The Tale of Two MSPs: Why Buying Every Shiny Security Tool Is Killing Your Business

This week, I’m at a security event. You know the scene: vendor hall packed with shiny solutions, MSP owners wandering the aisles, scratching their heads, trying to figure out what’s “must-have” and what’s just sales smoke. 

I talked to two of our partners, and the difference between them is shocking. 

The first MSP? He’s chasing vendors. Every quarter, he’s buying the new thing. Every quarter, he’s ripping and replacing. His team spends more time learning new tools than protecting clients. And when I caught up with him, he was complaining—again—that his engineers are drowning. Constant retraining. Constant redeployment. Constant churn. 

The second MSP? Whole different story. His business is profitable. He flew his own plane to the event. He wasn’t stressed. He wasn’t exhausted. He was in control. 

So, what’s the secret? 

He doesn’t buy tools because a vendor tells him to. He buys tools because they serve a purpose. He only replaces something if it’s failing and after he’s worked with the vendor to see if it can be fixed. More importantly, his security program is built on standards. 

Every control in his program ties back to a standard. Every product feature maps to a specific control. He doesn’t have “a bunch of tools.” He has a system. A strategy. Evidence that he’s covered the bases. 

That’s the difference. 

The first MSP has a pile of products. The second MSP has a defensible program. 

And here’s the kicker—hackers aren’t the only ones circling MSPs anymore. Cyber personal injury lawyers are watching too. If your stack isn’t mapped to controls, you can’t prove you made the right decisions. No evidence means you’re left holding the bag in a lawsuit. 

Same goes for insurers. Carriers are denying claims at alarming rates. They’re looking for a reason not to pay. And if you can’t show how your stack maps to standards, they’ll find that reason. 

So while the first MSP is running on the hamster wheel—burning cash and burning out—my second partner is letting the mailbox money roll in. His team isn’t retraining every 90 days. He isn’t ripping and replacing. He can justify every decision with evidence. And that’s why he’s profitable. 

That’s the model I love so much, I’m building it into our own portal. By the end of this quarter (yep, 8 days), our partners will have access to a stack-building report that ties every tool back to a control. No more guessing. No more “trust me, we’re covered.” Real strategy. Real proof. 

This is the future of MSP security. Not stacking shiny tools. Not hoping vendors got it right. But building a stack you can prove, defend, and profit from. 

No more buying blind. You’re welcome.