20 Students Attend Summer Tech Camp Thanks to CompTIA Board of Directors


The following is a press release from CompTIA.  I am proud to be a member of the CompTIA Board and to be a part of an organization that looks for opportuntities to make a profoud impact for the better.

I have been engaged with CompTIA for nearly 20 years.  I had the privilage to be part of the committee that interviewed CEO candidates and determined that Todd would be the right person to carry CompTIA forward.  His accomplishments over the last 10 years have been impressive.  CompTIA continues to grow and reach new heights.  Most importantly, the education, training, membership opportunities, workforce initiatives, communities, councils, public policy work and more are providing significant value to CompTIA certification holders, members and staff.  Congrats Todd!  Looking forward to seeing what we are able to accomplish over the next 10 years and beyond.

I consider it a gift to be part of this progressive, inclusive and innovative trade association.

Here’s the press release:



DOWNERS GROVE, Ill., Aug. 16, 2018 /PRNewswire/ — Twenty students recently concluded a weeklong adventure at a technology-themed summer camp thanks to scholarships from the Board of Directors of CompTIA, the world’s leading technology association.

The 20 students – 10 each from Chicago and Washington, D.C. – attended iD Tech Camp, the leading summer tech camp for students between the ages of 7 and 18.

The board made the scholarship awards in recognition of Todd Thibodeaux‘s 10th anniversary as president and CEO of CompTIA.

“Todd coined the phrase ‘confidence gap’ and has stressed the importance of the technology industry connecting with students, especially those from diverse backgrounds, to let them know that a career in tech is absolutely within their reach,” said Amy Kardel, chairwoman of the CompTIA Board of Directors and co-founder and president of Clever Ducks, a technology services company in San Luis Obispo, Calif.

“In keeping with that mission of closing the confidence gap, our Board of Directors was extremely pleased to provide 20 children with an opportunity to learn about technology and teamwork and to give their personal confidence a boost,” Kardel added.

The students were selected based on their involvement with local non-profit organizations that offer community support and skills building programs in Chicago, where CompTIA is based, and Washington, where the organization has a significant presence with its public advocacy and public sector practices.

“The students had wonderful experiences being introduced to robotics, artificial intelligence, 3D printing, game design, and more, while also learning life and leadership skills, all in a supportive and inspiring environment,” said Nancy Hammervik, executive vice president, industry relations, CompTIA.

The summer tech camp opportunity is the latest CompTIA initiative aimed at providing students with information about career opportunities in the tech industry.

The CompTIA Association of IT Professionals (AITP) Student Program matches students in tech programs with mentors to help them learn about and prepare for technology careers.

There are more than 100 CompTIA AITP student chapters at universities, colleges, community colleges, and other learning institutions across the country.

CompTIA has also partnered with the Technology Student Association, a national, non-profit organization of 250,000 middle and high school students who are engaged in science, technology, engineering, and mathematics (STEM). CompTIA will supply volunteers, programming content and career mentoring to students participating in TSA’s STEM competitions.

About CompTIA

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $4.8 trillion global information technology ecosystem; and the more than 35 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce. Visit www.comptia.org to learn more.


Steven Ostrowski





Related Links


IT Industry Comes Together in Washington


The following was published in the Sunday, August 12, 2018 edition of Fosters and Seacoast Sunday.


As it does each year, the IT industry gathered for the annual CompTIA ChannelCon conference from July 31 through Aug. 2. This year’s event was held in Washington, D.C. and focused on “The Business of Technology.”

Unless you have been living under a rock or entirely “off the grid,” you know technology is more pervasive than ever. Every business relies on technology today and for many, it is the most important competitive differentiator that they have. The “Business of Technology” encompasses every aspect of the information technology industry and quite literally, every business that leverages technology to deliver their good and/or services to their customers.

More than 1,000 technology professionals attended the event in person and several thousand more participated via ChannelCon Online, a live stream of the event for those who were not able to get to DC. ChannelCon is a unique event in the technology industry as it is not sponsored by any vendor. As the industry’s nonprofit trade association, CompTIA is in a unique position to give all organization an even playing field on which to participate. Tracks included things like BizTech, field trips, future trends, IT Pro, networking events, a technology vendor fair, vendor education, community meetings and general sessions. As I’m sure you would expect, the sessions were packed with insight into the future of the industry as well as reflections on where we have been and where we are at present.

The conference was keynoted by Four-Star General Stanley McChrystal, former commander of U.S. and International Forces in Afghanistan. At first glance, you might not think there is a lot of commonality between fighting terrorists and business, but Gen. McChrystal drew some impressive parallels of how adaptability and technology allowed JSOC, the Joint Special Operations Command to be become a modern hybrid model that leveraged technology, trust and a common purpose to confront one of the most difficult adversaries they had ever encountered.

They leveraged technology to connect ever member of the command, no matter what their role or physical location and it transformed their ability to deliver on their mission. The parallels to business communications, processes and technology were quite clear.

Another key theme that was present throughout the conference was the changing ways that technology is procured and implemented. Technology decisions are no longer the sole domain of the senior executive in charge of information technology. Many decisions are now made at the business unit or functional level within a company. Consultants, managed service providers and the technology vendor themselves, all need to be engaged with the right people within their customers organization. Only with this deep level of engagement, can the end customer ensure that they are getting the best advice, products and services to help them accomplish the business outcome they are seeking. This is a shift in how business technology has historically been consumed and managed. This is what the “Business of Technology” is all about.

I sat in on several sessions throughout the event and one that really stood out was a meeting of the Joint Advisory Councils. This group comprises senior executives in the technology industry representing companies from established and emerging technologies. They presented several infographics covering topics as diverse as how drones are being used in businesses, to how technology is allowing the development of “smart cities,” the evolution of software consumption and licensing models and more.

And of course, there was plenty of talk about cyber security. You can’t talk about technology without getting in to a discussion about security, for good reason. As a trade association, CompTIA has some very insightful research and other resources to help its members address the cyber security concerns of their customers.

Attendees also had the opportunity to learn about the products and services offered by more than 150 vendors who had a booth at the Technology Vendor Fair. Unlike other industry events, CompTIA levels the playing field, providing each exhibiting vendor with the same size booth from which to make their pitch. It allows attendees to very objectively survey the technology landscape, learn about new and established vendors alike and ensure that the services that are brought to market are best-in-class.

The IT industry shined bright in DC. These are exciting times and new technologies continue to come to market that will truly revolutionize our lives. It’s a privilege to work in such an exciting business and be part of a great company, Onepath and a member of a fantastic organization, CompTIA.

CompTIA World Fall 2018


At CompTIA‘s annual ChannelCon 2018 last week, the latest edition of the CompTIA World magazine was released.  The Fall 2018 edition is the fourth edition of CompTIA World.

It features a profile of Victor Johnson, CompTIA Member of the Year.  Victor shares his inspiring story in print.  He also gave one of the best and most sincere speeaches I have ever heard from the main stage at ChannelCon 2018 last week in Washington, DC.

I am honored to have been interviewed for a piece in this latest edition of CompTIA World.  You can access the article here.  While you are there, check out the entire edition.  It’s a great read and an excellent publication for the IT industry.

CompTIAWorld Fall 2018.jpg

ChannelCon 2018 is Here!


The first week of August each year is one of my favorite weeks of the year.  It’s when CompTIA members gather for the annual ChannelCon IT industry conference.  ChannelCon is the most valuable event I attend each year.


If you are a regular reader of my blog, you know that I am highly engaged in CompTIA and a big proponent of CompTIA’s work.  The key to this organization is the diversity of its membership and the breadth of what this organization does in the IT industry.  This will also be my last ChannelCon as a member of the Board of Directors.  It’s been a true privilege to serve this amazing organization as a member of the Board.  I’ve had the distinct honor to serve three years as Board Chair and am finishing up my term as Immediate Past Chair.

ChannelCon brings together the best of the business for three intense days of networking and educational opportunities.  This event is not about one company or one technology, it’s about the entire IT industry, from A to Z, from the Channel to upstart business application vendors, from certified IT professionals to drones, small cities and emerging technology.  It’s about educational opportunities to provide insight into where the indsutry is heading and what any business in the IT industry needs to be aware of to remain relevant in one of the most dynamic and ever changing industries in the world.

It’s also about philanthropy and giving back.  From the Creating IT Futures Foundation, that helps all manner of individuals gain access to exciting careers in technology to the Advancing Women and Advancing Diversity Communities that are striving to break through artificial barriers in our industry.  It’s also about helping our colleagues improve themselves and their businesses, based on real world experience, in the field.

From household name technology brands to the newest startup in the field, over one thousand professionals will be in DC this week, talking about the Business of Technology and the bright future we all have ahead of us.  Here’s to a great week.

Tech Talk: Sextortion is the Latest Email Scam


SextortionThe following article was published in today’s editions of Foster’s and Seacoast Sunday.

The headline is racy, Sextortion. It’s the latest email scam circulating the internet and it certainly raises some eyebrows and causes anxiety for many recipients. The good news is it’s an email scam that sounds a lot worse than it is.

Here’s how it works. You receive an email with a subject containing a username and password you are either currently using or have used in the past. The message goes on to say that you recently visited an adult website and while you were there, the sender of this email installed malware on your computer. This malware allowed them to take control of your webcam and record you. Unless you agree to send a ransom in Bitcoin, the sender threatens to release the videos they have of you and the adult websites you have visited to your contact list.

The sender also employs a little odd humor, commenting on your good taste in adult videos you watch. That aside, there is nothing funny about this. This scam plays on your sense of privacy and prudence. It attempts to shame you into paying a ransom to protect your reputation. It’s just the latest example of extortion attempts via email.

So where are the bad guys getting your username and password? The first thing to confirm is whether the password is one you use currently. It may be. It may also be one you have not used for years.

So where are the bad guys getting your username and password?  The first thing to confirm is whether the password is one you use currently.  It may be.  It may also be one you have not used for years.  Most security researchers believe that the usernames and passwords are being obtained from databases on the Dark Web that have millions of compromised credentials, gathered from numerous data breaches that have taken place over the last ten or more years.  The problem is that many people don’t change their passwords often or use a unique password for each site you need a login for.  So, it’s quite likely that the password may still be in use, on at least some of the web sites that you visit.

The good news is there are no reports that anyone has actually had the threats in the email carried out. But the threat is what gets people to take action and in some cases, actually pay the demanded Bitcoin ransom. You should never do this as it just fuels these scams. All indications are this is an automated scam, mining data on Dark Web and crafting these email messages. If the bad guys behind this receive even a small fraction of the ransom they are demanding, they will make out pretty well. Don’t fall for the scam and help them make money.

So, what can you do to help protect yourself against email scams like this? Use a strong password, preferably a passphrase that consists of several words put together to create a strong passphrase that will be very difficult to hack. I recommend a bare minimum of 12 characters, mixing upper and lower case letters, numbers and symbols. Don’t use the same password on more than one website. This is probably the most difficult thing to do, with all the username and password combinations you have. If you struggle with this one, look into a password manager to help you manage all the usernames and passwords you have. If you are not familiar with password managers, Google them and read user reviews to see if one may be good for you. Also, be sure to enable two factor authentication whenever it is an option, to further secure your logins.

Most importantly, if you get one of these messages, don’t panic and absolutely do not reply or send the ransom. The worst thing you can do is engage in an exchange with a hacker like this. Or pay them.

Sextortion, the Latest Email Scam


sextortion-caution-signHave you received an email with your password in the subject line?  If you have, you may be the latest victim of “sextortion,” the latest email scam making its way around the internet.

Here’s an example of what the email you may receive might look like:

Subject: yourusername – yourpassword
I am well aware yourpassword is your pass. Lets get straight to point. You may not know me and you are probably thinking why you’re getting this email? Not one person has paid me to investigate you.
actually, I installed a malware on the X videos (pornography) web site and guess what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated operating as a Remote control Desktop that has a keylogger which provided me accessibility to your display screen as well as cam. Just after that, my software obtained your entire contacts from your Messenger, Facebook, as well as e-mail . After that I created a double-screen video. 1st part shows the video you were viewing (you have a nice taste : )), and 2nd part displays the view of your cam, & it is you.
You got only 2 choices. Let us explore these types of choices in aspects:
1st solution is to just ignore this email. In this situation, I will send your actual recorded material to every one of your contacts and just consider about the awkwardness you can get. And consequently if you are in a committed relationship, how it will affect?
In the second place alternative should be to compensate me $7000. We are going to call it a donation. Then, I most certainly will asap remove your video recording. You can keep on your life like this never happened and you will not ever hear back again from me.
You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1MVikLH1GbsvYa8bXVGScgZLXP1tVNH9o4
[case-sensitive so copy & paste it]
Should you are planning on going to the police, anyway, this email message cannot be traced back to me. I have taken care of my steps. I am not attempting to demand a whole lot, I simply want to be paid. You have one day to make the payment. I have a unique pixel within this e-mail, and at this moment I know that you have read through this e-mail. If I do not get the BitCoins, I will, no doubt send your video recording to all of your contacts including family members, co-workers, etc. Nevertheless, if I receive the payment, I will destroy the recording right away. If you want proof, reply Yea! then I will send your video recording to your 7 friends. This is a nonnegotiable offer and thus do not waste mine time and yours by responding to this e-mail.

Despite the dire warning, this is a harmless scam.  The sender is trying to intimidate you into sending them a Bitcoin payment, plain and simple.  Numerous, credible security researchers have determined that the hackers of getting your username and password from databases on the Dark Web that sell stolen credentials.  In some cases, these passwords may be years old.

You can check to see if your information has been exposed on the Dark Web by checking the Have You Been Pwned? web site.  The link is to a post I wrote about that some time ago.

If you get a message like this, delete it and ignore it.  This is just the latest email scam going around, but due to its selatious nature, it’s garnering a lot of concern.

The following is an email alert the Onepath, my employer, put out earlier today on this matter.  There are some prudent recommendations in this message, to help maintain your online safety.  Stay Safe Online!

Onepath Alert

We have become aware of a new scam making the rounds that we want to alert you to.  You or your colleagues may receive an email that includes a password that you may currently use or have used in the past. This email may make reference to you having visited an adult web site or that the hacker sending the email may have installed malicious software on your computer. In some instances, the email may also state that the hacker has activated your webcam and captured video of you. The email will ask you to pay a ransom, in Bitcoin, to avoid any embarrassing information about you being leaked to your contact list. Rest assured that this is a scam. At this point in time, Onepath is not aware of this being a valid threat.

Research suggests that this is just the latest type of automated email scam that seeks to scare the recipient in to making a payment. Onepath urges you to never make payments to hackers as a result of an email like this. Multiple security researchers feel that the password emailed to you was obtained from a database of hacked passwords that were obtained from one of the large hacks that have taken place over the last several years. In other words, this is not a current threat. That said, we still recommend you do the following, to help ensure that your accounts are as safe as possible:

  1. Do not use the same password across multiple online accounts.
  2. Instead of a password, consider using a passphrase, a collection of words and make them complex, replacing letters with numbers and symbols and mixing upper and lower case.
  3. Where you can, enable two factor authentication to further protect your account.
  4. Consider use of a password manager to make managing your online accounts a bit easier and more secure.

Onepath recommends that our clients have an information security game plan that focuses on the following:

  1. Take steps to protect your company, customers and suppliers data.
  2. Regularly discuss data protection and system access with your employees.
  3. Implement incremental steps to mitigate data breach and system access risk in your environment.

Your Onepath Client Engagement Manager can help evaluate your present security posture and recommend testing and training solutions to help your employees maintain a proactive defense against many threats. Onepath’s Information Security Division also provides a full suite of services that can assist you with the development of a more complete security game plan. If you have any further questions please contact your Client Engagement Manager.


Look Out Slack, Here Comes Teams


The following was published in the Sunday, July 15 editions of Foster’s and Seacoast Sunday.


Several months ago, I wrote about new workplace communication tools, namely Slack. Slack is the market leader in this space, but Microsoft, true to form, is coming on strong with its tool called Teams. At the time I wrote the original article, Slack really owned the market. Fast forward five short months and the scale is swinging toward Teams.

So what is Slack and Teams? These are commonly referred to as workplace collaboration tools. Slack, from their website, says it is “Where work happens. When your team needs to kick off a project, hire a new employee, deploy some code, review a sales contract, finalize next year’s budget, measure an A/B test, plan your next office opening, and more, Slack has you covered.”

The Teams website is “The hub for teamwork in Office 365. Communicate through chat, meetings and calls. Collaborate together with integrated Office 365 apps. Customize your workplace and achieve more. Connect across devices.”

These tools are hubs of information and collaboration. They are places where people communicate in groups or teams, share information, use collaborative applications to drive productivity, host meetings, make voice and video calls and store information. This can be done in small groups of people, between departments, publicly, privately and most importantly securely.

Slack was first to market and Microsoft has followed with Teams. While the tools themselves are becoming more similar than different, Slack had a clear edge with its broad integration with a wealth of other apps that many businesses use. This integration allowed users to collaborate in one place, across multiple apps, projects and discussions. Initially, Teams lacked these same integrations, but that has changed. Teams now has as broad a set of integrations as Slack and because Microsoft includes Teams in all of its business Office 365 subscriptions, it has millions of users, almost overnight.

If you are a Microsoft Office 365 subscriber, you have Teams. If you are not using it yet, you likely will be soon. Skype for Business, Microsoft’s popular business chat, voice and video service is also bundled with Office 365 and had a very large subscriber base from before Microsoft’s acquisition of Skype several years ago. Skype for Business is being merged into Teams so if you are a Skype for Business user, you will eventually become a Teams user. Microsoft is not yet forcing this transition, rather allowing you to continue to use Skype for Business while you explore and plan your eventual transition to Teams.

One of the main benefits users tout for these platforms is the reduction in email volume. Instead of lengthy email exchanges, with people being added and removed from replies and topic being equally added and removed, these platforms organize these conversations into distinct threads. By moving conversations into these collaboration platforms, you remove the immediacy of interruption that is often associated with email. You are able to more finely control your alerting preferences and when and how you want to consume the information. You can share and collaborate on documents, spreadsheets and more, while maintaining more control over the original file and keeping the spread of the file living in numerous places.

With support for voice and video calling, these hubs become a single tool for all manner of communication within the business. Extensive search capabilities make finding current or past information far simpler than searching through email and server folders. Rich auditing and tracking as well as discrete permissions management also means you can control the flow of information and restrict access, to keep information secure.

If you have not yet looked into these collaboration tools, you should. Check out Slack at www.slack.com and Teams at www.microsoft.com/teams. You’ll be glad you did.

Roundup of Informative News


Here’s another roundup of some really informative articles that have been published on the Onepath web site.  I hope you will check them out as there is some truly great content here from some real industry luminaries.  Let me know what you think of these pieces.  We love feedback and knowing what we’ve done well and what you are interested in learning more about.  Enjoy!

The Business Side of Cybersecurity – Keynote Presentation to Georgia Construction Conference
Given by Greg Chevalier


With all the big companies in the news for data breaches or other cyber security “incidents,” does the average mid-size business really need to worry about cybersecurity?  In his keynote presentation to the 2018 Georgia Construction Conference at the Cobb Energy Centre in Atlanta last week, Greg Chevalier helped a group of finance and operations executives understand the answer is a definitive “yes,” and not just to protect yourself directly, but also indirectly through your trading partners.

Network traffic has grown rapidly; your cybersecurity needs to evolve with it.  Network traffic has grown exponentially over the last 20 years, driven not just by the adoption of smartphones and laptops for personal use, but by the explosive growth of machines on the network.  Not just servers, but firewalls, edge routers, webcams, wireless access points, vending machines and thermostats.  Each of these devices presents something that needs to be either protected or potentially defended.  In the ‘90s, intrusion prevention systems were largely sufficient to deal with the individuals who may be bad actors trying to attack a manageable number of machines using fairly common security frameworks.  But with the rise of so many different machines on the network, the number of security frameworks has grown just as fast.  This means your cybersecurity has to now solve for an exponentially greater number of potential issues than 10 years, or even 5 years ago.  As a business executive, you have to consider when was the last time you made a meaningful update to your IT security infrastructure?  In response, various industry groups and regulatory bodies have developed security regulations such as PCI (payment cards), HIPAA (healthcare), GLBA (banking), FINRA (financial services) as well as industry standards such as ISO 27001/2, SOC Type I/II,III, and NIST CSF to help companies keep their data and their networks secure. [Continue reading…]

10 Ways to Improve Your Conference Room Meeting Experience
By Michael Lane

The first 10 minutes of a 30 minute meeting all-too-often look like this:

“How do we connect my laptop to the TV?”

“Can someone get Sarah? She knows how to turn on the projector.”

“I think I have the wrong meeting link; here let me find that in my email.”

“While I’m looking, can someone go ahead and dial us in on the speakerphone?”

“There we go. Can everybody hear me? No? Here, I’ll slide over closer to the microphone.”

By the end of the meeting, you may not even realize you’ve run out of time until someone pops their head through the doorway because they’ve booked the room for the next block of time, and now you’re delaying the start of their meeting.

$37 billion dollars is lost annually to poor meetings, according to the U.S. Bureau of Labor Statistics.

Audiovisual (AV) has changed from a speciality area to a business-critical application. Businesses need to interact with remote workers, remote clients, and remote vendors, so presentation and collaboration technology is increasingly part of how we communicate. AV equipment is therefore becoming as central to running your business as other communications like phone or email. The shift to AV being business-critical in nature has in turn created a demand for reliable, sustainable, and repeatable AV solutions. [Continue reading…]


Q&A: What Can We Learn from the Atlanta Cyberattack?
By Patrick Kinsella

In light of the recent and ongoing ransomware cyberattack affecting the City of Atlanta’s IT systems, we sat down with Onepath’s Senior VP of Engineering and Technology Patrick Kinsella, to get his perspective on the events of the last week. The ransomware attack began on Thursday, March 22, and affects almost half of the city’s systems, from Municipal Courts to Watershed Management. On Tuesday, March 27, city employees were advised to turn their machines back on. By Friday, a few systems were slowly starting to come back online, but a couple were still not back up.

Q: What is ransomware?

A: It’s the information technology version of someone breaking into your home, locking you out of it, and demanding a ransom to regain entry; all the while you hope your belongings are intact when you’re able to return. In the IT world, the items behind held captive could be personal health information (PHI), or other personally identifiable information (PII), which may actually belong to your business’s customers or stakeholders.

Q: When a ransomware cyberattack happens, what are the first things a business, or in this case a city, usually does to respond?

A: The first thing is, do everything you can to stop the bleeding. You determine what you need to shutdown, and what backups need to be stopped from running to avoid poisoning the last good copy, assuming you’ve been diligent in running backups. In a different incident, for example, Hancock Health shut everything off after being hit with ransomware—computers, backup scripts—within 90 minutes. For the City of Atlanta, they seem to have followed that procedure as well. [Continue reading…]


Onepath Launches Cybersecurity Self-Assessment Tool
Created by our Web Dev Team

Onepath has created a cybersecurity self-assessment tool to help businesses establish a baseline of their current security level and posture. The questions are around the basics – the blocking and tackling needed to establish an information security foundation. It may be just a start, but it could be that critical first step you take to get your business on a path toward cyber protection. [Take the assessment…]

Client Engagement & vCIO Collaboration


The following article was published in the July 2, 2018 edition of Channel Executive Magazine:

In the world of MSP services, firms provide a range of proactive services to clients to help them make the most of their IT investments. Over the years, as the market has matured, the notion of the vCIO has become a key component of those services.

VCIOs act as the chief information officer for the client in a virtual capacity. This is because the vCIO is not an employee of the client company but of the MSP. By working with multiple clients, either in the same vertical or across several industries, this executive-level resource brings a wealth of experience to the client relationship. Often, the vCIO is responsible for the overall client relationship, coordinating technical services, project management, customer services, and more. The vCIO is often the most senior resource from the MSP assigned to the client.


In recent years, a new resource has emerged with equal — if not more — importance to the client relationship sometimes referred to as client engagement or sometimes as client success. This department has one responsibility — the overall health and retention of the client relationship. In this capacity, client engagement can take on many of responsibilities that the vCIO would handle. Both are highly consultative while each may have different areas of responsibility within the overall client/MSP relationship. If not properly structured, there could be conflict between these two roles, but there does not need to be.

The vCIO will work with other C-level executives at the client to fully understand where IT sits within overall corporate priorities. The vCIO will also work with other executives to identify the areas where technology is a clear enabler and where it may be a bottleneck. The vCIO will also identify areas of opportunity to improve how technology serves the business as well as be the key MSP resource to keep the client apprised of technologies to be evaluated and the potential benefits of implementing new technologies to help the business reach their stated goals.

The client engagement role will typically have responsibility for managing the relationship with the appointed primary contact at the client. This may not always be the same person that the vCIO interacts most with, especially in larger clients, so having these two key roles in close communication and coordination is critical. Client engagement will typically have ultimate ownership for the relationship, so while the vCIO may seem to be the more senior resource, that person may actually be taking direction from client engagement. At the very least, everything must be in close coordination.

In a growing or midsize enterprise, the vCIO will typically work most closely with a peer, who could themselves be the CIO for the client company or at least an executive-level position like the CFO or a vice president. They will typically not be involved in the day-to-day of the working relationship. Things like help-desk tickets will typically not make their way to the vCIO with the exception of period trending on a quarterly basis. Instead, the vCIO will focus on the overall infrastructure and projects with significant impact to the infrastructure or workflows of the client.

Client engagement typically owns the more day-today relationship items, like managingclientengagement.jpg the replacement of equipment as it reaches its life expectancy, managing software subscriptions, warranty renewals, and the like. They will also typically become involved in escalations from the help desk to ensure the issue is carried through to resolution as quickly as possible and that the client is fully informed every step of the way.

When client engagement becomes aware of issues that point to more strategic need, this is when they will directly engage with the vCIO. The vCIO will, in turn, be sure that the issue at hand has the necessary visibility with the right management personnel at the client. This close coordination helps the client avoid unnecessary expenditures that either may not be necessary or could be better controlled with the right visibility. The last thing any MSP wants to see is a client spend money on short-term fixes when a longer term strategic conversation may help the client make the best choices for how their technology dollars are being spent.

This is especially true when it comes to projects that cross functional areas. It’s always a shame to see one department pursue an IT project that could benefit other departments without their involvement. All too often, if left to their own initiatives, organizations will allow departments to pursue their own objectives. When it comes to IT, this can lead to all manner of applications and systems being implemented with a singular focus. Deep engagement on the part of the vCIO and client engagement with the entire organization can help protect against this and ensure that initiatives are evaluated for possible benefits in areas of the organization that may not have otherwise been considered.


These two critical functions help ensure that the right people at the client are engaged with the right resources at the MSP. Every relationship is a two-way relationship, and this structure helps ensure that the right people are engaged and the right communication is taking place at the right interval. The cadence of client communication and meetings with key stakeholders is very important. It’s very important to map to what works for your client. If talking to the client daily doesn’t make sense, don’t do it. All you will do is annoy your client and risk not getting attention when it’s needed most. Talk to your client about this at the beginning of your relationship. Let them know what you have seen work well with other clients in their industry or of their size. Set the cadence based on mutual agreement and adjust as necessary as you gain experience with one another.

Implemented properly, the concept of client engagement/ client success and the role of the vCIO will ensure a healthy, long-term, and mutually beneficial relationship. In the end, that should be everyone’s objective.

How Do You Assess Cyber Security Readiness?


The following was published in todays Foster’s and Seacoast Sunday.

Cyber security is a moving target, to say the least. The threats change all the time. Regulators continue to clamp down on companies to take the issue of cyber security seriously. The reputation of a well-known brand can be erased by a single report of a data breach.

SAWWe all know about the high-profile hacks that exposed millions of people’s information. Whether it was the breach of popular retailer Target or the credit bureau Equifax, it seems like we read about the latest data breach on a nearly daily basis. Even here in the Seacoast, the city of Portsmouth suffered a hacking incident that took months to recover from. The city informed residents not to open email messages that appear to come from city staff with attachments, especially ones that appeared to have a bill or invoice attached. This was not too long after the city of Atlanta suffered one of the most destructive and expensive municipal cyber incidents.

With large and small companies and governments being targeted, it can seem almost impossible to keep up with the threat, let along mitigate it. Your staff is your last line of defense and making sure they understand the risks and their role in defending the organization they work for is critical. But first, you have to understand your level of risk. How do you do that? A cyber security assessment.

There are numerous types of assessments. Some are free and some cost money. Free assessments run the range of usefulness and paid assessments can cost a lot of money and if not properly qualified up front, that money could be wasted. That’s why I am excited about a tool that the company I work for, Onepath, released this week. The Onepath Cyber Security Self-Assessment Tool is a completely free tool to help you get started understanding your level of risk. In fact, we don’t even ask for your contact information, unless you wish to provide it or contact us for more insight on the topic. That’s how committed we are as an organization to help everyone better understand cyber security and educate themselves on their risk and options to be safer.

The Self-Assessment asks 20 questions to help you evaluate your cyber security posture. Once you answer all the questions, you are presented with your results instantly. You don’t have to wait for someone to review your answers and take their call or respond to an email to get your results. We provide them to you immediately and you have the option to save them, if you want.

Key to this tool is the detailed explanations that come along with your responses. You will get a summary score, to give you an idea of your present state. The explanations to each answer will help you understand what you are doing well and what you need to improve, complete with suggestions of how to pursue improvement. This tool is designed to be a first step, to help you get started. Sometimes getting started is the hardest part of the process. I believe this tool will help countless organizations get over the hump of getting started.

Please check out my blog post about this new tool at https://mjshoer.com/21Fft. I encourage you to take the assessment and get a baseline on where you stand today.