t need to bog down any one else. I believe a bot can assist with some of this.
- Possible funding may come from vendors for being added to a company “approved” list.
- Allow certain vendors to present from an approved vendor list? Pay to present just like a convention. Please do not allow ads.. only presentations/events and charge for vendor attendance. A monthly calendar of events may be nice.
- Grants for establishing a standard? Could there be a grant to help standardize and prevent more cyber attacks? Maybe the org can apply for them? I believe 2-3% of the U.S budget is being thrown toward cybersecurity.
- Grants or donations may go to training or apprenticeships. Perhaps small (1-2 year) employment contracts.
- Standardization certs/ classes and charge for attendance, perhaps offer a short contract in exchange for paying the class fee?
- Build a network for sourcing materials in bulk getting greater discounts on SAAS, hardware…etc. Charge a small fee for management and funding organization of the bulk orders.
- Please think how all this may affect new or existing small one man shops. I agree the industry needs higher standards. But regulation is known to kill small businesses.
- From what i’ve seen most members are owners/managers of 10+ year old businesses. For a board/committee to be diverse it needs both young and old, all with open minds to different ideas.
One of the benefits of the group would be to aggregate product requirements in a category and then provide that feedback to all vendors in the space telling them that this level of functionality is demanded by MSPs. So far I consistently hear that they make product changes based upon RFPs from enterprise. So it feels like the MSPs have no voice with vendors. A great example of that is more EDR/EPPs should have automatic sysmon deployment and configuration with ingestion, filtration, and 1 year retention of collected windows event logs for the purposes of SOAR/XDR and forensic incident response investigation.
But so far too few EDR/EPPs are providing this. I could go on here about why it is necessary, but I’ll save that for later. Bottom line is that we have an opportunity to define standards requirements for products and provide that feedback to manufacturers. It is an opportunity to be heard and to influence product development instead of manufacturers only listening to enterprise.
I think that it would be good to have a working group specifically for Social and Community outreach. While we can post on any of the social groups, I think it would be helpful to have their support. Jay just put out a list of 160+ communities for MSPs. I think we can work out a deal with the communities for cross-promotion so we can leverage their user base. Ditto with the larger organizations like CompTIA. I’m in at least 60 of these several times per month and I sit on the CompTIA CDAC. I’m happy to help where I can. Thanks!
I have been trying to find MSPs who wanted to form a group like this for some time. I have been meeting with other local guys in the DFW area, and around the country in peer groups, and the vision is usually not there.
I will tell you, this call was exciting for me.
The second thing I wanted to say is, “This will be a small business, and so must have a proper revenue structure, and actually meet its client’s goals.” As such, I would ask you to focus on “Who is this organization built to serve?” and “What is successfully serving this organization?”
Several other entities in this space have tried and failed at this, but this may be one that could work.
I was on the meeting the other day and want to bring home some of the things about this.
At its heart: This organization will serve its members, and
ultimately that will be done by controlling who can be a member, how they
can be a member, setting standards, and keeping the smaller providers
focused on what they do well.
- Think “CPA”s and “Accountants”. One is
dealing with GAAP, TAX, Compliance, etc, and one is dealing with the
blocking and tackling of double entry ledgers and reports for the front
- This organization wants to improve the security of IT
Secondarily, it wants to help steer legislation
- When this happens, certain IT Providers will be left
out, UNLESS: 1) A ranking/rating of providers happens (Level 1, Level
2, Level 3, etc.)
Lacking “Levels” of MSPs, smaller MSPs will get left
- Recommendations of the idea of levels needs to be
introduced early, and be done by Predominant Business Model (MSP, VAR,
etc) since these are not really related to each other.
- People have already built organizations like this, with
financial models, methods of funding, org structures, etc., and these are
CPAs, Attorney’s, Engineers, Architects, etc.
All these groups have individual and firm level
You have to fund and pass tests to get inside.
(recommend certified IT professionals and third party attested IT
companies for starters.)
- Memberships for individual professionals will separate the wheat from the chaff
- Memberships from corporations in the field (MSPs, VARs, etc) will do most of the funding.
This organization needs to require ongoing training
hours (25-50 hours per year?) for continued active membership
- As a small business, it will need Anchor companies to
come on board and fund it initially.
- It will need a huge marketing arm to reach out to
potential companies, legislatures, and for building membership.
More to come.
My initial committee list:
– Insurance – work with Insurance companies
– Liability – working to reduce the MSP liability for cyber attacks
– Ethics/Standards – develop Professional Ethics and Standards for MSPs
– Political/Legislation – work toward developing legislation and lobbying state and federal leaders to standardize the industry
– Corporate Structure – set up the initial structure of the organization, elect Board of Directors, develop short and long-term strategies, voting protocols
– Membership Committee – attract new members, manage members, keep members informed, develop fee structure
– Finance – develop and maintain budgets for each initiative
– Education – educate media, educate members on standards and security, educate the public on security and the MSP role
– Public Relations – interact with media and the public to promote our mission
Public Education Committee – what is an MSP and why should you have one?
Media Inquiries Committee – Did a HACKER *REALLY* hack into a computer and encrypt it, or was it just a dumb click on a link?
Insurance Management Committee
Member Benefits Committee – Negotiating Cyber Insurance Liability, Health Insurance, General Insurance coverage for members
Member Education Committee – standards and certifications
Security Standards Committee – let’s take SOC II away from the AICPA.
Starting a thread to discuss ideas for working groups. Tagging @Rayanne Buchianico since she already had a good list.
I’d like to see
– Leadership Committee
– Ethics Committee
– ITSP Designation Committee
– Strategic Relationships Committee
– Membership Committee
- You must be logged in to reply to this topic.