← Back to All Resources

How We Survived a Cyberattack: Interview with Robert Cioffi, Progressive Computing, Inc.

On July 2, 2021, the unthinkable happened for an MSP in New York: they, and their customers, suffered a ransomware attack. Progressive Computing, Inc., and over 80 of their customers, along with 2,500 end points, 250 servers, and 200 sites, were locked out of their systems after bad actors took advantage of software provider Kasaya. 

Fortunately, the story doesn’t end here! Join West McDonald, Chief Noise Maker at Tigerpaw Software, in this incredible interview with Robert Cioffi, COO at Progressive Computing, Inc., and learn the horrors and valuable lessons in surviving a cyberattack. You’ll hear:

  • The horrifying details of an MSP (and their customers) that suffered a ransomware attack 
  • How it all became very real when Robert noticed all his computer screen icons in the office had turned into white boxes 
  • How surreal it is to realize that most of your customers are also victims of the attack 
  • About the dark loneliness that can overtake you when you watch your business valuation go to zero 
  • The power of community: The generosity of time and expertise from fellow MSPs (even competitors!) 
  • Why an actual attack is so much different than tabletop exercises 
  • What your company can do to survive an attack 
  • How a strong corporate culture makes it easier to pull a team together 
  • Why at the end of the day MSPs sell trust and confidence, NOT technology services 
  • The delicate balance of using language carefully to maintain your real voice while being careful with legal requirements 
  • The importance of securing a great cyber insurance provider 
  • Why there is some sunshine on the other side if an attack is mitigated correctly 
  • Tips for building a cyber and incident response plan 

This interview is filled with important and inspiring information that will help you to prepare for the unthinkable. We live in a threat landscape where seemingly nobody is immune, and forewarned is forearmed, as they say.  

While you’re here, don’t forget to subscribe so you never miss an important piece of learning content designed to help you better your business and sleep better at night! 

0:00:04.1 West McDonald: Well, hey, everybody, it’s West McDonald here. I want to thank you for joining me for another episode of TigerTube. And if you can’t see us, if you can hear us, it means you’re listening on Tigerpaw Radio and I want to thank you for that. Really excited today. I’ve got a guest who you’ll be able to see in just a minute. Robert Cioffi, who actually runs a provider for cybersecurity and very exciting story today because he actually had a cyber incident, which he recovered from. And there are some strong lessons for everybody to learn from that. So this is a cautionary tale of some of the things that can go wrong and do go wrong. And Robert Cioffi, I want to thank you very much for joining us today.

0:01:07.3 Robert Cioffi: That’s my pleasure, West. I really appreciate the opportunity and platform to speak with you today and your audience to share our horrific story that I can maybe smile a little bit about now, now that it’s about a year and a half behind us. But I really feel in that true go-giver spirit that I needed to share this story and the lessons that we learned and the mistakes that we made so that others can learn and benefit from this.

0:01:37.8 West McDonald: Yeah, I love it. And for all of our viewers and listeners, I actually saw you speak on this topic at an event and it completely moved me. And I knew that we had to do an interview about this, right? So for our viewers and listeners who maybe don’t know you, could you introduce yourself?

0:01:53.5 Robert Cioffi: Sure. So I’m Robert Cioffi. I’m the co-founder of Progressive Computing. We’re an MSP based in Yonkers, New York. For anyone who knows the area, you know that the city of Yonkers is 200,000 people and the county of Westchester, which is home to about a million residents. But we’re lost in the shadow of New York City, just north of Manhattan. I live about 20 miles north of Midtown Manhattan. So my partner and I have been running this company here for about 30 years. Actually in February of 1993 is when we started the business. So in February of 2023, we’ll hit our 30th year of providing traditional MSP services to small and mid-sized companies.

0:02:35.9 West McDonald: Well, that’s great. And I know you’re quite well. I actually just got back from New York City last week for ISE East, which is a big physical alarm and security show. Actually I do have another topic coming up on that, sort of the merging of cybersecurity and physical security and alarm, which is becoming quite a big topic. So I probably drove right by where you live on the way back home.

0:02:58.9 Robert Cioffi: Possible. Oh, that’s right. Cause you’re going north. Yeah. So if you took the thruway, you passed within about a mile or two of my house.

0:03:05.4 West McDonald: Right. Yeah. We were quite lucky actually. We were heading obviously to Buffalo, which as you know, from watching the news, just got dumped with six and a half feet of snow. But fortunately our journey took us there the day after the snow plows had already gone through.

Robert Cioffi: So I was going to say six and a half feet is nothing for if you live in upstate New York.

West McDonald: Yeah. The joke was that they actually had enough snow to, you know, completely cover the quarterback, Josh Allen. So, well. Hey listen, I can get myself off track so easily. But I’m wondering, you know, this story that you said this horrific story that happened to you, could you maybe take us through it from, you know, sort of before it started and kind of what happened for, for audience because most people haven’t necessarily gone through it themselves yet.

0:03:53.7 Robert Cioffi: Sure. You know, it is, I just want to preface that I will attempt to move quickly and it may seem like I’m glossing over a lot of details because I must, when I’m given stage time, I’m usually rushing through a 45 minute presentation because it really is a multi-hour two, three, four hour story to get through all the details. So I’ll try to really compress that like the summary in a minute or two here. But on July 2nd of 2021, my company was a victim of the attack against Kaseya. Right. So we were at Kaseya VSA shop. We had implemented that tool to manage all of our customers systems. A hundred percent of our customers had a Kaseya agent on it, including my home PCs. And that’s also part of the story that I won’t tell today. But there, there is an interesting offshoot there. But so on that morning of July 2nd, 2021, beautiful day here in New York. I mean, it was, you know, we were looking forward to a 4th of July day weekend, which meant we also had Monday off in observance of the 4th of July Independence Day here in the United States.

0:05:06.9 Robert Cioffi: And you know, approximately noon of that day, my director of operations came upstairs. I was in the kitchen. He was white as a ghost, shaking, really had a terrible look on his face. I really thought somebody had died. That was my initial reaction when I saw him. So just, you know, kind of stepping through details quickly here, when I first approached him, you know, I felt like I needed to console him or comfort him in his, you know, dire time because I could just tell physically something was wrong. And little did I know that he was like that, you know, cop knocking at your door to tell you that a loved one just died in a fiery car crash or something. And so he told me that all of our customers were ransomwared. And when he said that to me, it just didn’t make any sense. And I kept retorting back to him, you know, okay, Jay, like that’s not, that’s a non sequitur. That doesn’t make any sense. What do you mean all of them, which ones? And he began to rattle off names one by one. And I could hear phones ringing. I could see people around in the office with, you know, forlorn, grave looks on their face.

0:06:24.9 Robert Cioffi: I could overhear even bits of conversations like, you know, okay, I’m going to get a tech on it. I don’t know what’s happening. I think there’s something system wide going on all sorts of like snippets of phrases that made me think this is not a bad dream. This is what he’s saying to me is actually true. And Jay just started rattling off names. And of course he began with the big accounts, right? As an MSP, really any, you know, business owner, you know, that, you know, the 80 20 rule, the 80% of your revenue coming from those top 20. And he started naming that top 20% list. And it was still surreal, just unthinkable that like, what do you mean? This is just like, it can’t be all of them. It could be maybe one or two of them. So when I got back to my, you know, I grabbed him and I, you know, immediately walked him into my office so we could sit down and get in front of a computer and try to figure out what was going on. And that’s when I noticed all the desktop icons on my computer started to turn white, which if you’re a technical person, you understand what that means is that that file just got changed from what it normally is into some encrypted version and windows doesn’t know how to display the icon.

0:07:45.1 Robert Cioffi: So it just puts a white box instead. I knew right then and there that I was dead in the water. I and West, I remember the presentation that you sat through and for those that may have been there, you’ll know that when I start talking about this, that I let people know when you’re starting to listen to me, I might have a smile on my face. I might joke about what happened, but there are times when it catches up to me and I get very emotional. So if that happens here today, I’m just going to apologize in advance for getting a little choked up, but it was that moment in time. And this is probably one of the deepest, most emotional points of the story for me is that I remember sitting there thinking about my business. Like at that point was, we were 28 and a half years into running this company. I mean, think about 28 and a half years. I’m not 20 years away from retirement, right? I’m probably one to two hands worth of years away from retirement. I watched my business valuation go to zero. I thought about all of those customers immediately firing us and moving on because I had no idea how the hell we were going to recover.

0:09:06.1 Robert Cioffi: You know ransomware on 2,500 endpoints, 250 servers, it was 80 customers, 200 sites, and four time zones. Right? That’s a massive amount of effort. Recovering from ransomware at one account is a major enough deal. Do it for 100% of your customers and I had no idea what I was going to do to overcome that. I also, because of my membership at IT Nation evolve peer groups and also as a facilitator, I get very deeply involved in helping people with their life plans. I watched my own life plan. I imagined myself sitting right in front of my wife at that moment in time telling her that all of our hopes and dreams and plans for buying a second home, vacation home, and all of our plans for what we were going to do in the next phases of our life suddenly just wasn’t going to happen. So, when they say that proverbial, you watch your life flash before your eyes, I’ve never really been in a serious car accident, but people have told me that those that have suffered a major catastrophic accident like that same sort of experience where you just watch everything break away from you and you’re hopeless and helpless to be able to stop it from happening.

0:10:24.0 Robert Cioffi: West, I’m a fixer. That’s my term that I use to describe myself. You’re not going to find that in any kind of personality trait test or any kind of business book. It’s just what I call myself as an IT guy who starts an IT business. I mean I think we’re all kind of hewn from the same stone. We see life as a series of problems to fix. Anything in my house that’s ever broken, there’s a 95% chance that I’ve fixed it. Only 5% of the time am I calling a professional to say, I don’t know what I’m doing here. Even people with personal problems, they’ll come to me and ask me for advice. This was the one moment in my life that I can ever remember where I feel like I was staring into the abyss and I had zero idea what to do. Literally for 10 minutes in my office with Jay, I had no words. I had no thoughts. My mind went completely numb. I had no idea who to call next or what to even say or do. It was a very frightening experience. People talk about having incident response plans and tabletopping exercises. All that’s awesome and wonderful.

0:11:40.2 Robert Cioffi: You need to do those things. I’m not saying that you shouldn’t, but what I’m saying is I was never in the military, but I can only imagine it’s the difference between being in bootcamp where the bullets are fake and now you’re actually in war. It’s that, excuse my French here, although this is not French, but it’s that oh shit moment where it just got deadly real and you freeze up. You don’t know what to do, say, or think. So, that’s a quick version of what happened in those initial moments. I’m not here to disparage Kaseya VSA, by the way, or Kaseya at all. They were a victim. Somebody illegally broke into their software. I want to remind the world that a crime took place. We were victims as well as those 80 customers that I described to you. All of their businesses, shareholders, employees, and families, they were all victims as well. The blast radius of this incident was very, very far and wide. I was only one of about 60 Kaseya customers affected.

0:12:51.9 West McDonald: It really hit home for me the second you said when you were looking at your computers and watching all the icons just go to that generic white symbol. How could you not see your life flashing before your eyes?

Robert Cioffi: That’s when it got real. That’s when where your head went, oh no, this isn’t just a concept.

0:13:12.2 Robert Cioffi: These aren’t just words. This is real.

0:13:16.3 West McDonald: It’s that visual and it’s so strange in our world because like you said, the blast radius, unlike a typical blast radius where you’re literally seeing things blowing up, that explosion is happening within the systems, within the network. It’s terrifying to have that visual. I just think of you remember the old movie War Games? When you’re just getting glimpses of things on the screen and how terrifying they are. Remember when they were mapping all of the missile strikes and everything else, even though it’s just on that screen. So essentially you, Kaseya, a whole bunch of customers, victims of these crimes. And you said you blacked out, but here you are today, still in business, still with your customers. How on earth did you recover from that?

0:14:06.2 Robert Cioffi: I cashed in one of my wishes and drank a magic potion. No, that’s what I felt like doing in that moment in time. I’m not an overly religious person. I’ll say I’m religious enough, but I did pray to God for help and realized that I was standing at the gates of hell, just like in Dante’s Inferno, right? Abandon all hope, ye who enter here is the inscription. There was only one direction for me to go. There was no phone a friend. There was no backdoor. There was no, I can’t go sideways up. There was only one way to go is to push the doors open and to walk that unknown path through hell. It frightened the you-know-what out of me. I, we, the entire team was terrified in those first few hours. How did we make it through is a very interesting story because there I think are a lot of different factors. One of them which I will take some credit for as one of the co-founders here and as one of the leaders of the business was when I, when within those first 10 or 15 or 20 minutes, I realized one of the things I needed to do was to assemble the team.

0:15:33.3 Robert Cioffi: That I needed to pull them, which was instinctually the opposite of what you want to do, right? Because everybody’s on the phone trying to help other people, our customers, right? And you’re thinking, you know, if I just hang up on people or don’t respond to them, they’re all just going to walk away from me. But I needed to pull the team together. And it was really our culture. You know, they say culture trumps all sorts of strategy. And I believe that to an extent, but this was a great moment in time in which our culture and our core values had really become an important element in our survival. So making a long story short, I gathered everybody in the conference room, either by phone or physically in the room. Most of us were there. And I told them, I’m like, look, I don’t really have a lot of clear answers here. And I don’t have a good plan. And I know that everybody is frightened, scared and angry and a lot of other negative emotions. And I know your phones are blowing up, right? Text, calls, email. But I want you to just take a moment with me to remember almost, you know, silently recite our core four values, which are, you know, team together, we get it done, humble confidence, service without ego, commitment, determined to do what it takes, and respect always to everyone.

0:16:55.5 Robert Cioffi: So it was those four core values that I felt that I just reciting them and going over them mentally with everybody in the room, lifted their spirits up enough so that we could start going back to our desks and start formulating ways in which we were going to recover from this. Now, you know, that was an important element to keep us all bonded together as we fought through the next few weeks and months. But you know, certainly, and I don’t mean to start with cyber liability insurance, but the resources that cyber liability insurance provided, including breach coach, right, the our attorneys, was invaluable to us throughout that process. Of the benefits of a policy, I would say that was probably the top benefit. And the coaches that we were assigned were actually pretty well. I don’t mean to disparage attorneys, and I know attorneys are a butt of a lot of jokes, but and they did provide a lot of legal guidance that I didn’t want to hear. But I had to hear. And then when I processed it, I said, you know, shit, they’re right, I really need to be thinking about, you know, how to say this or what to say or when to say things.

0:18:10.3 Robert Cioffi: And then the other major factor that really, really helped us West and this is unto itself, a reason why I’m starting to pin this into a book is the community response. When we reached out to our friends in the industry to let them know, actually, even just to ask, because I had other friends running Kaseya, did you get hit too? What are you talking about? Right. And then they found out through the news channels and shut down their own systems. But within a matter of days, I had three owners of other MSPs, one from Massachusetts, one from Santa Barbara, California, and one from Sterling, Kansas, if you know where that is, but it literally is in the middle of nowhere in Kansas. Those three business owners, friends of mine for the last decade plus showed up with a combined total of six of their engineers to begin helping us with recovery efforts. The owners themselves brought leadership skills and project management skills and, you know, coaching and mentorship, and their technicians just rolled up their sleeves and got to work. And West, it was so, I don’t even know what the right word is. I was so humbled by the response of the community because more and more people began showing up here.

0:19:30.5 Robert Cioffi: We had in total, approximately 40 different IT companies helping us throughout this process, of which there were probably a total of about 30 different people that flew in from different states, not drive, flew, got on airplanes, and spent upwards of two, three weeks here helping us. I do have to point out one gentleman in particular because there’s so many people I need to name. But Jim Allen, I always do this to him. I always make him stand up if I’m ever presenting and he’s there. But Jim Allen, I didn’t know from a hole in the wall. He’s from ACES in the middle of, I think, Ames, Iowa. And he heard through a friend what happened to us. That man, that saint, not a man, he’s a saint, got on an airplane, flew to New York, showed up at our doorstep. And we’re all looking at each other like, how do we know you? Who is this guy? And he’s like, I heard through a friend that I just had to come. I mean, I don’t know how to put into words what that means. And it moved me so much that at that moment in time, even though we were still reeling in pain and dealing with a massive problem, I knew right then and there in my heart that I needed to do something with this experience to help lead the MSP community and the IT community for that matter, beyond MSPs.

0:21:00.9 Robert Cioffi: I had to be a force. I don’t know about if I’ve said the word lead, but I had to be somewhat of a force to drive this story and to effect change, to move us in a way that mobilized us together so that we’re not just sitting there feeling alone, feeling like a victim, feeling shame, because no one should ever feel shame in something like this. No victim should ever feel shameful. Even if you’ve done something questionable or even wrong, remember that a crime still happened. I don’t care that you left the back door open. Someone still illegally accessed systems and committed a crime. So I was, you know, Jim’s, the reason I like to talk about Jim is because he was such a breath of fresh air for me in all of this to say, in all of this evil and all of this, you know, damage, here was such a shining, vibrant ray of light for me. It really energized me to keep moving forward and get things done. I would also be remiss, by the way, not to mention that there were several vendors, Axient, which we use for our business continuity disaster recovery, and Huntress, who helped us out with a lot of forensics and, believe it or not, a lot of moral support.

0:22:21.2 Robert Cioffi: Those two companies just did an amazing job in recognizing that they had a partner in the community that was in a lot of pain and provided us a lot of support to get us through this. So it was a multi-company effort here. No company should be able to survive something like this on their own.

0:22:40.6 West McDonald: You know, it’s fascinating because the one thing I think of, you know, I was trying to draw parallels to things I understand, right? Because this is not my world, but in a natural disaster, right? When neighbors show up with sandbags in a flood region or if a building collapses and people helping to dig other people out, right? This amazing sense of community for people that understand the seriousness of it, right?

0:23:02.8 Robert Cioffi: Yes. I mean, even some of my own direct competitors in my local market were willing to, like, can we help, right?

0:23:10.2 West McDonald: Yeah, I love that. And it’s this idea that people understand how important it is to have a healthy channel, to have, you know, like you said, even competitors to make sure that this is not how you want to win, right? This isn’t winning when someone goes down that way. What can we do?

0:23:28.2 Robert Cioffi: Well, and I’ve said publicly, when you attack one of us, you attack all of us. So, you know, if somebody is listening to me right now, whether it happened to you in the past or it happens to you in the future, you know, whether we talk or not, just know that like when you’re attacked, I’m attacked. And that’s just the way I view the world.

0:23:46.3 West McDonald: Yeah, and you mentioned earlier, as well, obviously, that, you know, having a carrier that had resources to be able to recommend as well, even from a legal perspective, I interviewed actually, she was on your panel as well, Blair Dawson. And, you know, she had some amazing things. I learned a ton, you know, and you said earlier, knowing what to say and when to say it, right? Like all of these things that in the panic of what’s going on, your first instinct has got to be to start calling everybody. And you know, to kind of, you know, open the whole book, right? Yeah. And it’s just fascinating to think of all those steps that you have to do for the benefit of your customers as well, right? Because you don’t want to tell them the wrong thing. If you don’t know what that point what’s really happening. Yes. Right? You know what I mean? Like to give them, you know, misinformation.

0:24:35.2 Robert Cioffi: And there were things that we learned. I mean, even with the legal help that we had, who, you know, this is what they do day in and day out, right? They help people through these types of incidents. This wasn’t just a bunch of random lawyers. You know, they’re trained in this particular type of incident response. Even then, we still made some errors. And you know, I still even have some cautionary advice to give. And again, I mean, there’s just too many details to talk about. But in terms of how to process that legal information, like just a real quick example is I felt that their communications that they wanted me to send were a little too legalese. And I said, guys, listen, I don’t know if you understand what I sell, but it’s not technology services. I sell trust and confidence, right? Everything that I do is based on a relationship. If I send all this legal jargon to them, they’re going to know I’m hiding behind you. And they’re going to likely fire me. So let’s soften this up before I send that communication out. And they were a little bit surprised by me pushing back on them, especially when I had tears coming out of my eyes and steam coming out of my ears.

0:25:44.2 Robert Cioffi: And you know, it was an emotional wreck.

West McDonald: Yeah, I think I understand you, though, that no matter what communication you’re having, even from a legal perspective, it still has to be you, right? That customers have to receive it and go, that’s Robert.

Robert Cioffi: Yes, it has to be in your voice.

West McDonald: Right. Yeah. And I can’t even fathom having to tread all of that, because one, you’re in the panic to begin with. And then secondly, having now to start thinking, again, putting your fixer hat on and moving through those steps to make both your customers and your company whole again. Right.

0:26:20.1 Robert Cioffi: And it was harrowing July. Most of July was just shot. I mean, we recovered 95% of systems to about a 95% state, more or less, in 17 calendar days with only one day that I ordered everybody to stop working. There was one Sunday in that period where I just forced everybody like you just got to stop, you got to need to take the day and just take a breather for today. Of course, half the people lied that they did that. They couldn’t help themselves, God bless their souls. And listen, even me, I was, you know, still I had my nose in my email answering text messages, but at least we weren’t officially like rolling out and around someplace.

West McDonald: Well, you know, I know that the story does have a good end, right? That you did recover and that, like you said, 95% of your stuff done in 17 days. But I would imagine you must have seen filaments of it and, you know, little whispers of it for months. Right.

Robert Cioffi: Well, it’s still ongoing today. And you know, I don’t want to paint the wrong picture here. I want to paint as true of a picture as I can.

0:27:28.5 Robert Cioffi: And I’m being very vulnerable when I say this, that I did lose customers, right? And they did have some losses that were, you know, not friendly departures, right? Some of them were pretty angry. You know, the amount of business I lost might, you know, might equal some small MSPs, right? It’s frightening to know if I told you the real numbers about like the amount of money that like just left our organization and it didn’t all walk away immediately. It doesn’t. What happens is, you know, it’s just like any other change of an MSP. If you’re trying to get somebody’s business, your sell cycle might be a couple of months, right? So if they’re starting to look, the last thing they want to do is fire us right away because they need us. And so some people walked, you know, before the end of the year, we lost, you know, unfortunately, some really good business that I’m still sad to see that it has left. And even throughout this year, I feel like there was a few accounts that slipped away because when you add that with maybe some other just normal grumblings, it suddenly became it’s time for a change.

0:28:40.7 West McDonald: And earlier you’d mentioned that a crime was committed, right? And you know, it’s amazing the repercussions, especially in a cyber world that those crimes have, right?

Robert Cioffi: Yeah. I know that there’s… Go ahead and finish. I’m sorry.

West McDonald: Yeah. I was going to say, I know that there’s loss and certainly expect that, right? But you know, to think of the success of being able to come through that and keep yourself whole and do the right things for your customers at the same time, right? That’s, you know, that’s the good news part of that story.

0:29:14.3 Robert Cioffi: We’ve added business since, and I’m happy to say that we’re about to go into our annual strategic meeting. It’s a little later this year than we had hoped, but in early December, we’ll be finalizing our plans for 2023. I think we’ve got some exciting and good ideas on the table, some new partnerships that are developing with vendors that we think will get us to our next step. I mean, you know, one of my brothers advised me a long time ago, Robert, don’t try to control the uncontrollables, only control the controllables. I can’t control what happened in the past. I can’t make that business magically come back. I can’t put my fingers around somebody’s throat in the Ukraine who actually instigated this whole attack, right? They know who he is. He’s been caught, by the way. He’s in the Dallas jail cell. I don’t know if you know that or not. You know, but they have the, I’ll say the primary culprit. Sure, I could choke him to death, but that’s not going to change what happened. By the way, that’s an official offer from me to the FBI. If they ever want to save some legal money and some government funds, I’m happy to deal with the problem myself.

0:30:27.3 Robert Cioffi: Just send them to my birthplace, the Bronx. I’ll meet them there. And we’ll do it the Bronx way. I jest, of course, I am not offering to commit bodily harm or at least you think so. Anyway, the point is that I, and this is the humor does get me through this stuff. So I mean, I like to joke around because if you can’t laugh, the only other option is crying. But, you know, we’ve, we’ve, we can only concentrate on what we can control in our, in our future. So did I get beat up? Yes. Did I come through that experience alive, but singed? Yes. Did I learn a lot of lessons? Yes. Did I make mistakes? Sure. A lot. And I’m happy to talk about all of them. And hopefully if I can get a book out, you’ll read about them all. But this is just, this is business. I mean, it’s full of risk. It’s full of danger. It’s full of ups and downs. And if you don’t have a stomach for it, you shouldn’t be running one. So I’d like to say at least I have the stomach for it and I was able to prove it.

0:31:34.9 Robert Cioffi: And then when I say I, I mean really everybody here, my business partner, myself and my leadership team and every single last human that calls this place home, we all pulled through this together and we’re going to be better for it. Come hell or high water. And if hell comes, we’ll walk through it again.

0:31:53.1 West McDonald: Well, and I think the new customers that you get to, I mean, what really strikes me there, and I’m always thinking with a sales guy hat as well, right, is that you’ve been through it when somebody says, why should we work with you? And it’s like, we have been through these dark waters and someone else that you may be looking at for the same services who has not experienced this will not have the life lessons or the muscle reflexes to respond the way that we know that you need to, because we’ve been there, right?

0:32:20.7 Robert Cioffi: Well, one of my customers even said to me, you know, we thought about firing you, but then we thought about it some more and we figured if should something ever happen like this again, who would we want on our side? The guy who’s seen the action or someone who says that they can handle it. Right. You guys can back it up, right? You did a, you know, we did, you know, we didn’t get a, an, of all A’s on our report card from them about how we manage the situation, but it wasn’t C’s, D’s and F’s either, right? You know, it was a lot of B’s and they were like, okay, like, you know, it’s, it’s, it’s behind us now. Let’s move forward.

0:33:00.6 West McDonald: I love it. And that’s, you know, customers really are partners as well. Right. And obviously you learned some hard lessons there and I’m wondering if maybe in some of those lessons you have any tips for, you know, building a cyber response plan or, you know, going forward.

Robert Cioffi: Well, I mean, I have a couple of tips and number one I’ve got so much to say about this.

0:33:21.6 Robert Cioffi: Number one, I want you to look yourself in the mirror and be honest. Most MSPs and including myself at that time, you know, we were doing a lot of good things. We were doing a lot of the right things. So I don’t want to make it sound like we were, you know, far behind, but even if you feel like, wow, like I’ve got a long road ahead of me to get buttoned up in terms of security and my offerings and how I need to even just manage my own internal security, you’re not alone. Right. So just remember this one thought. Security is a journey. It’s not a destination. You’re never going to swim to the horizon, but you have to keep swimming towards the horizon. Right. That’s the point. So you just have to every day that you do one new thing to improve your business from a security perspective or improve the security posture for your clients is moving in that direction. So just keep moving. For me, I discovered the CIS controls framework and there’s a lot of frameworks out there. I don’t mean to necessarily say that they’re the best, but I really like the CIS controls because they’re highly prescriptive in terms of how you should be approaching cybersecurity for yourself and for your customers.

0:34:34.6 Robert Cioffi: You know, don’t do the Heisman on cyber insurance or compliance requirements. Embrace them. Take a look at those cyber liability insurance applications and see what’s in there because they may not have it perfectly dialed in yet, but those actuaries and risk analysts that work for those underwriters, they know how to manage risk and they’re learning more and more every day. So take a look at what they’re asking for. And those are probably good indicators that if you’re not doing something like, I don’t know, incident response plans as an example, that maybe you ought to start building that into your practice. You don’t need to be a super expert at it today, but you’ve got to start working towards that. So just like any other business plan, I think you need to have some sort of cybersecurity plan that you’re always working on and to use the resources that I mentioned as some guideposts. And don’t ever feel that you’re, you know, I just like that, I give up because I’m just so far behind. How can I ever catch up? The last piece of advice that sort of overarches everything is the power of peers and the power of community.

0:35:56.2 Robert Cioffi: Now I’ve shared with you the benefit that it’s had for me. You need to make friends in this industry. You need to know who your local competitors are. At least be respectful with them if they’re willing to reciprocate. I’m willing to bet most would be very willing to have a very cordial, friendly, and even an open relationship with you. But then there’s the wider community at large, right? The national associations, the regional things that you can go to. Take advantage of those, learn from others because I’m telling you, the guys that are sitting next to you at those shows, they’re in the same boat as you, right? Don’t ever feel like you’re that far behind. So just use those resources in the best way that you can. Don’t feel like you have to sit down and eat the elephant in one sitting. You got to do that slowly over time.

0:36:53.1 West McDonald: I love it. And with respect for your time, I cannot thank you enough for sharing both the story of what happened and what people should be considering in the future to make sure they can do a better job of responding to these kinds of things from your experience, which is absolutely amazing. I work in a lot of channels and it’s very seldom that I meet someone like you that’s willing to help people openly to move through those things, right?

0:37:18.4 Robert Cioffi: I need all the points I can get when I meet St. Peter, right? I need check marks in the good column. I do it for love of community, love of this industry, and it’s just the right thing to do.

0:37:32.8 West McDonald: Well, I know that our viewers and listeners are going to be very thankful for that. Robert, I want to thank you for taking the time to do the interview today.

Robert Cioffi: It’s my pleasure.

West McDonald: And to all of our listeners and to those that have viewed the episode today, I want to thank you for tuning in and remember until next time to keep learning. 

Related Content


The AI Access Control Revolution

In the ever-evolving security landscape, the potential of Artificial Intelligence (AI) in transforming access control cannot be overstated. Brendan McFall, East Coast Operations Manager for...

Listen Now
Free Download

Optimizing Utilization 101

Grab your free eBook and implement these strategies to improve your tech utilization rates and your profitability.


Expert insights delivered straight to your inbox

We write to our friends and family every few weeks or so with big news, big ideas, and big updates. Sign up now and get in on the fun!

Contact us today for a personal demo.