The Chris Voss Show - The Chris Voss Show Podcast – Bart McDonough, Founder and Chief Executive Officer at Agio
Episode Date: August 9, 2021Bart McDonough, Founder and Chief Executive Officer at Agio Agio.com...
Transcript
Discussion (0)
You wanted the best. You've got the best podcast, the hottest podcast in the world.
The Chris Voss Show, the preeminent podcast with guests so smart you may experience serious brain bleed.
Get ready, get ready, strap yourself in. Keep your hands, arms and legs inside the vehicle at all times.
Because you're about to go on a monster education roller coaster with your brain.
Now, here's your host, Chris Voss.
Hi, folks.
This is Voss here from thechrisvossshow.com.
The Chris Voss Show.com.
Hey, we're coming to you with another great podcast.
We certainly appreciate you guys tuning in.
Be sure to refer the show to your friends, neighbors, relatives. Ask them,
have you found the light, the wonderment,
the calling of your life? Have you
subscribed to the Chris Voss Show on iTunes?
If not, get
them to join. It's almost
a religion. It's almost like being a family,
only we love you for who you are.
We don't judge you. Anyway, guys, subscribe
to the show, refer the show to your friends and relatives. Go to
youtube.com, 4Chess, Chris Voss.
Hit the bell notification button.
See all the wonderful things we're reading and reviewing on goodreads.com, 4Chess, Chris Voss.
And see all of our groups.
They're like all over the internet.
Anyway, guys, we're going to be talking today with a really brilliant founder and CEO.
He is the founder and CEO of a company called Agio. His name is Bart McDonough, and it's a hybrid managed IT and cybersecurity services provider specializing in the financial services, healthcare, and payments industries.
He has a deep institutional investment in knowledge with more than 20 years of experience working in cybersecurity,
business development, and IT management within the hedge fund industry. His core strengths are assessing, defining, advocating, and driving the adoption of risk management strategies,
controls, and models that have enabled organizations to advance cybersecurity resiliency while successfully complying with evolving regulatory
requirements and behavioral transformations.
Welcome to the show.
How are you, Bart?
I am doing great.
Thanks for having me.
That was a mouthful.
Well done.
Thank you.
Thank you.
I was having to dodge around my camera to read it off the screen.
There's a bit that's going
on there so welcome to the show give us your plug so people can find you on the interweb sir
yeah best way to find me on our company website agio.com a-g-i-o.com and then on my twitter handle
bart mcd b-a-r-t m-c-d cool tell us let's start with you what so what is some of the life history
on you what got you interested or down
this road where you got into this business? Yeah, so I grew up in Oklahoma. I was born in
Arkansas. I thought I was going to go into law for a half second and worked at a law library.
And next thing I was running the computer lab for all the wannabe lawyers. And the same thing
happened in finance. And I started running all the IT systems. And so I love technology.
I've always loved technology.
And so I really just finally decided to lean into it and pursued it through my kind of
20s.
I worked at a very large hedge fund, SAC Capital.
Through that very large, started from being a help desk guy to really architecting a lot
of large systems.
And then in 2010 left because I saw a big need in
specifically the hedge fund space, but other financial services business where they really
needed a very good partner to help them do the good blocking and tackling of IT. And then we
made an acquisition in cyber and kind of the rest is history, but that's the very quick origin story.
There you go. And so you eventually
decided to start your own company? Yep. Yeah. So in 2010, after assessing the market,
I saw this really blue ocean. I think there was a gap between the very small outsource providers,
the mom and pops. I think there was a very large outsource providers. And there wasn't
any of those kind of in between that understood enterprise
technology, understood what it means to scale a business going from 500 to 1,000 people,
500 to 2,000 people, and the technology required to do that. I saw that space. So launched Agio
in January of 2010, and the rest is history. What excites you about this sector of business? You know, I personally love making complex things simpler. And I love helping individuals,
whether that's training them on cybersecurity issues to defeat the bad guys or to help a
business think through their challenges and put together a suite of options to help them grow in a right
way. I think the world right now with all the great new SaaS applications and technology out
there is just like dumping a box of Legos in the floor. And someone who has the right kind of
mindset can take those Legos and build something really great. And that gets me super excited.
That's awesome. And it's a dangerous world, too, with ransomware and all sorts of ransomware is getting really out of hand.
For sure.
Yeah.
They're shutting down pipelines.
One of the things that's happened is in the 2000s, when you think about cyber, there was the win, if you will.
If you were a hacker and you compromised something, it was a little bit of street cred.
There wasn't a lot to really benefit from it. And then over the last, even this is in a two, four, five year
period, the hackers have learned how to really monetize their skills. And then it became a
business. And you're talking about businesses, whether it's from a nation state like North Korea
or real crime organizations in Eastern Europe, you're seeing some of this pop up in the least.
And their main weapon has been ransomware.
And then at the same time, we've had this proliferation of devices, of applications,
of workplace locations. And I think the term perfect storm is a little overused,
but it really is what's happening right now. We've had this monetization and proliferation
of devices and systems, and you're just seeing the results of it now. Yeah, it's really crazy, and it's being really disruptive, and it's interesting that it seems to
be coming from one nation that we can't ever seem to get under control or deal with. It's really a
weird balance. So what kind of integrated IT and cybersecurity services does your company provide?
Yeah, it's a mouthful. The term now is managed IT and managed security.
Historically, it's been outsourced IT and outsourced cyber. We think of it as a service as opposed to paying us per call or paying us per incident or ticket.
That's really an antiquated model.
And really, the industry is still pretty antiquated.
There was a great skit on Saturday Night Live in like the 80s about calling the help desk.
And the guy on the phone in the help desk. And the guy on
the phone in the help desk simply just said reboot and would hang up. And that's how the
industry works today. And we want to turn that on its head and really think about a flat fee model,
a per device model, where we're incented to deliver a great service. The industry is somewhat
perverted in that if a client has more problems, their
provider gets paid more. It just doesn't make any sense. The incentives are all misaligned.
And so we're trying to turn that on its head. So for those listening in the audience,
what's your primary client base or what sort of clients are you seeking for the business or
work really good with you? Yeah. So we right now are really focused on the financial services community,
hedge funds, wealth managers, investment bank, private equity, venture capital. That's our
primary. We also have a really emerging, nice business focused on healthcare, kind of anyone
outside of the large payers, large hospital systems, really. And so one of the things that
we see is that these businesses that are as small as five
people, really up to about 500 are our sweet spot. We have clients up to 1,500, 2,000, where we do
a portion of their IT or cyber, but that kind of, and I know it's a wide range, but really what kind
of the US government defines as a small business, which is pretty much anyone under a thousand
employees. That's really
our sweet spot right now. We do really well in that space. Nice. So about a year and a half,
you guys challenged the traditional mode of technology support right at the beginning of
the pandemic. Tell us about what that is, what that means, what you guys are up to.
Yeah. People talk about AI and we certainly have embraced AI and machine learning. But for me, it was more about
what we want to do is deliver a great experience. We think, like I said, that model of more problems,
more revenue doesn't make any sense. And so we wanted to flip that model around where we use
force multiplier technology, AI, ML, headlines in that, but there's lots of other
DevOps and automation.
But for the people listening, what we're trying to do is really develop a much better experience
with IT.
And what does that look like?
First of all, we don't want you to have to call us.
So we want to be the best help desk you never have to call.
And some of our initial clients, once we've built this new engine, if you will, they
went from calling a help desk an hour and a half a month. These are individual employees in a
business down to now they're only spending 15 minutes, 10 minutes a month dealing with IT
issues. And we've done that by really using predictive technology. So we can predict when
you're going to have problems. We can anticipate when you're going to have requests or needs and get ahead of that and really go proactive instead
of just living in this reactive world. That's really important because you've got to stay
ahead of these things. You can't wait until you get ransomware and all your stuff's gone,
you're locked down. You're like, what do we do now? Do they have ways of backing up this data?
It would seem to me like a lot of hospitals should just back up the data somewhere.
Or are there any ransomware people able to get into that?
Or are they just not backing stuff?
On ransomware in particular, you can back up data.
But if you have all of your systems down, the time it would take to restore all those systems sometimes is weeks, months.
And they simply don't have that time.
And so they end up paying the ransom.
My restores were large.
Yeah.
Or you just rebuild all your workstations.
These things take weeks if you don't have them architected properly.
And a lot don't.
And then some companies are getting sued now by their own employees for exposing their,
you know, social security numbers and other privacy data.
So that's that.
Not only that, you have to pay the ransomware people or whatever you decide to do.
You got your employees suing you now.
So you got it's just hitting you.
There's a lot of risks.
Right.
And so we take a asymmetrical view around this stuff. So I think one of the challenges that firms do is they assess risk as if there's a risk of firewall and phishing and ransomware and DDoS and all these different forms of attack.
And they try to put a thin layer of protection against all of them.
We like to look at a firm and if you have a lot of patient records or you have a lot of financial data, let's put a disproportionate amount of the protection around those assets that would cause you the most pain should something happen to them.
And it sounds rational when I say it to you, but in practice, people just don't do that.
There are asymmetric risks, but there are not asymmetric solutions generally.
And we think that's a mistake and something we're changing.
What's the biggest problems in these companies?
Is it complacency?
Is it just, it's kind of like people are like,
oh, I'll probably never get COVID.
And then I was like, oh.
Yeah, sure.
The COVID example is great.
I haven't fully worked through that metaphor,
but I will tell you, if you ask people,
do you think there are going to be an increase
in cyber attacks over the next 12 months?
Everyone, when we do these surveys, says yes. Oh, yes. And when you ask them what they're doing differently, the answer is
usually blank. So there's a little bit of cognitive dissonance that goes on where they just don't take
action against something they know. There's a little bit like it's going to happen to the other
guy. It's going to happen to the bigger company. It kills me the most when someone says, hey, we don't have anything. No one's targeting us.
No one knows us. That's not the way it works. They're very opportunistic, they being the bad
actors. And so I think people understand the risk theoretically, but they don't
think about it happening in their own backyard. I wonder if some of the assumption was, well, they go off to the big companies like IBM and all that stuff.
And then all of a sudden now you're seeing these little places getting hit.
Not too little, big enough, but hospitals really especially targeted and stuff.
It's really crazy.
You guys won an award recently.
Tell us about that award that you guys won.
Let's see.
It was the most innovative technology firm and best IT managed firm by HFM Technology.
Yeah.
So as I said, we've spent a lot of time in the hedge fund space.
And this particular organization recognized us for, one, delivering great service.
But two, the one I was more proud of was the innovative technology.
We're really changing the way people deliver service in this
space. And the reality is it doesn't matter if we're using a whole bunch of individuals,
if we're using AI, if we're using machine learning, the reality is the experience is great.
No one cares whether Uber or Amazon are using a lot of AI. They are, right? But the reality is
you care about the experience, right? And that's what we're doing in the IT world and cyber world.
And we're using a lot of sophisticated technology.
We have three data scientists on board.
We have some of the best product managers, data engineers.
And these are just roles that aren't typically at an outsourced IT shop.
And we're really delivering great service and turning the industry on its head.
That's really important because I remember, and this is going back 10 or 20 years,
I remember some of the IT departments that we would work with or IT staff that we had,
you were always interrupting their OnlyFans watching,
and they always treated you as they give you that whole, like you said,
have you tried turning it on or turning it off again?
Well, they're eating their sandwich, and you're just like, isn't this your job?
They always treat you like, you're bothering me.
I'm busy.
And so I think it's great that you guys have those sort of resources and you're putting that sort of strategy into it. There's a thing that you
guys are doing in collaboration with Stephen Cohen of 0.72 Hyperscale. Give us a little bit
of information about that because it deals with AI. Yeah. Steve Cohen, the now famous owner of
the New York Mets. I worked at his hedge fund for 10 years, and then they became my largest client. And then about 18 months ago, they became our lead investor. The Hyperscale Fund has this thesis that says
there's a tremendous amount of value to unlock in more traditional human-based organizations.
And as you were describing, the traditional help desk or IT department or outsourcer,
they were certainly, that kind of
business, that market really fit their strategy. They knew us. We were actually providing them
support. They thought we did a great job, but with partnering with them, with an infusion of
their capital and enable us to make investments in AI, in data scientists, in product to really
allow us to scale. And the great thing is with
our business model, we do better financially, economically, when we're more efficient.
What drives efficiency is our clients having less problems. And if you think about it,
that's what clients want. They don't want problems. They want less block, right?
I don't want to hear from the IT guys.
You really don't, right? We want to be the modern Maytag, man.
We're bored because everything we're doing is proactive behind the scenes, and you're not having to reach out to us.
And we think with the right amount of force multiplier technology, AI, ML, automation, we're achieving that.
We're well on it.
We think we're in the early innings, but we're already developing and producing really great results.
And that's because of this partnership we have with Point72 and the Hyperscale Fund.
Can you share any examples of how you're using AI to achieve better results for your clients?
Yeah, for sure. So at the heart of it, and for those that really understand AI, I apologize for oversimplifying, but the heart of it, AI is a model. And what a model does is make predictions, right?
And then if the model is accurate enough, you can automate actions based on those predictions.
And so at a very simple scale, Chris, if you were to email into our environment and had a problem,
your email would go through about seven models.
We would do some natural language processing.
We would try to understand what the issue is,
what your intent is, what your sentiment is,
all for the purpose of routing that to the right person.
And then also enriching that data so that the agent that gets it is prepared to solve it.
And the analogy I like to use is,
we don't just send a cook a recipe,
we send the cook the recipe with all of those ingredients pre the analogy I like to use is, right, we don't just send a cook a recipe, we send the cook the recipe with all those ingredients pre chopped, because how much easier is it to make a meal when all those ingredients are pre chopped for you and all
prepared. And so that's a one way we're using AI to just really speed up the process, make the
experience better for you make the experience a ton better for our agent, right? They're prepared,
they have what they need, super powerful. And then on the more, and that's a basic example,
the more extreme example is we're predicting problems. So we're using AI to predict when you will have a problem next, you or your next, and then being able to proactively go in and solve
that before it's a problem. That's pretty brilliant. I wish there was also
a sediment feature when I call my cable company so that they could be like, he's using the F word.
He's swearing a lot right now because you're going through the 50 things with the cable company.
And we should probably get him to someone now. He sounds angry. I could use that too.
And that's an easy one, right? I'll tell you a more nuanced one we detected recently,
which a client said to us, it's still not working.
And our engine picked that up that said they were really upset.
Because think about it.
We had tried two times to fix something,
and that was their form of frustration.
And then it got escalated immediately.
It got notified to a manager, all these things,
as opposed to waiting until that person got really upset after the fact. We were able to kind of nip that in the
butt early in the process. And again, we want to avoid that, but I'm really proud that we have
something in there that is able to detect that so that we can action it. And then what is your
vision for your company's AI security and IT platform, do you think the traditional model of technology support
needs to be disrupted?
Is this going to be, is AI the thing to disrupt it?
Tell us a little bit more about that, if you would.
Yeah, I think AI is a piece of it.
To answer your question broadly, yes.
I think the entire way IT support,
cyber support is delivered is going to be disruptive.
I think there's a ton of different parallels.
What Uber Lyft did to
point-to-point transportation is a great one. And I think we're going to do something quite similar.
On your point, though, around AI, it's not going to only be an AI-based solution because
I think there's a point where people want and need humans. What we're trying to do is actually
make the area where our humans interact with our human clients the most impactful.
Right. Let robots, let AI go out and gather the data, pre-chop those ingredients so that when we do have that human to human interaction, it's short, it's efficient, and it's really focused on the things that humans do.
And I think that combination is incredibly powerful.
Yes, AI is important, but let's not forget the human element there.
That's really true, too.
Although, I don't know.
I see some people on Facebook that I could really start doing without the human element.
I'm just kidding.
That's right.
Fair point.
But definitely in customer service.
They need more of that in the customer service thing and all the stuff that they're doing over there.
And another question I had for you, what are your clients telling you about the improved service?
Has it helped or changed their business or what are they expected to do?
Yeah, it's interesting.
There's kind of two parts to that answer.
The first part, we kind of retrained them and we're still in the process of doing that because oftentimes they measured us by how many problems we fixed.
And as we started fixing more problems and they had less problems, they thought, well, what are you guys doing?
And it was very perverse.
We had to explain to them, it's really a good thing that we're doing all these things for you behind the scenes and we're preventing.
So we had to change that a little bit.
But the other thing that's happening is we're able to elevate the conversation.
So we're less talking about Joe and Sally's broken Excel and how they, and we're now talking
about where should the business be going in six months?
What are the risks that the business is currently taking?
And things like very simple things like password policies all the way up to cyber insurance
and redundancies and things like that. We're able to
elevate that conversation. And we have these, we call them insight conversations. We give them
insight into their business, how IT is working. So after we retrain them, after we talked about
more of the results, we've been able to really elevate the conversation and we think make our
clients much smarter about their IT environment. You know, I guess that's really important.
It's amazing to me how many people will still,
I guess the weakest point in some organizations are phishing email scams,
people clicking a link thinking it's from something official.
And I guess that is one of the ways they get into the system.
Is that the most popular way that these systems are getting breached?
Yeah, for sure.
Like in a huge percentage, like 97% to three.
Like most people and certainly popular culture movies, TV shows exacerbate the hooded hacker typing at a keyboard.
But the reality is it's a lot easier, right?
You just send an email pretending to be someone, pretending to be something and saying, hey, can I have your password?
So it's a lot easier than pop culture. And the current stats, it's like I said, it's about 97% to three,
very few are those kind of technical hacks. And so one of the things that we like to do is to
remind people the settings they've chosen in the past, because with new information,
new attack surfaces, new attack vectors, they might need to make new decisions.
And so that's something that we like to resurface to them frequently.
I should probably change my password from 1, 2, 3, 4, 5.
It's the same as my luggage.
I think that's the third most popular password right now.
Is it really?
Yeah, password.
I think the movie Spaceballs popularized that password.
I think so, yeah.
That's the same as my luggage.
Exactly.
It's great.
So what's next for your company coming up in the future and what you guys are planning to do?
Yeah, we're continuing to iterate on this.
We're chopping a lot of wood on this.
We think there's a ton more.
As I said, we're in the early innings of this. We use a ton more of this combination of force multiplier technology and really enhancing
the human connection across the entire spectrum.
Like I talked about earlier, there is a massive proliferation of devices and systems.
That's not changing, nor is the rapid increase of bad actors and threats.
So this environment is only getting more complicated.
And so we have to just keep working at it every day
to stay ahead of it.
And at the same time,
making sure that we're delivering
a very good IT experience for our clients.
And I imagine too,
people don't need to realize
it looks like Russia has really turned,
and I think North Korea does a little bit of it
and then maybe China,
but North Korea has really turned this
into an industry for themselves
where they're really just trying to destroy America, I think, at this point with hacking. People really
need to realize it's come up a few levels. Am I assessing that correctly? Yeah, I think I'll leave
the assessment of some of that to the State Department. But what I will say is for North
Korea, it's an income stream for the country. I'm not sure that they aim as high as destroying America as it is to profit off America through crime. But your overall sentiment is absolutely right. You have factions within Russia, you have factions within North Korea, within parts of the Middle East that are very hard to have any kind of repercussions on when they do something. And so there's a lot, even in kind of parts of Northern Africa,
there are regions where there is no consequence and the barrier to entry from a cost standpoint
is extraordinarily low. They need the internet connection and some computers. It's very cheap.
And then they're able to go to town, start and start monetizing. So yeah, it's a real problem
that's not slowing down anytime soon. Yeah, nothing gets done in Russia without Putin's approval, pretty much.
Yeah, it just seems to be getting worse every day.
And you don't even hear about a lot of ransomware stuff because a lot of hospitals or other people don't want to announce it.
But it's definitely crazy.
Anything more that we haven't touched on that we should touch on about your company and what you guys are doing? I think for us, the how that we're doing it gets a lot of attention, the AI and ML.
Unless, while we spend a lot of time on that internally, I think for our clients, they just receive a better experience.
They just spend less time with IT.
They just have, they spend less time proving their own cyber posture.
And that's what I want people to take away away is there is a better way to experience IT.
Yeah, yeah.
You guys have, I think I saw 300 employees,
300 plus employees,
and I think six different offices.
I lost count.
Yeah, it's all fluid now with COVID.
But yeah, we're about 300 employees,
constantly growing and really looking at growing
in more of this data science space.
We think if you're able to prevent a problem, that's a win-win for everyone,
for Agio and our clients. And so that's really where our focus is.
There you go. And that's, do you pretty much serve any countries around the world,
at least ones that are allowed by the State Department?
Yeah, yeah, yeah. So we have what I consider client assets, and that could be hardware or
people really all over the globe.
Most of our clients are based in the U.S., the U.K., but then they have satellite offices all over the world.
In the coming years, we'll start growing a bit more internationally.
That's awesome, man.
That's awesome.
Bart, it's been wonderful to have you on.
Thank you very much for coming on the show and spending time with us.
Yeah, really appreciate it.
Thank you.
Thank you.
And give us your plug so people can find you on the interwebs, get to know you guys us. Yeah. Really appreciate it. Thank you. Thank you. And give us your plug
so people can find you on the interwebs, get to know you guys more. Sure. Yeah. It's Bart McDonough.
I'm the CEO of agio.com. My Twitter is Bart McD, B-A-R-T-M-C-D. There you go. There you go. Guys,
check him out. Also go to youtube.com, Fortuness Chris Voss for the show to your family's friends
and relatives. Go to all our groups on Facebook, LinkedIn, Twitter, Instagram, TikTok, all those different places you can see us.
Thanks for tuning in, and we'll see you guys next time.