Justin Kane, the founder and CEO of DoubleChecked, is revolutionizing the way small and medium-sized businesses (SMBs) approach cybersecurity by offering managed security services without the traditional managed service provider (MSP) model.
His company focuses on providing essential cybersecurity solutions tailored specifically for businesses with 5 to 250 employees, particularly those in industries like legal, financial, and medical. By targeting the 25 to 75 employee range, DoubleChecked addresses the unique challenges faced by smaller organizations that may have limited IT resources but still require robust security measures.
Kane explains that many smaller businesses are now equipped to handle basic IT issues themselves, thanks to the prevalence of cloud-based solutions and a more tech-savvy workforce. This shift allows DoubleChecked to concentrate on delivering specialized security services without the need to manage everyday IT problems. Their pricing model is significantly lower than traditional MSPs, making cybersecurity accessible to businesses that might otherwise overlook it due to cost concerns. This approach enables them to implement effective security measures without overwhelming their clients with unnecessary services.
The conversation also delves into the importance of commitment from business owners in managing cybersecurity risks. Kane emphasizes that while DoubleChecked can provide the necessary tools and training, the responsibility ultimately lies with the business to enforce policies and ensure employee compliance. This partnership between the service provider and the client is crucial for maintaining a secure environment, especially in industries that handle sensitive information and financial transactions.
Kane’s experience in the MSP sector led him to identify a gap in the market for cybersecurity services tailored to businesses that lack comprehensive IT support. By focusing solely on security, DoubleChecked aims to fill this void and help organizations implement essential protections against cyber threats. With a strong emphasis on automation and AI, the company streamlines its operations, allowing it to provide effective security solutions while minimizing labor costs.
Show Transcript
00:02 Dave Sobel:
What if I told you you could deliver MSSP security services for small businesses without delivering MSP services? Intriguing. I do like looking for things that are not necessarily conventional thinking, and Justin Kane of DoubleChecked is doing just that, he joins me for a discussion about what his business is, how he’s grown it, and all the whys of the decisions behind it. On this bonus episode of the Business of Tech, with every new breach and threat that I cover, it’s clear that cybersecurity isn’t a luxury anymore.
00:37 Dave Sobel:
It’s a necessity. That’s where Huntress comes in. Their fully managed cybersecurity platform is built for every kind of business, not just the 1%. Huntress seamlessly integrates their products and threat hunting team. Their EDR/MDR SIEM and Security Awareness training solutions are purposely built for their Elite 24/7 s ecurity operations center to stop threats before anyone else even spots them. This potent combination of purpose-built cybersecurity and red team hunting expertise is one of the many reasons why G2 users have voted huntress, the number one rated EDR for growing businesses to see what people powered cybersecurity looks like, visit hunteress.com/msp radio.
01:24 Dave Sobel:
Well, Justin, welcome to the show.
01:27 Justin Kane:
Absolutely. It’s great to be here, Dave.
01:29 Dave Sobel:
Nowto get things a little bit of baseline, you operate DoubleChecked, which is a, which I would describe as a managed security services provider focused on cybersecurity for SMBs. Can you tell me just a little bit about the core offerings of what you’re doing?
01:43 Justin Kane:
Yeah, absolutely. So we have a solution suite that we put together, really try to hit the heavy hitting items that our clients see, you know, the primary methods that, that hackers are trying to get intotheir businesses and affect their business. We are trying to put those solutions in place to make sure that they’re protected and to make sure that we know that something is actually going on in their environments.
02:10 Dave Sobel:
Now you are targeting specifically small and medium sized businesses with the offering, right? Can you tell me a little bit about like customer size, business size, revenue kind, give us some sense of the size of the business?
02:22 Justin Kane:
Yeah, absolutely. So we focus on 5 to 250 employees. We really find that sweet spot is in the 25 to 75 employee range. They typically aren’t as advanced as, as the larger organizations. Maybe they have that IT person on staff, but doesn’t have that cybersecurity knowledge. And so we really focus on that. Industries that are really important to US, legal industry as a huge one. They just hold so much information. Financial industry, anyone with compliance, medical industry (HIPAA) , things like that are, are really good customers for us.
03:00 Justin Kane:
And then, you know, unfortunately my terrible sales pitch is anyone that is in business today needs to be doing something for cybersecurity. You are a target, it doesn’t matter.
03:12 Dave Sobel:
Now, I’m really curious because, you know, conventional wisdom, which would also be my thinking on the, the pro the process is the smaller the organization, the more they’re looking for a single integrated provider. Like the idea of an MSSP makes a ton of sense for me at a Fortune 1000 or even an upper mid market firm. But as you get towards the smaller, it gets a lot blurrier, right? Because, so, so you’ve talked about yes, the sweet spots that say 25 to 75, but let’s pick on a 25 person organization. Yeah. There’s gonna be an expectation that, you know, they’re also gonna need problems with their printer and their workflow and the email.
03:47 Dave Sobel:
Talk to me about how you manage that. Yeah. You know, that that, that tension there. How do you manage that?
03:54 Justin Kane:
So it’s a great question because what’s really interesting is in today’s world, that’s not necessarily the case anymore. The employees are younger. Google is a great resource. Half the technology that you use today fixes itself anyways. So what we’re really seeing is that that need, that the MSP market has provided for a very long time with the help desk service desk. My printer’s broken, my computer’s broken. We’re seeing a lot of the smaller companies are, are somewhat able to take care of that themselves.
04:29 Justin Kane:
They maybe they have somebody on staff who, who’s just a techie kind of person, maybe not filling that IT role, but they’re good enough to, you know, help fix your outlook or, or fix the printer. And so what’s really interesting for us coming in is we’re able to provide that top layer security service and security offerings and consulting where maybe they don’t need the extra services that the MSP is offering.
04:55 Justin Kane:
We also see a lot of where the smaller customers aren’t able to afford the offerings from an MSP where a typical MSP is somewhere around $125 to $175 a seat /employee. We’re coming in at the much, much lower end of that, somewhere between $15 and $30 a user. So we’re able to help them at least do something from the cybersecurity aspect and really focus on getting some solutions in place, whereas they’d likely turn a blind eye and say, well, we can’t afford that fully integrated solution. So that’s kind of what we see is coming in now.
05:34 Dave Sobel:
Now I I’m super intrigued again because if you think about the traditional thinking on this, like you have to have a certain level of, you know, maturity within the business organization of the end customer in order for them to adopt that and that the chaos of, you know, a typical unmanaged environment right, would overwhelm a security offering. Talk to me a little bit, is that, is that not proving to be true anymore? Like, talk to me a little bit about that, how that works.
06:02 Justin Kane:
Yeah, so a lot of the smaller companies now too, they’re, they’re going with all cloud-based solutions. You know, they’re, they’re using QuickBooks online. They’re using some online CRM system. They don’t have the complexity that they used to have. And so, you know, we’re not, we’re not getting the overwhelming support requests on, on that side. It’s, you know, if something’s wrong, they’re calling the, the vendor, they’re calling the software provider. And so we’re able to slip in and add our solutions on top of that and basically say, look, we know that you can’t manage the security solutions.
06:41 Justin Kane:
They’re, they’re much more advanced. You don’t have the knowledge. We’ll take care of all of that for you. You guys handle, you guys handle everything else. You know, you, you can pick up the phone and call QuickBooks (as hard as terrible as that is), but you can, you know, and, and you can handle all of that, we’ll handle all the security for you. And if there is an in-between that, that they have an issue on, obviously there’s some overlap, office 365 management, Google workspace management, things like that, where obviously in those solutions on a frequent basis, and we can take care of a lot there.
07:14 Justin Kane:
But, you know, the user day, the, the normal day-to-day stuff and setting up new employees and things like that, most of our, our clients on the smaller end, they’re able to handle that themselves.
07:24 Dave Sobel:
Are there disqualifiers for potential customers? Like other ones that just you can’t take on?
07:28 Justin Kane:
Yeah, typically it’s anyone that doesn’t, isn’t already on Office 365 on Google Workspace, we can migrate them to those solutions. Obviously the, the, the real disqualifiers for us typically are just owners notwanting to take responsibility in actually realizing that there is a problem and taking the time required on their side. This is much of a business conversation as it is as a technology conversation.
08:04 Justin Kane:
And if they’re not able to understand that it’s, it’s a tough, sell and it makes our life much harder. So , we try to work that out upfront.
08:15 Dave Sobel:
Now, anybody who’s done cybersecurity for a while knows that this is ultimately a risk management problem. Correct. And I would assume that there are certain commitments that customers have to make. Talk to me about the, the level of commitment in order for somebody to be your customer, because it feels like you’d have to, to manage the risk.
08:32 Justin Kane:
Yeah, absolutely. And that’s it kind of touching on what I said, right? So as a business owner, as a business operator, you have to be willing to put in the time there’s, there’s only so much we can do from a technology aspect to where you guys have to put policies in place and you have to adhere to those policies. It ‘s not just, hey, here’s a standard list of SOPs and, and we’re gonna put ’em in a folder and say it, you know, it’s, it’s, you actually have to follow those things. You have to make sure that your employees are following proper procedures. We deal a lot with customers who are doing wire transfers and financial, you know, money going back and forth.
09:08 Justin Kane:
And there’s so many things that as a business that you just have to pay attention to and put in the time and effort to make sure you’re doing that.
09:14 Justin Kane:
You also have to take the time to do the security trainings that we send out, right? Most people don’t want to do them and everybody knows it’s those little videos that you have to watch and the quizzes you have to take. But they are really, really important, we’re trying to keep up and keep our customers knowledgeable about what’s happening. We can do so much and we can put as many systems in place as possible, do things to keep those bad emails from hitting your inbox and those phishing emails.
09:45 Justin Kane:
But at the end of the day, if you click on the links you shouldn’t be and you’re not making sure that your staff are actually following proper procedures. There’s only so much we can do. So, you have to take the time as an owner, as an operator to say, okay, we really want to do this. We really want to take the time and, and make sure that We’re secure.
10:07 Dave Sobel:
Now you’ve, I know you’ve been involved with MSPs before , talk to me a little bit about the, the like, kind of the genesis of this. Like, you know, you, you sort of must have said, Hey, I’ve done MSPs. There must be you, you chose not to do that anymore. Yeah. Tell me a little bit about the thinking behind the, the change in strategy.
10:24 Justin Kane:
Yeah, I think that’s a lot of, there was a massive gap that I saw, and I can’t tell you as an MSP how many clients we turned away because they weren’t willing to take that full MSP offering. And as an MSP, if you’re not willing to take the full MSP offering and we can’t see the full picture, I’m likely not gonna offer you that, that cybersecurity side of things. It’s just too much risk as the MSP. And so I really saw a gap where there were these smaller businesses, or even larger businesses especially, that had in-house IT support already, there’s a lot of misconceptions around MSPs coming in with existing IT and they’re gonna take over their jobs.
11:05 Justin Kane:
And so it was always a kind of a, a tough sell, you know, now the co-managed IT thing is, is is pretty popular and that’s coming around, but there was a gap in the market of people who were just doing nothing.
11:17 Justin Kane:
They, they literally doing nothing. They have nothing in place. They don’t have MFA turned on on their email or any of their accounts. And so, so that’s where we DoubleC hecked really was born, was let’s fit that gap. Let’s make sure that our clients, our customers are doing something. We can provide that consulting layer and just say, look, you need to be doing these things. We can put solutions in place that are really inexpensive but also really powerful and take care of a lot of the requirements that our customers typically see are our customers enterprise level and have, you know, in-house cybersecurity experts and thousands of employees, no. D o some of our customers even need a 24/7 SOC, no.
12:06 Justin Kane:
But most MSPs are gonna require that SOCmost other software vendor providers are forcing that SOC layer in there where the five employees, the 10 employees, they just can’t afford that. And do they necessarily need it? Yes, I, I think everybody does, but at least if you can do something and put something in place to really protect you is is really where we were born. We just want to help put some brick walls in place to where the 99% that are random attacks, someone’s gonna hit a brick wall and move on to the next person that doesn’t have that brick wall in place.
12:46 Justin Kane:
Which, you know, to the risk management, that’s the name of the game today.
12:50 Dave Sobel:
Now, I’m curious about the, the, the lower bound here, because it feels like, because you’ve got a pretty well-defined offering that is security only Yeah. That you could go down to even a micro business, but you’ve clearly got a line there of five. Talk to me about the, the decision, what went into that and what’s driving that?
13:06 Justin Kane:
For us, the line really is we have to put as much effort into one person that we do for 5, 10, 15, 20. And there’s so much that we do upfront from security assessments, you know, making sure that their environments are secure, looking at whatever software that they’re providing or that they’re utilizing, you know, is as simple as if they’re using QuickBooks, do they have MFA turned on for their QuickBooks account? There’s a lot of energy and effort that goes in up front, you know, and, and so honestly for us it’s, it’s just a financial decision to say there’s too much labor involved to, to really support the smaller, the very small and the solopreneur, if you will.
13:47 Dave Sobel:
Gotcha. Okay. That makes, that makes sense. Now, that also leads then to my next question is, is it feels like you have the typical lean of an MSP in that the more you automate, the better this, this business is, but you’ve still got a lot of labor. Talk to me a little bit about the balance between what you’re able to do with automation versus what you need humans for
14:05 Justin Kane:
A hundred percent. And that’s a, that is absolutely how we have built this solution. We wanted to build as much automation as possible. We use a lot of AI in our solutions to really take care of those day-to-day mundane tasks. We, we simply couldn’t afford from a labor aspect to not do that. And so, you know, we, our AI solutions look at every single email that come in and out handles a lot of things for us there. We have a ton of automation around security for, even for something as small as Office 365, like if we see an account that’s getting hammered, password sprayed or whatever it is, our system will automatically lock out the target account so that we have time to log in and remediate before something actually happens.
14:51 Justin Kane:
So we have automation built all the way through the platform so that those things that would typically take human touch to intervene and remediate it’s being taken care of, we are focusing on the higher level, you know, activities and, and that that initial consulting and assessment and really that con, that consulting layer with the business owners, you know, and our POCs to make sure we’re having the conversations that need to be had where the system is doing what it’s supposed to do.
15:21 Dave Sobel:
Gotcha. Well, Justin Kane is the founder and CEO of DoubleChecked Cybersecurity, dedicated to simplifying complex security challenges for small and medium sized businesses with over 15 years of experience in IT and entrepreneurship. He’s got a deep understanding of the technology needs of the SMBs. Justin, this has been fascinating. If people are interested in learning more about your solution, how can they reach out?
15:41 Justin Kane:
Yeah, easiest is https://doublechecked.com. All of our contact information is there. You can always email us at info@doublechecked.com or give us a call. We’re available.
15:53 Dave Sobel:
This has been great. Thanks for joining me.
15:55 Justin Kane:
No, thanks Dave. I appreciate it.
15:58 Dave Sobel:
The Business of Tech is written and produced by me, Dave Sobel, under Ethics Guidelines posted at Business of Tech. If you’ve enjoyed the show, make sure you’ve subscribed or followed on your favorite platform. It’s free and helps directly give us a review too. If you want to support the show, visit https://patreon.com/mspradio and you’ll get access to content early or buy our Why do We Care? Merch at Business of Tech have a question you want answered.
16:29 Dave Sobel:
We take listener questions, send them in, ideally as a voice memo or video to question@mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you’ve got a comment or a thought on a story, put it in the comments. If you’re on YouTube or reach out on LinkedIn, if you’re listening to the podcast and if you want to advertise on the show, visit https://mspradio.com/engage. Once again, thanks for listening and I’ll talk to you again on our next episode,
Part of the MSP Radio Network.