Your cybersecurity has holes, know where they are?
Summary
In this episode of the Start Grow Manage Podcast, we sit down with Mac McKeon from MacGyver Technology to discuss the importance of pen testing and how it can be used by MSPs to improve the security of the businesses they serve.
Mac shares his experience working with MSPs and the horror stories he’s seen with insecure IoT devices. He also talks about how his team helps companies build secure, efficient systems that can easily scale.
Listen to the podcast now to learn more about how pen testing can help keep your business secure.
Featuring
Steve “Mac” McKeon, CEO and Founder of MacguyverTech
MacguyverTech, we excel at building secure and easy-to-use systems that make sense and complement your unique business strengths.
Mac is a strong IT/software leader with 25 years of solving hard problems. Ethical behavior on the #blockchain Making the world better, one person at a time.
What is the problem you solve, and for whom?
We solve security issues in software and can help fix it.
How do you help MSPs
We also support many MSPs with secure software solutions and Persistent Vulnerability Assessments
Your Company Website/URL
MSP Goodies:
- Use this promo code for the Persistent Vulnerability Assessment
- “Start Grow Manage”
- https://macguyvertech.com/pva/
Transcript
Joe Rojas: Hello and welcome to the Start Grow Manage Podcast. I am Joe.
Jeff Loehr: And I am Jeff. How’s it going, Joe?
Joe Rojas: It’s going well. How you feeling today?
Jeff Loehr: Good. Welcome to Spring.
I went on a walk at lunchtime full-on coat, hat. I was sweating, okay. It was only 50 degrees outside, but I was ready for minus 20 and by the time I got home like I was full-on, you know, sweating and miserable.
So I was thinking, yeah, cool. Spring is springing. Then it’s gonna rain. So what did they say? March showers, bring April flowers or…
Joe Rojas: I’m ready for some heat, man.
Jeff Loehr: I know, and then you get to August, you’re like, I’m ready for winter.
But anyway, that is not what we’re here to talk about today. We have with us today. A special guest, Steve McKeean. Who goes by Mac. So we’re just gonna stick with Mac cause he’s the MacGyver of things.
He is an IT software leader’s got 25 years of solving hard problems. The best thing from the bio that I like Joe. He excels at voiding warranties. Which sounds exactly like our kind of people.
Joe Rojas: That is our kind of people. Exactly.
Jeff Loehr: He runs a company called MacGyver Tech, and they build useful, usable products out of duct tape and baling wire.
And then they use computers as well to give you the ability to track and manage data, access current historical, operational information, improve communications, automate processes, and they’ve got some pretty cool security stuff coming out as well.
Mac, say hi. Tell everybody what I missed in your intro there.
Mac McKeon: Ah, you guys did a really fantastic job. So I’m excited to be here. And you, one thing maybe you did miss is obvious you wanna address the elephant in the room.
You see the MacNerd behind me? That is our other brand that focuses solely on blockchain development, but you know, we’re both blockchain companies or software companies in the blockchain space. So I just wanted to clear up any confusion, wondering what the cool MacNerd back there is.
Jeff Loehr: You got MacNerd. You’ve got the music going.
Mac McKeon: Yes, I do.
Jeff Loehr: You are a busy man, my friend.
Mac McKeon: Yes, unfortunately, I am. I wish I get to spend more time on the music stuff. That is my hobby bucket, having two companies to run. Is no short order, that’s for sure. But I do spend some time. I got a seven-year-old kid as well, and he’s over here being DJ, you know, kind of thing and loving it, so it’s cool to have that experience as well with the music and my kid.
Mac McKeon: It is pretty cool. Yeah. I’m trying to have a good time with him. He’s not gonna be that young forever, that’s for sure. Pretty soon, he”ll be like,”pfft, dad, leave me alone.”
Jeff Loehr: Dude. It goes by fast.
Kenny, he’s in college, he just came home from college for a few days ago. It’s crazy how fast it goes.
Joe Rojas: My oldest daughter just turned 30 on Monday. I remember holding her like this. She was just like this little itty bitty thing like yesterday. And now she’s 30.
Mac McKeon: I got a little way to get to 30, but that’s okay.
I started late, though, too.
Joe Rojas: I got a 10 and a 12 too, so I’m with you, buddy.
Jeff Loehr: So Mac, tell us a little bit about MacGyver and really who your perfect customer is. And what problem do you solve for them?
Mac McKeon: Yeah, sure. I’ll start with a little back up to me.
You know, I initially started these companies here, MacGyver Media initially, about 10 years ago. And then we rebranded that to MacGyver Tech because, at the time, there weren’t many media companies, and it made sense. It’s a cool name, but the problem is we’re a tech company. Yeah, and over time the media companies became like marketing companies, and we had to change our identity, but still the same concept.
We’re a custom software dev shop that really cares about a couple of core values and is really simple. We always care about transparency and integrity, we have a security-focused mindset, and we care about accountability, and that’s baked into our culture, into our organization, and. Think and operate. So we’re basically like a software dev shop that you probably see a lot of ’em out there, but we’re more security-minded than your average shop.
We are part of a cool organization called the FBI InfraGard. So we generally work with FBI cybercrime and criminal activities that are on the web that you might not know about. We help those who help defend American infrastructure and make America a safer place. Using our skill sets and our knowledge as a software dev shop.
Jeff Loehr: First time we’ve had somebody associated with the FBI on the show.
Joe Rojas: Yeah.
Jeff Loehr: I assume we’re being monitored at this point.
Mac McKeon: FBI’s not gonna come after you like that.
Jeff Loehr: They’d have to be pretty bored to come down to my level.
Maybe be like, oh, he doesn’t have a minivan anymore. What’s happening over there? No.
Mac McKeon: But at first, it was very intimidating to talk to FBI agents. I could tell you that.
You wanna be careful what you say. Do you know what I mean? Anything you can and say will be used against you.
Jeff Loehr: You’re like no, no, no, but I work with you. Yeah.
Mac McKeon: I’m here to help you guys. Right? No. Sorry, son.
So anyway, sorry, all kidding aside. But it’s cool, and we get to see stuff that others don’t. We have access to systems, but we’re really the good guys here. To help people be protected, and we really care about that. It’s, like I said, baked into us, so we build secure software that’s easy to use and also good-looking. That’s what we do.
Jeff Loehr: I love the good-looking part, by the way.
Mac McKeon: I think that’s important. Honestly.
Jeff Loehr: Yeah, it is!
Joe Rojas: You have no idea how important that is,
Jeff Loehr: No. It is. It’s because we talk about technology being technology, but really it has to work for humans, and if it’s not attractive, people don’t use it. That’s just a fact about it.
Mac McKeon: We put our eyes more than anything else. That’s why our visual cortex is so large. You gotta pay attention to the visuals. And then, over the years of being in software for 25 years, I’ve seen a lot of dev shops or these software engineers and in general, they just focused on engineering.
There’s these cluttered pages with buttons and switches all over the place. And you’re like, what do you mean? What do I sart? You have to be really conscious of your audience and, even more so, of what’s the long-term play of these things we build.
They have years in life cycles with companies, and we’re there just to help them be more efficient and build better systems.
Jeff Loehr: So, who is your typical customer? Who do you typically work with?
Mac McKeon: That’s a really good question. As a software dev shop.
We work with all types of companies, manufacturers, distributors, companies that you know, ship, and have lots of things. Some of our customers are like Anheuser-Busch beer distributors. We also work with large manufacturers of Eaton products and Generac generators. What we do is we build all their systems behind the scenes that’ll tie their warehouse together with their inventory system, with their accounting system, and give them one unified system, or I like to call it one system, to rule them all.
Yeah. And what that does allows them to really scale and grow as a unit much more effectively than they have ever had before.
Jeff Loehr: How would you describe the problem that they have when you’re going in?
Mac McKeon: Fragmented systems, fragmented data sets. The warehouse is ahead or behind the accounting.
Everything’s in disarray. You got things running at different intervals, and nothing’s running in sync. Once you lock everything together, now you can run them in sync. Reporting aspects. Give you an example. With HM Craig, the company we just did, we spent about 5,000 man-hours to do this, and we tied together all these systems.
What we did is we, in the end, we made all their data sets go into one database server, one data cluster. And so now, what we can do is cross-database queries without having bottlenecks. Cause a company of that size and scale would have so much data to send through, and let’s say wanna merge that with my accounting.
You have to pump all that data over there first, then put it into a temp table, merge it, and that’s a time delay right there. We have it all in one place. We get real-time data instantly now for every aspect of their business, which I think really gives you the real-time holy grail, what most companies are looking for.
So that’s kind of what we’d like to do, is really build systems that help them scale.
Joe Rojas: Pretty awesome.
Mac McKeon: We like doing that, but that’s just one facet of our business as a builder. We’re also been building a product for ourselves for the first time.
Jeff Loehr: Let’s just talk about that in a second.
I’m wondering if you could give us your offering with managed service providers.
Mac McKeon: So, as a partner, one of our strongest partners are managed service providers and IT companies.
Cause a lot of times, as being somebody who’s been in IT and software for around 25 years, initially, you can have an IT company to do software back in the day, but now they’ve become two separate industries. Now a lot of these IT companies get themselves in hot water, try to tinker around that, and think they can get it right.
Making a customer unhappy. Things go off the rails. They give us a call. We fix and clean it up. We’re professionals. This is what we do. We do software. Software is our business, and we’ll make that whatever it needs to be for them. So we usually partner with them cause we can make them look good and keep them in their lane.
Even with the cybersecurity stuff, they’ll try to get into it too. I see an IT company a lot of times it’s more like a general contractor. They’re in touch with a lot of different types of things, and not all of ’em that they’re good at.
Joe Rojas: So, what war stories have you got?
I was an MSP for 20 years, right? And I never tried to tinker in this cause I came up through infrastructure. So I was doing all the, you know, rack and stack hardware, cabling, all that stuff. So I didn’t even wanna mess with the coding.
I gotta bring an expert in for that, right? I started my MSP, but I really started on the hardware and repair side, and then I morphed into an MSP. And then I hired some really smart people, but I was like, we’re not gonna do coding. We always brought a partner in, but a lot of MSPs do what you said.
And my fear was always that I would lose my MRR Right. If I did it myself.
Cause the MRR is the holy grail of MSPs. And my fear was that if I did it myself and I screwed something up. I would lose my monthly recurring revenue if I have a client that was paying me $20,000-$30,000 a month. I don’t wanna lose that $20 -$30,000 a month cause I’m gonna do a $50,000 project one time.
Mac McKeon: Correct. Yeah. That’s a smart way of playing that.
Joe Rojas: So I always brought a vendor, but what are some of the horror stories that have happened? What are some of the war stories that you’ve got about MSPs where you had to come in and save their bacon?
Mac McKeon: If it’s gotta be an MSP thing, it’s different. I could tell you recently something we just did for a company that has a product, but we’re also really good with SaaS products too. You know, companies that go out the market that might have a hardware device along with software to go with it.
And I could tell you with these IoT devices that are hitting the market really hard right now, many of ’em are very insecure. I don’t wanna name the name. It was a baby monitoring software for a company. Initially, they came to us, saying, Hey, our insurance company’s demanding us to get a secure pen test to see if we’re actually legit and good.
We took a look at their code, immediately punted it back to them, and said, we didn’t see this. Please fix it. Like they hired some developers out of China. Then it was passed on to another guy in Brazil, and there was like a whole crap show behind the scenes. So we literally broke their heart three times in this process, and listen, we’ve finally gone through with them multiple run-throughs of getting it right, and then we finally came to the point of we found out that their hardware device that’s actually sending traffic back and forth from your phone, it’s all unencrypted, port 80 traffic.
So we were like, oh my God, so how can we fix this? So they’re basically ready to go to market, and they can’t until we give ’em the green light to give ’em a solution. So what we did is we came up with a clever way of encrypting and decrypting the traffic.
You know, at Endpoints and then in transit, it’s just encrypted with multiple layers to prevent anybody from sniffing it out.
And that was our way of getting past the security risk and giving them the stamp that they can move forward. So that was a way of us helping them as a development shop. Cause this is a cybersecurity company, and we just did the halo, don’t wanna say the name if we did that project.
They would’ve never seen this cause we found all this stuff by looking at the code. We can look under the hood where most of the other companies can do the drivebys, as they call ’em by, and see what’s on the outside of your house and maybe a window’s open.
But we’re looking at your wiring, we’re looking at the infrastructure, and we actually understand that because we’re builders, which really sets us apart, and we can look at the code, and it’s not like this kind of gray area where IT companies or cyber companies are. So that’s what separates us a little bit there.
And it’s a kind of a cool war story there. For success. We got them to the product to launch.
Jeff Loehr: And I think it’s interesting as well. Like you, you talk about the fear of if I do this, I lose the MRR, right? And I think that one of the things that we have to remember is that an MSP has any business but as MSP.
We have to keep innovating. We have to keep doing new things. And the way that you actually drive value, the way that you are able to reduce your costs is by improving your process, is by doing more,
Mac McKeon: You don’t always have to do more. You just have to be more efficient.
Jeff Loehr: So you do more with less, right?
Mac McKeon: Right.
Jeff Loehr: So where you get to that point where you’re getting more efficient. You’re streamlining, and then it’s easier for you to take on more pieces. And when I say more, I think, you know, technology is always evolving.
So what the standard is today, right, is going to be a small fraction of what the standard is tomorrow. And if you’re not developing the tools, if you’re not developing in a way that allows you to address the challenges tomorrow, then you’re going to get stuck behind.
So I do think that there’s this fear often if I put in these tools, if I do something different if I change something that I’m going to make it easy for my client to do this, that I’m going to innovate myself out of a job.
Joe Rojas: Yeah.
Jeff Loehr: But I think at the end of the day, It’s just not that way because life evolves, and you have to come up with solutions to stay ahead. Right.
Joe Rojas: And I used to have that fear all the time, Jeff, when I was in MSP. It’s like, oh if I fix this, then we won’t have work anymore.
And then, once I started, I got over it, and I started doing it. I really saw that the second you fix something, there’s a whole next set of problems.
What I found also is that if you get yourself into that place where you’re dealing with that higher order of problems.
It is so much more fun. Oh my God. Right? Oh my God, it’s so much more fun the problems that you’re dealing with at that level, and so back to this development thing, one of, one of my fears is that as an MSP was to bring in somebody and they would disappear on me or bring in somebody to build something custom, and then I don’t know anything about it, and it’s, I can’t get anybody else to work on it. And those things really kept me away from that. But sometimes you need it.
Mac McKeon: I guess as a software company, we can do some IT stuff, but we tend to make sure we don’t get in that box either. I would rather get a network engineer to carve out the network. Much better than I’d have one of my engineers who maybe does development do it even if I could do it, but I’m stretched for a time myself, and it’s good to have the right person in the right seat.
You can somewhat be on a seat, but you’re only gonna get a halfway done job. I wanna deliver excellence in any way that we can do it. And if I can’t do it, one of my partners can do it cause the whole point of that is this deliver quality work to whoever you’re helping.
Jeff Loehr: I get that; that’s great. So I think another area where MSPs have fear is in the security realm.
We’re talking to somebody in the next few weeks about penetration testing.
There is a general fear that, hey if I do pen testing if I test my security and it comes out the wrong way. I’m gonna make myself look bad. Right?
Mac McKeon: Right.
Jeff Loehr: And I guess what we’ve really discovered is that you’re much better at getting ahead of that than falling behind. Clients are not necessarily upset that you say, Hey, you’ve got this security hole, and we’re gonna work on fixing it.
But they do really mind if you go in and say, look, I’m sorry there was a security hole, so
Mac McKeon: there was a security breach, and yeah, we’ve been compromised and, you know,
Jeff Loehr: So sorry. We didn’t do things the right way. And all of your passwords have now been distributed and are for sale
Mac McKeon: Or the backup system doesn’t work anymore. Sorry, we weren’t checking and monitoring.
Jeff Loehr: So these things do tend to come up, and you’ve actually been working hard on security, right? So you’ve got some stuff you were talking about the pen testing and actually talking about bringing it into more of a continuous.
Absolutely. Rather than doing it, like once a year, once a quarter. So tell us a little bit about that.
Mac McKeon: Yeah, it’s definitely something we’ve been keeping in mind. And keep in mind I am an ethical hacker, and security has always been top of mind for my entire career and life. And it’s something that’s really important to me.
One thing, as being in the software world for about a decade now, and I found a lot of my competitors that are in the software world don’t care about security as much as I do. And it’s the problem. It’s like security is always kind of an afterthought that just gonna slap it on, and after they’re done, and then we think we’re good, and they slap a bandaid on it.
Jeff Loehr: No wonder there are so many breakings.
Mac McKeon: Yeah, that’s what I’m saying. You gotta bake it in. You gotta start from the ground up. And we really want to strengthen that, not just for us, but for other software companies and SaaS products.
There are a lot of people looking for something out there that’s a little bit more persistent than just a pen test once a year. So we came up with a productized version of a pen test but at a six-month interval. So basically, for the same price, you would get a pen test for an annual kind of report.
We give you two of them within a year, but what we’re doing. We have about 20 tools we can run against you, and we run them over the course of six months and rinse and repeat and what have we learned? And on top of that, we’re calling this, you know, PVA Persistent Vulnerability Assessment.
And we give a complimentary co-review included in our packages, which the cyber companies can’t really do because they’re not software dev shops.
So it kind of puts us in a different place. You get to see, as a CEO of a company or an owner of a company, a third party, validate your dev shop or dev people and say, you know what? They’re actually doing good stuff or not, and then you can plug the holes and actually sleep well at night.
Jeff Loehr: right.
Mac McKeon: Software is such a thing. It’s, you can’t dislike. It’s not like a visual where you can look at a UX designer and immediately know if something’s good or not.
You can’t do that with code. You have to get into weeds, and there might be one line of code that could screw a whole thing up that you don’t know or a misconfiguration or something was a common add-on properly, you know, give you an example.
We audited a large shipping company, one of the largest in the world.
They’re actually in the process of acquiring and shipping applications to help them automate and become more proficient. The application was stellar rock solid, except for the developers exposing all the API keys because they didn’t come out the console log of all the keys when they were basically doing testing.
So even though the code was good, they had a misconfiguration where they exposed all the API. It was a bonehead move that some developers forgot to turn a switch on or off for dev mode and left it in the production server, and here you go, exposed all that information.
Jeff Loehr: We’ve been having that problem with the history at Chat GPT, Joe.
They also had a security problem, right? Because apparently, you could, oh, a couple of little keystrokes, and all of a sudden, you could see everybody’s history. So you could go through and like the whole history was available, right?
Mac McKeon: They didn’t secure their endpoints to basically, even though Chat GPT is using AI, still using traditional web 2.0 technologies to send rest requests to the server, front end, and back end. And I guarantee we’ve had this happen before. They didn’t lock down the permissions along with the data being sent for the request.
Jeff Loehr: Yeah. I guess the thing is, these things are going to happen.
Mac McKeon: I mean, software and security are really hard, is the best way to put it.
Jeff Loehr: Thinking about our MSPs and our listeners out there, I think the idea of bringing someone in to test your environment or test your client’s environment or try and poke some holes in what you’re doing on one hand, you know, you don’t wanna look like an idiot.
On the other hand, it really seems like a way to add a lot of value. If you can go to your client and say we’ve been running this persistent vulnerability assessment.
Joe Rojas: I can’t tell you how many times I would say to my clients, look, these are recommendations. These are the things that we need to do now. This is what, what’s gotta happen? And they’re like, oh no, we don’t see that we need that. We don’t think we need that. We don’t think we need it. Right? Right.
And so they’re holding off and holding off. Yeah. And the beauty is when you bring in a third party, And they go, here are all the holes. And then the client comes back to and says, look at all these holes we have. They go, you see, over there on your desk under the blue folder. That’s all the proposals that I gave you.
Jeff Loehr: I’ve been talking about those like I’ve been waiting for this day.
Joe Rojas: And that’s exactly the reason why you have to have these things. If you’re one of our MSPs, especially, you’re doing your SBRs; you’re doing all this stuff, you’re doing all the right things so that you’ve already had those conversations with your client and when you’ve already had those conversations and that third party comes and validates your theorem, boom, it’s like it’s magical because then you can really go and do the remediation.
The great thing about penetration testing is that most penetration testing companies don’t do remediation. The remediation is gonna fall back on you as the MSP. So you really want to do that pen testing unless you’re not doing your job, and then it’s horrifying.
Jeff Loehr: I think as well. There’s the pen testing your persistent vulnerability analysis, right? They’re also gonna help you put these vulnerabilities in business terms, right?
Because I think way too often we’ll talk about things like, oh, there’s a problem with our firewall over here or a switch over there. And as soon as you say words like that, you know, business people, their minds just think about anything else.
Mac McKeon: I know, right? It’s like they wanna run for the hills
Jeff Loehr: They really, truly don’t care. But when you do the penetration test, you say, look, here’s the problem. People can come from the outside to the inside and steal your stuff.
Mac McKeon: Exactly, it’s like leaving your keys to your office right outside the door so that you can walk in free. That’s basically what you’re doing.
Jeff Loehr: And when you can show that and say, now this is how we can plug those holes. Now you’re really speaking business language rather than just technical language.
And I think that’s really important. So with all of These tools, understanding that and being able to turn those risks away from, Hey, it’s time to update your hardware, to look guys, this is really what’s happening out there. These are the kinds of risks that you are facing, and here are some recommended solutions that can really help you address those risks.
I think that’s a pretty powerful thing to do.
Mac McKeon: Yeah, I think so too. And it, right now, it seems. It’s only getting worse with the security and hacking. It’s not getting better. And there’s a lot of companies overlooking that, you know, it’s crazy, and they’re more sophisticated.
Jeff Loehr: It’s always going to get worse, right? Remember, think back, have you watched that movie about the Enigma machine with touring?
Mac McKeon: Oh yeah. The touring machine. Yeah, I saw that.
Jeff Loehr: When he invented the touring machine, he invented the thing to break the enigma. And it’s just interesting to think that enigma machine was. It was unbreakable, right? It was unimaginable how complex that code was. And now your Apple watch could probably break that if you put a couple of commands in it and would be like, oh yeah, Nick, no problem.
Tick tick. Right?
And I think that the reality is that the cybersecurity risks are always going to continue to increase because people are always going to be pushing on things.
Joe Rojas: Here’s the thing, right? Every time we have a technological advance, in the beginning, it’s like, Ooh, this is awesome. And then the bad guys go, I can use that crap out of that. Because if you don’t think that the phishing emails from Chat GPT are gonna be grammatically correct and have all the right information
Jeff Loehr: I’m already getting better text messages and spam emails already better because they’re using Chat GPT
Mac McKeon: I can tell you what’s really horrifying as somebody in cyberspace is now imagining fighting an AI bot that’s countering your moves.
Jeff Loehr: Yeah.
Mac McKeon: In real-time. That’s what I see coming next.
Jeff Loehr: So all of that code that Chat GPT is able to create in 30 seconds. And they’re able to create this attack code in 30 seconds.
You’re gonna have to find some way to counter that. Right?
Joe Rojas: It reminds the story you were telling me today, Jeff, about the Task Rabbit.
Jeff Loehr: So there was this story it was on the Hard Fork, and they were talking about how the open AI was testing Chat GPT…
And they were using a nonconstrained version of Chat GPT to figure out what it could do.
Jeff Loehr: So one of the researchers wanted to get around a captcha. So the Captcha stops the Chat GPT; it can’t get around it. So what ended up happening was that Chat GPT went out and hired a TaskRabbit to do the captcha for Chat GPT, and when the task rabbit guy came back and said this seems really weird; you really need me to figure this out?
The Chat GPT, the AI, actually realized that this was a challenge and that it had to come up with a convincing lie so that TaskRabbit would do the captcha. So it made up this whole story about being visually impaired and actually got the TaskRabbit to solve the captcha so that Chat GPT could break into the system.
How cool is that?
Mac McKeon: That is badass.
Maybe someday. I’ll tell you what, the AI stuff coming. I tell you, once machines realize we’re not the smartest creatures, I think we’re in trouble.
Joe Rojas: That’s about six weeks
Jeff Loehr: They are going to say, “These guys are really not that smart.”
Mac McKeon: What’s wrong with these humans? Man.
Jeff Loehr: Humans, they’re so easy to trick!
Mac McKeon: Yeah, you’re not kidding. All the social engineering man, I can get around them. Imagine
Jeff Loehr: We’re programming these things with social engineering, so I think that’s gonna mean like we’re programming Chat GPT to be really good at tricking us to do stuff.
Mac McKeon: Imagine now an AI is going to call you. It’s gonna sound like me.
Jeff Loehr: So this phone call I have from you is really an ai. Yeah, right,
Mac McKeon: Exactly. Sorry, this is my AI fake.
Jeff Loehr: You were saying that this is actually this PVA. This is your first product.
Mac McKeon: This is the first product that we’re making.
So we’ve identified in the industry, being the software world and the security world, there’s a real gap. In this space, especially for eyes and ears from the software world.
And we made it a product to solve that problem. Here’s an example. We’re already having customers lining up before we even have the product out. What’s cool about that is they’re also helping us sculpt the product to make sure it’s a really good fit for what their needs are.
That’s so basically what we’re doing here is that this company that can do pen testing. What separates us is we are also a full development shop, so we can actually do a code review and also the remediation work. As you know, Joe, you mentioned that earlier remediation work is something that. We can do that type of work cause we are a full dev shop.
We have that competency in. But the issue is if we do the work, we can no longer audit our own work moving forward. At least for that pass, we have to have a third-party cyber company as a partner to do that. And that’s outta scope. And so that’s a whole different thing, but we’re able to help them where they might not have the expertise in a certain programming language or database.
We’re experts in this area, so we can offer those as a kind of a thing. And on top of that, what we’ve done is we automated all of the pen testing, about 20 different tools that we hit you from AWS, and we automate that over a six-month cycle and then rinse and repeat another six months. And then we basically give you two pen tests within.
The entire year, every six months. And that’s a roll-up from what we learn and how can we make a better plan and can keep rinsing repeating, and we’re calling a PVA or persistent vulnerability assessment.
Jeff Loehr: So, people who are interested, we’re going to put the link in the show notes. So we’ll have the link to you in the show notes, and people can just reach out to you there, and we twisted Mac’s arm before this.
Cause we said we, we’ve gotta get some sort of discount. We don’t know what that discount is.
Mac McKeon: Yes, absolutely. If you’re coming from there, there is an area put in a promo code.
Joe Rojas: They can put in Start Grow Manage
Jeff Loehr: Start Grow Manage
Mac McKeon: We put that in there, make sure they know what the promo code is and the link, and then we put that in there. We’ll make that, and we’ll give them a discount.
Mac McKeon: We are giving sweetheart deals to help us refine the product and make it scalable and where we want it to be. It is a new productized version. It’s the first time we’re making a product for ourselves. It’s nothing new in some senses cause we’ve been making products for other people, but wearing the other shoe now and going from a service-based mindset to a product mindset is it a little different.
Jeff Loehr: I’ve gotta say we are big fans actually of all providers selling products. So the way we see it, our MSPs Oh, cool. They productize their offering. Cause it’s really the only way you can create something that is truly repeatable and scalable. That’s right. I’m a big fan of this man.
Mac McKeon: it’s still in the process. A lot of work ahead of us. We just got the basic plumbing done and the infrastructure to run all this for our first customer. The whole interface for everybody getting access to our portals is still being developed.
The services are active live, but having all the bells and whistles is still being worked out. That’s why we’re giving sweetheart deals as to some of the newer companies that are helping us, making sure we have a good product, but let’s, we just wanna do the right thing here. It’s a product of love.
Honestly, money-making is really not there. We’re just trying to get market share and build a good product to where we see there’s a weakness in this area.
Jeff Loehr: I guarantee someone listening right now has a way to break your system. So we will encourage them to come to try and break your system.
So go be a beta tester for MacGyver tech here and go try out their PVA, and that really brings us to about time. Mac, it’s been great chatting with you. Time kind of flew by there, right?
All right. Hey Mac, it has been an absolute pleasure chatting with you. It’s been great. Anything else, Joe, that we need to mention before we take off?
Joe Rojas: No, I think we’re good except for that one last thing, which is,
It’s remember that You Are Loved. We’ll see you next time.
Jeff Loehr: See you next time everybody.
Mac McKeon: Pleasure. Thank you, guys.
