Editor’s Note: Nick Espinosa, CIO and Chief Security Fanatic of BSSi2 and Ted Hulsy, VP Marketing at eFolder, chat about the massive scope of the security arena and the strategies BSSi2 addresses to educate and protect their clients from security breaches and downtime.
Ted Hulsy: Nick, thanks for making the time to chat today.
Nick Espinosa: Hi, thanks for having me.
Ted Hulsy: Can you introduce your company, and tell us a little bit about what makes you guys special.
Nick Espinosa: Alright. Well, we are as you said we’re BSSI 2 actually, not BSSI, and we are based in Chicagoland. We provide managed services, we do some break/fix as well. We also do security consulting for infrastructure, and businesses. Our clientele ranges from small businesses up to Fortune 100 and consulting, and we offer a lot of different products in terms of compliance standards for PCI, stocks, HIPPA, ITAR for international arms trafficking. As well as standard RMM tools, and managed services and whatnot, and we have a growing client base that is spread all over the world actually. We have clients in Asia and Europe, and as well as the United States, but the core of our clients are around Chicagoland and the Midwest.
Ted Hulsy: Now Nick, you know there’s a lot of different ways IT service provider companies are describing themselves today. I mean do you guys call yourselves consultants, or are you a manage service provider? How do you guys describe yourselves to your clients?
Nick Espinosa: Well, I think it depends on the target market, but I like to consider us solution providers. I like to consider us consultants as well, and what we specialize in primarily is what we try to bring to our clients, which is the security side; which is the manage service side. It’s not just understanding what their network needs are it’s understanding their network needs in 5 or 10 years. So in that sense we’re futurists because what we’re trying to look for, no matter what the size of the business is, to scale the infrastructure as they grow themselves. So in that sense I also consider us futurists.
Ted Hulsy: Okay and I mean it’s all about I think in security, staying one step ahead of the bad guys of course, but also just staying one step ahead of what clients really need. You describe yourself on your LinkedIn profile as the “Chief Security Fanatic.” Tell me a little bit about that.
Nick Espinosa: Oh, absolutely, and that is actually part of my official title. So if you look at my email address, or my email signature, it’s “CIO,” and “Chief Security Fanatic.” We love security. We are totally, totally nerds for security. We love creating infrastructures, breaking them, staying ahead of it; you know going on the deep web of learning about all of the different things that are out there in terms of threats and analysis, and everything that we can do to provide better security and technology. We love penetration testing, showing our clients we’re they’re vulnerable, and how they can be fixed, and how they can scale appropriately. And of course obviously without breaking the bank because obviously the more intense the security solution often times, the more expensive it can be, and so it’s finding the balance between a client’s budget and actual effective security solution and policy for them. But we love security. I live and breathe it. It’s my thing. I’m actually co-authoring a book that’s going to be in a couple of months on cyber security. So I’m very excited for that, and I give speeches and live hacking demonstrations, and all that kind of stuff. It’s something I absolutely love to do.
Ted Hulsy: Now, tell me what would you say is the biggest challenge for your clients today in the security arena?
Nick Espinosa: I think without a doubt its understanding that most of the policies they have in place, especially when we’re walking into new clients, most of the policies they have in place are inadequate. One of the major, major problems that virtually every company in the world has, probably with the exception of about 2% roughly, is that a lot of the security stance and infrastructure that they’ve put in, a lot of the policies they’ve put in place, rely on probably what could be considered one of the best human traits, and also one of the worst human traits, and that’s trust. And the more trust you have in your environment, or the more you leave to human trust for your employees, the greater the flaw, or the greater the opening for hackers because that’s the one thing that hackers exploit in any system, is trust. And whether it’s technology or whether it’s users in social media, however they’re able to get in; its trust that’s being exploited.
Ted Hulsy: And can you give me some examples of where trust goes from being a very noble trait in a company, to you know, leaving yourself open to massive risk?
Nick Espinosa: Oh, absolutely, absolutely; there’s a ton. I mean one of the most obvious ones would be the head of the CIA getting hacked through social media and being broken into. Or Sidney Blumenthal being hacked by the Romania hacker Guccifer, who is now claiming to have broken into Hillary Clinton’s server, but there’s a trust factor when somebody is creating an account, creating a password, creating a profile that a hacker is looking at, gathering information, gathering intelligence on that, and then executing it against what somebody believes. So in the case of passwords for example, you can have you know your kids name, or your birthday, or a combination of the two, and the more intelligence I as a hacker would be able to gain on you, I can start running those combinations. So I don’t have to look at the words in the English language to try to break your password. I am now looking at what is specific to you, and if people are not in the mindset of not having that kind of trust, or not extending that kind of trust into their network, it’s a problem. Another perfect example would be clients that, or companies that let their employees essentially go anywhere they want on social media, or anywhere they want on the internet at any given time without training the employees or giving them an understanding of the dangers that are out there. Or even just locking down social media to their specific network where there intellectual property is or something like that. So it’s very easy for me to source a target on the internet, look for these vulnerabilities, and then start to understand what the problems are. So for example, you Ted, if I’m trying to break into your stuff, I’m going to look through social media. I’m going to see that you like, I don’t know, baseball; whatever you’re into, and I’m going to start looking through your friends. I might build a fake profile as a friend of yours. You know, email you something about baseball or say, “Oh, hey. I have these 2 free tickets to the,” you know, “The Yankees game,” whatever. You go to download these, and then you’re installing a virus into your system that I now can get control of. And we see a lot of this kind of stuff and it’s very prevalent that the trust that a company is placing in their employees while it’s well-founded these people are trustworthy, they’re just not educated on why they shouldn’t be as trusting as they are on social media.
Ted Hulsy: And then what do you find? So when you take, when you bring on a new client, only where is the bulk of your effort? On education, or is it around revising their policies and putting the right security software tools in place to prevent them from going to the bad parts of the net or what have you? I mean where is the emphasis?
Nick Espinosa: Well, the emphasis I think is a little bit on everything. I mean the first thing that any good consultant is going to do is try to seek to understand what the overall situation is. And that includes understanding where the network is. Understanding the technology and infrastructure they’re running, how they’re employees are interacting with the network and infrastructure, what the employees are able to do with the company’s assets. Meaning their computers, their network, their internet, all this kind of stuff, and then create an overall picture of what exactly needs to be addressed. So you can have absolutely the best company policies in place in terms of employees and you’ve locked a lot of stuff down, but you might be running 10-year-old firewalls that I could teach a third grade class how to break into. And so you’re doing yourself a severe disservice while everybody is you know, obviously adhering to the policy, somebody could just break straight into a server and install whatever they want, and it bypasses that. So it’s got to be when you’re looking at security, especially for a company, an overall scope of what you’re doing. And if you’re considering your employee knowledge as well as your infrastructure, your servers, anything that’s possibly public basing as the surface are for attack. The whole point of a security audit, a security analysis, and to move forward a security plan, is to mitigate and lower that surface area so the hacker has much less ability, or much less surface area to try to attack. So the firewalls are locked down. The people know that they’re not going on to social media, or it’s heavily filtered. There’s unified threat management in place, and those clients that really know what they’re doing, and have invested in security fully, are actually running in what’s known as a “zero trust network.” So no one device or entity on any network can talk to another one without going through some type of filtering and white listing for applications. It vastly mitigates the ability to be infected or to have anything go wrong with network in terms of security.
Ted Hulsy: And then what about you know, what about training? So let’s say you’ve got the right trust framework, you’ve got the right software assets deployed, you’ve got the right policies in place, but let’s just say the users still don’t you know, understand what a phishing email might look like. What are some of the ways that you kind of you know, attack that end of the problem?
Nick Espinosa: Well, in any situation you have to balance the employee’s capability of learning, and executing on a plan, versus what you’re going to take out of their control. So some of the best security infrastructure solutions that you can provide actually take choice out of the users hand without them really realizing it, so having for example, aggressive spam filtering in place through a unified threat management system as well, often times can take care of those phishing emails for example. Or having a strict computer policy so that the email doesn’t even get there, or the attachment is stripped for example before it even gets to the employee, is one way to combat that. And a lot of times it’s a little education that goes a long way, and usually the way it’s most effectively demonstrated to employees, or how they retain it the most, is to actually show them just how easy it is for us to get into a system and actually get control of stuff. So one of the things that we like to do to show employees that for example, is a technique that hackers use call “The Evil Twin Attack,” and so if you’re working for any kind of company and you’ve got like a local Starbucks, or Panera, or something like that. I can actually go with my laptop, set it up, and I can either broadcast that companies wireless in the Panera, or I can call myself “Panera-Free Wireless,” or whatever I want, and I can literally watch their employees come in and connect their phones and their mobile devise at lunch, or on a break, to my wireless, which is actually just my laptop, and now I’ve got all of their information in terms of I know where they’re going. I can attempt to decrypt anything they’re doing because it’s all being captured by my laptop, and then we can sit down and say, “Oh, you’ve been going here. You’ve been going there, “and it gives a real sense of “Oh my God. Like that’s so easy to do.” And it is a very effective technique to try to show everybody just how simple it is for them to get broke in. And by virtue of that we tend to see a lot more vigilance.
Ted Hulsy: Yeah. I mean I think you kind of need to hit people between the eyes with the dramatic examples and show how feasible it is to get them out of a, kind of a mental complacency. But I, you know one thing I think every, I mean a lot of MSP’s we talk to day in, day out, really struggle with is balancing kind of convenience and productivity on the one hand, and security on the other. You know, how do you deal with that balancing act, and how do you, you know have that conversation with clients?
Nick Espinosa: It’s rather straight forward. Technology should not be a hindrance, and it’s really that simple. Technology should not be a hindrance, and what I mean by that is there should be no solution in place that requires a complete loss of productivity, or the ability to have so much time taken from the employee purely to login or do other things that it stops them from doing this. So what we try to do is we try to balance the need for security, versus the user productivity. So a lot of what we’re doing is at the infrastructure level. We’ll buy top end firewalls with unified threat management, and therefore when the client, or I’m sorry not clients, when the employees are going online whether it’s for work, or on break, or whatever they’re doing, the firewalls are taking care of that. And there is an understanding that there has to be a balance to be made. So for example, if you’re logging into a network it probably takes you next to 30 seconds if it’s running through a two-factor authentication. So you know, you log into a website, your phone gets a text message, and you punch in the code and you’re in. And those 30 seconds in the morning really don’t impact anybody, but it goes a very long way to aggressively increasing the stance of a user not being spooked, or being hacked or broke in. And so that balance has to be made, and back to an earlier comment that I said, “Taking a lot of the security choices and trust out of the employees hands and moving it towards an automated policy or at the firewall threat level, goes a very long way to just letting them do their work because they really don’t have to deal with it.”
Ted Hulsy: Yeah, it is a….I mean it is a thing of beauty if you can make the system highly secure and it just melts into the background for the user, and they don’t even realize all the great stuff that’s happening in the background. But it does seem like there are, I mean two-factor authentication one you’ve done it a couple of times and you’ve got, if it’s configured correctly, it’s not a huge hassle, and especially if you’ve got your head around why it’s so vital. But things like let’s say, like content filtering or web filtering when you’ve decided some category of websites a no-go on a work machine, I feel like we still hear a lot of you know complaining about that in the work place when you have to kind of lock down systems in that way.
Nick Espinosa: Sure, and that’s true, and I think most of the grumbling when a company is 100% locking down something like Facebook, or Twitter, or other websites that people would like to use periodically throughout the day, but the company deems is not really relevant. And our response to that is, well people get 15 minute breaks, people get you know, a hour for lunch. If they want to do what they want to do on their time, that’s the balance that we face, and we can still protect them while they’re going to Facebook because there’s still going to be running through unified threat management, web filtering, you know everything that we have in place, and we can then configure the network so that they’re allowed to go in during set amount of times. Therefore you know that through let’s say, 80% of the day they’re not sitting on Facebook or checking, they’re actually going to sites that are relevant or using the internet in the way that is appropriate for the company, so there’s a balance that can be made there because what ends up happening with a lot of companies is aside from employee resentment for “Why can’t I do all of this stuff. I’m a very productive worker.” What happens is you either get, you end up with one shadow IT where people are trying to bring their own solutions to circumvent the network. In which case you’re creating another large security hole, and that’s a whole other story. Or two, they’re going to start using their phones anyway, just on their cell connection. So you’re not really being that effective, and you’re not really listening to their need by purely locking it down. There has to be a balance there. Now that doesn’t necessarily apply to some clients that fall under a very deep compliance. So if you’re working for a bank for example, you’d be absolutely crazy to open up the internet to anything except for exactly what the business needs.
Ted Hulsy: Correct.
Nick Espinosa: Because there is so much regulation and security that is required, but for the average firm that really doesn’t have a lot of compliance, there’s a balance that can be had there where everybody is happy, and you’re still secure. Because no matter what you’re doing, you’re always going to be running through some type of unified threat management. You should be. There should be no excuse not to in this day and age.
Ted Hulsy: Yeah, I mean I think that’s really the art of these things. I mean I think what you’ve touched on is that it doesn’t need to be this kind of convenience for a security tradeoff if you have the solution deployed correctly, and you’ve taken into consideration that balance that user’s need you know between, you know just being realistic about what is fair and judicious. But you know and not getting, you know going one way or the other. It’s really you know, the art is striking that balance I think.
Nick Espinosa: Oh, absolutely. And I will say this, I think one of my, the complaint that I want to hear from clients, especially those clients that we set up with all of this infrastructure and security is, “You know, we haven’t had any problems for a year. I don’t even know why we bought all of this stuff.” Because that if anything, that speaks to just how effective it is, and they just don’t get that, and that’s fine because it’s so hands-off, but it’s running so well that it’s not even a consideration. It’s like, “We spend all this money, but we don’t have any problems. So why do we spend all this money?” Well, you spend all this money so you wouldn’t have these problems. That’s the connection, but I love that because that speaks volumes to just how effective a good security platform can be.
Ted Hulsy: Well tell me this, I mean that kind of was almost my next question really is, how do you then go back to your clients if you’ve set things correctly, you’re secure, you’re blocking stuff in the background, all this goodness is happening, and no one’s even knowing it. The users are productive and happy with now complaints, how do you with your decision makers demonstrate value? I mean what are the steps you need to take as a service provider and consultant to them to demonstrate that value?
Nick Espinosa: Well, there’s a couple of different ways. One, you can do what’s called like a quarterly business review. So any good firewall, any good unified threat management firewall, and for our purposes we love Palo Alto Networks. I mean I don’t think there’s a better firewall on the planet. We can go into that firewall and we can basically pull a month, or 6 months’ worth of reports, and we can say, “Hey here’s, you guys have been doing great. You guys haven’t had any complaints. Here is the 48 pages of you know infections that your firewall has blocked for you.” So there are reporting tools all around us that can show just how effective these solutions are. We can also show how many people have tried and failed to let’s say, go to a website that is either malicious or is against company policy without necessarily singling anybody out and say, “You know you’ve had 20 users try to get to Facebook daily and they just can’t, and here’s your firewall blocking it.” And that gives them peace of mind. It shows them the technology is working. It shows that they are, they have bought what they have you know, paid for, or they’ve gotten what they’ve paid for. So it’s that kind of client communication, and firewall technology is not stagnant by any means. I mean there’s constant upgrades that need to be done, renewals of licensing for threat services and all that, so it just is a real win-win creating a good solid infrastructure on the outside. And I think myself and my business partner, have been very amazed at a lot of small companies that are willing to go and purchase high end solutions where they previously haven’t. So they’re going from like $500 basic business class firewalls, to like a $10,000 Palo Alto Firewall. And they’re buying them because cyber security sells itself. I mean you can go to any website, turn on any news site and Target’s getting hacked, or Blue Cross Blue Shield is getting hacked, or Home Depot. I mean it’s just on and on, and on, and everybody is a target whether you’re a public company or a small one, it just depends on how you’re a target, and so…
Ted Hulsy: So tell me, just dig into that. I mean I was going to ask you, you know kind of if you were on record with a vendor preference in the firewall category. I mean what, and I thought Palo Alto was mostly kind of like a mid-enterprise story. Are you getting small and medium business clients to actually adopt a Palo Alto Firewall? And what does it cost for a 20 year, 30-person-company to have a Palo Alto Networks Firewall?
Nick Espinosa: Sure, yeah we’ve actually seen it. I mean this is a firewall that is typically sold at like the Fortune 100 infrastructure level. I would secure a data center with these things, but Palo Alto has two offerings that work for small business. The sweet spot for small business tends to be the PA 500. It is the same technology that the larger more horsepower firewalls from Palo Alto have. It runs PAN-OS, but it does all the unified threat management, but it goes beyond that, and you’re able to run zero trust and application white listing, and they have a cloud sandboxing service that updates all firewalls worldwide with threats. And I think it’s at something like, they’ll update for threats worldwide at something like 12 minutes once they receive the threat. So they’re actually able to identify the threat, create inoculation, and push it out in something like 12 minutes right now. It’s absolutely unbelievable at just how effective these things are, and the PA 500 with a one year subscription runs around, I think it’s like $10,000 or so, which for a small business I mean it’s, that’s a significant investment in technology, but the tradeoff there is, it’s so effective in antivirus, it’s so effective in web filtering. The clients that have, and are running Palo Alto full tilt with all the subscriptions just don’t get infected. So they’re not losing productivity time. So if your business has to go down due to CryptoLocker or Locky, or any other kind of ransomware out there and you’re out for three days while you’re trying to restore, okay, how much time have you last? And how much time could you, you know how much of that money could have been spent on a solution that would have kept you? And I think a lot of clients are finding that balance and paying for it. But we’ve had clients actively want these things where we never would have thought that they would have been interested in it, but you know we lead with the best technology first because that’s our vision, that’s our solution. We want everybody to have the best.
Ted Hulsy: Now tell me this. I mean that’s very interesting. I mean that the level of investment that’s required there, and then you know backup, disaster recovery. These things kind of fit together with security in some way because you know, if a ransomware attack somehow gets through you know, your last line of defense of course, is you know, is you’re data, backed up, and replicated offsite. Do you have a recovery point? I mean how do those two things fit together for you guys in your solution set?
Nick Espinosa: Oh, very well; very well. And actually that’s why we love eFolder. I am one of your biggest cheerleaders because quite frankly you have saved our collective asses a few times with clients that have not really been on board with security. So we use typically an on premise, on prem and offsite backup solution because obviously if you were trying to rip through a terabyte of data it’s much faster to try to get it locally. But it is so critical to have cloud backup, and it fits in very well because it runs the encryption standards that we need, which are military grade, which all data at rest or in transit should be encrypted. So we’re big fans of that, and it allows us to be very flexible with recovery options. So we’ve had situations where you know we’ve had CryptoLocker infections, where we need to go to the cloud and you know, with a business class solution like eFolder it’s awesome because you guys are FedExing us a drive. You know, I mean we get it fairly quickly and we know that data is secure. We haven’t had a problem with restoration, but from a encryption, security, and also compliance standpoint, it works out really well, and it’s also one of the reasons why we absolutely love Anchor. So any one of our clients that has any type of compliance, like SOX, or PCI or HIPPA, we throw them into Anchor because they have that revision history. And so when CryptoLocker hits we just say, “Okay, just step back the whole drive to you know 2 hours ago, whatever,” and Anchor just does it automatically, and so it really helps a lot of time, but it makes life a lot easier when disaster strikes; absolutely.
Ted Hulsy: And how does Anchor kind of fit into you know, combating, kind of shadow IT. I mean I think when we talk to a lot of partners we find that you know, one of the biggest security challenges they face day in and day out, is there’s a lot of kind of unauthorized consumer grade file sync solutions being deployed. You know like where the users will go out there and start toying around with these things that are highly insecure. Does that fit into when you recommend…Anchor to a client?
Nick Espinosa: Absolutely. Primarily when you see shadow IT, shadow IT primarily happens when IT has not done their job. Whether because the solution isn’t adequate for what they need, the employees haven’t been listened to, and so instead of going from point A to point B as described by the company, they’re going from point A to point B in another way. And we’ve got a client right now. It’s a brand new client that they have locations in the United States and also overseas, and they had a lot of that. Their previous IT Company was just not on the ball with this, and so they’ve got data sitting in the company solution that’s not synced on like 30 to 50 machines. They’ve got one drive running, Google drive running, all of these things, and they fall under various compliances. But everybody’s just done their own thing, and so what we’re doing is we’re consolidated the Anchor, but they are buying Palo Alto solutions for every location that they have, and then we are running the application white lists. So we are literally killing Dropbox, and all of these other free things that don’t meet their compliances, don’t have the encryption; don’t do the 2FA and everything else that we need, and consolidating them onto Anchor. And we want that. I mean it’s a huge mess to clean up, but it’s so critical, and it’s so important because everything needs to be centralized. And a good network, just aside from security, has uniformity, and it has centralization. And when you start to lose that you’re out of the game. I mean you’re losing productivity because nobody can find anything, or everybody’s doing their own thing. And that’s why we love Anchor, because even if we know there’s specific problems we can remote white or we can restore from the unlimited revision that we have. I mean it’s just; it’s absolutely wonderful to have.
Ted Hulsy: Now tell me, I mean when you talked to peers, I think you are, you’re involved with the Robin Robins community, I mean…
Nick Espinosa: Yes.
Ted Hulsy: I just feel like, I mean it just seems like so many MSP’s out there could may be really up their game in the security arena because it kind of is the gateway to a whole host of other good practices and services, and the like. I mean how did you, I mean how did you guys get to where you are today, and what advice would you give to an MSP who says, “Look, we’ve got to really up our game in the security category.” What advice would you give those MSP’s?
Nick Espinosa: Okay, well for my own background I actually come from a security background more than an MSP. And I’ve always done some like, in the past, break/fix and MSP kind of stuff, but security has been what my focus has been when I, I founded a company called Windy City Networks back in 1998, and the primary focus was security infrastructure planning and design for larger companies. So I’ve got some Fortune 100 clients that I’ve designed infrastructure and security for, and when I merged into BSSI2 in 2013 you know and then we brought that that was an MSP practice, and then we brought the security into that, and…Security compliments the MSP very well because most companies now that are looking for IT support are not necessarily asking, “Oh, well you know. Can you maintain my computers?” It’s, “Can you maintain my computers, and make sure that I’m not the next target?”
Ted Hulsy: Mm-hm.
Nick Espinosa: Or you know, “Maintain my computers and I am not the next you know Blue Cross Blue Shield.” Well you know, name your attack.
Ted Hulsy: Right.
Nick Espinosa: So in that sense security is a fundamental, fundamental need for every business, and if you are behind in security, you are essentially behind in IT. I mean that’s the truth of the matter.
Ted Hulsy: Mm-hm.
Nick Espinosa: And those companies that are able to adhere to compliance understand what the security needs are, and then build and design a platform that is not essentially half-assed if you will…With purity is, are ahead of the game. And it’s really important to understand that not all IT companies, and not all MSP’s are built the same, and some may have specialties or understand compliances in a way that others do not. And so it’s in part, finding that niche, finding that understanding of where the MSP should focus. So perfect example, if you have a client that you know, needs SOX compliance auditing for example, for IT, if you are setting them up like HIPPA compliant or a PCI compliant company, then you have a problem there because you’re missing some of the fundamental differences between SOX and HIPPA, or SOX and PCI. And conversely it’s the same for HIPPA and SOX, or HIPPA and PCI, and on and on, and on. And so it’s understanding that as you’re going to shift into security, it’s not just a matter of “Oh, we’re going to get better firewalls. Then we’re going to put up unified threat management.” It’s understanding how the security relates to the need of the business, and how that security can scale. And so if I’m giving advice, I mean that’s essentially it. “It’s you have to grow the security side, but it has to be grown in the right way. It has to be done with an eye towards whatever your client base or your target demographic is, so that you are providing them an actual, accurate security solution as opposed to a general security solution, because in this field one size definitely does not fit all.”
Ted Hulsy: Right and I mean a big part of that is developing a vertical expertise. I mean it’s not just having the solutions expertise, the configuration expertise, the domain expertise in security as such. You really need that vertical expertise because that’s going to draw unique needs for certain clients.
Nick Espinosa: Absolutely, 100%. And I would not presume to know, or state that I know compliances that I don’t have vast experience in because all I’m doing is opening myself up for a lawsuit. I mean quite frankly, I mean seriously.
Ted Hulsy: Right.
Nick Espinosa: I mean you look at HIPPA. If you have HIPPA compliant clients, you have to have a business agreement in place, and if they get breached the IT company is also liable. If I don’t know HIPPA, and I’m claiming I know HIPPA, like my God I could have a 1.5 million dollar fine next week.And so that is a serious, serious issue when you’re dealing with compliance, and the SOX auditors, I don’t even want to; I don’t even know what kind of dungeon they’d throw me in for that so….
Ted Hulsy: [laughs]
Nick Espinosa: You know so it’s a very, very important factor in terms of understanding your client base and then speaking to that. And I, and for MSP’s if you don’t have that knowledge, then hire somebody that does, or train, or you know get an alliance with another MSP that’s going to offer you that solution because one, you don’t want your clients to go anywhere, but two, you don’t want to give them the wrong advice. It’s so critical.
Ted Hulsy: Yeah. The stakes are far, far too high to fake it in this arena.
Nick Espinosa: Absolutely, absolutely; they’re absolutely nuts.
Ted Hulsy: Okay, well Nick thank you very much. Great insights, just sounds like you guys have just developed some amazing expertise for your clients in the arena of security. Great advice for other MSP’s looking to up their game there. Thank you very much for joining me today.
Nick Espinosa: Thank you for having me. I enjoyed my time.
The post eFolder Partner Interview featuring Nick Espinosa appeared first on eFolder.