The Dosal family name is synonymous with entrepreneurship in the IT services market. The journey started around 1980 with Compuquip Technologies, a Florida-based VAR launched by Alberto & Lourdes Dosal. More than two decades later, sons Eric and Brian Dosal built and sold off the company's lucrative MSP arm in 2012. The story continues with BrightGauge, which runs a successful business intelligence platform for more than 1,300 MSPs.
But the entrepreneurial efforts don't end there.
Turns out, the Dosals retained ownership of the classic Compuquip VAR practice. And now, they're rebranding it as Compuquip Cybersecurity. But this is more than a rebranding story. Indeed, the VAR is becoming a managed security services provider (MSSP) -- with a long-term plan that apparently stretches out to 2025.
While Brian Dosal now runs BrightGauge as CEO, brother Eric has shifted his full-time focus to building out Compuquip Cybersecurity.
Chatter about the latest BrightGauge and Compuquip Cybersecurity moves surfaced at IT Nation 2017, a ConnectWise conference hosted this week in Orlando, Fla. The conference, by the way, also generated cybersecurity buzz involving Arctic Wolf Networks, AlienVault, and plenty more.
Eager for more info about the Compuquip Cybersecurity strategy, we checked in with Eric Dosal. The result is this Q&A interview. Take a look...
MSSP Alert: What type of services does Compuquip Cybersecurity offer, what new services will you build?
Eric Dosal: Our main services we offer are Audits & Assessments, Security Architecture Reviews, Designs & Implementations, and Cybersecurity Staff Augmentation. We are getting into more monthly recurring cybersecurity offerings because our customers are thirsty for our team of expert engineers to be more regularly involved in their cybersecurity program. We will be running some pilot program early in 2018 with some new offerings based on the feedback we have heard which include Security Program Strategy, Security Information and Event Management (SIEM), Incident Response & Management, and Identity and Access Management.
MSSP Alert: How are you finding, hiring, training talent?
Dosal: High end talent is difficult to find because there is a shortage of people and such a demand for talent. However we are finding more talent in the lesser experience folks typically in the networking world and training them in the cybersecurity world. Cybersecurity used to be separate from networking but that line is blurring big time. You have to know how the network works if you want to be in this business and with everything moving to the cloud and being virtualized a network engineer with virtualization experience works great.
MSSP Alert: Is this mainly a Florida cybersecurity SMB play, or a national opportunity?
Dosal: Right now we are primarily a Florida Enterprise play, but actively moving down the stack and developing new solutions for the SMB (mostly focused on the "M" part). We are in active discussions about expansions out of Florida into one or two new markets that we hope to announce in Q1/Q2 2018.
MSSP Alert: What VAR services will you maintain, what will you abandon?
Dosal: That's a tough call right now because of the broad spectrum of customers we deal with. Some of our larger enterprise customers with legacy systems will take a while to migrate to newer solutions and we want to be there to support them.
MSSP Alert: Are you building your own SOC, partnering or outsourcing entirely? Or do you see more of a hybrid approach where you lean on a third-party SOC a bit?
Dosal: Right now we are using a hybrid approach to test our hypothesis. Much like we did with our MSP in 2009 and then dove in and built our own hosted infrastructure solution when we proved the model. We are trying several different approaches to see what works best for our customers and our business financially. But we have never been the type to "build it and they will come", that's something my father taught us early.
MSSP Alert: Any other details you want to share?
Dosal: This era of cybersecurity reminds me a lot of the 2004-2007 era in MSP. Back then the tools were too expensive for the smaller players to get into the MSP game, but we jumped in and started testing things. We found a solution that worked for us and converted a full legacy VAR into a true MSP over a five-year window. I think there is opportunity to do a very similar thing now and cybersecurity could not be a hotter market.
Our goal is to triple in size by 2025 and get to $100MM in revenue with a more predictable business model which when you think about the conversion from traditional VAR with a lot of reselling to a more services lead organization it's a big undertaking. I feel like I'm at a well funded startup, with 37 years of history and an established team. We have the reputation in the market, we have a tremendous customer base, and we are adding on to our great team new players that can help with this transition. It won't be easy but it's going to be a lot of fun.