Cyber Security for small businesses, with IT services and cybersecurity experts Gary Pica.

Cybersecurity threats are a growing risk for small businesses. In this episode, Henry Lopez speaks with Gary Pica, a pioneer in IT services and cybersecurity, about practical strategies to protect small businesses from cyber threats.

Learn how to reduce risks, implement strong security measures, and plan for potential cyberattacks.

---

Episode Host: Henry Lopez is a serial entrepreneur, small business coach, and the host of this episode of The How of Business podcast show – dedicated to helping you start, run and grow your small business.

---

Resources:

Books mentioned in this episode:
[We receive commissions for purchases made through these links (more info)].

• Die With Zero: Getting All You Can from Your Money and Your Life by Bill Perkins

Other Podcast Episodes:

You can find other episodes of The How of Business podcast, the best small business podcast, on our Archives page.

Transcript:

The following is a full transcript of this episode. This transcript was produced by an automated system and may contain some typos.

Henry Lopez (00:16):

Welcome to this episode of The How of Business. This is Henry Lopez. My guest today is Gary Pika. Gary, welcome to the show.

Gary Pica (00:23):

Thank you. Appreciate you having me.

Henry Lopez (00:25):

Absolutely. And looking forward to this topic. We haven’t covered this topic in quite some time on this show, but cyber threats, cyber security threats are an increasingly growing risk for small businesses and many owners, small business owners. We don’t realize just how vulnerable they are. We are. And so Gary Pika, who is a pioneer in the IT services industry, he joins me today to discuss practical cybersecurity strategies that every small business should have in place. We’re also going to explore a bit of his very interesting and inspirational entrepreneurial journey. You can find all of the howa Business podcast resources, including the show notes page of this episode, and learn about my one-on-one and group coaching programs. All of that [email protected]. I also invite you to please consider supporting this show on Patreon, and I invite you to subscribe wherever you might be listening so you don’t miss any new episodes.

Henry Lopez (01:21):

Let me tell you a little bit more about Gary. Gary PIKA is a pioneer in the IT services industry, having built one of the first managed service providers. You might hear us use the acronym MSPA managed service provider. He was one of the first to build one of those back in 1996. Like many entrepreneurs, he faced many early challenges, but he persevered and developed a proven system for predictable growth, exceptional customer service, and high profitability. After scaling his company into a multi-billion dollar business with thousands of clients, he sold it and turned his focus to helping others succeed. And now is GM of True Methods, which is a leading IT company in cybersecurity firm of Kaseya.

Henry Lopez (02:11):

And we’ll talk about that acquisition, but Gary has guided over 2000 IT service companies to transform their businesses, boosting efficiency, increasing profits, and helping them grow. His insights, help business owners turn their IT services into scalable high margin companies with consistent revenue. Gary lives in the Philadelphia area. I believe Gary was Gary. Once again. Welcome to the show.

Gary Pica (02:36):

Yeah, I live in southern New Jersey right outside of Philadelphia. Go Birds.

Henry Lopez (02:41):

Excellent. That was good year for the birds. No doubt. I enjoyed that Super Bowl very much. Excellent. Well thanks for joining me. Thanks for taking the time to share your knowledge. But I’d like to learn a bit about how you got to where you are today in doing the research. And I think, I don’t know where got this quote, maybe it was from the bio quote. It all started on December 12th, 1996 when I quit my job to build an IT services company. What was your career? What were you doing before you quit your job? Tell me a little bit about that.

Gary Pica (03:15):

So I had a career in sales. I sold everything from copiers to Yellow page advertising, and eventually I worked in major national accounts at a DP. So I had a successful sales career. I was making more money than my friends who were accountants, but I just always felt like I didn’t know what it was, but there was something more for me that there was something else that I needed to do. And had a friend who had started this IT company and was in a position through a set of circumstances where he needed help. And so I bought into the business and that was the start of it. Like most entrepreneurs, I was unprepared. I am from Levittown, Pennsylvania, which is basically a blue collar area. I never even met anyone who owned a business.

Henry Lopez (04:11):

Is that right? So there were no influences early in life or ever for that matter that were business owners that you knew at least?

Gary Pica (04:19):

No. And even at A DPI mainly sold to larger companies. So I worked with employees of companies. So I never really dealt with entrepreneurs until I became one and realized what a steep learning curve there is outside of whatever the business is. The

Henry Lopez (04:38):

Business of business, the business of business, which applies to any business, which is critical. So then what do you think pushed you over the edge to go ahead and take this leap of faith risk? What was it that you finally maybe had had enough of

Gary Pica (04:55):

Two things. One, I realized I wanted to accomplish more than just achieving sales goals. I wanted to be able to have a bigger vision than making, for me in sales, it was about making money. And when I had no money, that was a great goal.

Gary Pica (05:12):

As I started to make some money, I wanted something bigger. I wanted to do something on a bigger scale. And I really, honestly, the logic was, okay, let me go try this. The worst thing that could happen is I lose my investment and I’ll go back and get a sales job and wallow in that thing that I didn’t really want to do. Not that that’s a bad job. I have friends who’ve had amazing career in sales and they’re passionate about it. It was right for them. But for me, I figured, and I asked myself that often as an entrepreneur, okay, what’s the worst that can happen? And then if I can accept that, I’ll take that chance.

Henry Lopez (05:53):

That’s brilliant. Gary. I think that’s one of the things I asked my clients as well. And it’s an important question. What’s the worst case scenario here? And if the worst case scenario is you’re going to lose the house, the kids won’t go to college, we may not be able to put food on the table. Well then you’re going into big to start. You need to scale that back. But exactly right. For most people, especially if they’re looking to make that transition from the corporate world, worst case scenario is just go get another job. I mean, I hate to simplify it and nobody wants to fail, but that’s really what it’s about. Yet that is what holds most people back is that fear of failure, the emotional feel, the embarrassment of it.

Gary Pica (06:31):

And then the other thing I did was I discovered my first retirement calculator and I started doing the math as a W2 employee.

Gary Pica (06:40):

And really no matter how much money I would’ve made, it’s so hard to pay ordinary income on a W2 income, live a decent lifestyle and raise, I have three kids, raise a family and really be able to accumulate enough net worth. And that was the other reason that I wanted to build an asset. And I’ve built and sold three businesses over 20 years. And when I look at it, Henry, if I look at my net worth, I’m going to say that probably 80% of it is either tax deferred, I haven’t paid taxed on it yet, accumulation on the assets that I did have or capital gains event, very little of. It was through my ordinary income stream, if that makes sense. I know absolutely the topic of cybersecurity, but

Henry Lopez (07:30):

We’re going to get there. But this is so critical as to how you got here and how you got this expertise. And that transition is so inspirational because again, most of us struggle with that. And you’re a perfect example. I did the same thing. I transitioned from a sales career and it paid me very well. So that’s the great thing about sales, and I don’t even have a college degree, so it was a tremendous opportunity, but there were still these ceilings there that once I got past the basic taking care of the needs, I wanted to be in charge of what I achieved. I didn’t want a cap. I didn’t want somebody dictating what I could or couldn’t do. That was part of it, what it was for me.

Gary Pica (08:08):

But it’s not for the faint of heart.

Henry Lopez (08:11):

It is

Gary Pica (08:11):

Not. I have a unique view, but we’ll get to true methods next. And I want to get to our topic, but I have a unique view because I have had these peer groups of owners and leaders of MSPs or small businesses for almost 14 years now. And so I’ve got to watch what they’ve done, who succeeded, who struggled more. And it’s almost been like a Petri dish. I mean like a laboratory that very few people get. And I’ve learned so much about success and failure and what holds us back one quarter at a time over 15 years with these brave business folks.

Henry Lopez (08:51):

So what’s a common denominator that boils up to those who do achieve success over the long term?

Gary Pica (08:59):

A couple of things. One is, and they tie together. They tend to be more self-aware. So they’re able to take advice to be able to realize that they came to us because they haven’t gotten the results that they want. And rather than hang on, which is what most people do to everything they’ve done that hasn’t really helped them. They’re more open to say, you’ve done what I would like to do. I’m going to take a leap of faith and I’m going to just take it. I’m going to swallow it whole until I master it before I make changes. And they’re able to let go. Their self-image allows them to do that, where most people’s self-image holds them back. They’re so tied to every decision they ever made that even though it holds them back, they can’t let go. It’s amazing struggle that I’ve seen.

Henry Lopez (09:50):

Yeah, sense. And I got to sense does make sense? Yeah, it does. And I got to think if I understand well, what true methods does to an extent it takes a leader that’s saying, I’m willing to outsource this to you. You have this expertise rather than me try to develop or build this or maintain this. Is that fair?

Gary Pica (10:05):

Well, kind of. That’s what MSPs do for their customers. They take the That’s

Henry Lopez (10:08):

What they do. Exactly. Exactly.

Gary Pica (10:09):

But the true methods, what we do is we have a peer group with a framework of how to build a managed service business. So they come to us because they want to grow faster. They want more profitability, they want to be a better leader. They want to achieve different goals. They want to help their team achieve goals. And we’ve been doing it for companies for 15 years. So when they come in, what we ask them to do is to dive into it and to try to be open-minded. But it’s very hard. It’s easy to say you’re going to do, but day to day I find Henry that it’s very difficult for people to do.

Henry Lopez (10:46):

Well, listen, it’s a challenge because part of what drives us to become entrepreneurs and to the initial success requires us to be that type A personality that can get it all done and we will invent it. So I think it’s hard to make that transition or to acknowledge even from day one, I need to know what my zone of genius is and then get help in those other areas where I have blind spots.

Gary Pica (11:09):

Yeah, absolutely. Oh, you used a key word there. Zone of genius. I think you like Gay Hendrix, the Big Leap.

Henry Lopez (11:15):

Yeah. And Sullivan, Dan Sullivan speaks to that as well, I believe.

Gary Pica (11:19):

Yeah, I like them both. Big Leap is one of my favorite favorite books. I like to say, as an entrepreneur, I think I can order pizza better than everybody else. But what I’ve learned is you’re never in, I tell people when they come into our program, you’re not in the MSP business. You’re in the business of business. It happens to be MSP. It could be pizza or plumbing or anything else, but don’t confuse yourself because your knowledge of how to turn a wrench or do a skill or fix a computer has nothing to do with business success.

Gary Pica (11:54):

Completely mutually exclusive and well said. That’s

Henry Lopez (11:58):

Hard. Yep, no doubt. So why have you taken this focus at least here, not that you haven’t before, but recently and wanted to come on the show and talk about cybersecurity? Why the focus there, Gary?

Gary Pica (12:12):

So working with MSPs, it’s been the biggest trend that they have had to deal with. I also, I’m the business analyst on a cybersecurity podcast for MSPs called The Cyber Call. And so with that view, what I’ve seen is that there’s such risk to all businesses, but specifically SMBs, they have the most amount of risk. They have the least amount of resources, and they now have risks whether they understand them or not. That could be a death sentence in their business. It could be the one thing that could happen that like Jim Collins says, you survive all mistakes you make that you survive, but there are mistakes you can make in cybersecurity that you wouldn’t survive. And I’ve seen it happen,

Henry Lopez (13:04):

And it is so interesting how small business owners have this misunderstanding or misconception that, well, we’re not a target. We are small, so there’s nothing they want from us. But that couldn’t be farther from the truth.

Gary Pica (13:16):

No. In fact, they’re more of a target because the bad guys, the bad actors have figured out that it’s much easier to go after SMEs so

Henry Lopez (13:26):

Easy. Yeah, exactly. Relatively

Gary Pica (13:27):

Speaking, the only reason you haven’t gotten hit is because a bunch of ’em

Henry Lopez (13:31):

And

Gary Pica (13:31):

Your door is open, but no one has come down your street

Henry Lopez (13:34):

Yet. Yet. Exactly right. Here’s some stats that I pulled. These are just my research from various sources, but in 20 23, 40 1% of small businesses reported experiencing a cyber attack, and these are rising threats. 60% of small business owners identified cybersecurity threats as a top concern, and yet only 23% felt very prepared. So there’s this combination of a lot of us bury our head in the sand. That’s not going to happen to me. I’m not a big enough fish. I’m not a target, not true. The ones who realize that it is, we don’t know what to do about it necessarily.

Gary Pica (14:12):

And I’ll say of that 23% who feel they’re prepared, I’ll challenge them as well.

Speaker 4 (14:18):

And

Gary Pica (14:19):

So mainly because the bad actors are so much more mature and they’re so much better funded. So whether it’s nation states or other well-formed groups, and they have almost distribution channels, one person just gets the credentials, that’s all they do is get good at credentials. And another group of people gain persistent access, and then a third group of people will come in and take it from there and manage the ransom and those kinds of things and deploy the payload. So they’re so more mature than even sometimes the MSPs, right?

Henry Lopez (14:55):

Yeah. I mean, they’re learning so much faster than I could possibly learn how to defend. Right?

Gary Pica (15:01):

And that’s why it’s important to think about. The most important concept for an SMB to know is we’ll talk about some hygiene things to think about what you should do, but you have to take and assume breach mentality. You have to assume that no matter what you do that you can still have an attack and you have to make sure you’re spending time and money on what happens, what we call right of boom after there’s an issue. How do you minimize the impact to it? How do you prepare for what happens? Do you have the right insurance? Do you have backups on a separate network? All the things. If everything went wrong, how would you survive in that case? And that’s really the starting point, and that’s the most important thing. And then we can talk about what makes sense in terms of putting up more defenses and locking your doors.

Henry Lopez (15:53):

That makes sense. Back in my old IT days, we’d call it a catastrophe plan or some type of a plan if there was some kind of a natural disaster. But you’re right, we don’t think about it that way. And partly probably because we don’t, because it’s so daunting and scary to think about. But it got to think about it not as how am I going to protect myself? I have to do that, but it’s inevitable that if I do have something happen, what’s my plan? What do I do? What’s my plan of action? Is that what you’re saying?

Gary Pica (16:20):

Yes. What I tell, what I told my customers when I had IT companies and what I teach our true methods members is with every customer tell them it’s if not when, and if anybody comes in there, tell them they can spend more to assure them they’ll never have an attack. They’re either lying or they don’t know better because it could come through Microsoft or some other source that we can’t

Henry Lopez (16:44):

Stop. Okay. So we’ve touched on a couple of the examples, but give us a little broader picture. What does this typically look like or commonly look like at least these days for a small business? What are these attacks and cyber threats look like?

Gary Pica (17:00):

It’s changing, right? Because we have, in the recent years, we’ve moved from pretty much everybody in an office behind a firewall. And so protecting the device or the endpoint was number one. And that’s still a concern. And Case has done some things last year that have completely changed the landscape from that standpoint. But really now more of the attacks are user-based, right? They’re identity based rather than endpoint based. So now you have to protect on those two fronts, both the endpoint and the user, and

Henry Lopez (17:37):

Define endpoint from a non-technical,

Gary Pica (17:39):

The endpoint would be your device, your laptop, your pc, whatever you’re accessing your applications in, business on

Henry Lopez (17:47):

A sale terminal, a laptop, somebody’s computer, somebody’s device that has access to the network, whatever it might

Gary Pica (17:53):

Be, as opposed to the user, it’s me and it’s my identity that I log on to office, that I log on to a line of business app. And that’s really where we see the Verizon breach report, which is the biggest study every year on security. And the majority of what you see is around phishing, phishing, different types of end user attacks to gain credentials.

Henry Lopez (18:25):

So

Gary Pica (18:25):

They use,

Henry Lopez (18:25):

That’s the game name of the game. They’re trying to get my credentials to sign on to my network to sign on to the bank account, to sign on to whatever.

Gary Pica (18:33):

Exactly. And then once they’re in, they don’t go in and all of a sudden start stealing things. They stay there quietly, right?

Henry Lopez (18:41):

They’re planning, planning, waiting for the opportunity. Yes.

Gary Pica (18:43):

And they move, they’ll move side to side. They’ll have lateral movement where they’ll keep looking and they’ll do more research. They’ll find out about the company’s financials, what they might afford to pay. They can see what their most important systems are. And then what they’ll do is, and this is important change that also happened, they used to just lock your computers and you have to pay to unlock ’em. But now what they’ll do before they lock ’em, they will see if they can get your data right. They’ll

Henry Lopez (19:12):

Exfiltrate your data, hold that ransom as well, hold it,

Gary Pica (19:16):

Hijack it,

Henry Lopez (19:16):

Hijack

Gary Pica (19:17):

It. So that way, even if you get ’em, decrypt it, figure out how to reload, they still have leverage over you because they have your private information, your P,

Henry Lopez (19:26):

Right? It used to be the basic, unlock your computer. Now you can unlock it all you want, but I still got what’s valuable to you, and I’m not going to give that to you unless you pay me.

Gary Pica (19:36):

Yes. And so a couple things. People can do some basic things. One is start with the endpoint. They can make sure that they have least from a tool standpoint, that they have all the key tools and the big change that happened last year, Kase released an offering called Kaseya 365 endpoint that basically takes all the key tools to manage, secure, and protect an endpoint and put it into one price, one offering, one price. And the key thing about that was before this, most MSPs, if you ask them do they have an MDR, which is basically it’s software and services that kind of looks after your system, they wouldn’t have it at all their customers because not all their customers would buy it.

Gary Pica (20:29):

Now what Kase has done is packaged it in. So now every single SMB can have manage, detect, and respond. MDF,

Henry Lopez (20:41):

This is Henry Lopez briefly pausing this episode to invite you to schedule a free coaching consultation with me. I welcome the opportunity to chat with you about your business plans and offer the guidance and accountability that we all need to achieve success. As an experienced small business owner myself, I understand the challenges you’re experiencing, and often it’s about helping you ask the right questions to help you make progress towards achieving your goals. Whether it’s getting started with your first business or growing and maybe exiting your existing small business, I can help you get there. To find out more about my business coaching services and to schedule your free coaching consultation, please visit the how of business.com. Take that next step today towards finally realizing your business ownership dreams. I look forward to speaking with you soon. So from a layman’s perspective, in layman’s terms, what are some of the things that it’s doing at that end point to keep that your help, that user not get phished or whatever the case might be? What are some of the examples there?

Gary Pica (21:47):

There’s other things that keep you from getting phished. What MDR does. It will block some things, but mainly it’s looking for things that are anomalies in any way and sending alerts to a team of threat hunters to know immediately if something isn’t right,

Henry Lopez (22:04):

It’s more about not necessarily preventing the access, but immediately or quickly. Also identifying that somebody’s in,

Gary Pica (22:11):

Yes, it does both. I’m

Henry Lopez (22:13):

Sure it does both primarily

Gary Pica (22:14):

Other things also protect. This is the tool that also is making sure that if anything fails, that it’s able to identify it as quickly, immediate, and in some cases automatically shut it down. Shut down the threat.

Henry Lopez (22:33):

Got it. I see. So stop the spread and shutting it down. What other tips have you seen for small business owners, and mostly my audience is small business owners. So keeping that in mind, what are some practical, affordable tips that you’ve seen implemented well that can help with some of this?

Gary Pica (22:53):

So we mentioned that the endpoint having those tools, but also on the user, there’s tools, things like there’s a product called SaaS alerts that Kase acquired. I call that cloud Detect and respond. It does the same thing that an MDR does, but it’ll do it for Office 365, which is what most people today is one of their prime tools that they use. So make sure you’re covered on both. And I would say you probably want to try to find an IT provider to do and manage this for you. It’s hard for any small business mean honestly, today most businesses up from zero all the way up to 500 employees in some point or another are outsourcing some or all of their cybersecurity just because you need someone who’s doing it for multiple customers and has that experience

Henry Lopez (23:46):

And they’ve got the technology, the knowledge, the experience, they’re staying ahead of it. And then to use the term, I think we were going with the hygiene. What are some tips that you recommend to, if I’m a small organization or maybe even just me as the owner, to help avoid some of those scams?

Gary Pica (24:04):

So having training, so having your phishing training, phishing simulations. There’s software platforms out there that Kase is included in their 365 user, but you want to be able to use security awareness training would be the number one thing. And you’re continually training your users and then you can run phishing simulations to see whether they

Henry Lopez (24:32):

Fall for it or not, or they understood what they were supposed to be looking for, those types of things. Yeah,

Gary Pica (24:37):

That’s probably one of the most important things you can do. And then on the other side is making sure that you have a good disaster recovery plan.

Henry Lopez (24:46):

Yeah, disaster recovery. That was the term I was searching for earlier. Disaster recovery plan for a small business. You’ve touched on it, but what are some of the key components that need to be in that disaster recovery plan?

Gary Pica (25:01):

So one of them is really a business analysis. If you look at even a small business, they use many different applications. They maybe don’t have to secure or back them all up in the same way, which are the ones you can’t live without.

Henry Lopez (25:17):

I see.

Gary Pica (25:17):

And spend the most money securing those. And also you’re willing to, you should have multifactor authentication everywhere. And so make sure that the most important apps are backed up properly, secured properly, that they have the best plan, do your best with everything else. But sometimes if you treat everything with the same level of urgency, even when people have an event, a security event, and they haven’t done this, they say, well, what do you need to have up first? And they say, well, everything. Well, we can’t do everything. And they, that’s part fighting is

Henry Lopez (25:55):

Identify what’s mission critical that needs to come up first. Yeah.

Gary Pica (25:59):

So identifying the value of your targets, what it would do to your business, and securing and backing and having them prioritized in a plan.

Henry Lopez (26:08):

I’ve always been curious about this. I haven’t had to deal with it personally, but are there times when people have no choice but to pay the ransom?

Gary Pica (26:16):

Yeah. I mean, look, no one likes to pay the ransom. The government doesn’t want you to pay a ransom. But yes, I have seen many scenarios where it made sense for a company to pay the ransom. Many times it’s because again, they didn’t have the right cyber protection, so they weren’t able to catch that exfiltration the data or they didn’t have a way of means of backing it up. Like the combination of those things and just the risk is so high, they would do almost anything in order to be able to get that decryption key.

Henry Lopez (26:53):

If it’s one of your clients, what do you guys usually advise if it does happen to one of your clients? What do you usually advise as far as to what to do next?

Gary Pica (27:06):

Prior to that, we’re always advising that they have cyber insurance. And as part of that, that they have an instant response retainer, a company that would do the incident response so that once an event happens and they make that call, it’s really the incident response people critical who are telling you kind of what to do. If there’s negotiations, they would do the negotiations, a skill, hopefully it never happens to me as an IT provider, so good. But they deal with it every day.

Gary Pica (27:38):

So they’re professionals at it. What to say to your employees, what not to say in the press, what not to. So really that’s the key, is to have the right team so that the minute something happens, if you have a plan, you have insurance and you have a incident response team, you’re in a really great spot. And many times the insurance company will line you up for it. So it’s like even if you’re a very small two person company, you can get that.

Henry Lopez (28:04):

Yeah. Alright. Gary, what other best practices or anything along those lines have I not asked you about that you wanted to share as it relates to cybersecurity? Again, from a small business owner’s perspective, what else?

Gary Pica (28:18):

I would think about understanding any private information that you hold information about people, data about people is really an issue. That’s the most important thing. And make sure, is there any compliance or regulations in your industry? Because many times people miss this and they have compliance and regulation in their industry and they don’t really understand it fully.

Henry Lopez (28:47):

Like HIPPA, let’s say.

Gary Pica (28:48):

Yeah, like HIPPA, FINRA. But now states are starting to do that,

Henry Lopez (28:53):

Right? I see.

Gary Pica (28:54):

So make sure you are completely aware that you might be under, or sometimes it’s not even, you do business with a customer and that customer does business with the DODI

Gary Pica (29:09):

And through that chain, you may have responsibilities that you wouldn’t know until there’s a lawsuit. And so really be aware of those things. Make the right relationship with an MSP that you feel comfortable with that can guide you through the things that I’m talking about today. And realize that you can’t outsource your responsibility. You can outsource knowledge, experience, tools, but it is always your responsibility, it’s your business, and it’s no one else’s responsibility to be educated and to make good choices. Well said. Well

Henry Lopez (29:46):

Said. Alright, so tell us more about what True Methods does and your ideal client. Give us the high level explanation of that, if you would.

Gary Pica (29:57):

Yeah. So my whole life is trying to make small business leaders more successful. They happen to all share one thing in common. They all own managed service providers.

Gary Pica (30:08):

So we have managed service providers from one or two employees all the way up to hundreds of employees that are part of a peer group that we run. We have 800 members around the world. We put you in groups of 10 other people, similar size and complexity in non-competing markets, and really provide a framework for how you organize and deliver services, how you package and price, how you sell, how you do business planning, benchmarking, all of those things. And I started building this 15 years ago. And then four years ago, my company was acquired by Kaseya. So now we do it as part of Kaseya and we have all the resources of the top software company in the MSP industry.

Henry Lopez (30:54):

And it is both a service offering, if you will. And there’s also a technology platform. Am I understanding that correctly or what is the offering?

Gary Pica (31:06):

Yeah, the offering is the peer group service. And so we have technology that enables it. And then the majority of our MSPs also use the Kaseya cybersecurity and management tool stack, Kaseya 365. So that’s kind of like the basis to cost effectively be able to add all the protections that every small business would need.

Henry Lopez (31:33):

And who’s the ideal client? What size are we talking about based on your pricing that it’s a best fit for?

Gary Pica (31:43):

So from a Kaseya standpoint, any provider, any business can use the Kaseya software. From our peer group standpoint,

Gary Pica (31:54):

We have companies that just have a couple people in them all the way up to some of the top equity backed MSPs and everything in between.

Henry Lopez (32:04):

Interesting. Interesting. Okay. Book recommendation. I’m always looking for a book recommendation. Is there a book that comes to mind that maybe you’ve read recently that you would recommend?

Gary Pica (32:14):

I read recently the book Die With Zero by Bill Perkins. And it was really interesting because basically, I’ll give you the two minute though minute version,

Henry Lopez (32:27):

Please.

Gary Pica (32:27):

It has, you look at life from a different point of view, which is an optimization equation. And the levers of that equation are time, money, and health. And it explains that you don’t always them in life at the same time. It’s hard to have all three at the same time. And how you can make at different points in your life, how you can make decisions in a way that you can optimize that life equation.

Henry Lopez (32:54):

Interesting. Very interesting. I hadn’t read this book. How do you think you’ve kind of applied that or how has it influenced the way you run a business?

Gary Pica (33:03):

So what I would say is I’ll start with how I approach life. What it’s done for me is I grew up as a saver. I’ve been saving my whole life. And there comes a time, there’s a balance between saving and spending on experiences while you’re young and while you’re healthy. The advice that I give my kids who were in their twenties and early thirties is much different than the advice I gave myself. I making sure that while they’re young and healthy and they’re going to get to their peak earning years, but I want them to make sure they’re enjoying experiences and time now, not just continue to put off and put off and put off for a rainy day. And then some people never get to their rainy day.

Henry Lopez (33:51):

Yeah. Yeah. It’s such a contract, Gary, that we were indoctrinated in, which is the employee who will eventually retire mentality, isn’t it?

Gary Pica (34:02):

And as entrepreneurs I call it, they have a drag race mentality, which is they’re running a drag race, they’re just, they’re going to give up everything. They’re going to put the pedal to the metal, and then they realize it’s not a drag race, it’s a marathon.

Gary Pica (34:13):

They get to a certain point in their life and they miss things with their kids. They missed experiences, they didn’t take care of themselves, and they could have done all those things. And if you know how to run a business properly can even be further ahead. And so this is kind of the theme of what we try to teach. I tell business owners, they come to us, they want to run a better business. That’s not really why we’re here. That’s a result. We want them and their teams to optimize their lives. And part of that is to do it. They all need to run more profitable businesses. It happens to be one of the things they need to do. I’m curious, that’s why Kase has been so supportive of this mission.

Henry Lopez (34:53):

Why did you decide to sell to Kaseya?

Gary Pica (34:56):

We had built some software for virtual CIOs called My IT Process, and really got to the point where I had to make a decision how much more I wanted to invest. Rather than having someone like Asya that has 27 or 28 other software products, they have a thousand people on their sales team for distribution. They have developers in best in class development centers around the world, and was it better with them to fulfill its destiny and allow me to do the thing that I love to do, which is to build my peer groups and

Henry Lopez (35:33):

To be more people. Obviously, they’ve left you alone enough to do that. You’ve been there all this time since you sold, right? That’s not common.

Gary Pica (35:41):

No. No. Most entrepreneurs don’t stay. I certainly didn’t the first time I sold my first business. But Kaseya, really, they care about MSPs and they have completely left me alone and supported me just to really fantastic, completely do what I love to do. And that is change lives through business. That’s fantastic. Fantastic.

Henry Lopez (36:03):

Alright. Is there anything that we didn’t touch on related to cybersecurity that you wanted to share for that small business owner who’s listening? Anything else that you wanted to share their

Gary Pica (36:14):

No, just I would say look for a managed service provider that specializes in whatever size business you are. And I would ask them whether they use the Kaseya stack because you know that if they’re using the Kaseya 365 approach, that they’re going to cover endpoint and user with all the key things. It’s a good code to know that that’s a good first step.

Henry Lopez (36:35):

That’s definitely one thing to look for. And what you’re saying is that if they’re using the Kaseya stack, it’s best in class and that tells you that they’re going to have you covered, at least from that perspective.

Gary Pica (36:47):

Yep. It’s best in class and it’s complete.

Henry Lopez (36:50):

I think you’ve touched on it, but tell me again, what would be one thing you want us to take as small business owners on this topic of cybersecurity? If there’s one thing you want us to leave this conversation with, what would that be?

Gary Pica (37:02):

That this is a threat to your business, whether you’re aware of it or not. So you need to get educated and you need to take responsibility for it, and you need to put the right relationship in place because you’re not going to be able to learn everything other than what the threat is, but the solution to it, you’re going to need some help.

Henry Lopez (37:22):

Well said. That’s such a key takeaway. And then the point you made about it’s not when it’s if and we must have a plan in place. I think that’s huge. I don’t know that even I necessarily looked at that way. I think we tend to look at these things as well. How do we prevent it? Well, you got to do that, but the reality is that all your efforts might be for not, it still might happen.

Gary Pica (37:46):

And then if I could, could I share just one more thing, non-security related, please. Yeah. Related to my passion of helping entrepreneurs and small business people, if I had to sum up everything I’ve learned through my own experiences and all the leaders that I’ve coached and mentored for so many years, is that you have to first take full responsibility. You are where you are, whether you like it or not, of all the decisions that you’ve made. And so many times I see people who tell me they’ve been in business for 10 years to get to a million dollars in business, but when I ask them what success looks like in two or three years, they say they’re going to be 3 million. And I always ask them, well, what’s going to change? That’s dramatic. So something’s going to have to dramatically change starting with you. And the answer that I get unfortunately is never dramatic.

Gary Pica (38:44):

Interesting. And so they’re hoping that things change, but they really don’t know what good looks like. Find people who have done successfully what you would like to do, join a peer group, go to a conference. You’re not going to figure it out looking at your laptop. And most of the answers that we need are already out there. Somebody else has probably figured them out. And then once you do that, realize that your job needs to change every year because the role of a $500,000 revenue leader is different than a million different than 5 million, 10 million. And your job is to always be offloading the things that next level doesn’t do. And if not, you’re just going to get grow until you’re as busy as you can get.

Henry Lopez (39:32):

And it seems like that ties back to the common trait you mentioned of self-awareness, because I have to be self-aware enough to understand that, accept that responsibility and be willing to evolve. And I think to your point of why we see so many business owners, they plateau and then the company gets stalled because they’re stalled from a mindset perspective.

Gary Pica (39:55):

Yeah. Look, I know more about business based on, I sit on boards, I’ve sold companies. I’ve acquired companies. I know more about business than I ever have, but more than that, I know how much I don’t know more than I ever have. Did you know what I mean? And you got to have both.

Henry Lopez (40:12):

You’ve stayed humble on that, and that keeps you curious and wanting to learn. Yes. And then particularly learn from others.

Gary Pica (40:22):

And to me, that’s what passion and enthusiasm is about in a career that you have commander over the business, you’re able to share those goals with people around you. They’re committed to the same goal, and you feel like you’re making a difference. Because I’ve hired hundreds of employees in my career and in many ways, none of them wanted the same things out of life that I did. They’re more mentally healthy, I’d like to say than me. But we all share one thing. We all want to be part of something that’s bigger than just us. And we want to know that what we do matters

Henry Lopez (41:00):

Is that the heart of partly why, as we said, we’re entrepreneurs. We don’t want a ceiling put on us by somebody else in particular. And so that’s what it’s about. But we end up then putting our own ceilings on ourselves, our own limitations on ourselves if we’re not self-aware enough to avoid that and read a lot. Got to read a lot. Yeah. Got to take it in.

Gary Pica (41:22):

Almost every great business leader I met is a reader,

Henry Lopez (41:26):

Avid reader. I agreed. That’s one of the reasons I asked that question in every interview is curious is what book recommendations people have. This is awesome, Henry, you’re really great. Thank you. I appreciate that. Appreciate you sharing your greatness with us. Where do you want us to go online to learn more?

Gary Pica (41:42):

Yeah, just go to kaseya.com is the best place to go and check out all the amazing things that Kase is doing, including our peer groups.

Henry Lopez (41:51):

Excellent. Gary, thanks for taking the time to be with me to share and inspire and being here on the show today with me. I appreciate it.

Gary Pica (41:59):

Awesome. Thank you.

Henry Lopez (42:01):

This is Henry Lopez. Thanks for joining myself and Gary here on this episode today. I release new episodes every Monday morning. You can find the show anywhere you listen to podcasts, including the How of Business, YouTube channel, and my website, the how of business.com. Thanks again for listening.

Speaker 1 (42:19):

Thank you for listening to the How of Business. For more information about our coaching programs, online courses, show notes, pages, links, and other resources, please visit the how of business.com.