Back in the saddle: Wayne Small’s new cybersecurity advisory

Over four years after selling his 25-year-old MSP Correct Solutions to Orro, Wayne Small is returning to being an entrepreneur.

His new venture, The Cyber Advisory, aims to work for SMBs alongside their MSPs, acting as an ‘independent auditor’ of an SMB’s cybersecurity defences. 

The company was born out of an uptick in the last decade, in Small’s view, for cybersecurity awareness, due to many MSPs "treating it as a technical problem". 

“Cybersecurity is not just a technical problem; it is to do with people, the processes and the technology,” he noted to techpartner.news. 

“Now, many MSPs deal with cybersecurity by putting a product in and saying, ‘Okay, we're done’ but they're neglecting things like doing real training for people and looking at the processes that their customers use. 

“For instance, does the customer have any kind of process to help prevent invoice fraud? Do they look at any security requirements of new vendors coming on board? Do they have disaster recovery plans or incident response plans?” 

Training and GRC focus 

While Small said video training can be “great”, he is opting for in-person cybersecurity training sessions and discussions with customers’ staff. 

“One training session I ran recently, I happened to notice a Post-it note on somebody's laptop, which was their password. I didn't directly call them out, but as I was talking about this, they very gently pulled the Post-it note away,” he said. 

“Two weeks later, the same person saw one of their senior bosses had a Post-it note [on their laptop], and they had the guts to get up and actually flag that and say ‘that's not right’, so we're changing culture in the businesses by making it okay to talk about this stuff.” 

Small is also focusing on governance, risk, and compliance.

“Being that independent [person], I'm not selling the customer a product to fix that problem,” he said 

“The whole point around The Cyber Advisory is to be just that - an advisory around cyber services and cybersecurity to help elevate the customer's positions and their security with respect to things like SMB1001 and Essential Eight. 

“Because I've run my own MSP for many years and have run big technical teams, I have the skills to be able to help MSPs lift their game too. That's the 20 percent of what I do versus the 80 percent, but I have the skills to work with them, and I'm helping a few MSPs lift their game in that area and train up their technical people where they need help.” 

Digital forensic ambition 

Small – who will remain involved with his part time work at the SMBIT Professionals industry organisation – also has an ambition for The Cyber Advisory to move into digital forensic incident response work in the next 12 months, but wants to bring on “a couple of more senior people” first. 

“I'm partnering with vendors to offer an external SOC-type environment and the idea is that will go on top of whatever the MSP is doing,” he said. 

“We also talk about how to recognise AI, we talk about things like MFA. Looking at the environment and being able to see what a bad guy can see from outside does help the customer lift their game. 

“What I'm planning on doing over the next 12 months is bringing on other senior business people like me that have been there and done that - potentially former MSP owners - and having them use their skills alongside me to help service this ever-expanding marketplace.”