Partner Relationship Management (PRM): The Ultimate Channel Sales & Partnerships Podcast

12 - How Partners Vet Vendors & Cringey Things Vendors Need to Stop Doing Now

October 03, 2022 Magentrix Season 1 Episode 12
Partner Relationship Management (PRM): The Ultimate Channel Sales & Partnerships Podcast
12 - How Partners Vet Vendors & Cringey Things Vendors Need to Stop Doing Now
Show Notes Transcript Chapter Markers

It’s no secret, potential partners start scoping you out long before approaching you.

Sure, it’s easy to brush off anonymous complaints as “unimportant”. 

But don’t forget, the channel community is listening.

Today’s episode brings a new perspective on partnerships. We welcome someone representing the other side of the channel: a channel partner, straight from the MSP community.

Listen to this episode to find out:

  • How partners vet vendors
  • Managing your reputation in the channel community
  • Which common practices turn partners off from working with you
  • And, as a bonus,
    How to start delivering marketing that adds more value to your partners

Today's guest has been in the tech space for nearly 30 years. For the past 2 decades, he’s been a tech entrepreneur and advocate for open-source software. He maintains a YouTube channel, “Lawrence Systems” has over 258-thousand subscribers where he vlogs on: Tech, IT and, cyber security. And he’s currently the President at Lawrence Technology Services, a Managed Services Provider based in Michigan.  

Read the blog:

(0:00) Introduction
(02:34) Why is it important for an MSP to thoroughly vet vendors?
(4:11) Define the MSP community and tell us where you connect with each other?
(5:41) Red flags that can make you stop pursuing a partnership altogether
(8:06) Green flags – Factors that inspire confidence in working with a vendor
(9:33) Cringe-worthy call-outs: Claim # 1 
(11:13) Cringe-worthy call-outs: Claim # 2 
(12:39) Does breaking trust tend to affect vendor reputation forever? Can a vendor come back from breaking trust in the partner community?
(14:57) Things vendors need to start doing to increase transparency overall
(16:12) Pricing and transparency: How should vendors list pricing?
(18:50) Product feature pages are usually written by marketers. How do you ensure that a vendor’s product does what it says it does?
(21:05) Vetting Vendors video reaction
(25:52) How can vendors be as transparent as possible
(26:11) What's the right balance of marketing vendors should do?
(28:09)  At what point in your vendor vetting process do you reach out to engage with them about a potential partnership?
(29:54)  Advice for vendors dealing with issues that are negatively affecting their reputation today
(31:14) Conclusion 


This production is brought to you by Magentrix ✨💜
Magentrix is a pioneer in platforms for partner ecosystem management and partner relationship management 🤝

If you haven't already, please like 👍 & subscribe! ✅ And if you enjoyed this episode, please leave us a review on Apple Podcasts ⭐️⭐️⭐️⭐️⭐️ See instructions to do so at the end of the episode.

To learn about Magentrix PRM, please visit


Podcast Credits:
Host: Paul Bird
Executive Producer: Fereshta Nouri
Content & Research: Fereshta Nouri
Graphics & Branding: Fereshta Nouri

Paul Bird:
Today's guest has been in the tech space for nearly 30 years.

For the last two decades, he's been a tech entrepreneur and an advocate for open source software. He holds great influence within the MSP community.

His YouTube channel, Lawrence Systems, is over 280 thousand subscribers, where he talks about Tech, IT, and Cybersecurity.

Today, he's the president of Lawrence Technology Services, an MSP based in Michigan. He's got a video called Vetting Vendors, which coincides with today's topic.

So he's here today to tell us about how partners, vet vendors and three cringe-worthy things that vendor should stop doing today.

Please welcome, Tom Lawrance.

Welcome to the show, Tom. Great to have you here.

Tom, tell us a little bit about your background in the MSP so far.

Tom Lawrence:
I worked in the enterprise space for a while, so my MSP business is a little bit more recent over the last 5 or 6 years. We approach a few things differently.

But of course, as you get deeper into the MSP as you get to know the vendors and all the crazy things. As a matter of fact, I just got back from Datocon and we were laughing and going, “didn’t you used to work for X vendor?”

I'm realizing what a small world it is – where people bounce from vendor to vendor.

Now, the good news is those are the good ones, they generally are in demand as a salesperson, but I think we're going to mention a few of the ones that, well, aren't so good.

Instead of building relationships, because even one of the vendors, when they left, I knew what a good job their interactions were as a salesperson.

And I messaged them on LinkedIn when they announced they were leaving because they didn't announce where they were going yet.

I said, I know you're good to deal with. Go ahead and hit me up when you go somewhere else.

I always enjoy interactions with these good reps.

So there are the good people out there, I won't taint all vendors as terrible.

Paul Bird
It's all about maintaining the relationship.

So what about Lawrence Technology Services? Tell us a little bit about that.

Tom Lawrence

We offer IT and managed services.

We focus a lot on the co-manage side of things.

We help a lot of internal IT teams do some of that heavy lifting they don't want to do. We help keep them focused on the internal facing problems that are equally pressing.

For instance, if a printer is not working, but a server has a patch that needs to be loaded, the person in accounting wants to printer working first. We try to make the internal IT team be the hero.

I've got a good team that built out over the years. There are nine of us working, most are going tier two or three engineers.

We focused on a lot of the heavier side, which is a direct reflection on my YouTube channel.

My YouTube Channel isn't just me riffing on things.

I do mostly in-depth tutorials where I'm talking about storage servers, and those are results of projects  we’ve done

After you complete a project or as we solve and build a solution like, you know, multiple petabytes of storage first client, then we come back and talk about that in a generic way.

You know, we're not naming the clients necessarily, but we talk about what it's like to deploy something at, scale.

What worked, what didn't work with the product. It’s so I can give some honest opinions out there so people can better understand it from a non-sales perspective. I'm completely not a salesperson. I'm a nerd.

Paul Bird
And I mean, it's great that you could share that knowledge to help build the community.

Tom Lawrence

I think that's important.

I've been someone from the early days in the hacking space and moving onto some of the enterprise security than moving on to the MSP.

But still doing some enterprise security - it’s just talking about it so we can educate more people.

You know, it's funny, I even did a small talk for a group of, like, 10 people last night, at a little local security conference.

This is why my voice is hoarse; from going to DattoCon, trying to rest, and knowing I already agreed to do a speaking engagement on a security thing at the back of a bar last night.

It doesn’t matter to me, I love whenever I can give back to the community.

Whether that’s bringing more people into the fold, teaching them about the space, or showing them these things they always think are complicated, and it's only really complicated until you start to understand it.

I'm largely engaged with community building, and that's one of the things I gravitate towards - even with vendors. I latch onto companies when I see them deeply involved and go, hey, what can we give back to the community?

I think that’s the first thing any of us should be doing: keep more education out, there.

It's tough. We're still a growing industry, where, a fast-moving industry. Certifications are one side of it.

But, there's still so much more learning. 

You've been around long enough to know the joke about paper.

MCSE - the early certifications were kind of a joke.

People could get them and have no idea what they were doing. The certification sheets getting better on it.

But there's still level of hands-on knowledge you need to be a practitioner. They were actually talking to us as if everyone is hiring seasoned security engineers but there's never enough of them.

Paul Bird
So let's get onto today's topic. Let's start right with the basics.

Why is it important for you as the owner of a managed service provider to thoroughly vet the vendors you work with?

Tom Lawrence
So the challenge, and this is not an easy task, but there are some things you can do to do vet vendors.

You want to make sure that the vendor is going to have an optimal relationship with you and support you long-term.

Because if I am making a bet that this product will do a thing, I want to make sure: 

  1. It does a thing I can be supported and 
  2. then I can sell with a straight face and confidently to my client that it will do this thing.

I love to kind of generic like that, butwhether it's a cybersecurity tool that's managing it, or if it's an auditing tool, that's going to give me some software inventory.

I need to know what the long-term partner relationship looks like.

Because as you grow as a company, when you only have a couple of clients.

No big deal.

I think currently we have 74 companies under contract that we're doing outside a T-4.

Well, any bet I make, to add to my stack is multiplied X74 companies multiplied by the number of their endpoints so there's a commitment on me to

  • Learn your product, 
  • Deploy the product, 

and hopefully the product will not cause issues for my client.

So the relationship has to be there.

And on the edge is going to be something more on the fringe case, but you want to make sure that with VoIP services for instance, you want to make sure that they have solid agreements that they won't just try to go direct with them.

Because this is something that threw Dell under the bus.

Dell had got caught doing this more than once where they just go around and violate partner agreements.

And that's not what you didn't build the relationship with Dell for Dell to try to undercut you in their partner agreements, sell direct to your client, cut you out.

 You build the relationship to everyone working wihtin a channel partner program.

Paul Bird
So I'm sure that leveraging relationships that you may have with other people working in this space is helpful.

Can you define the MSP community and tell us a little bit about where you connect with each other?

Tom Lawrence

You know, to the big places that we connect with each other is going to be MSP Geek. (I'm friends with the people that run it).

There are 5013C. They're not just an organization, they are truly a non-profit organization.

It’s just a lot of MSP people wanting to help each other out.

Then, you have things like Reddit, our MSP - it's a Subreddit. It’s good and bad. There's always people complaining about something in there.

But that's another place where people just kinda talk about vendors.

And some of the vendors take the time to properly engage and interact. And the same thing with MSP Geek.

They have very strict moderation rules about vendor participation.

Vendors can answer questions, but they're not there to sell. And then we can just answer questions about the product and things like that.

So there's a couple big community ones. 

And then the meet-ups I go to. All the different peer groups that you can join.

I'll use DattoCon.

And by the way, I don't use any Kaseya ones. Or Datto-user.

We just went to DattoCon, it’s about relationship building between me and all the other MSPs.  

That was how I lost my voice talking to them. 

Late nights, just having lots of business discussions and sharing knowledge with each other.

Building a good, solid friends list of people you can trust and people you know, will help you dramatically understand. 

You can all get to your perspectives on the vendors and how the actual products work.

Paul Bird

So let's talk about some kind of the go, no-go, the red flags, the green flags when you think about working with different vendors.

So as you're going through, vetting through the community, and through the online forums, and the networking events, what are some of the red flags that you tend to notice?

That would make you kind of not pursue an alliance or a partnership with a specific vendor?

Tom Lawrence
So there are a couple of things.

1. How bad is their marketing?

And when I say it like that, it's the overstated claims, especially in a cybersecurity world, where you have vendors that claim no matter what the problem is, they would solve it, hands down, nothing would ever get by them. Their product is perfect.

Anyone who makes these, you know, absolute statements about a product is usually over-exaggerating things. It just doesn't work that way.

It's not a realistic statement. It's not something they can probably back up.

2) The next one is going to be a price so low it's suspicious.

There are two reasons you're going to do a low price:

  • You're not doing exactly what you're doing. You're taking advantage of gaps in the market. We define something like maybe a “pen test” .What does it really mean? Application testing and things like that.  There are some guidelines around it, but there can be some gray area where some vendors will go “I can do it for well, 1/10th of the other ones. That's kind of a scary thought.

Same thing goes with pricing that’s too good to be true.

It might be. I look at things like TechCrunch to determine if they might be just a land grab.

Some companies come in with the hopes to be bought. They built a product, they're gonna go way under the competition to grab as many buyers as they can. And then a cell to some venture capital company who absolutely knows how to get a return on investment.

You triple that lock in rate, and the pain of switching a product is high once you've deployed it across 70, your team knows it. The learning cost is high.The switching cost is so high.

You go, I guess I'm just gonna have to pay increase. 

So trying to figure out if they're right price for the market, which is a hard thing.We're always looking for a deal because everything scales out. We have to make margin and this also goes back to a relationship with your clients.

You buy a product that costs X. It costs 4X later. You say, well, I got to factor these costs into my client. So I gotta raise prices to match what the new costs from the VC purchase of this company and how they're gonna raise it.

So it's not like there are these hard things I can tell you, it's kind of an overall gut-feeling I get from these companies.

Paul Bird

What about on the other side when you're going through. What are some of the real key moments where you go, “yeah, this looks like a vendor I want to partner with? The ones that get the green flag the whole way?

Tom Lawrence

When you see them just engaging with the community all the way around. They're holding a lot of free webinars. Even if there are smaller events in your area. I've seen even some storage vendors do this which is nice!

They had an event here in Detroit.

I got an invite.

I was already on their mailing list, that's how I knew about it.

So, they didn't mail me any more stuff, but they built some community.

They left a good welcome time for me to interact with all the other people locally that had showed up to the event.

They got us some food, talks about their product while we ate, and are the only asked for a smaller amount of my time.I think we were only there for like three hours, or four hours.

I'll go somewhere for a few hours.

And they raised the bar for education, not product-centric.

It was problem-solution, and of course, they have a product that fills it.

They're not going to talk about something that doesn't fill their product, but as you have more education coming out of them, and vendors can afford it. - It's a good marketing.

You're building some goodwill for the community.

You're pushing out a lot of information.

And like I said earlier, that's near and dear to my heart. Because as we raise the education in the community, everybody wins.

By the way, the perspective you give, by doing that means people are more sympathetic to your product. 

We get that you must sell products to fund this education, therefore, I like your product.

Paul Bird

Now I want to get to the cringeworthy things.

Now, you did this YouTube video about Vetting Vendors where you focused specifically on misleading claims.

Now, without naming any names, maybe walk us through those claims a little bit. What was being talked about?

Tom Lawrence


And it started with the claim that they can absolutely stop all known and unknown threats.

This is the statement put out by their marketing people on LinkedIn. Of course, it started the usual tearing down storm of them.You just can't make a claim like that. It's just not tenable.

Even these larger companies, they know better. They know working in the security space and working with larger vendors, you just don't make that type of claim.

The small ones try to do it to land grab (grab market share). They’re trying to say, “hey, our product can do this better than the companies 10 times our size.” 

That turned into an argument. At first, they doubled down on their claims. Then someone pointed out that they just had several security flaws in their adjacent security stack offering.

Some really bad scripting. Some really bad implementations of their product. Their own product was full of flaws because there’s nothing security researchers like more than being told they can't break something.

It didn't take long to break. And, then actually deleted all of their previous LinkedIn posts.

Of course, tt was covered. And we all documented some of this. The people at CRN created an article on it , and I think they had about 70 screenshots, just so they could parse through what happened. 

Paul Bird

Wow, I mean, if it's Bulletproof, just let's test it. Let's try.

Tom Lawrence

Yeah. And we're recording this on the same day we just got notice of the giant Uber breach and there's the cringeworthy callouts happening.

So a lot of people may refer to it as InfoSec Twitter, just all the different cybersecurity researchers, picking apart.  Whoever broke into Uber is doing it for the fun of it. They're just dumping screen after screen after screen.

But of course, the vendors notice it too. A few cybersecurity people are tweeting out right now, and basically dumping every vendor that's taking advantage and sending e-mails right now.  They’re putting them on notice, and putting them on Twitter.

This is very cringeworthy when there’s of cybersecurity incident and vendors are making outlandish claims. Like,  “we could have stopped it. Buy our product.”

This is not a product marketing opportunity. This is a security incident.

This actually happened once. At the time, I was in at SolarWinds, I was on their  advisory council, and we were SolarWinds users.

We weren't using Orion, we used their RMM tool.

But, nonetheless, SolarWinds had a very large incident.

When it happened, vendor salespeople reached out to me right away.

They were saying,

“You gotta drop that product and use ours - were not breached like SolarWinds.”

 And I was like, really? This is not a marketing opportunity people.

And you're also conflating what actually happened. I have a few detailing videos of the incident.

They completely ignored the truth and started messaging me. Yeah sure, that's crunchy guys, but it’s not the time to take advantage.

Paul Bird
So, here's a question, in the event that you experience a loss of trust, does it affect the vendor's reputation forever?

Or is there any way that a vendor can come back after either breaking your trust or using your trust through either an incident like a security breach? Or even worse, when they try to take a sale direct. Is trust gone for good?

Are there situations where they can earn trust back?

Tom Lawrence

They can.

And one, in particular, has.  There’s a vendor we’ve used for a couple of years ago now.

They sent me some spammy marketing and I immediately notified them.

And they didn’t anything more than immediately reply and say they were gonna look into it and make it wouldn’t happen again.

Then it did.

They told you're gonna get an apology and make this person apologize for it.

But I don't believe that person's even with them anymore.

And oddly, just yesterday because I have forums, there's a company that wants me to use their product.

I said, I'll look at it, looks nice.

I went around and called people.

They're really nice. And then, out of the blue, someone who's not on the list of people I talked to, which is fairly high up the ladder of people, signs up for my forums, and didn't hide the fact that they're using a company e-mail addresses, as if I can't see that.

Then, they started posting their articles.

“ What do you think of this company here? And what do you think of this company? I think they have a neat product.”

That was their first post on my forums and it links back to their product.

So I grabbed the screenshots. I grabbed the link. Unlisted it. But then, showed the e-mail address to their internal team.

I said, “Please tell me you guys and authorize us.” They responded and said, that person now is deleted their account, which they have, they've gotten rid of it.

The response is what builds that trust back.

So these companies can come back.

Because they put pressure on the salespeople to make numbers.

If the sales person's good, they're gonna focus on relationship building and are going to focus on being someone that knows me by my first name. You know, someone who knows something about me.

If they're scamming, they're gonna go look at my forums and sign up and post a bunch of links.

If they take the high road, which is the long term. It's gonna take you a lot longer to build your book of business that way. I completely admit that.

But if you take the high road, it’s going to have a better outcome. It’s going to make better vendor relationships.

And, you have people like me saying, when I see someone move from one company and other, I'm like, you're always cool.

Just let me know where you're going because you probably have a cool product that you're going to.

I'd rather you be my sales rep. Wherever you're going, they me know, I'm interested.

Paul Bird
So, it's relationships. You also mentioned something there that I think is also really key, which is transparency.

That's important to have on both sides, that channel.

But from your experience, is there anything that a vendor should be doing more to increase that level of transparency?

Tom Lawrence

At any opportunity, simply asking,

“How's your day going?”

Some of the smalltalk can lead to them knowing something about you. I kinda like the rapport I’ve built with vendors and sales reps. It makes it feel more transparent.

I always want them to get to the point, but I like the ones who actually knew something about me.

For instance, the ones who say, Hey Tom, I see you have a YouTube channel, or something like that.

It's not just transparency, it's more personalism.

I always want to know what their intent is and please get to the point where you tell me the price relatively quickly. We don't need to have three meetings, just what does your product do? What's the pain point it solves? I make sure vendors are clear on those things.

I usually start with a lot of these questions and get the vendor to what they can do.

Because some vendors I've told flat-out, “I've looked at your website, and I don't know what you do. I can't tell what pain point you're solving.”

This is so I can understand, how you fit into what I'm doing.

Paul Bird

So, you brought up two good points there.

First is a great debate on pricing. Should vendors be more transparent with pricing? If there are different pricing models for different people is that something that they should be sharing? Where do you stand when it comes to how vendors price products?

Tom Lawrence

I think they really need to be more transparent.

This was a funny talk I believe it was Simon Sinek.

He's at a conference and it was for some association about landscapers or something . He says, how many people's prices on your pages?

And all of them are like, “No. We don't. We don't want our comparison or prices”

He asks, “Who knows their competitor’s prices?” 90% of the hands went up.

At some point, if you can have a more transparent way, so we at least we can see if you're in the ballpark because you can Google, product price + product name + Reddit and get the pricing.

It auto- completes that way. And you'll land on someone on Reddit who's posted all your pricing.

 By the way, sometimes they're wrong. You could now lose that vendor because someone says they're charging $12 a seat when they actually charge $6.

But now, you can actually lead to misinformation in there.

And people don't want cell phone calls on Saturdays is why they don't feel like putting in 10 pieces of information about themselves on your forum just to find pricing.

I really push towards vendors being as transparent as possible on pricing.

I don't think the problem is, as much as they say think. They think it's because our customer doesn’t know how much we charge because then you know how much we mark it up.

I can pretty much guarantee 

  1. That the customer never asked, even what tools we're running.
    That's not their concern, what security stack we're running, how we're auditing things.
  2. And then piecing apart when how we charge for a service versus the line item of each cumulative piece.

If they're price shopping like that they're probably just an aggravating client.

It's just in all my years in with all the businesses we have, including doing co-managed IT, dealing with very technical people who do have some curiosity about the tools. Even they don't complain about our markup.

You know, here's the product, and here's what I'm charging on this product.

Most MSPs are going to stack the pricing altogether, what I refer to as our stack, and we charge a price for the service that we provide to manage those tools.

On tooling prices, price matters, but it's still payroll. That's the labor price to manage, those tools that are always going to be substantially higher than the tooling itself.

Paul Bird

Now, the other part that you mentioned was the marketers, right?

So a lot of the product feature pages, the pricing pages, these are created by marketers and the product demos they do are more like sales calls than anything else.

So, how should a vendor really position their products so it does what it says it does and doesn't come across as over the top?

Tom Lawrence

You know, just showing me:

 Problem - solution. Problem - solution.

I try to walk through that when I demo something.

Here's the challenge I have. Here's how this thing solves that problem.

You could go way off topic with the storage server videos. How much data I need to store. Here's how I would store it. Here's the tools I used to do it.

Just show me the pain points instead of running me through all the highlights of, look: It's got a VCIO report, that'll help you engage and be the VCO better.

Hold on, let's go back to:

  • how we get the data there?
  • What am I doing?
  • What's the labor cost?
  • What’s this going to cost me internally?
  • What’s this going to cost me in terms for my staff to manage this? to get this deployed? to deal with a bunch of false positives on security product?

Focus on those. Because that's what we want to know.

I, like when companies and there's a couple of have said that, We are very low noise, high fidelity.

And we can show you how we do that. to have a minimum number of things. 

OK. Now, you're telling me how you're going to save my self time on that. But, is it accurate?

Oh yeah, here's how we can see incidents, alright, cool.

Now, you've established that the product doesn't just not make noise.

It's actually seeing things when there is something to see.

So, walked me through that process on there and about the integration.

It's more technical, and I know they're not trying to sell so technical to the decision makers. The decision makers are going to be more away from the trenches and more thinking about business operations.

But get those sales demos. I get my employees involved there because they're ultimately the ones that have to use it.

I come in at the high level, but then get those technical people, get your sales engineers, and they're not your marketing people.

And then from your own perspective as an MSP when you're building a product, poke at the edges, figure out what it doesn't do.

I’ve told vendors, it's not going to stop the sales process. I just need to know where you end. Because the next product I need, begins where you end.

I just need to know:

What is the limitation? 

What's on your roadmap there? (Hopefully, there’s a development roadmap)

What's the edges of the product?

As an MSP, you want to find out what their answer is and hear their responses.

Paul Bird

So, I'm not going back to your video.

I want to keep kind of picking this one apart, but the concept of the way that people react to criticism within these environments. You mentioned the firestorm that erupted.

After your Vetting Vendors video within the community, can you read recap that kinda firestorm?

Tom Lawrence

Yeah. It's just that back and forth, this doubling down, more and more people calling them out. It’s not the first one I've seen.

There's someone who's offering pen test for little, or nothing. And it’s the same thing, vendors double down on it.

And this is just the wrong response, because you look like a fool in the end.

I did a video yesterday where I literally said, I was wrong about something.And that's what the video is about. And all they did was tweet something. Another scary teacher pointed out that, by the way, this is something that's going on with other products.

So I showed the humility of, “Hey, Thank you for enlightening me.”

I actually referenced a tweet referenced the person who pointed out that I was a little overzealous about something. I wish more of them would do that if that would have been a better response to go, OK, maybe not everything. Maybe we don't stop all threats. This is how our product works.

That would have been a better response for the constant doubling down of things.

Makes you look bad. Especially when you delete it.

At the end of the day, the person who deleted all their posts is not the person who looks like they're in the right In any measurable way.

Paul Bird
I think as soon as you post something, once, it gets out there for good.

Is there anything that that vendor could have done to save face in that situation?

Tom Lawrence

That's a hard one. The first time, someone responded, instead of doubling down and deleting the post then, we all might have forgot about it.

There wouldn't be a talk about it. There wouldn't be a CRN article about it, it would have just fallen off right there.

You got called out on your BS, you deleted it. You didn't try to double down at the moment.

The moment you double down on it, you become committed to your first statement, even if you're wrong.

I think that's where, that's where the biggest mistake was made, is going further on because then there's almost no read.

Once you have five responses on I'm why you're right, when the community knows you're wrong, you have to just sometimes back out of it. Of course, they did by deleting it, but they showed deleted after first reply.

Yeah, I overstated, my bad, just delete.

Paul Bird
And it sounds like you have taken that at that point where you've owned up to your mistakes.

Do you think that more vendors, if they're a little bit more clear in their communication and owning up to their mistakes?

Do you think that helps instill confidence from vendors or partners that may want to join their program?

Tom Lawrence
Yes, I actually will go ahead and throw Huntress out there because this is a fun story that a few people were shocked about.

I think it was a ABC123##$$.

So Huntress had a demo lab and their demo lab is 100% separated from any of the real stuff. They spend these things up.

The auto spin down didn't work, so it didn't shut down all these extra RDP instances they had. In the script that build them, it a built-in opened up RDP under AWS incident.

The reason we know this, is this was all well documented because they did their own incident report, because they, internally, have a testing team that found something their, other demo teams that are security team looked at the demo instances, realized they weren't spun down.

Realized the RDP was open and attacked themselves. Nobody externally saw this, then they did their own incident report on themselves.

And they did that to be as transparent. And say, this is how it's done, And so they have this very detailed incident report that gave us all this insight about an open RDP port that nobody externally found, that was found by an internal team.

They couldn't shut up about it. No one had to know the people that were embarrassed were the people in the demo lab.

That is a level of transparency some vendors have. 

And also Cisco is one of them too. Recently, with the Cisco breach.

We love the different report by telos.

Telos had even noted the misspellings of the command. They went through every command that was runand  that didn't make me think any less of Cisco.

Basically, there was a security incident and they gave such a level of detail that I absolutely still trust their product. Matter of fact, I now know, and so do threat actors, that they have a level of logging, that most companies want to achieve when it comes to knowing every command that was typed, not from a process, exec 

They even commented that they miss typed a command. That means you're logging everything from the command line. That's a lot of insight.

But now, we know, it doesn't mean that is a good level of trust you get out of vendor. They run a tight ship there. They know how to run security.

That transparency with your reports - not trying to hide anything that's going on.

Okta learned a hard lesson too. They were very vague when they first had their small incident. They became clean on it and the more detail they gave, the better. They won confidence got back in their products.

So for any of those incidents I mentioned, you can look them up and dive into the details. They are really good reads on how vendors can remain trustworthy on there by being as transparent as possible about processes, internal and external. It just makes you think differently about them.

Paul Bird
So let's talk about the marketing side – another cringeworthy topic.

The aggressive, over the top there was an article that was shared with me on Reddit where an MSP had mentioned the best marketing that a vendor could do, is none at all.

Marketing can get pushy at time. It is a competitive market, but what's the right balance of not being over the top and not completely silent?

Tom Lawrence

There's a little thing that I participated in. There's a action figure of me, but it was all part of it was something I guess sent by the vendor because I participated in one of their events.

They bring a bunch of us in the MSP community together, they made it fun. They do this one where they set up a Jurassic Park security incident (but it was all really Cybersecurity). They also did a Star Wars one.

These are different vendors doing it, but it's just kinda these fun things they do.

 Is it marketing? Yeah, it's all sponsored by [Insert name of Vendor] but the other side of it is cool! It was a neat thing to do. So that's kind of a non-cringy marketing.

I went to the offshoots of datacon or any of these big conferences you're going to. What are some of the vendor lead parties? What kind of fun things do they have?

We have these cups from, we went to one of them.

It says breaches and brews. It was cool. They themed it and talked about breaches and things like that, gave us cups with logos on it. And you're like, hey, cool, I got a cup out of it.

I had some fun, you know, hanging out with security people and doing a talk.

Is that marketing? Sure. There's a bunch of people, they're handing out, shirts, there's their logo pasted it on the wall. I'm fine with a lot of that type of marketing to get me engaged and talking to them in a loose conversation.

That's not too cringy. They’re not doubling down on any particular topic with them.

And I went to a few different after hours, things with vendors, and all of them that I went were good, well received, and end up, having a conversation was CEO for a little while of one of the big companies.

I was like, I don't use your product.

Never met him before. Just how sat down and had some small talk. Turns out, he’s just a really nice guy. So that was a good way to engage with all of us there.

Paul Bird

So, I imagine that while you're going through kind of the vetting process, there's going to be a point where you reach out to be able to get some real information about what the partnership entails, right?

Really get some meat off off the bones at what point in the process do you go through, where you're ready to reach out to them. And say, hey, I'd like to put something together with you.

Know, is that early on? Is that after these events? Is it when you have an opportunity? At what point do you engage the vendor?

Tom Lawrence

For a lot of them, I start with the question, and you'll see this and post it and read as well.

“Who's got a good sales rep for insert name of product?

I'll reach out to my community first. And see if they're using the product, and, sometimes, that's where, I leveraged a lot. If you go peer groups, and, have a good friends lists, or, you know, things like I mentioned MSP Geek.

You get to know a lot of people in there and you're like, oh, I know you're using this product, what do you think of it?

Oh, you like it, cool. Who's your sales rep? Are they responsive, and sometimes you'll get:

 “We are on our second sales rep. 

This is the one you want to talk to.

This is the one that replies the fastest.

I'll have the same kind of, open an e-mail. I'm an easy sell. I really like your product. Just tell me when we can set a demo up. That's my, that's my intro, if I e-mail them.

So, I make the inbound lead super easy as you reach out to them either directly through e-mail or LinkedIn.

I like the LinkedIn approach a little bit, because I see if their watch and see if they're paying attention to something like LinkedIn.

I don't expect to respond on other platforms, necessarily. But I may reach out to them there with an e-mail and kind of open, open up the dialog, and get things rolling with them. 

I've already done some due diligence ahead of time, of whether or not I know them. It's cool to be able to go to events and meet them. But that's not always a reasonable ask, because there's only a few events a year, and I may need a product in between.

And I can't go to every event, nor do I have the time to go to every event.

Paul Bird

You've shared a wealth of information with us today.

Any advice that you could give a vendor that is dealing with an issue that's negatively affecting their reputation today?

Tom Lawrence

Just own it. Be honest about it.

Post some lessons learned. Talk about what you got wrong. If you do wrong by the community, do right about it.

It may solidify it, but being able to reference that and see where you are and have the humility to see it.

You know, I've done that, too.

When you go back a couple of years, I met quite a few vendors by doing some DNS analysis and trying to compare some of them. I got a couple of things wrong. So, I did a follow up video. It was funny, all the vendors didn't jump on me.

They actually did it, and two vendors got blog posts out of it that I went back and reference because we had a good conversation. I ended up a head of their security team because I was wrong on acouple of these things, and I completely know it.

That's part of how I've always felt. I've built a lot of my following I lay it all out there. I'm just like, anyone else. I never claim perfection.

I've been doing this, As, we said earlier, quite a long time, You know, I first tech job being in the 90’s. It's one of those things like you laid out there. I'm gonna make mistakes.

As long as I keep pushing forward and showing how I made those mistakes. We can always learn from lessons, but why not learn from someone else's lessons?

Those are a lot easier.

Even if that someone's me, hey, I will help you learn from things I did wrong.

Paul Bird

Well, let's wrap this up, and here's the critical question.

So if these vendors stop doing these cringeworthy things, right, they stop the misrepresentation. They stop the poor reactions to criticism, they stop the over-the-top marketing, what do you think they can respect?

Expect, from as a results perspective, it's going to increase their business drive more loyalty and the channel.

What it, what kind of results do you think people get from that?

Tom Lawrence

You see vendors that, you know, really spent a lot of time getting it right and they're well loved in the channel.

And that's a weird thing because some of the vendors that are well-loved, you don't notice it until you go to the events and where they're, boy, the scowling from some of the other vendors.

Quit being jealous because people just like them.

There's a very public and transparent why people may like a couple of different vendors there because they're always doing things kinda fun.

And the other ones that were put on blast a couple of times. It's just aggravating because I see them scowling at the other ones.

They can't be friends.

You can see those examples of those companies emulatating that.

It helps increase your business when you're looking to raise capital, which a lot of vendors are.

A lot of  that's looked at. They take the temperature, of what they can. What do the reddit posts look like?

I've done some VC consulting for this. They’ve asked questions like, what do you feel about this product?

Or there are some incidents about it. When you do VC consultin, you get a behind-the-scenes.

The VCs, they may be just flinging money. They may not be technical, but they are checking the heat maps.

They're trying to figure out whether or not this vendors got a good community engagement before they throw money at them because they know that's one of the key markers for their success.

So, it's not just success that you have as a vendor with, someone who wants to buy my product, but if you're trying to get funding people care about the market perception of your product.

Paul Bird

And if people want to find andconnect with you, find out more about you or, or follow you in any of the social media areas, what's the best way to connect with you?

Tom Lawrence
I'm trying to use LinkedIn more. So I’m easy to find on there. 

at tamar SEC for Twitter and lawrence systems [dot] com, where I always keep everything length, That's my company website.

So, all things communications start with me, they're e-mailing me is the worst way to communicate with me.

I have a pretty good team helps respond to a lot of it, but e-mails will get lost if someone tries to randomly guess my e-mail address.

I throw that out there, because I know the date, send just random things to sales, but those aren't go to me, so.

Paul Bird

Oh, that's great.

Well, thank you so much time.

It's been an absolute pleasure to have you on the show.

Look forward to connecting again soon.

Tom Lawrence

I appreciate it.


Why is it important for an MSP to thoroughly vet vendors?
Define the MSP community and tell us where you connect with each other?
Red flags that can make you stop pursuing a partnership altogether
Green flags – Factors that inspire confidence in working with a vendor
Cringe-worthy call-outs: Claim # 1
Cringe-worthy call-outs: Claim # 2
Does breaking trust tend to affect vendor reputation forever? Can a vendor come back from breaking trust in the partner community?
Things vendors need to start doing to increase transparency overall
Pricing and transparency: How should vendors list pricing?
Product feature pages are usually written by marketers. How do you ensure that a vendor’s product does what it says it does?
Vetting Vendors video reaction
How can vendors be as transparent as possible
What's the right balance of marketing vendors should do?
At what point in your vendor vetting process do you reach out to engage with them about a potential partnership?
Advice for vendors dealing with issues that are negatively affecting their reputation today