Signed

ITBroker.com

The IT market is built for sellers, not buyers. That's why 80% of tech buyers regret their last major purchase. Deals take longer than they should. Teams get locked into platforms that don't fit, contracts they can't escape, and vendors they wouldn't choose again. The pitches, demos, and analyst reports are built to close deals, not help buyers make the right one. Signed is the podcast for the buyers. Host Max Clark, CEO of ITBroker.com, talks with CIOs, CFOs, operators, and founders who've lived inside real enterprise tech deals — the ones who can explain what actually determined whether the deal worked. Plus weekly Playbooks breaking down the moments that matter most: renewals, M&A, compliance mandates, office moves, budget cuts, and the specific plays that separate buyers who get it right from those who regret it. If you're responsible for choosing, negotiating, or living with the consequences of enterprise technology, this show is for you. New episodes weekly. An ITBroker.com podcast.

  1. 1d ago ·  Video

    Your Developers Already Installed a Black Box Behind Your VPN.

    Anthropic built Claude Code. Anthropic still couldn't stop its own source code from leaking straight into a competing product. If a coding tool is running behind your VPN right now with full access, this conversation names what that's already costing you. Thomas Cooper is AI Product Lead at Expedient, where he works daily with enterprises building AI governance after the fact, once a tool is already live and the CISO's original objection has already been overruled. This episode is what to check before that call happens, starting with why a SOC 2 report that only spans three months doesn't protect you, and ending with the one AI bet CIOs are making right now that they'll likely regret. If you only have ten minutes, start with the SOC 2 check at 35:28. Find the Risk You're Already Dealing With We just sat through another vendor demo claiming their AI is different from everyone else's. How do I actually tell if that's true? → Jump to 09:15We're already juggling five different AI point solutions across departments. Should we be building toward one platform instead? → Jump to 10:54Our AI pilot has been running for months and nobody can point to a number that justifies it. What should we actually be measuring? → Jump to 14:40We're about to connect AI to our SharePoint. What actually breaks first? → Jump to 29:20A vendor sent us their SOC 2 report and it only covers three months. Is that actually a red flag? → Jump to 35:28Our AI tool is pulling from SharePoint and I'm not confident it's respecting who can see what. How does that actually break? → Jump to 39:43If a lawsuit ever needed our team's AI conversations, could opposing counsel actually get them? → Jump to 43:58One of our developers is running a coding tool with full access behind our VPN and nobody vetted it. How exposed are we right now? → Jump to 49:36Half our team is probably pasting company data into personal AI accounts. Is that actually as dangerous as it sounds? → Jump to 53:50We got hit with a surprise bill after our AI agents started running. How do we budget for that so it doesn't happen again? → Jump to 1:06:51What's the AI decision I'm making right now that I'll regret in two years? → Jump to 1:35:20Chapters 01:38 What's actually new in AI, and what's just been relabeled 04:33 Why CEOs stopped letting CISOs say no 09:15 Why every vendor's AI slide means less than it looks like 14:40 Why most AI projects never produce a number anyone can defend 35:28 What to actually check before trusting an AI vendor with your data 43:58 Why your AI conversations may not be privileged in a legal dispute 49:36 Why black box AI shouldn't live behind your firewall 1:06:51 Why AI costs become unpredictable at scale 1:35:20 The AI bet CIOs are making today that they'll regret in two years What We Mentioned Model Context Protocol (MCP)Retrieval-Augmented Generation (RAG)Claude Code, Claude Enterprise, Claude MaxSOC 2 reporting standardsRole-Based Access Control (RBAC)MIT report on AI implementation failure ratesUber's reported AI budget overrunOpen Code, Goose, OpenWorkAbout Thomas Cooper Thomas Cooper is AI Product Lead at Expedient, where he's spent years helping enterprises move AI from pilot to actual production deployment. He's built out Expedient's own agentic AI tooling and works daily with the governance, security, and cost tradeoffs that come with running AI at enterprise scale, not the version of AI that shows up in a vendor slide.  Connect with Tom: LinkedIn | Expedient About Signed Signed is the podcast for buyers in a market built for sellers. Host Max Clark, CEO of ITBroker.com, sits down with CIOs, CFOs, operators, and founders who've lived inside real enterprise tech deals. New episodes weekly. Listen: itbroker.com/podcast Book an intro call: itbroker.com Follow: @itbrokerdotcom Buy tech without regret. Full Transcript Click here to view the episode transcript.

    Your Developers Already Installed a Black Box Behind Your VPN.
  2. Jul 7 ·  Video

    Playbook: The Hidden Bomb in your Contracts

    The clause that matters most in your vendor contract is usually the one everyone skips. It sits there looking harmless until a patent troll shows up. By then you cannot renegotiate it. In 2025, patent trolls filed more than half of all U.S. patent lawsuits. In high tech, it was over 90%. More than half their targets were companies under $25 million in revenue. They are not chasing Apple. They are chasing companies your size, because companies your size settle. The average defense cost runs around $4 million. When a demand lands for $100K, the math does itself - whether or not you did anything wrong. Max Clark walks through the one contract clause that decides whether your vendor fights alongside you or hands you the bill. Questions to Ask Before Signing Your Vendor Contract We just got sued over software we bought and use normally. Why are they coming after us instead of the vendor? → 00:59If someone sues us because of our vendor's product, are they actually required to defend us? → 03:24Our contract says we're protected. How do I know that protection isn't full of loopholes? → 06:30If we're hit with a million-dollar lawsuit, how much is our vendor actually responsible for? → 07:30If our vendor wants to settle the lawsuit, do we have any say in that decision? → 08:11Can we lose our vendor's protection just because we didn't notify them fast enough? → 08:15What are the three contract clauses I should check before signing a vendor agreement? → 04:50 The Playbook 00:00 The Wi-Fi lawsuit that turned buyers into targets 01:45 Why trolls sue the user, not just the maker 03:15 Why smaller companies are the real targets 04:30 The clause most buyers skip on the way to signing 05:51 Defend vs. indemnify: the word that decides who pays 06:45 The combination loophole hiding inside normal use 07:30 When the liability cap makes protection meaningless 08:11 Settlement control, notice windows, and calendar traps Resources MentionedOne-page buyer field guide: the three clauses in plain English, the questions to ask, and what a buyer-friendly version looks like. Free download linked in show notes and on screen during the episode. In re Innovatio IP Ventures (N.D. Ill. MDL 2303) — the Wi-Fi troll case from the episode cold open Unified Patents 2025 Annual Review — source for the NPE filing data cited in the episode About Signed Signed is the podcast for buyers in a market built for sellers. Playbooks are the solo format - 10 to 15 minutes, one trigger, one specific play. New episodes weekly at itbroker.com/podcast. If the trigger in today's Playbook is one you're facing right now, book an intro call at itbroker.com. We help buyers make the right call the first time. Buy tech without regret. Follow: @itbrokerdotcom Full Transcript Click here to view the episode transcript.

    Playbook: The Hidden Bomb in your Contracts
  3. Jun 30 ·  Video

    Your Vendor Got Acquired. Most Customers Realize the Risk Too Late.

    Lumen just announced it's acquiring Alkira. If your network strategy runs through a vendor that just changed hands, or through one that might, this conversation covers what actually happens next. Ali Shakh, CEO of Graphiant, was part of the Viptela founding team when Cisco acquired them. He was in the room for that integration. Prices went up. Not by a little. The customers who got hurt were the ones who had no hedge and no questions ready. This episode is those questions, plus what most enterprise network buyers are paying for right now and why 50-60% savings is a consistent finding, not a pitch. When your vendor gets acquired: six questions to ask before your next renewalYour vendor just got acquired. The press release says it is great news. The account team says nothing will change. These questions come from this conversation with Ali Shakh, CEO of Graphiant, who was part of the Viptela team when Cisco acquired them. He watched what happened to the customers who accepted the first answer and never asked the next one. Answer these based on what you know now, not what you were told at signing. 1. Are prices going up, and do you have that in writing? Verbal reassurance is not a contractual position. Your current agreement may not protect you through the next renewal under new ownership. Get the commitment in writing. If they will not put it in writing, that is your answer. 2. What is the investment plan for this product? Not the roadmap. The roadmap is a sales document. Ask what headcount is assigned, who owns the product line, and whether it competes with something already in the acquirer's portfolio. If there is overlap, one product usually loses priority. It may not disappear immediately, but development slows, key engineers leave, and support degrades before anyone makes an announcement. 3. What does your current contract actually protect you against? Auto-renewal clauses, price escalation terms, termination rights, and SLA remedies were written before the acquisition under a different owner with different incentives. Read the contract again against the new ownership structure. What looked standard before may carry more risk now. 4. What is your hedge if this goes sideways? The worst time to evaluate alternatives is after pricing changes or product direction shifts. By then the vendor knows you are trapped. Run a parallel evaluation while you still have time and leverage. Renewal pressure is not the moment to start learning the market. 5. Could you realistically migrate off this product in 12 months? Not whether you want to. Whether you could. Migration timeline, cost, team capacity, system dependencies. If the honest answer is no, the vendor knows that math better than you do and will price the renewal accordingly. 6. When did you last pull the invoice apart line by line? This is where renewal exposure hides. Unused licenses, oversized capacity, bundled features nobody touches, add-ons that were discounted during the original deal and quietly became permanent spend. Ali's consistent finding after two decades of looking at enterprise network spend: buyers are almost always paying for more than they actually need. If you wait until renewal to find that out, you are negotiating from weakness. If more than two of these do not have a clean answer, that is the exposure talking. The full conversation goes inside what acquisitions look like from the vendor side, how pricing and product investment actually shift, and what IT leaders should be watching before the renewal becomes a forced decision. Chapters 07:00 — Why being acquired by a carrier changes everything for existing customers11:00 — Why the contract is always the real problem, even when the technology works13:00 — The questions to ask when your vendor gets acquired and the signals that tell you what is actually happening16:00 — What happened to Viptela customers when Cisco took over18:30 — How acquirers raise prices without killing the product22:00 — Why infrastructure lock-in is different from any other vendor lock-in01:23:00 — You are buying 200% of what you actually need02:20:00 — The question buyers ask that sounds sharp but gets the wrong answer02:22:00 — How to measure whether your AI mandate is real or just a board conversation What We Mentioned  Graphiant — graphiant.com Viptela (acquired by Cisco) Alkira (acquired by Lumen) HPE / Juniper Networks acquisition Meraki (Cisco) Aruba, Silver Peak (HPE portfolio) Broadcom / VMware Oracle Equinix Proxmox / KVM About the Ali Shaikh Ali Shakh is CEO of Graphiant, a Network as a Service company built around contract flexibility, on-demand capacity, and no vendor lock-in. Before Graphiant, he was part of the founding team at Viptela, one of the companies that defined SD-WAN, through its acquisition by Cisco and the full post-acquisition integration. He has been on both sides of what happens when a vendor gets bought and speaks from inside those conversations, not from the outside looking in.  LinkedIn: https://www.linkedin.com/in/alifshaikh/ Company: https://www.graphiant.com/ About Signed The IT market is built for sellers, not buyers. Signed is the podcast for the buyers. Host Max Clark, CEO of ITBroker.com, sits down with CIOs, CFOs, operators, and founders who’ve lived inside real enterprise tech deals — the ones who can tell you what actually determined whether the deal worked, not what the deck promised. New episodes weekly. An ITBroker.com podcast. Full Transcript Click here to view the episode transcript.

    Your Vendor Got Acquired. Most Customers Realize the Risk Too Late.
  4. Jun 23 ·  Video

    The EDR Was Running. The Ransomware Still Won.

    Dave Chronister has been doing penetration testing and incident response since 2007 — back when Fortune 500 CIOs called it a novel concept. In the years since, he's walked into breached environments where the EDR was running, the MDR was installed, the SOC 2 audit had passed, and none of it mattered. This conversation covers the gap between what companies think they bought and what they actually have why tools become the program by default, why compliance audits and security programs are two different things, what AI is actually doing to enterprise risk profiles right now, and what the organizations that survived a ransomware encryption event had that the ones who didn't were missing. If you're responsible for a security decision, this is the conversation to have before the next one. Is your security program real, or is it just theater? The gap between a real security program and a collection of tools doesn't show up in an audit. It shows up during an incident — when it's too late to fix cheaply. These eight questions come straight out of this conversation with Dave Chronister, founder of Parameter Security. Each one maps to something he's actually walked into. Answer them against what you know to be true right now — not what your vendor told you at signing. 1. Do you know which findings from your last security assessment are still open? Dave has had a Fortune 100 client for four straight years. He pulled the year-one report and the year-four report side by side. Almost identical findings. Tools were bought, renewed, and re-certified the whole time — and the actual exposure never moved. If your remediation list looks the same as it did a few cycles ago, the program isn't the problem. The follow-through is. 2. When did your EDR last fire — and who responded? Not whether it's installed. Whether it's being acted on. In recent insurance data, more than 60% of ransomware encryption events happened at organizations running a leading EDR. Detection without response doesn't stop an attack. If you can't say when it last fired and what happened next, you don't know if your coverage is real. 3. Is your MDR running in active response mode, or monitored mode? These are not the same thing. Monitored means alerts get logged. Active response means someone acts on them. Dave has walked into environments where MDR sat in monitored mode for years while the client believed they had full coverage. Ask your vendor directly which one you're paying for, and get it in writing. 4. What does your SOC 2 certification actually cover — and what does it say nothing about? SOC 2 audits whether your processes are documented and followed. It does not evaluate whether those processes protect you. A company can pass SOC 2 every year and carry the same critical vulnerability the whole time. If SOC 2 is your primary answer to "are we secure," that's the gap. 5. Do you know which AI tools are already running in your environment — and what data they have access to? Shadow AI is already inside most organizations. A tool that entered your environment as a productivity assistant may now have access to email, internal documents, customer records, and approval workflows. If you don't have a current inventory of what's running and what it touches, you don't have an AI policy. You have AI usage. 6. Who actually owns the risk when something goes wrong — IT, the CISO, or the board? IT holds the tools. The CISO advises. The board carries the fiduciary responsibility. Dave's seen the scapegoating pattern up close: a CISO with no real authority gets blamed for a decision the board never seriously evaluated. If your C-suite treats security as an IT line item, nobody with budget authority is actually deciding what risk is acceptable. 7. Have you defined what a win looks like before your next renewal? Most companies don't know what "fixed" means before they buy. They implement, assume it worked, and move on. What specific risk reduction is this renewal supposed to buy, and how will you know if you got it? Walking into a renewal without that answer means negotiating blind. 8. What is your responsibility in this — specifically, in your seat? This is the question Dave wishes every client asked before the engagement even starts. Not "what's the vendor's responsibility" or "what's IT's responsibility" — yours. Most people outsource the answer to a vendor or a department and never come back to it. If you can't state your own responsibility precisely, that's the gap an incident will find for you. If two or more of these stung, that's the program talking, not the tools. Tools get bought in response to a checklist or a renewal deadline. Programs get built in response to a defined risk. The full conversation goes deep on where that gap actually comes from and what it costs the companies that don't close it. Chapters 00:00 — Why security awareness campaigns don't change buyer behavior08:14 — Theater clients versus clients who actually want help14:00 — What the pen test findings look like four years later19:30 — Why tools become the security program by default26:35 — What SOC 2 actually audits and what it ignores entirely37:20 — Why 60% of ransomware victims had a leading EDR installed44:50 — MDR in monitored mode versus active response — and why it matters52:00 — The real risk of AI inside your organization1:01:00 — Why the vendor selling the control shouldn't validate it1:09:00 — Who actually owns the risk when something goes wrong1:45:00 — The one question Dave wishes every company asked before buying anything What We Mentioned NIST Cybersecurity Framework (CSF) — nist.gov/cyberframeworkNIST 800 series — csrc.nist.govNIST AI Risk Management Framework — nist.gov/system/files/documents/2023/01/26/AIREF1.0.pdfSOC 2 / AICPA — aicpa-cima.comCMMC — dodcmmc.usPCI DSS — pcisecuritystandards.orgHIPAA / HITECHQualys — qualys.comTenable — tenable.comMicrosoft E5 / E7 security stack — microsoft.comYubiKey — yubico.comParameter Security — parametersecurity.comAbout Dave Chronister Dave Chronister is the founder of Parameter Security. He started doing penetration testing in 2007 when most companies hadn't heard the term and has spent nearly 20 years walking into environments after the breach to find the things the audit missed. He's unusually direct about what tools actually do and what they don't, and he's seen every version of the gap between what companies think they bought and what they actually have. LinkedIn: https://www.linkedin.com/in/davechronisterCompany: https://www.parametersecurity.com   About Signed The IT market is built for sellers, not buyers. Signed is the podcast for the buyers. Host Max Clark, CEO of ITBroker.com, sits down with CIOs, CFOs, operators, and founders who’ve lived inside real enterprise tech deals — the ones who can tell you what actually determined whether the deal worked, not what the deck promised. New episodes weekly. An ITBroker.com podcast. Full Transcript Click here to view...

    The EDR Was Running. The Ransomware Still Won.
  5. Jun 16 ·  Video

    Playbook: AI Layoffs

    You've read the post. A CEO goes on LinkedIn. Hard decision. I own this. Because of AI, we'll come out leaner, faster, stronger. Max Clark has written one of these. He's also been on the receiving end of one. In this Playbook, he breaks down what that post actually says — and what it's designed to leave out. Not to indict the people who write them, but to hand you  one question: whenever a company or a vendor tells you why they're doing something, who was that explanation written for? It's the same question whether you're reading a layoff announcement or a renewal proposal. You're about to start asking it everywhere. What This Episode Answers How do I tell whether "AI" is the real reason behind a decision?Why do so many strategic announcements sound exactly the same?What other decisions get announced one way but are really doing something else?How does this apply to vendor decisions — pricing changes, AI upgrades, licensing restructures?What's the one question to ask before accepting any explanation? What We Get Into 00:00 — The post you've read a hundred times01:10 — Why the four-part format is worth taking apart03:30 — Why headcount is always the first thing cut04:15 — Why "AI" works as an explanation — and when it's actually true05:47 — RTO, unlimited PTO, keep your laptop — same move, different wrapper08:00 — What to do if you're on the receiving end09:20 — The one question that changes how you read any explanation10:20 — Why this is the same skill as reading a vendor pitch Related ReadingLayoff Announcements and Vendor Price Increases Are Built the Same Way. Here's How to Read Both. The Vendor's Policy Change Is Solving Their Problem, Not Yours About Signed Signed is the podcast for buyers in a market built for sellers. Playbooks are the solo format - 10 to 15 minutes, one trigger, one specific play. New episodes weekly at itbroker.com/podcast. If the trigger in today's Playbook is one you're facing right now, book an intro call at itbroker.com. We help buyers make the right call the first time. Buy tech without regret. Follow: @itbrokerdotcom Full Transcript Click here to view the episode transcript.

    Playbook: AI Layoffs
  6. Jun 9 ·  Video

    AI Agents Are Already Inside Your Company. Nobody’s Watching Them.

    You bought the platform. You renewed the contract. And 80% of your breach risk is coming from the one thing the platform wasn't built to catch. Craig Patterson spent years inside the channel ecosystem that sits between what security vendors ship and what enterprise buyers actually receive — and he's unusually direct about where those two things don't match. In this conversation: the Microsoft "free SIEM" that isn't free once you turn it on, the insider threat blind spot baked into nearly every consolidated platform, and the AI agent problem your security team is about to inherit whether they're ready or not. If your renewal is coming up and your confidence in your coverage hasn't kept pace with your spend — this is the episode. One of these is probably on your roadmap right now. You already pay for Microsoft E5. Why did turning on Sentinel increase your security bill? The "free SIEM" pitch ends at the demo. The bill arrives after you turn it on → Your EDR, MFA, and SIEM are working exactly as designed. So why do credential-based breaches still succeed? The attacker didn't break in. They logged in → Your AI agents now have credentials, permissions, and access to business systems. Are they being monitored like employees? Most organizations have governance for people. Almost none have governance for AI identities →  Every security vendor has AI in the deck. Which ones can prove it works outside the demo? Most can't answer it. That's the answer →WHAT WE GET INTO 10:30 — What you stop seeing when you consolidate security vendors 18:30 — How to prove security value without relying on tool counts 22:00 — The breach vector responsible for most incidents 29:00 — The four types of insider threats 34:00 — Why AI agents should be treated like insiders 38:00 — Finance bot #7 just accessed source code. Would you know? 43:00 — How AI reduces alert investigations from 60 minutes to 5 47:00 — The one question that exposes AI marketing hype 51:00 — Why every organization still needs a SIEM 53:00 — The CFO conversation: justifying security spend 01:08:00 — Why leading with cost savings is the wrong security strategy WHAT WE MENTIONED ExaBeam — exabeam.comLogRhythm (merged with ExaBeam, 2024)MITRE ATT&CK Framework — the attacker playbook ExaBeam's Outcomes Navigator maps againstExaBeam Outcomes Navigator — security posture measurement mapped to MITRE frameworkExaBeam Nova — AI engine for SOC analysts; reduces alert correlation from 60 minutes to 5ExaBeam UEBA — User and Entity Behavior AnalyticsExaBeam Agent Behavior Analytics (ABA) — behavior profiling for AI agents deployed inside your organizationSherpa — ExaBeam's AI-powered partner enablement and virtual coaching toolMicrosoft E5 / Defender / Sentinel stackEquifax breach — Craig's reference point for catastrophic data exfiltration: ~$600–700M in damageABOUT CRAIG PATTERSON Craig Patterson is the Global Ecosystem Chief at ExaBeam, where he rebuilt the company's entire partner ecosystem following the ExaBeam/LogRhythm merger — unifying two different channel programs across 3,000 partners and six continents.  Before ExaBeam, Craig built and led channel organizations at multiple enterprise security companies. He's worth listening to because he sits at the intersection of what security vendors are building and what enterprise buyers are actually receiving — and he's unusually honest about where those two things don't match. LinkedIn:https://www.linkedin.com/in/globalchannelCompany: exabeam.comABOUT SIGNEDThe IT market is built for sellers, not buyers. Signed is the podcast for the buyers. Host Max Clark, CEO of ITBroker.com, sits down with CIOs, CFOs, operators, and founders who’ve lived inside real enterprise tech deals — the ones who can tell you what actually determined whether the deal worked, not what the deck promised. New episodes weekly. An ITBroker.com podcast. Full Transcript Click here to view the episode transcript.

    AI Agents Are Already Inside Your Company. Nobody’s Watching Them.
  7. Jun 2 ·  Video

    You Bought the Stack. You're Using Half of It.

    The average enterprise uses 44% of the Microsoft stack they're paying for. Denis O'Shea knows because he's measured it — the same 120-point assessment, hundreds of organizations, the number doesn't move. The other 56% is licensed and sitting idle while the same teams buy third-party tools to fill gaps that 365 already covers. Denis is the founder of Mobile Mentor and has managed 14.5 million enterprise devices across healthcare and financial services. He's seen what the stack looks like from the inside — the sprawl, the overlap, the security tools that got purchased because insurance required it. Never properly deployed. In this episode, Max and Denis work through the utilization problem, what it actually takes to go passwordless when your legacy apps will fight you, what the Digital Markets Act opened up in your mobile attack surface, and why the best security your employees will ever experience is the kind they never notice. If you're signing off on a Microsoft renewal in the next 90 days, or your security stack has grown every year and your confidence in it hasn't — this is the episode. Find your situation. Skip to the answer.  We've been trying to go passwordless for two years and it keeps dying with leadership. What's the actual unlock? → 1:14:00 My IT team can't move on anything strategic because they're buried in maintenance. What specifically should we eliminate first? → 1:12:00 Are we buying tools we already own without realizing it? → 49:45 Why do we have 50+ security tools and still struggle to see what's happening in our environment? → 50:00 We're still relying on legacy Microsoft infrastructure. What is quietly becoming tomorrow's security risk? → 1:21:00In this conversation:00:01 — Why you're paying for technology your employees aren't using08:00 — BYOD vs. corporate-owned: where companies actually get into trouble14:00 — What the Digital Markets Act broke in your mobile security model20:00 — Why mobile threat defense is now a requirement, not an option28:00 — The ROI problem: how to justify security spend that has no obvious return33:00 — AI in the wrong hands: what unmanaged devices look like in 202641:00 — Why the MDM market is disappearing — and what replaces it46:00 — The DIY trap: why deploying Intune yourself costs more than you think50:00 — You're using 44% of your Microsoft stack — and buying tools to cover the rest51:00 — 52 security tools, mostly siloed: how enterprises accumulated the wrong defenses55:00 — The manual IT problem: two hours per device, every device, still happening01:12 — Three things to remove from your IT team's plate this year01:14 — Why going passwordless is a board decision, not an IT project01:16 — How to explain passwordless to a non-technical leader without acronyms01:21 — AI-enabled attacks and why your on-prem infrastructure can't keep up01:23 — Set your own end-of-life date before Microsoft sets it for you01:27 — How to sell security investment to a board that doesn't want to hear about it01:29 — Invisible security: what good looks like when it's working What We Mentioned: Mobile Mentor — mobilementor.comMicrosoft IntuneMicrosoft Entra / Entra SuiteMicrosoft DefenderMicrosoft SentinelMicrosoft PurviewMicrosoft 365 (E3, E5, E7)Microsoft Agent 365Windows AutopilotActive Directory (AD)SCCM (System Center Configuration Manager)JamfSOTI / Workspace One / Omnissa / AirWatchLookout, Zimperium, Wander (mobile threat defense vendors)Digital Markets Act (DMA)BYOD (Bring Your Own Device)COPE (Corporate Owned, Personally Enabled)MDM / UEM / MTD (Mobile Device Management / Unified Endpoint Management / Mobile Threat Defense)EDR (Endpoint Detection and Response)Zero-touch provisioningHot patching (Windows updates without restart)ServiceNowWindows 10 end-of-life (October 14, 2025)About Denis O'Shea Denis O'Shea is the founder and CEO of Mobile Mentor, a Microsoft-specialized managed services provider that has enabled 14.5 million devices across enterprise clients in healthcare, financial services, and beyond. He spent 15 years at Nokia running operations across seven countries before building a company around a problem he kept seeing: organizations paying for technology they couldn't fully use. He has served on Microsoft's Intune product advisory board and has spent the last decade helping enterprises close the gap between what they bought and what's actually protecting them. LinkedIn: https://www.linkedin.com/in/denisosheamobilementorMobile Mentor: mobilementor.comAbout the Show Signed is the podcast for buyers in a market built for sellers. Host Max Clark, CEO of ITBroker.com, sits down with CIOs, CFOs, operators, and founders who've lived inside real enterprise tech deals. New episodes weekly at itbroker.com/podcast. If you're in the middle of a real tech decision and want someone in your corner, book an intro call at itbroker.com. Buy tech without regret. Follow: @itbrokerdotcom Full Transcript Click here to view the episode transcript.

    You Bought the Stack. You're Using Half of It.
  8. May 26 ·  Video

    Playbook: MSPs

    MSPs sell their book. The vendors they're authorized on. The platforms they're certified on. The products they have margin on. The infrastructure they're about to recommend for your business is shaped by all of that before you walk in the room. This Playbook covers what that actually means for you: how to size the right MSP for your company, what security capabilities a small MSP genuinely cannot deliver regardless of what they tell you, why outsourcing IT decision-making to someone with a vested interest is one of the most expensive mistakes a growing company makes — and the one rule that keeps you from getting locked into the wrong stack for the next three years. You should be leading the MSP. Not the other way around. The Playbook00:00 — The danger of outsourcing IT decisions to someone selling their book00:45 — Why MSPs sell their book — and why that's the reality, not a criticism02:00 — Deal registration: how your project gets locked in before you've decided02:34 — Size mismatch: why a $100K project won't get attention from a large VAR03:30 — The security capability gap: what sub-50-person MSPs can't actually deliver04:47 — Platform-on-platform: the tools MSPs resell vs. real capability05:40 — Truck rolls, multi-site support, and what to ask before you sign06:10 — Rip and replace: the cost of getting it wrong while under contract07:00 — The play: define your infrastructure needs first, then find the MSP that fits Resources Mentioned Intune (Microsoft) — endpoint management platformDefender (Microsoft) — security platform frequently configured by MSPs About the ShowSigned is the podcast for buyers in a market built for sellers. Playbooks are the solo format — 10 to 15 minutes, one trigger, one specific play. New episodes weekly at itbroker.com/podcast. If the trigger in today's Playbook is one you're facing right now, book an intro call at itbroker.com. We help buyers make the right call the first time. Buy tech without regret. Follow: @itbrokerdotcom  Full Transcript Click here to view the episode transcript.

    Playbook: MSPs

Ratings & Reviews

5
out of 5
4 Ratings

About

The IT market is built for sellers, not buyers. That's why 80% of tech buyers regret their last major purchase. Deals take longer than they should. Teams get locked into platforms that don't fit, contracts they can't escape, and vendors they wouldn't choose again. The pitches, demos, and analyst reports are built to close deals, not help buyers make the right one. Signed is the podcast for the buyers. Host Max Clark, CEO of ITBroker.com, talks with CIOs, CFOs, operators, and founders who've lived inside real enterprise tech deals — the ones who can explain what actually determined whether the deal worked. Plus weekly Playbooks breaking down the moments that matter most: renewals, M&A, compliance mandates, office moves, budget cuts, and the specific plays that separate buyers who get it right from those who regret it. If you're responsible for choosing, negotiating, or living with the consequences of enterprise technology, this show is for you. New episodes weekly. An ITBroker.com podcast.