Welcome everybody to episode 211 of the killing it. Go to... name podcast. I'm Karl, joined as always by Dave and Ryan, and we have another show. It's Q1 2025. Welcome to the big show. I like the rhythm because we also end up with some juicy topics with this. But I'm gonna kick us off just to warm things up. in the tech industry Dave is is literally like half of somebody's career sometimes so plenty of funny to talk about. new stuff.
But I'm gonna kick us off with something a little bit more fun. We are still in the drinks of winter here. We're starting to see the end. What are you most looking forward to when the weather warms up? So I don't live in a place where it snows except maybe a quarter of an inch every 20 years. So, but I'm tired of the rain. I'm tired of the cold, but I look forward to Sacramento summer evenings are the best in the world because we have two rivers that run through town.
They merge together and the place is absolutely full of places where you can hang out, have dinner by the water with live music and it's just thoroughly enjoyable. That's what I'm looking forward to. see live music outside on a summer evening. I will always sign up for that.
And in fact, I would get on an airplane and travel for that privilege because I will tell you, it struck me the other day, you know that feeling you get in the middle of winter where you can't fathom leaving your house without the big coat and the gloves and all of the stuff because it's snowing like crazy outside. And then you remember those days, those good old days of summer where you just left your house. You didn't have to go through the like getting bundled and doing all of the stuff.
I was like, wow, that that used to be a real thing when I was six or seven. I thought, man, this is terrible. Apparently, it's still a thing. Even at this age. I'm just looking forward to leaving the house without having to do all the work to stay warm. want my toes to not be cold. Like it's really just the like, it's so painful. Like it has been, I live in Northern Virginia. Like, so I live here because it is generally more a Southern state. It does not have generally brutal winters.
We had like 14 days straight where it never got above freezing. I did not sign up for this. This is so cold. I was laughing before I got, we had a, we had a weather prediction to tie tie board this weekend where for 36 hours, the predictions were anywhere from zero to 17 inches of snow. and they were not sure if it was going to hit on Wednesday or Thursday. And then it all disappeared when the European model made a change over the US model.
And now the prediction is anywhere between zero and four inches. I'm done. I want to not be cold all the time. I want to actually like, like be able to leave my house with some level of certainty that it will be in a more reasonable range. For me, it's really that. It was just like, get back outside when it's Although Dave, as I learned a while ago, when you can tell when you are the one driving your work engagements as opposed to the work engagements driving you.
Because if it's January and you get to go to Texas or Southern California, someplace in Florida, last week I was in Bangkok, Thailand for a client engagement, that's a really good sign. When you're not in charge, those are the days where you get to like... go to Cleveland in January and you're like, I'm just chasing the gigs, man. Sometimes I'm driving the car, sometimes the car is driving me.
me. Well, now we have to regain our audience in Calgary, so they have no sympathy whatsoever with Dave's plait in Virginia. it. Well, I'm going to dive us in. I'm going to launch this in with topic number one. I want to talk a little bit about the Cybersecurity Infrastructure and Security Agency, which is under a lot of pressure right now. This organization was specifically named in the Project 2025 documentation as a left-wing organization inside the government.
It's now being reviewed, and there's been a bunch of mass firings on February 14th that affected 130 employees at CISA. Some Republicans have started making noises about more in support of CISA and its mission, particularly when it is externally focused. MSPs, MSSP's use CISA.gov for their alerting. I wanted to sort of throw out to you guys, like gents, how are you viewing the impact of CISA's pressures on both small business clients and the people that serve them?
Well, so just a plug, I work with the National Society of IT Service Providers. I'm making a presentation at Exchange in Orlando in two weeks. And that slide deck is anything except set in stone. It's literally like day to day because we can't ignore CISA. a lot of people are happy that we have a seat on the Small Business Advisory Council. If they don't meet, who cares, right?
And so it's tough because I think many MSPs should be involved in putting pressure on the government to say, we have to have CISA, we have to have those alerts. Across the board cuts are fine, but they're not particularly rational if you have a specific program that keeps all the small businesses in America safe. And those small businesses don't go log into CISA and sign up for the alerts. But with luck, their MSP does.
So we have a lot at stake and we should get involved, but how do you do that? That's the problem. The world is different than it was a few days ago. You know, I will say with a degree of optimism and hope that my main reaction to what's going on is that to a person, every single person I know who works directly in cybersecurity, vendor side, MSSP side, client side, every single one of them is universally taking politics out of the cyber conversation, right?
Like they are saying, I understand cuts. Let's focus on safety. Let's focus on standards. Let's focus on the things that are going to keep us going because, you know, this is not a temporary or a one time phenomenon. It's not like you can set your security and then stop paying attention for a little while and then come back after the turmoil has calmed down. This is all day, every day.
And that's why it is so vital that we keep anybody anybody who's a centralized organization, who's capturing and disseminating information on security alerts, those people need to be amplified, not interfered with. And I know people from literally all around the industry as far to either edge of a political spectrum as you can imagine. And every one of them is like cyber transcends that. This is different and we need to keep the alerts flowing. We need to keep the standards in place.
And we need to make sure that we do not take our eye off the ball because all it takes is just, you know, a weekend where we can't locate certain people on email to make sure that they're still tracking all of these things. And lots of scary stuff can happen from a cyber perspective. we this is this is permanent and it's not something that's voluntary. So I I have been heartened to see that to a person. The cyber pros are deadly serious about this. They're like, this is not a debate.
Let's just keep doing. Yeah, so I'm gonna put on the head and go like, yes, I get it from all the cyber pros and we have a long history of ignoring them because they don't make us money. Let me just observe, like I say this all the time about cybersecurity, as one who believes in investing in security because it is a necessary evil, I also then always couple that with the fact that it is not linked to business outcomes.
And I get it, cybersecurity professionals, you're really stretching, you're really trying, and most of this business suite doesn't actually want to spend money on you.
Like that is the core of And if, so the reason I bring that up is that if you believe that this is a good use of money, your obvious choice is either one of two things, either get involved with a group like the National Society that is focused on representing you that voice in legislature or calling your representative because ultimately it's about the rooting funding to the programs and showing the value of the programs to the people that spend money on the programs.
I don't want this to be a political, we're not getting into politics here, it's the, we're recognizing the relative value of the resource that is offered to us as people that use it and saying, if you value this, this is what you do. If you don't, then you're probably okay with the outcomes that are coming with this.
I will reflect what Ryan is saying is that those are the conversations that I also have when I tend to talk to cyber experts, they tend to value this kind of stuff, the people that are implementing it say they value it too. you have to make sure that that is heard as part of the conversation. I do worry about the security of US national security infrastructure like the core pieces when these resources are diverted from investing in them. I hope I don't want to take a wait and see.
see what happens. I am advocating for action. But at the same time, there are things happening. There will be consequences of that on the other side. Well, one other note is way back, the beginning of the National Society came literally the weekend, July 4th to 2021, when there was the big Kaseya incident, right? Servers all over, blah, blah, blah.
And Dave, as you've pointed out many times, two quarters later, they look back and said, oh yeah, that had a tiny microscopic effect on our price and that's over now. And the market has brought us back to where we should be. I would be remiss if I did not quickly point out the Kaseya is now the leader in MSP platform. They are the number one spot. So, yeah, so they had that incident. It's not unrelated to the existence of an organization. And here we are these years later.
I wonder if businesses just say, look, we have to do this, but we don't actually care. Small businesses care because you have one incident and you cease to exist, but larger businesses, maybe we don't care. I think that that is, I will say again with optimism from inside the cyberspace that I think that we start to see business people getting it and the terminology is less alarmist and more practical. in fact, I have it for another day.
I would love to give you the business rationalization for investing in cybersecurity. It's attached to brand equity and other things such as that. consumer confidence that directly attaches to their willingness to engage and transact with you. That's a story for another day. But I will say that it is, the good news is that we did interviews last week with CEOs of mid-size organizations that have international operations. I interviewed 10 different people in about a two and a half day period.
And what we heard from them, these were C-level, not technical people. And we were asking about what their focus was to a person. Every one of them unaided, volunteered a comment about cybersecurity. So I start to see it happening, but this is the time when we need to make sure people are actually vigilant and not distracted. And with that, we move to topic number two for today, and that is, of course, we got to do something on AI.
I think a lot of people were sort of surprised by the sudden emergence of DeepSeq, not because they are bigger, better, faster, blah, blah, blah, but simply because they represent an evolutionary step in terms of being able to... have something so powerful with a significantly smaller number of chips. You know, I joined several people in having the reaction of, isn't that kind of what Moore's Law said was gonna happen? Right?
But you know, one of the things that I love that Sachin Adela said from Microsoft is, look, as this gets cheaper and the chips become, you know, used more efficiently and yeah, you need fewer chips, the only thing that's gonna do is skyrocket the number of chips that are being used because it's like anything else. When the price drops to a certain point, everybody wants it, everybody's able to do it, everybody can jump on board and it's a beautiful thing.
I really appreciate the fact that we've had so many changes in the last quarter so when I talk about AI, it doesn't feel like we're just rehashing the same old thing. I have loved the fact that when I go into Google, I now get Gemini's AI take, which may or may not be accurate, but it's the first thing I see. And no matter how many users anybody else has, Google starts with a billion users who now get the AI version of Gemini as the first response on every single question they ask.
So it's a brave new world. Will it change this much in the next quarter? I have to laugh. You mean the Chinese came in with a cheaper, faster version? I'm shocked. Right? There's certain element. What's exciting to me is, so I'm going to balance a little bit of like, I'm a big AI proponent for certain use cases. I've been describing it recently as the greatest summarization and reporting engine that I've worked with in a long time, but that is a very kind of particular set of use cases.
It does a really nice job of summarizing data, which you can use for reporting. It also does a really nice job of transforming data. So I can take one set of content and reuse it in multiple different ways very easily. It's very bad at creating things. And so I like to narrow that because that is actually a pretty narrow set of use cases, yet incredibly powerful in the ones that are out.
What I also would recognize is that it is now this process is normalizing the fact that the models themselves are not that particularly valuable. And I think that what we've done is that many of us had suspicion that the models weren't valuable. But then you see, you know, crazy investors, gamblers, making all this money off of things like OpenAI. And we're looking going, am I missing something? Does something not make sense to me? Nope. Been proven. It was right. The value isn't there.
What's now happening is that and that's why, by the way, people weren't paying for Copilot. They aren't necessarily interested in running a check for that. But what's happening is by being commoditized of the AI models, that's compressing the value down to nearly nothing, meaning that the cloud infrastructure itself becomes valuable and what application developers can do with it will become what's really valuable.
I love this because it moves the value back to the bit that I like talking about, which is productivity level, impacting workflows, doing something useful with that. there is still an incredible space for getting your data ready, consultancy around this, proper application. If you didn't see the Microsoft research that I covered over on my new show, talking about how actually like too much use of AI actually impacts critical thinking in bad ways.
This is a really important data point to know in the way you're implementing in workflows to make sure that you're not making your people dumber, essentially. Yeah And yeah, but this is all really good news for those of us in the consulting advice space because it forces us to be critical in thinking about the use cases, but we're not having to pay extra for this stuff.
It's gonna drive to zero really fast or near commodity, which is great for experimenting and putting it in the right places and not paying a premium. And I will go kind of where you started there, Dave, I think is what's most interesting. The evolution of the technology industry is defined by initial investments, very expensive, not very capable of products that start a category, right? They begin to do something that was not possible before.
And then sooner rather than later, as far as the evolution of industry goes, sooner than later, You get disruptive innovation. You get new versions, new products, competitors who can do similar or the same things for much less money. That is literally the history of our industry, right? There once was a day where a gigabyte of storage cost $100,000 and now it's free at the checkout counter at 7-Eleven, right? It is the way that this industry goes. What's fascinating is just the speed.
This is not 10 years into the evolution of the industry, it's 10 months into the public version of the industry. I think that's where you find the fascinating what's next opportunity. Think about the history of our industry. Everything we have ever done has eventually stratified into the infrastructure layer, the data layer, and the application layer, the stack of technology. defies miniaturization and integration. And those three levels always come out.
NVIDIA is infrastructure, OpenAI is data layer application. You notice how there's not very many of those right now? What's interesting to me, and as you guys have been seeing all the DeepSeq stuff, everything I've been reading and all the folks we've been talking to who are power users on the technology, the thing they like the most It's not faster. It's not more accurate. It's not more comprehensive. It doesn't necessarily create any better output.
What it creates is that visualization of the thinking process. It's all fake, right? Like they're showing you, this is the AI thinking and it's considering and it's adding new facts and it's changing its mind. And because they disclose it, people go, It's like me. It thinks the way that a person thinks and therefore it's less threatening. Well, that just means that more users are going to be more comfortable with it, which means that they will begin to ask the question.
OK, well, so what do you do with this stuff? That's the literal definition of the application layer. And power users like you, Dave, you're going to go out there and find 50 use cases on your own.
The average user, especially on the business side of the house, When somebody brings them a package use case where they don't have to know the prompts, they don't have to create the data models, they don't have to ask all the intelligent questions 60 times in a row, they just have to get to push a button in a portal and it gives them the output, everybody will use AI. That's called application layer and that's where the value is at. Final comment, Dave? I'm right there with you.
And there's a period of time where there will be some ability to run ahead using those that will probably shrink in the next 18 months as app developers start figuring out ways to push this into the applications to make it usable. You've got an opportunity now to run a little bit ahead if you're able to implement that. And then I'll sort of say like, but there's always going to be opportunity in helping customers implement.
And by the way, if you're not ready to do that, Data Organization remains a really hot space right now for getting people's data ready to be useful. Alright, topic three. All right, topic three guys. So I have a strategic question for you. Microsoft has announced that they provide a new layer of services that they will call Microsoft Defender Experts or Microsoft Security Experts. And they're positioning this as an augmentation for the teams of MSPs and solution providers around the industry.
So the strategic question is, do we believe the augmentation marketing? Or do you think that Microsoft is actually coming in to compete with channel players? What do you guys think? Oh, they're competing. Come on, this is obvious. Now, let me take two quick tacks on this to sort of then defer almost in a way to people that think more about channel than I do right now.
So I'm going to say the first piece is I want to always start a conversation of criticizing a vendor like Microsoft saying you should actually spend more time investing in fixing the security in your product versus bolt on services later to fix the problem. Like I actually think that there's a lot of software developers that are slacking off on their security side, in terms of the building a proper it should work out of the box, and you should have responsibility for it.
Now that I've said that, I also think that there are there are spaces of large security organizations that make a ton of sense. I've said this before, the large socks, Microsoft, Google, Amazon, are there's a handful of global hyperscalers that deliver security services at a scale that nobody else can. They just are I mean, almost competing with most nation states, there's only a handful that are going to be better.
So it makes perfect sense to me for them to take that, systemize it, service it out, and make sense with their power plus AI, layer all the machine learning automation into it. This makes total sense to me. I also will observe that a lot of these services are moving into commodity anyway, so I'm comfortable with them being there. We just talked about the value of the application layer. this stuff is not application layer value.
So I don't want to like get too in a tizzy that they're coming for this when I say you probably ought to be dealing with more valuable stuff anyway. One of my fears with most MSPs talking about how cybersecurity is the next thing is I look and go, that's not anything other than a race to commodity where application layer investment is way better. That's my first take.
So I'm gonna make a comment that I could have made during the discussion of artificial intelligence, but I'll make now, which is, I think that what Microsoft is gonna do here is try to automate as much as this as they can by turning it over to Copilot or they'll probably call it Intune, but it'll be some other product that is AI driven that can solve all these problems without having humans interact in any way, or form.
and the comment that I was gonna make under artificial intelligence is that there's a lot of companies, Microsoft I believe is the next one on the list, who have bought into the hype that they're gonna be able to eliminate human jobs through the use of AI. When in fact, what they're gonna get hit with is they're not gonna be able to eliminate that many jobs because what they're offering is a new product that's not currently being done by humans inside their company.
And so they're gonna have to hire more people to manage this. And I don't think they're gonna end up eliminating very many jobs at all. And I think a lot of companies have looked at their 2026 and 2027 projections and just said, we're just gonna arbitrarily like wave our hand and say, we'll have a 20 % smaller workforce. I don't think so. I don't think that's where this is gonna go. Luckily, this is just another case where I think, eh. I would compete against this AI.
Like I would put my human led sock up against a data driven sock for most of what I need to do for most of the clients I actually care about. I would not just flip the switch and turn it over to Microsoft. It's sort of like the nobody got fired for buying IBM. Well, nobody got fired for relying on Microsoft for their services. Doesn't mean it's a good decision. Yeah, I see you're exactly right. It's a very well publicized offering in an agentic AI offering, right?
They make it sound in your first reading of any of these things, it sounds like, these are humans who will come in and actually augment your staff and be there to answer questions and deal with custom situations. No, they're not. They're chatbots, right? Like that's what we're going to be seeing in this offering. and for certain functions, especially in the world of cybersecurity, that is absolutely positively funding, right? There are so many endpoints to watch.
There are so many threat vectors. There are so many potential things in cybersecurity that could go wrong. We are already minus 600,000 people to fill all of the available jobs just in the cybersecurity space in our industry. We don't have enough humans to keep up with what is here. And as AI gets applied for automation by the bad guys, we will fall further and further behind. If you are not leveraging AI throughout your stack in cybersecurity, you are never going to be able to keep up.
just, the humans cannot do it as fast as the machines can. If this is a layer that you design in and you white label OEM your human offering on top of that. Absolutely. Go ahead and do that. That's that's perfectly legit. If you think you're just going to be able to plug this in and have it solve your cybersecurity problem, the problem with agencies that their software and you can still hack them, can still you can still mass attack them.
You can still do things to software that you cannot do to humans. to engineer around their vulnerabilities. So it's a fantastic enhancement. It had better not be instead of any humans in addition. jake and accounting continues to be a very reliable method. Now, I want to, I want to insert a quick story to frame because I get a lot of technical people's willingness to push back on, Oh, it's a chat bot.
Let me tell a quick story that I observed recently with two MSPs that I've not told on this podcast. MSP one visiting MSP two, two sizable private equity backed organizations. This is notable because they both employ world-class helpdesk. Visiting MSP, having trouble connecting to the Wi-Fi of the host MSP, and rather than call their own helpdesk, open to ChatGPT, work with it to diagnose the problem and solve the problem. Pause. Let that sink in.
They own their own helpdesk that they did not call to help their own systems. Okay, now. checked out and tell me the day when a customer may be making a similar decision. I just want to make sure that by the way, Ryan thematically and Karl, I get it. Like the idea of I believe in humans, I believe in consultation.
I believe in those things, but I also recognize the levels of commoditization that come into space and it is eating away at some of the core services at the bottom that MSPs typically say are theirs. And by the way, two MSPs did it. themselves. Right. Well, there's many things where we used to be on the cutting edge and now what we provide is just standard thing that anybody can get anywhere. And we just sort of roll that into our offering and we make it a piece of it and it's a checkbox.
It's no longer a major feature. that's, mean, AI is quickly moving in that direction. Yeah, to everybody who is in the business of technology, we learned a long time ago that the bargain is progress. The bargain is innovation and keeping up. As we've been told many times, we don't know anybody out there who still makes money selling dot matrix printers. Right. So you got started doing those things 30 years ago and then you moved forward with technology.
If you're still offering the same branded functional services as an MSP today, as you did five years ago, pre-pandemic, you're just volunteering to be a dinosaur. It's constant evolution. You have to stay out there and do the new stuff, which means if the agent can automate the thing that I used to do and I can go on and do more interesting, more high value things for which I can charge extra money, bring that agent along. I'm ready to go. The Business of Tech, that's a great name for a podcast.
Ooh, that's a good idea. Yes, and we're gonna bring this one to an end because hey, it's been 30 minutes, but if you want some more juicy goodness, go listen to the Business of Tech podcast. We think you'll love it. And I'm afraid gentlemen, that will do it for episode 211 of the Killing It. SONIC! it! podcast. I did this and then I like it wasn't on the screen. I'm like,