The Ice Cream That Cost Him a Client (And Made Him Thousands)

Posted by cchahine On July 31, 2025

I was having an ice cream cone with the owner of an MSP recently. Yes—ice cream. I’m a fan.

Anyway, we’re talking shop, and he drops this bomb on me:

“Bruce, your team ran a pen test on one of our clients for another MSP… and we lost them.”

He looked me straight in the eye and said, “We’re partners too. Why didn’t you give us a heads-up?”

Here’s the deal, folks.

We’re on a mission to protect a million people. Not a million endpoints. People.

And if your MSP isn’t doing the basic work to keep those people safe? I’ll help them find someone who will. Period.

Now, here’s where the story flips.

That same MSP owner?

After that wake-up call, he had our team run our patented Level 1 Pen Test on the rest of his clients. For the first time, he got real visibility into what was sitting in those networks.

Guess what he found?

• No MFA on critical systems

• Unpatched firewalls

• Shared credentials

• RMMs with weak security

• Unsecured printers that had no business being on the network

You know what came next?

Projects. A lot of projects.

Remediation work. Firewall upgrades. Password resets. Documentation overhauls.

And every one of those was billable.

His clients weren’t mad—they were grateful.

But here’s the kicker…

Would he have done any of it if he hadn’t lost that client?

Maybe.

Probably not.

That’s the biggest problem I see right now:

MSPs say they don’t have time.

They’re too busy.

They’re buried in tickets.

They can’t step back and assess the network they’re responsible for.

But let me be clear: if you’re not making time to fix what’s broken, you’re not protecting your clients. You’re just babysitting the problem until someone else fixes it—or exploits it.

So Here’s Your Wake-Up Call

If you haven’t had us run a Level 1 Pen Test on every one of your clients…

If you’re not delivering Cyber Liability Essentials to every client, every month…

You’re exposed.

They’re exposed.

And if one of your competitors has us perform a L1 pen test on your client—we’ll show them what you didn’t.

They’ll ask: “Why didn’t our MSP catch this?”

And that’ll be the end of that relationship.

Make the Time

You think you don’t have time to do pen tests?

To clean up risky configs?

To tighten up passwords, patch systems, and show clients real, tangible evidence of your value?

You’re right—you don’t.

But you also don’t have time to go replace lost clients either.

So do the thing you’ve been putting off.

Schedule the pen tests.

Get your stack audited.

Find the gaps—before someone else does.

And if you need help? That’s what we’re here for.

Because I’d rather eat ice cream and talk about how many clients you saved—than how many you lost. Email me to day, I will help you through the process. I am serious. I don't want to hear another story like this.

Cybersecurity Hardening

The Ice Cream That Cost Him a Client (And Made Him Thousands)

So Here’s Your Wake-Up Call

Make the Time

Related Posts

Contact

Latest Articles

Phishing: The Big, Hairy Problem Nobody Has Solved (Until Now)

Your Marketing Sounds Like It Was Written by a Robot—Because It Was

Get ahead of the threat - Follow Galactic Advisors

Cybersecurity Hardening

The Ice Cream That Cost Him a Client (And Made Him Thousands)

So Here’s Your Wake-Up Call

Make the Time

Related Posts

Your Compliance Program Is a House of Cards (And You’re Playing with Fire)

Building the Ultimate Cybersecurity Ecosystem for Resilience