BizTech Superhero

Joshua McNary [00:00:00]:
Welcome to the Biz Tech Superhero, the podcast that empowers you to unleash the technology superpowers within your business. I'm your host, Joshua McNary. I'm joined by today's superhero, Greg Edwards, founder of Watchpoint IT based in Cedar Rapids, Iowa. Greg helps businesses save time, control cyber risk and stay compliant without getting buried in IT complexity. His career has been spent building companies where technology and risk management intersect. Along the way, he's been awarded patents for innovation in tech, learned the value of discipline, preparation and risk mitigation, the same principles that he brings to protecting client operations. Today, we'll swap some stories about helping businesses with technology lessons for how to run a business servicing other businesses, and discuss the future of tech and artificial intelligence. Greg, welcome to the show.

Greg Edwards [00:00:58]:
Josh, thanks for having me. Glad to be on.

Joshua McNary [00:01:00]:
So, for folks just meeting you for the first time, could you share a little bit about who you are and what you do?

Greg Edwards [00:01:06]:
Absolutely. I've been an entrepreneur in the Cedar rapids area since 1998 and really that's about all I've ever done as a professional career. I started started Watchpoint or what is now Watchpoint in 1998 when I was 24 and have started and exited a couple of other companies along the way and really have loved to love to see the entrepreneurial ecosystem change over that nearly 30 years here in Iowa.

Joshua McNary [00:01:37]:
Awesome. Can you tell us a little bit about what you do currently with watchpoint? What's your day like? What kind of work do you do? Not so much a sales pitch, but more just what does it look like in your life as a technology person?

Greg Edwards [00:01:48]:
Yeah. Yeah. I think yesterday was a great example with Microsoft 365 being down, up and down. I have six employees that we essentially are the IT department for companies that either aren't large enough to have their own internal IT department or need additional expertise to augment their IT department. And so yesterday we knew the event started a little before 1pm clients calling in asking why their scan scan to email from their copiers weren't working, clients weren't getting emails. And in that situation, there's nothing we could do other than let them know what was happening and help them understand what, what happens in that kind of scenario. So that's a good. Just one day in my life.

Joshua McNary [00:02:37]:
How many clients are calling you yesterday? Like, give us a sense of the size of the.

Greg Edwards [00:02:41]:
Yeah, so there were, I don't remember the total number of tickets that came in and we've probably. And Microsoft has an outage once or twice a Year you're used to this. So most client, I think we probably had 10 tickets or so on it and some. Some seeing it as a more critical event than others and depending on how their technology was integrated with the Microsoft ecosystem that, you know, differing levels of criticality.

Joshua McNary [00:03:10]:
Gotcha. Okay. Yeah, y. I want to come back and talk more about how you're doing your business now, your technology stack and what you're doing. But I want to ask a question since I know you for a number of years, like about those other businesses you mentioned, you've done some other things. So can you talk about that just so our listeners can get a sense of some of the other projects you've worked on?

Greg Edwards [00:03:32]:
Yeah, definitely. So the first was a company called Axis Backup and that was an offsite backup and disaster recovery company that I started in the early 2000s. And today we think of cloud backup and being able to do image based backup of servers and or VMs and be able to spin them up very quickly in the cloud. In 2003, that didn't exist. We actually were doing. We would take tapes, tape media from our clients, bring it back to our office, store it there, do the test recoveries there, make sure everything would function if they had a disaster. And we ultimately transitioned with the help of another local company called IN Volta. That's changed and been sold since then.

Greg Edwards [00:04:15]:
But that was our. We were one of the very first clients of Involta and we're doing off site backup and then rapid recovery of image based servers so we could take a client that had on prem servers. Again, we're talking early 2000s, bring them back up in less than two hours anywhere in the world. And at that time that was pretty amazing technology.

Joshua McNary [00:04:40]:
I've got stories like that too with things I've done in the past that at the time were like really innovative and amazing. And now it's everyone's. What's that? I can do that for 75 cents on some server somewhere.

Greg Edwards [00:04:50]:
We were charging, we were charging $2 per gigabyte per month for storage, which I. Most people won't be able to equate that to today's terms, but it's $79 for a terabyte per month now and then. So I sold that in 2016 to a publicly traded company based out of California called J2 Global. So that was a good, good experience. Good exit at that time. And then right after, I mean before I go right into the next one. Any questions about that before I move on?

Joshua McNary [00:05:23]:
No, go ahead, keep going.

Greg Edwards [00:05:25]:
So then started A company called Qunari, which is still in existence today. And what we were seeing with the off site backup company, number one, it was becoming very commoditized by that time. Prices were coming way down. What we were doing wasn't that novel anymore, made sense to exit. But what we were seeing was the rise of ransomware. So Starting back in 2012, we started doing more and more full on recoveries because of ransomware. And by 2016, that was the most common reason for full on recovery. We had one weekend in 2014 that we did 13 simultaneous full on recoveries because of ransomware.

Greg Edwards [00:06:06]:
And to give you a comparison, in 2011, I believe it was 2011, during Hurricane Sandy, we did eight simultaneous recoveries because of that massive event. So that's the scale of how bad ransomware was and still is today. And I started with the team that I had started Qunari, which is now an AI based detection system, to see an active ransomware running on and on a server. So still on prem and stop it in less than a second. So damage is mitigated and that's still an ongoing company.

Joshua McNary [00:06:46]:
Okay, let's bring it back to watchpoint then. As your kind of base business, from a standpoint of the malware software technology, is that something that's automatically included with your clients at watchpoint? Like how does that work? How's that?

Greg Edwards [00:07:00]:
It is, yeah. Yeah. So for those clients that still have on PREM servers, which obviously is coming down in percentage wise, but for those clients that still have on prem servers, that's included. And we have a standardized stack of cybersecurity and technology that we use for all of our clients. And then obviously there's some differences for the specific client needs, but Qunari is included in that stack with people that have on Prem servers.

Joshua McNary [00:07:28]:
Okay, so let's keep going down that track. I want to learn a bit more about how you're doing business. Right. You're the superhero. You're the biztech superhero. I want to learn how you do biz tech. And of course you are a technology company, unlike some of the people I have on that are doing whatever they're doing, whatever the vertical they're in. So I want to focus on how you're doing business, but also that's going to relate, I think to like how and what you service your clients with.

Joshua McNary [00:07:52]:
So you're just talking about you have a standardized stack of things that you provide to customers, which I think also probably some relationship to how you actually do things, I'm guessing. So can you Talk about that relationship and kind of what are you using for technology inside of. Absolutely. As much as you're able or want to share.

Greg Edwards [00:08:09]:
Yeah and I'm transparent and share. You're a security company too.

Joshua McNary [00:08:12]:
So I don't want to, I don't. We don't want to give any secrets.

Greg Edwards [00:08:14]:
Away but most all of this is on our site. I won't give any away any of the secret sauce but everything that's on our site anyway. So in a day to day like I think a great example is how we bring on a new client. We just this in the last couple of months brought on a funeral home company that you wouldn't think that a funeral home has very high technology needs. They're actually treated like an insurance company because they take pre need information from people. So they've got social securities, all of the personal identifiable information that an insurance company would have. And so they need to secure that. And so we come in and put our that standard security stack.

Greg Edwards [00:09:02]:
So we use a product called Sentinel One as endpoint detection and response and we have a 247 security operations center that backs that up, can respond to an event and do this regularly that there's some sort of security incident that we detect and stop in a matter of seconds whether that's ransomware, business email compromise, other types of malware intrusions. And so having that standardized security stack that includes that base configuration of here's everything that has to go on the endpoint. So an endpoint is a server, laptop, desktop and having that all standardized which should be the way every business like mine and every every IT department operates. They do not. They absolutely do. So including things like as granular as privileged access management. So making sure that people, because people do need admin privileges to their own machines but you don't want them to just be able to have that at will. And so we have an application that when it automates called auto elevate it automates that process and then we can set up rules or we can manually approve and those tickets come through and we approve them typically in less than five minutes.

Greg Edwards [00:10:28]:
And so that. And there's. If I could go through the full stack, I don't think you'd probably want me to go through it.

Joshua McNary [00:10:33]:
But you're giving a good example of one that's recent in your mind. So you have these different platforms for different situations that you will apply.

Greg Edwards [00:10:41]:
So here's a great example of one that we just had with a law firm where they had an attempted business email compromise. And so we have A system that sits alongside Microsoft 365 that uses AI and is continuously watching for anomalous behavior. And so there are what's called session token attacks, which is a man in the middle attack that basically puts up a looks identical to Microsoft. They log in, it steals the session token. The user doesn't even know that anything happened. And if you don't have a system like ours in place, then that attacker's in your system as that user and then can obviously cause nefarious, nefarious acts from there. And we see this all the time. And so in that particular scenario, we detected it was just under two seconds from the time that session token was stolen till we locked the user out.

Greg Edwards [00:11:41]:
And then cleanup is less than 30 minutes. So that's a typical cybersecurity incident. And then we'll write. And this is again for most small businesses. They either don't even know that they had a security incident or don't know what happened. We write up a full incident response report that shows exactly what happened. We have all the forensic details of exactly what happened. And usually it's not something that a typical business owner is exactly going to understand.

Greg Edwards [00:12:12]:
So we'll explain to them what happened. Is it going to happen again in this case with the section token theft until. There are some tools coming out now that make that harder. But they're also. We had to balance between users being able to function and having them locked down to keep them safe. And so we're in that kind of in between where Microsoft doesn't have all the right tools to make it as easy as it should be.

Joshua McNary [00:12:42]:
Yeah. And these attacks are rampant. Right. All kinds of users, whether consumer or business or whatever. And there's honestly not enough people like us that know some stuff about this to even really fully comprehend the nature of it. We try. Incident reports are great for explaining to the customer what's happening, but even if they're not reading it, we need to have it because the next time this happens, we need to be able to understand how to build on it or improve the situation.

Greg Edwards [00:13:09]:
Exactly. Yeah. And this is so different from the way it was 10 years ago. Ten years ago, people would get have a malware incident and it would slow their computer down and you would at that point, maybe a little more than 10 years ago, rebuild the machine, which would be a reimage, wipe it out, put it back on the network. There you go. That was it. Now these attackers aren't. And people have likely noticed this by now.

Greg Edwards [00:13:38]:
Those incidents don't happen anymore. That where it causes slowness and you get a pop up that says hey, for 29.99 I have Speedback. They don't do that anymore. They infiltrate and then sit within that either individual PC or will go laterally across the network. And most companies without these advanced tools will never know it until someone else lets them know. And typically it's way too late at that point where they've had either either their data exfiltrated or ransomware or combination of that along with bank account information stolen and wire fraud happening. All kinds of.

Joshua McNary [00:14:20]:
Yeah, lots of nasty things. You can, you can come as the, as the bearer of bad news definitely with all these things. If you're. So your sales pitch in that regard is, is it's unfortunately the nature of our society and the way we're all connected and everything and only will become more so going forward.

Greg Edwards [00:14:37]:
Yeah. And I try to minimize. So we call that fud, Fear, uncertainty and doubt. I try not to sell on the fud. But usually by the time someone gets to us, like typically our inbound, inbound leads, usually they've had some sort of incident or scare and so they, we don't have to scare them. We just have to explain what happened. How do you prevent it going forward? And it really comes down to having enterprise level Fortune 500 security for your law firm of 20 employees or a.

Joshua McNary [00:15:12]:
Funeral home, which again you wouldn't normally put together. But when you get to a certain size or a certain not even necessarily size, just a certain level of business, you need to be doing this, otherwise you're going to have problems. And in my experience that issue of being proactive versus reactive is commonplace.

Greg Edwards [00:15:30]:
Oh, it makes right.

Joshua McNary [00:15:31]:
You and I know these things are happening. We of course will advise people to do things. But often it does take having a scare, at least a scare, if not an actual problem to be able to have a business recognize the value of these things. And we're not here to sell sell security today, but it's just a reality of technology. That's why we're talking about it.

Greg Edwards [00:15:48]:
It is. And it's not something that the typical business owner, even when they haven't either a managed service provider like watchpoint or one of our competitors or whatever, like they don't know what they need. And the MSP could tell them I'm probably not as well as I do tell them, oh yeah, you're totally secure, don't worry about it. And it's not until they have a ransomware attack and shuts their business down for two weeks that they realize, oh, this MSP didn't know what they were talking about.

Joshua McNary [00:16:21]:
On my side, where I do a lot of web technologies, that's been my kind of main source of work over the years. It could doesn't have to be a whole site or a whole system going down ransomware like you're talking about. It could just be, hey, we have this site or this product on our site or something that goes down. That's real money. It's flying out the door. Right. Because we're not addressing some of these concerns. And sometimes it's okay because you could patch it relatively quickly, like with the tools you have, or you have a provider or an internal resource that can fix that quickly.

Joshua McNary [00:16:49]:
But yeah, there's real, there is real money related to this when we start thinking about it in that kind of context, directly to a product or sales. When you're in a B2C type environment or even in a law firm, there's time lost in that. That if you're being proactive, you can avoid some of these issues.

Greg Edwards [00:17:05]:
Absolutely. And I think that resiliency is really what you're talking about, especially on the website of things. And how much do you build that out? And that's the same. It's different technologies that are used. But on the website you have resiliency and want to make sure that you can get back up and running as quickly as possible. And that's dependent on the criticality of what the solution does. And same thing for a law firm versus a hospital has different levels of resiliency that they need to maintain.

Joshua McNary [00:17:40]:
Absolutely. Yeah. And then there's that idea of. There's the idea of cost. There's the idea of just a decision a leader makes about how resilient they want to be, which could be related to cost, but it also might just be a business decision. This is how we're going to do it. There's also the idea of the changing technology. Right.

Joshua McNary [00:17:58]:
Both of you and I have been doing this roughly the same amount of time and it's like the technology has changed so much. We made that joke earlier about those old products we had being super cheap to produce. Now that's a reality of the fact that the technology is always changing, always getting better. You and I are working on local meetups around artificial intelligence. Right. Because we know that's the next thing. And there's lots to talk about in that. And there's going to be something after that.

Joshua McNary [00:18:21]:
There's going to be something after that. And that's part of the problem too. It's a moving target when we're talking about these types of problems, whether it be for our own businesses or for people we're trying to help.

Greg Edwards [00:18:30]:
Absolutely. Yeah. Yeah. I mean, it's the change. The pace of change in my career has never been faster than it is right now, and it will never be slower than it is right now.

Joshua McNary [00:18:47]:
Absolutely. Maybe for those that are listening, I want to come back to this idea of, like, how you're running your business a little bit, just for a little more insight, like, how does this work? Because you've got multiple clients. You've mentioned the word ticketing a number of times. You have talked about that context, a few of the examples you had. But, like, how does this work? Like, your systems are mostly automated, and they're sending you information after the initial setup and whatnot, but then you have a small team. So how are you able to actually get these things taken care of in a reasonable way? And maybe how might that apply to others that are listening to this? Show that in other industries.

Greg Edwards [00:19:22]:
Yeah. So of those six employees, only two of them are located in Cedar Rapids. So we try to do everything that we can remotely. And so think of a typical technology problem that you have. Printer isn't working. That's a very simple help desk kind of problem that one of our technicians would be able to connect in and likely fix remotely. And so we try. So those.

Greg Edwards [00:19:48]:
When I talk about tickets, it can be anything from a printer not working to an attempted ransomware attack. And so depending on, we have a technical services manager that triages all the tickets that come through. He'll even try to resolve. If they're simple, he'll just try to resolve them and not even pass them on to a tech. But then he'll pass them on to differing levels of techs. And our least Experienced technician has 12 years of experience, and the average is much higher than that. Not that we have hired interns, but in the past. And people need to get experience, but we want to have very experienced people that typically can resolve an issue.

Greg Edwards [00:20:31]:
The first on the first call doesn't always happen that way. But that's just really thinking about us as a very efficient IT department that manages clients now all over the country from Cedar Rapids, and then where we have technicians that work from home. And so it's all. It's. We went actually in 2018, went to a fully remote workforce. That was just happenstance, actually, before COVID hit, which was nice. Not Covid was nice, but that we were remote by that point already. So we Started, I think maybe in 2010, 2012 timeframe, we would take a week every year where we'd send everybody home and essentially say, okay, the office burnt down.

Greg Edwards [00:21:22]:
Now what? And everyone would work from home. Which, again, 2010, that wasn't very common. And it got to the point where we're like, why are we paying for this office space? We had a couple of employees. That one that moved to Florida, one that moved to California, wanted to keep working in the company. And I said, great, let's do it and move to fully remote. So that's how transitioning from the early days of being, we used to do what's called break fix. So everything was hourly do projects. It was just.

Greg Edwards [00:21:58]:
It was all hourly and very hard to staff for. And just thinking back is giving me a headache. But had up to. I think at the Most we had 21 or 24 employees. And every time somebody had a problem, we're rolling a truck to go fix it. And by about 2014, this is when Axis Backup was going really well. That was a great national company that from a business model standpoint, was so much better than the break fix business. And so I almost sold what's watchpoint now at that point, because I was so frustrated with that business model and transition to the standardization and being able to do.

Greg Edwards [00:22:49]:
I can't say we do everything remotely. We still need to do some on site. And we will. We'll even contract with what we call smart hands in locations where we don't have dedicated staff so they can go on site for replacing a firewall that you typically don't want to try to walk a business owner through. Through that.

Joshua McNary [00:23:11]:
That's great. That's a good synopsis of like, nuts and bolts of how you actually are doing these things you were explaining earlier. And for those. I know that world because I have a help desk side to my business currently and have had for a number of years. Kind of the web and sales and marketing type space is where I'm at first, what you do. But the idea of the outsider not necessarily knowing, how do you actually get that much work done and being able to do it remotely and having the proper systems in place. And that's really a lot of what it sounds like you've done. And I know I've done elements of this in my business too, where you've created processes, you've documented things, you formalize these processes in the case.

Joshua McNary [00:23:46]:
In this case, it processes and systems so that the most common problems are addressed. Right. And then you have those rogue problems that do come up and that's when the tech comes in and takes care of it. But that is again, we see this. Anybody, any business of any length is going to know you need to have some standard operating procedures. But for some reason it seems at times in the technology space it gets lost because of that. What I was talking about earlier, that it's always changing. It's really hard to keep up with the standing operating procedure.

Joshua McNary [00:24:13]:
And that's part of what you and I both need to help people do.

Greg Edwards [00:24:17]:
Yeah. In the. When you think about the typical small business, so 100 employees or less, or even 300 employees or less at that, at about 75 employees. I've seen it even way less than that where they'll hire one person that's their IT team. And I'm using air quotes there and that. And that worked 10, certainly 15 years ago. That worked because the complexity wasn't there and the cybersecurity needs that we have today weren't there. And so one person could cover all of that.

Greg Edwards [00:24:50]:
Now you need the expertise between what we talked about in that resiliency, backup and recovery, the just the help desk fixing printers and then the very high level cybersecurity side of it. And very difficult to get that in one person. And if you do like I think about myself, if you put me in a situation like that, I would go insane doing printer fixes.

Joshua McNary [00:25:16]:
Yeah. Yeah. It doesn't. The model around that doesn't quite work the way it used to. I totally agree. And I've been in businesses where that's been the situation. And so the. When you're looking for a breadth of those skills.

Joshua McNary [00:25:27]:
And in the case of. You didn't necessarily directly say this. I think you implied it is the idea. Okay. Then we got to be forward thinking about how we're using technology in our business, both from the IT infrastructure perspective, but then also from a perspective of how are we using the technology stacks that actually run our business going forward and be evolving those. Again, thinking AI as a thing. We're applying those technologies now in the current year here in 2026 as we're recording this. But there's always going to be a wave of whatever the next thing is that you need to be thinking forward on.

Joshua McNary [00:25:58]:
And you could get left behind if you're not thinking that way. So that's a whole nother layer that we're not going to have time to talk about today. But that's.

Greg Edwards [00:26:04]:
And we really act as CIO CTO within organizations as well. So we've got to have that breadth of knowledge and we can't be experts in every, every solution that's out there. But having that broad knowledge and then. And we're very happy to bring in outside expertise when we need to. Yeah, great.

Joshua McNary [00:26:28]:
Okay, so I'm. We're getting close to end of the show. I'm gonna get to our last question here in a moment. But before I get to the last question I wanna ask this. Cause I think having people listening to this and there's a lot of people that listen to the show that are our business owners and again this wasn't intended to be like a sales opportunity for you, but I guess from a standpoint of all that we talked about, I want to ask the question like if you had to pick two or three, like what are the most common problems that you see in a small and mid sized business? Because you're here, I have to ask that question. Give me the top ones.

Greg Edwards [00:27:00]:
It's absolutely the standardization. So it is rare when we come into a company and they likely don't need us. If they have all the standardization, they probably don't need us. So I've gotten over the fact of coming into a company and being shocked by how terrible their processes standardization. So that standardization of the security and technology stack is by far the number one thing and even we didn't ever talk about like patch management is probably one thing that I see again with that lack of standardization. So people aren't getting security updates and not. That's a critical component that can just be. It's easy to automate but if it's not, if it's not monitored, we have a monthly report out that we send a one page PDF of.

Greg Edwards [00:27:54]:
Here's all of the major cybersecurity components that we do and we send that out to every single client so that it holds us accountable. They've got a report that shows 87% on patch management, then we're not doing our job. And so that holds us accountable to make sure that we are.

Joshua McNary [00:28:13]:
So again that's a subset of the process management but ultimately just keep things up to date, which we all get the pop ups and we're like, oh, I don't have time right now. Or there's the occasional time it doesn't work. And that's of course where you know, you need professional help or you have to have somebody internal that can fix that for you. And that's part of why the tension not to do it. But yeah, okay. So anything else you want to add to that?

Greg Edwards [00:28:32]:
I think that's the biggest and most common things that I see. I would say back, I still see backup processes not being either. Like people think they have good backups. If you're not testing recoveries, then you don't have a good backup. So if your IT department's not doing an annual, at least annual recovery test, then you don't have good backups. Just assume that. Yeah.

Joshua McNary [00:28:59]:
Okay, let's get to the final question here then, because we are running out of time. So what is one actionable tip that you would give businesses looking to better leverage technology?

Greg Edwards [00:29:11]:
It has to be AI. So by far right now I see small businesses being able to leverage AI to be more profitable and efficient. And this doesn't necessarily translate to firing employees. Hopefully not. But being more profitable and more efficient through the use of AI. And that's a very broad statement that could mean about anything but understanding within your specific industry. What are the top AI tools that are currently being used? What's coming up and coming to events. Like we again, not trying to sell here, but come to our monthly meetup that Josh and I hold to talk about AI and just see what's happening out there.

Greg Edwards [00:29:54]:
The and you're on the more on the marketing side than I am. But I see this, what we call agent to agent interactions happening and the, the company websites have to be able to account for that. And I'm guessing at this point I don't know what the percentages are, but less than 5% and probably less than 2% of small businesses have even heard of that, let alone know what to do to deal with it, AI generally. And then very specifically for your industry, you have to get up to speed or you're going to get left behind.

Joshua McNary [00:30:33]:
That loops back into our conversation there a few minutes ago about being proactive and thinking forward and of course getting your act together for what you are doing, but also what's going forward on that. So hopefully we've convinced people through this conversation, given some ideas about how to do this stuff. So this has been great. I really appreciate you being here to help us do that. Where can people find out more about you online and what you do in case they want to get in touch?

Greg Edwards [00:30:57]:
Yeah, so find me on LinkedIn. Reach out directly. Greg Edwards, Watchpoint or on our website at watchpointmsp.com Perfect.

Joshua McNary [00:31:08]:
Thanks for joining me today.

Greg Edwards [00:31:10]:
You're welcome. It was fun.

Joshua McNary [00:31:11]:
All right folks, that's it for today. Be sure to subscribe to this podcast on any of the popular directories. Tell a friend about what you have learned on biztech superhero and subscribe to my edenwsletter@mcnarymarketing.com subscribe thanks for listening. I'm Joshua McNary, and I hope you will join me again next time so you can learn how to become a biztech superhero. Bye now.

Greg Edwards [00:31:36]:
Okay.