I recently had the pleasure of meeting with Gerty Tsinnie, CEO of 917 Solutions, to hear about her journey into managed services and cybersecurity. She shares how she launched her MSP, overcame challenges, and shaped her approach to cybersecurity. Whether you’re leading an MSP or just getting started, her insights will inspire and help you navigate today’s threat landscape.
Gerty Tsinnie: I started 917 Solutions about three years ago after I finished consulting for Fortune 500 and 1000 companies deploying Microsoft 365 and making the most of their Microsoft 365 investments. I started my company so that I could help smaller businesses gain access to Microsoft consulting. I saw the steep prices people were charging, and I thought “I could fix that.”
So, that's what I've been doing for the past three years. We've grown the company from just me to a team of eight people now with customers across the United States. We've delivered well over 100 projects for more than 70 clients.
GT: Our customers range from one-person shops to upwards of 13,000 users. We help translate a lot of the ambiguity that comes Microsoft 365, especially deployment and licensing. Often, we help customers understand what they're paying for, how to make the most of what they're paying for, and supplement whatever they need based on what compliance obligations they have to effectively navigate the security landscape.
GT: About a year and a half ago, I thought that I was just going to be a single consultant by myself, and I was going to consult forever. But I sat back one day and thought to myself, “Wow, I miss having a team. I miss being around people and working with people.” So, I ended up pivoting from just doing consulting to providing managed services and bringing on team members. But during that timeframe, we were really busy, super swamped.
So, I started sharing out my templates and checklists with the people that we were consulting with and they just loved it. I released standard operating procedures (SOPs) for deploying Microsoft 365 from scratch. It's basically a DIY guide where people can go at their own pace and deploy Microsoft 365. And we give you all the ingredients to do it yourself.
GT: I think I would tell myself to start networking earlier. I think that I really held back networking that first year because I was really afraid of it. Once I started to join different chambers of commerce and meet other business owners, I realized that there were so many other people out there that were exactly like me: an entrepreneur getting started that is looking for support and resources. There are so many people out there who genuinely want to help you and support you and help you grow and guide you. I would have probably started networking earlier because I would have met more people.
The Gerty that you're talking to today is very different than the Gerty from three years ago because I was very much an introvert. Now, I can go up to anybody, talk to them, carry a conversation. I just feel like my community has grown so much and I have so many more genuine friendships now that I've started my business. And it's incredible. I can't believe how many friends I've made while growing my business.
At the end of the day, when it comes to competition and businesses, everyone has different goals. So, it's okay if people copy what we're doing and follow us. I think people are afraid that people are going to steal your ideas, but the reality is like not everyone has the same goal. If you copy someone's ideas or if you're trying to do what they're doing, you might not end up in the same place that they are, because they might be rowing somewhere completely different.
GT: Big companies can be really cost-conscious, too. They might have more money, but the tight purse strings are still there. I would say that the biggest difference is really just scale.
I don’t think that small businesses understand how much of an advantage they have when it comes to size. When you're making a change across 13,000 users, that change happens very slowly over a long period of time. When it comes to small businesses, most of the time, as long as the leader or someone that's trusted in the organization is engaged and pushing the information down, that change can happen very quickly. It can happen overnight almost. You can go from an environment where it's not very secure and there are a lot of just hazardous things happening to something better and totally different. You can just see a tangible difference in the way that things are and the mindset that the company has. I would say that change happens a lot quicker with small businesses than the larger organizations. And I think that's the advantage that small businesses have over the big guys.
GT: For our managed services, we have two buckets that we've broken it into: the IT and the cybersecurity side. Todyl is included by default in the cybersecurity bundle and we're starting to include it as well with our vCISO services for architecture, engineering and construction companies. We do let customers know that that the Todyl agent is installed on their device and running in the background.
We won’t work with people that have the mindset that cybersecurity isn’t important. We'll disqualify them in the discovery phase. But, for people who value that as a growth opportunity for their business and a growth driver, a business enabler, if you will, then we prefer to work with those clients over clients who don't prioritize cybersecurity.
I learned that lesson about a year ago. We had a client that was pretty big and it was a lot of monthly revenue but they just ate into that revenue and it didn't make sense because they never wanted to upgrade. And so, we ultimately ended up firing them because they didn't prioritize cybersecurity at all.
A few weeks ago, a local small business called me up for help. I had been doing pro bono work for them before but was worried about potential liabilities. I asked them to sign up for one of our break-fix or managed services but they said it was too expensive. A couple weeks later, they called me again saying they had $200,000 stolen from one of their accounts. And then they got another round of deposits that were stolen from them again. So now they need our services, need our help. People do come around eventually but it's really hard to work with people that don't prioritize cybersecurity because it just weakens your systems and it prevents you from scaling.
GT: It's been about a year now. About half a year into starting our MSP, we were looking for partners to work with, and everyone kept mentioning Todyl. I learned more about the products, and I think SASE and SIEM are what really sold me. One of my favorite things is that I can have a thought or a technical question of what I want to build, and I know Todyl can do it; I just have to ask. I always have someone to go to when it comes to the Todyl stack.
GT: We had a customer we brought on that was being hit with phishing attacks left and right. In between rolling out a phishing filter with them, we deployed the Todyl agent to get SIEM running. I was really surprised at what it alerted on. Whenever someone does a mail forwarding rule for example, or whenever someone logs in from a really suspicious location, it'll tell us. But the forwarding rule is really what saved our behind. One day, while we were in the middle of rolling out our phishing filter, we got an alert. From there, we were able to stop a phishing attack from happening and spreading.
GT: Yes, I think the biggest thing is the logging portion. Once we have our baselines pushed out to Microsoft 365, Todyl gives us another layer of data to inspect and analyze. There have been one or two instances where Todyl has alerted on something before SentinelOne or Defender for Endpoint. It was just a ping up out of nowhere from the SIEM. We were like, “What's this thing?” And then five seconds later, all the other alerts come in from Defender and SentinelOne.
I think the other big layer for us is SASE. For one of our customers, we have to restrict their environment a lot. We’ve used Todyl to set up a perimeter around their Microsoft environment through SASE to restrict access from outside of the company.
We do that for our company internally as well to lock it down even more so that all of our technicians log in from the same endpoint. And that basically helps us when we're supporting our customers to not flag any weird sign ins or alerts.
GT: What I really like about Todyl is that I can control the licensing, and I can control the volume. We don’t get locked into anything; if I need to test something out, I can test it out with Todyl. I don't need someone to turn on something for me and wait for them to get back to me and then turn it on and then verify that the right thing got turned on because I was working with Cato [SASE] before and it was a lot of back and forth. I just had to wait so long to do anything. It was really frustrating.
I actually had a conversation with another MSP recently about SASE. He was using Cato and was used to setting up a PoP somewhere and then having agents connect to it on-prem and all this stuff.
I said “Todyl can do that for you. You don't even need that on-prem agent installed somewhere. You can just push the tool out to the end users.” At first, he didn't believe me. I told him about Todyl, what you do, how easy it is to access resources and the licensing model and everything. He's actually going to be reaching out pretty soon to talk about Todyl.
GT: Easy, accessible, and friendly. Everyone that I've talked to from Todyl has been super friendly and helpful. I get my questions answered very quickly.
One of the things that I was really surprised by is just how willing Todyl is to go out and help and offer support to businesses like mine. Todyl has created a lot of go-to-market materials for MSPS that are available for anyone to use and pull from. I really have been enjoying using Todyl so far and I just wish I had found it sooner.
