Achieving Operational Maturity as an MSP – A Conversation with Sean Maguire, President and Founder of Synivate Artwork

M&A Insights

My name is Madhur Duggar and I work in the M&A space for the Software and IT Service companies and this is my podcast series M&A Insights. If you are interested in having a conversation around the strategic direction of your firm, are looking to grow your book and want some marketing and business development help or are an investor looking to make an acquisition in this space, write to me at podcastwithmadhur@gmail.com or reach out to me on Linkedin at www.linkedin.com/in/madhur-duggar.

All Episodes

M&A Insights

Achieving Operational Maturity as an MSP – A Conversation with Sean Maguire, President and Founder of Synivate

February 17, 2025 • Season 1 • Episode 27

0:00 | 23:35

Madhur@excendio.com | 212.731.4230 | Book an Appointment Here (34) Madhur Duggar | LinkedIn

Guest: Sean Maguire, Founder & President of Synivate

Episode Summary:
In this episode of M&A Insights, I sit down with Sean Maguire, president and founder of Synivate, to explore the journey of building and scaling a successful MSP. Sean shares his insights on standardizing service delivery, cybersecurity best practices, and the role of M&A in strategic growth. Whether you're an MSP owner looking to improve operational efficiency or an investor exploring opportunities in the space, this conversation offers valuable takeaways.

Topics Discussed & Key Questions:
✅The Evolution of Synivate: How did Sean transition from voice and data cabling to a full-fledged MSP?
✅ Challenges in Scaling an MSP: What were the biggest obstacles in growing the business, and how were they overcome?
✅ Standardization & Operational Maturity: Why is having a structured, repeatable process critical for MSPs?
✅ Cybersecurity & Compliance: How does Synivate ensure its clients meet evolving security standards and regulations?
✅ Cyber Insurance & Liability: What should MSPs be thinking about in terms of coverage and legal protections?

✅ Growth from Referrals: What are Centers of Influence and why do they make for the best referrals?
✅ M&A Strategy: What role does M&A play in Synivate’s growth plan, and what challenges come with acquiring other MSPs?
✅ Supply Chain Security is a Key Risk: What are the biggest threats MSPs should be preparing for in the next few years?

✅ The Future of IT & AI: How is AI impacting the MSP landscape, and what does Sean see as the next big shift?

🎧 Tune in to gain actionable insights on growing and scaling your MSP the right way!

#MSP #Cybersecurity #MergersAndAcquisitions #BusinessGrowth #Podcast #ITServices

Madhur Duggar is a Senior M&A Advisor at Excendio Advisors and focuses on IT Services

Reach out to Madhur at Madhur@excendio.com or 212.731.4230

Book an Appointment with him on his LinkedIn at www.linkedin.com/in/madhur-duggar

Check out Excendio Advisors and our amazing content at www.excendio.com

www.linkedin.com/in/madhur-duggar

Synivate-Spotify-SeanEdit.mp3

[ 00:00:00 ]This is an industry where there's just so much, right? So you can come in and say, you know, I want to do co-manage or manage services. And so there's, again, so many different options. And so that's definitely a big thing to take into consideration, right? Having a standardized approach that you're providing for customers. really makes a lot of sense for both the customer and the organization, and of course, the team who's supporting that and facilitating that whole life cycle. Standardizing and having a consistent approach to how you want to deliver those services for your customers makes a lot of sense.

[ 00:00:46 ] You do not need to be a $25, $50, or $100 million MSP to get to operational maturity. What you need is the vision, discipline, and patience to develop a standardized approach for your product lifecycle. To talk about how he did this, we are excited to have Sean McGuire, president and founder of Cinevate, on the show. Sean and his team at Cinevate have developed a streamlined, standardized approach to help businesses in the New England area with their cybersecurity needs. Listen to what Sean has to say on how he got to operational maturity. But first, before we go any further, let's get some housekeeping out of the way. My name is Madhur Duggar. I work in the IT and software M&A space, and this is my podcast series, M&A Insights.

[ 00:01:31 ] If you are interested in having a conversation around the strategic direction of your firm or looking to grow your book and want some marketing and business development help, or are an investor looking to make an acquisition in the space, write to me at podcastwithmother, that's M-A-D-H-U-R, at gmail. com, or reach out to me on LinkedIn. Sean, welcome to my show. So happy to have you on M&A Insights. I know we met maybe a couple of weeks ago, and here we are going to talk about a bunch of things about your company. So, really excited to have you on. Thanks a lot. Looking forward to spending some time talking to you today. Awesome. Sean, can you give us some ideas about your professional background and what led you to start Cinevate in 2009?

[ 00:02:16 ] I started Cinevate actually in 2011. In 2011, we were doing a lot of voice data, cabling work, phone system work, telephony, communications items. In 2011, Microsoft 365 had really just started. That's to put it in perspective, timing and what we're doing in 2011. And really, that transitioned into you know doing the the voice and data cabling work transition solely into doing more IT work of course companies will ask 'hey, you're sort of involved with the network, you know what else can you help with?' Right? And so that just slowly transitioned over time into doing more IT work, and then we took on our first managed service customer somewhere around 2014-2015. And you know from there we just haven't really looked back right, so it's been full managed services.

[ 00:03:08 ] We no longer you know assist our customers directly with voice data cabling Pbx work; we subcontract that out or refer partners trusted partners into the mix to help our customers out there. And you're based out of uh I think a Boston suburb, yeah, so we're in Sharon, um, so we're about 40 minutes south of Boston, yeah. And and your client base is it local to that to that region? Most of our clients um have sort of a headquarters I would say around here but we have customers all across the US, yeah, we have customers on the West Coast, customers down the East Coast. But yeah, for the most part they all have a presence here in New England or Massachusetts, yeah. And Sean, what's the typical profile for your for your customer?

[ 00:03:55 ] Are these large enterprises? Are these small medium-sized businesses? Any specific vertical? Yeah, so a typical Sinovac customer is going to be somewhere between 25 to 99 employees. That's the average, right? So there are definitely some below and some above that. But for the most part, 25 to 99 employees, SMBs, servicing businesses, it's all B2B work that we do. We don't tend to work much with B2C. It's mostly a lot of service businesses that we interact with and that we support. We work with companies. All across so life science digital media contracting business services really we run the full full gamut there, what were some of the key challenges you faced in growing your business and what are some of the insights on that you can share about how you overcame that?

[ 00:04:45 ] Yeah, so I think, you know, one of the big things there is just sort of at the beginning, you know, it's sort of you're willing to do anything for a dollar, right, as a new business. Do you need some consulting services? Do you want me to help, you know, implement this system or that system? Do you want a little bit of managed services? Do you want some cybersecurity services? It's just, there's just too many things that you could be doing, firewalls and networks. And, you know, really, there's, you can really, this is an industry where there's just so much. Having a state standardized approach that you're providing for customers. Really makes a lot of sense for both the customer and the organization, and of course, the team who's supporting that and facilitating that whole life cycle, right?

[ 00:05:29 ] So there are some MSPs out there that focus on, you know, just co-managed and cybersecurity, right? So their core focus is not necessarily help desk. It's more so backend cybersecurity, SOC, NOC operations, maybe VCIO services. There are some MSPs that are sort of tech help desks, you know, sort of. of centric, right? And so they're providing help desk services. That's really their core focus. They might not be doing as much in terms of cybersecurity, best practice alignment, automation. And so, for us, it's a standard approach of everything that we feel a small business needs from a support you know help desk support, VCIO, security alignment, best practice alignment, digital transformation-it's just really trying to provide a fully inclusive service for companies that don't necessarily have you know the person in the organization that they can trust to make the right decisions and sort of advise them on best practices.

[ 00:06:27 ] And what they need to be doing cybersecurity has become such a top priority for businesses today. How does Cinevate approach cybersecurity for its clients? Yeah, so I think for us, the big thing is taking a standardized approach. Again, talking to standardization and operational maturity. So when we bring on a company to work with us, right? So one of the first things that we do is align their core systems with our set of standards. So we might have 30 or so. Key items that we feel are sort of non-negotiable items when it comes to security, cybersecurity best practices, and so these are things like having endpoint detection and response; these are things like preventing local administrators on machines and making sure that there's a monitoring platform in place, like SIM SOC, for your Office 365 authentication; making sure that you have conditional access policies in place; making sure that you're blocking you know users from installing potential rogue applications, whether those are on the workstations or more importantly, in the Microsoft Cloud environment.

[ 00:07:32 ] For us, it's very straightforward. We've built a set framework around what our customers need to be compliant in terms of our best practice standards and really foundational high-level items. Then from there, we break out. If a customer needs to be HIPAA compliant, we'll go ahead and implement the set of controls that need to be HIPAA compliant. If they need to align with ITAR or SOC or ISO, those are different types of controls. I wonder whether even for MSPs, this is going to become a challenge because there's going to be, I think, a decent amount of regulation coming down the pipe in terms of cybersecurity. And I wonder whether every MSP that's in the market right now has the wherewithal, the resources, the ability, the energy to keep on top of everything.

[ 00:08:22 ] What is your thought about that? And B, if you had to design a regulatory framework and governing body for cybersecurity, how would you approach it? Okay, great. Great questions. So yeah, I do think a lot of MSPs out there are realizing that there's a lot to keep up with for sure when it comes to compliance and best practices. And so a good item to talk about here is like, for example, the customers need to know that they're in line with best practices and want to hear about this. And I think what qualifies an MSP in order to be able to help them with that. It's not just necessarily having like a sort of Vcio

[ 00:09:00 ] and we talk about quarterly business reviews and business meetings and sort of the virtual CIO has been around for a very long time but the question is not so much what you're calling it but what you're actually doing during those VCIO meetings, and so we have a team member who's really dedicated to security and best practice alignment he has a CISSP and he's a VCIO but he's really more of a VC And so organizations need to have that role in the company. If they want to align with best practices, they want to prevent cyber incidents, they want to run a good operation, they need to have a sort of CISO or VCISO, right? So, okay, does it make sense for a company that's 25 to 99 employees to have a CISO?

[ 00:09:48 ] Probably not. Does it make sense even for a company that has 150-ish employees to have that role? Maybe not, right? So that's where we come in and provide that as sort of a fractional service, right? And so-The MSPs that are providing that service, I think, are the MSPs that are sort of on the forefront of, you know, what we have coming up next year and following, really staying ahead of the curve, making sure that they're talking about the right things during those meetings. Okay. And then from a regulatory, from a policy standpoint, if you take a step back, get your MSP hat off, put a government hat on, how do you think we should go about approaching this space?

[ 00:10:30 ] I think we've, the standards that I sort of talked about, you know, a few minutes ago about that we implement when we bring on a customer, that's sort of my answer, I guess, to your question here about, you know, what are the frameworks that if I had to build one, what would we build? I would say we kind of have already built a little bit of a best practice framework and we've taken components out of the NIST framework and we've taken components out of the CIS framework and we've sort of blended them together. Conversations with cybersecurity insurance providers where they are saying we are willing to provide insurance, but here are the standards that these guys need to meet for us to be able to provide this insurance.

[ 00:11:15 ] Yes, so we get requests from customers all the time. One of the biggest, most important items that we talk about in this sort of list of standards is: 'Do you have cyber insurance?' What does it cover? What is the renewal period? Send us a copy of the application if it's a customer that we just started working with-we want and the renewal isn't for 10 months, you know we still want to see the application that they completed because we want to make sure that the right controls are in place to align with that so cyber insurance is a very important component of this. I do think that we're sort of We're due for a little bit of an industry disruption when it comes to cyber insurance.

[ 00:11:52 ] There are some companies out there that are doing some different creative things where they're monitoring, you know, some of the access that the MSP has. And then they're sort of taking that in order to provide cyber warranties on top of the cyber insurance. You have companies that are providing, you know, the actual cyber insurance and underwriting the cyber insurance. And monitoring the system, so there's just there's a lot happening in that space, and I think the common trend, the pattern is, just cyber insurance keeps going up. A concern for MSPs in the same space has been, listen, am I covered for liability right against anything that happens to the business, to the business that I am serving in my MSA?

[ 00:12:35 ] Have I very clearly laid out what I am responsible for and not and what I'm not responsible for, and is that lined up with the insurance that I have on my side, my coverage, you know? Have you crossed that hurdle on your side? And if so, then how? Yeah, so we have. And I think that's a great point to bring up for other MSPs that are listening. And I think it's very important because you need to have the right agreements in place for a variety of reasons. But we crossed this bridge many years ago with having an MSA, of course. We've had the agreements over the years, multi-page agreements. We really wanted to try to simplify that and create sort of an online published. In concrete, this is our MSA.

[ 00:13:21 ] And so when you agree to work with us, this is the MSA, this is what it covers, and this is what it states. But we have a sort of complimentary statement of services document, which provides a little bit more clarity into each individual service and talks a little bit about that. So the Master Service Agreement (MSA) doesn't really change and it hasn't changed in many years, but the Statement of Services might change and we might add services and remove services. And a good example of that is, you know, like Microsoft, right? So we provide Microsoft; we include it for all of our customers as part of our all-inclusive service offering. But of course, we're not necessarily responsible for Microsoft's terms of service. The customer needs to comply with the Microsoft terms of service.

[ 00:14:06 ] So we incorporate that in the Statement of Services. If anybody is listening and would like to hear more about it. Um, definitely feel free to reach out; I can put you in touch with some folks that can help with the agreements. There are some really well-respected industry attorneys that this is this is all they focus on, and um, you know we've worked with some over the years to really help us there. Like I want to think about sales and marketing and net new logo acquisition. Um, where are you? I mean for a lot of MSPs, this is such a big nut to crack. Um, they initially get some clients because of their friends and families, then they get some referrals; And then frankly, they have a hard time moving past that standardized lead generation funnel that produces growth for them.

[ 00:14:50 ] What has worked for you, and what are you doing around that whole area currently? Yeah, so it's definitely a hot topic for discussion, for sure. It's something that comes up a lot in our peer group meetings. And so, I've been in a peer group for several years now. Having access to other you know folks in in the industry makes a lot of sense here when it comes to having these discussions around bringing on new customers and everything that goes along with it, right. But there isn't really a secret sauce here in terms of bringing on new business; there's just so many different avenues, right? So for us, what we found is that no matter what we've done, referrals have always been the best, but it's not just referrals from customers; it's referrals from centers of influence, right?

[ 00:15:38 ] So companies that are out there that you know maybe for us, maybe it's a software company, right? Maybe it's a an accountant that's selling QuickBooks solutions for their customers and they need somewhere to host it and so they need a secure system and a secure network, and he's telling them, 'Hey, you do you have a good IT company?' Oh well, I have somebody that you know comes in every once in a while and they fix their problems, well that's not proactive. What are your growth plans for the next three to five years, organic, inorganic? How is Cinebate going to grow itself? Yeah, so Cinebate is continuing to build our sales team here for just reaching out and extending our network and looking to bring on new business, of course.

[ 00:16:23 ] But every MSP out there understands that can be challenging. It takes time to bring on new customers. These are companies that tend to work with us for a very long time on average five years or longer and so it takes a long time to to bring on those those new customers those new logos. So, for us, we're continuing to do that. And you know we've had a very good last couple of years, but more importantly for us, the big strategy is going to be basically looking to do some acquisitions of similar and similarly sized and smaller companies to Sinovate. And so that will help us really fast track our growth, create opportunities for the customers, provide them with a much more holistic service offering, and create opportunities for the employees.

[ 00:17:11 ] MSPs that are out there anywhere from two to say 99 employees, really just the full gamut there. Definitely feel free to reach out. We're looking to connect with companies, with MSPs in the New England area, for the most part. So anyone that's here in the Northeast, in Massachusetts, New Hampshire, up North, down into New York, Connecticut, definitely looking to talk with other MSPs that maybe a lot of the things that I've talked about today resonate with. I think that's the biggest thing, right? If you listen to this podcast and a lot of these things resonate like automation and process, we definitely want to talk operational maturity. It’s definitely something that is worth a

[ 00:17:52 ] discussion; I’ll be honest, I’ve heard a lot of people – arguably, the bigger guys – um, talk about the perils of doing buyouts on acquisitions because it takes a lot of time and energy and resources for an MSB to bring on another MSB and integrate them into the organization, and there’s almost an appearance when it gets worse before it gets better, and sometimes people just get stuck in that worse situation before I never get better. Sean, have you thought about that and do you worry about that? Yeah, so it's definitely – it can be a point of concern, but I think the most important item is communication. So we've got. customers

[ 00:18:32 ] we have one customer that comes to mind that has been doing these bolt-on acquisitions for for years and we've had these discussions with them and it's funny because they talk about this as well and really the big thing is just communicating this at the beginning making sure the team understands look things might get a little confusing for a short period of time but here's what we're doing here's why we're doing it here's what it here's what the light is at the end of the tunnel and here's why you know we're making this push to push this integration of the PSA or the RMM. What do you think business leaders should be most concerned about looking forward one or two years as far as like threats and cybersecurity are concerned?

[ 00:19:19 ] So I think there's just a whole, everybody thinks business leaders. Might not necessarily understand all of the the small little changes and and what's evolving in the cyber you know threat landscape they hear things in the news they hear from peers and and whatnot but the reality is there's just cons it's constantly evolving right so there's always new threat vectors and in order to stay on top of that, they really need to partner with somebody who understands it and who's spending their days researching this and staying ahead of things. What is a risk you think we're not thinking enough about in this space? Yeah, so to answer the risk. Question I think the biggest risk to MSPs, and in the space, I think we might be talking enough about it, but we might not.

[ 00:20:10 ] It is really just the supply chain, and the influence and impact that the supply chain has on MSPs. Most of us are working with when you look at traditional, you know non-MSP businesses and you talk to business owners like 'How many vendors are you using? How many vendors are you working with to have access into systems and whatnot?' And it's often a very short list. So for MSPs that number is pretty high. Right so we have security vendors and RMM systems and PSA systems and documentation systems and so that's the biggest risk that MSPs face and that we need to stay ahead of, is making sure that we're having those discussions with our vendors. It's okay to ask you know some of These big name vendors, hey what is your what is your security policy?

[ 00:20:57 ] What is your security framework? We need to make sure we should make sure that they're soft compliant or ISO compliant, really high-level items to just give us a little bit more peace of mind um so so that's definitely one thing for sure that that we should be talking about. I have one more question to ask you um so much conversation about AI and how that's going to disrupt the IT world where do you see the future of IT services in this, you know emerging AI world? So it's a great question, I think there's the AI has come to a point where if you wanted to today right now you could probably add an msp

[ 00:21:42 ] or start an msp at an existing msp or starting a new msp you could probably get ai to a point where you have it integrated to answer the phone call log the support ticket provide a very basic you know brief response and you could build ai into your help desk ticketing system and shoot off responses to customers so i mean i guess you know long term there could be some some augmentation there and help for the existing team to help support and facilitate those requests but it sort of removes the customer service element out of the equation and at the end of the day it's the most in my opinion it's really The most important component of the business is that we need to have; we need to maintain that level of customer service and customer focus, and provide that white-glove support.

[ 00:22:27 ] So for us, we're using AI as much as we can in the back end, but not so much on the front end if that makes sense. So we want to use it to you know empower our team-documentation, uh, Anna submitted a ticket because she's having this problem with this system and all that information is in the PSA. But we're using AI to be able to tell the technician, 'Hey, Anna submitted this ticket, but she also submitted the ticket three days ago; this is a repeat ticket.' And also Mary submitted a ticket 10 minutes ago for the same issue, all that information is in our PSA with a couple of clicks here or there, but if we can just get it all in one place and provide like sort of a brief summary, a debrief for the technician, I think that's a practical use of AI, that's a fantastic response, I really like it. Thank you so much thank you so much for your for your time and for your insights and for putting up with all my questions, I really appreciate it, thank you, really appreciate having me on today and I think we had a great discussion, a lot of good points, uh, so yeah, it was great, thank you so much, take care.