Denis O’Shea is the founder of Mobile Mentor, an MSP helping clients find and maintain the right balance between securing devices, protecting data, and empowering people to be productive. We talk about cybersecurity for a remote workforce, how to go totally password-free, and how to turn your company into a “Category of One” business.
Listen to the podcast here
Define Your Own Category with Denis O’Shea
Our guest is Denis O’Shea the founder of Mobile Mentor and MSP helping clients find and maintain the right balance between securing devices, protecting data and empowering people to be productive. Mobile Mentor has helped over a million clients and has become Microsoft’s Global Partner of the Year in the process. Dennis, welcome to the show.
Thank you, Steve. It’s a pleasure to be on your show. I appreciate it.
Well, it’s going to be great, our conversation. I’ve been looking forward to it. And you have quite an entrepreneurial journey with Mobile Mentor and arriving to the point where you got these awards and helped a million people. How did that come about? How did you come up with this idea of mobile mentor and how did that evolve over the years?
Well, like many business ideas, it came out of a failure. And I used to work for Nokia in Europe and I lost a big sale in Switzerland around 2003. And that was like somebody kicked me up the butt and it forced me to think about what was going on. And what happened was I was trying to sell some technology to the CEO of one of the mobile operators in Europe. And he said, why should I buy this technology from you when our customers are not using the technology we bought last year? And I didn’t have an answer.
And I lost the sale and I went away with my tail between my legs. And it really got me thinking about how do we, not just sell technology, how do we ensure that people use technology, that people actually adopt the technology they purchase and get value from it? And I left Nokia after a 15 year career, I left Nokia and I set up Mobile Mentor to try and answer that question. I tackled the space and smartphones because I could see people are buying these smartphones and they were doing two very simple things with these amazing phones. They were making phone calls and they were sending text messages. And that was it.
People were not configuring email. They were not syncing their calendar. They were not getting music on these devices. They were not browsing the web. They were just doing very basic things. And I thought, wow, we have a huge problem here. This industry is spending billions of dollars every year to try and get smartphones deployed and building all these 3G and 4G networks. And people are fundamentally not using them. I’m gonna dedicate my career to solving that problem and enabling people to get value from these smartphones they’re purchasing so they can become more productive mobile workers. So that was the reason I founded the company.
That’s very interesting. So I just had a conversation today, one of my clients who is providing a subscription service and he basically said the same thing that what’s important is that people use the service and with a subscription-based service, if they don’t use it, they’re gonna cancel the subscription. So it’s kind of a mutual interest that the service, that the client is able to use it, be successful with it. And it’s an incentive to the provider that they constantly upgrade the service, they constantly increase the value, otherwise they’re going to lose a customer.
So it’s an interesting approach. So, okay. So how, so what happened then?
So we, so I set up the business and I managed to convince Nokia to give me some money and also Vodafone, who was the biggest mobile operator in the world. And they gave me some money to do a pilot with 10,000 people. And we set up their smartphones. It was like a one-to-one service. So if you just got your first BlackBerry or back in those days Nokia device, one of my team would come out and sit with you for one hour and get everything working, get your email working, sync it with your calendar, get your music on it, all that stuff. And that was all very difficult back in 2004.
It’s simple now, but back then it was quite hard. But we got everybody set up and we were able to prove that the value of that customer went up. They consumed more data, they made more phone calls. They did more roaming. They sent more messages. So we proved the value of the service. And then we scaled it internationally, took it into Brazil and Australia and China, New Zealand, and we ramped up the business. And we eventually took that service out to a million people. So we empowered a million people to set up their first smartphone and really get going and become productive with a smartphone, become mobile workers.
And that was the first part of the entrepreneurial journey, I guess. And that was all going great until the global financial crisis. And then suddenly it wasn’t going so great. And the business model collapsed, basically. And we had to do a major pivot. And from there, we changed to become a main service provider, helping banks and airlines and government departments manage all their thousands of mobile devices. So by 2008, 2009, everybody was using smartphones. The costs were out of control. Everybody wanted to develop an app, and security concerns were growing.
So we became a managed service provider, but just for mobile technology. And there was a real nice niche in that, and that grew nicely for a few years. And then eventually, we started working with Microsoft, the Microsoft technology, realizing that everybody wants to have their Microsoft 365 applications on every device, your laptop, your desktop, your tablet, your smartphone. And so our market expanded. You know, we went from working with smartphones to working with tablets, to working with laptops and desktops. So now we’ve become a more broad MSP in that we’re a managed service provider for all the devices that people use.
And you’re sitting in your home office and I’m in our company office in the States today, but some days I’m at home and some days I’m traveling, our customers are like us. They’re people who are hybrid workers and they’re using all sorts of devices. Some are personal, some are owned by the company, but we have to be secure on all those devices, not get hacked, not get breached, not get ransomed and still be productive. So that’s where we play.
So that’s very interesting. So, Dennis, you mentioned the term in our pre-conversation, which was endpoint ecosystem. So, what’s an endpoint ecosystem and why is it important?
That’s a language that we made up about a year ago. It didn’t really exist before. And so, when we mentioned to people, they’re like, what is that? What we found is that this space around security is very busy and people are a bit jaded when they read about security and cybersecurity. It’s very easy to just see another email about security and just hit delete. And most security officers in big companies have, I think, 52 different security vendors. So there’s a lot of noise in the market around security, a ton of noise.
And we were trying to figure out a way of explaining what we do as a small company in a big, crowded industry and in a very noisy space. How do we explain what we do? So we decided to come up with a language that put a clear box around our space, and we called it the Endpoint Ecosystem. Now, endpoint is just technical language for a device, right, so your desktop is an endpoint, your tablet, your smartphone, they’re just endpoints. And we think of the endpoint ecosystem as all the stuff that’s on your disk when you’re working at home.
You might have a desktop, you might have a laptop, there might be a tablet, you probably got a personal smartphone, you got a screen you’re connected to, or maybe two screens, you got a Wi-Fi connection, then every device is running an operating system like Windows or Mac OS or iOS, and then you got applications everywhere, and you’re signing in everywhere, so you got all these passwords to deal with. That defines your endpoint ecosystem for you as an individual. And if you look in the window of anybody who works at home and look at the mess that’s on their desk, that’s their personal endpoint ecosystem.
And it’s different for all of us, but we all have a huge security risk right there with all the passwords we have to manage and all the devices. Some of those devices are up to date and secure and patched, some are not. And we’re relying on consumer-grade internet when we’re working from home. And we’re possibly, like in my house, I’m sharing my internet with somebody who’s probably on TikTok and somebody else is on Fortnite and somebody else is on YouTube or Netflix.
And so suddenly the new security perimeter for companies is out there in suburbia. It’s all those home offices, probably with personal devices on the table and a consumer-led internet connection accessing their company’s information. So that’s the harsh reality of the new world as we come out of the pandemic. And we think about health care workers, education workers, government workers, finance workers. That’s the new security perimeter. It’s out in suburbia.
So, can this be even kept secure, this kind of ecosystem, or it’s destined to be unsecure because you’ve got this, what we call, you know, retail grade or whatever, consumer grade, internet, anyone can log into it, perhaps. So that looks like an impossible mission to protect.
It’s more challenging. Like back in the old days, work was very simple in that we drove to an office, we logged into a computer owned by an employer, we worked for the day, we logged out and we went home. It was beautifully simple. So it’s more challenging securing people that have this, you know, very loose perimeter. And what we saw during the pandemic was a 500% increase in cyber crime, 500% increase. And part of it was the fact that, you know, we were more vulnerable, all of us. We were more exposed.
Our devices were perhaps not as up to date and we were on less secure networks. And sadly, the cyber actors came after, you know, healthcare and education and government. What they saw as soft targets and it was really tragic. And so we have been, as a society, we have been under attack and we’re still under attack. And so we have to be really deliberate in how we think about securing this new hybrid workforce and enabling people to work anywhere they want to work and need to work, but still be productive. And not let security get in the way of their productivity. And that’s always the balancing act.
So where is this balance? So how can people not be bogged down with security? I mean, my wife works for a bank and she works from home and the amount of security they have is mind boggling and it’s actually sustainable, where people will not get frustrated with the security and still be secure and still be able to produce?
There is. And using the modern technologies that are available to us through, you know, vendors like Microsoft or the Microsoft 365 tools, if we use those tools, there’s a modern way of doing our security and balancing security and productivity that actually gets the balance quite right. It’s not perfect, but it’s quite right. The old school way of doing security, and I don’t know if this applies to your wife or not, but the old way of thinking about security is there’s lots of passwords, there’s lots of VPNs, there’s a domain, there’s all these restrictions and these security constructs that are imposed on people.
And quite frankly, they were suitable for an old world environment where people were primarily in an office. But they’re very clumsy and clunky when people are primarily working from home. So that doesn’t really work in today’s modern world. And the kind of solutions we’re looking to deploy and encouraging our customers to deploy, a good example is going passwordless. So most knowledge workers today have 100 or so different passwords, right? And it’s a nightmare trying to manage all these passwords. It’s a nightmare because we’re humans, we’re not databases.
We can’t remember a unique, strong, complex password for every application and service we use. So we cheat and we hack and we find ways of coming up with easy passwords and simple patterns and saving them in crazy places. But if we got passwordless and we do away with passwords, that’s actually a much more secure way to operate. And it’s a much better user experience, much better user experience. And it’s cheaper for the organization because you’re not dealing with all the IT support costs of password resets and password management technologies. So that’s a great example of embracing modern tools to do something that simplifies our security, gives us a better experience and better security.
So is it like fingerprint identification, face recognition, how do you go, yeah, pass for free?
Well, have you got an iPhone, Steve?
You do? Well, there’s a good chance you probably already pass for less on your iPhone to a certain extent.
For the most part.
So if you pick it up, it scans your face, it takes about 300,000 readings and it says, oh, this is Steve. There’s no doubt about it, this is Steve, and it logs you into the iOS operating system. That’s step one. So it’s using biometric authentication to recognize you. And then you’ve got a whole bunch of apps on the iPhone that are trusted apps that are produced by Apple or downloaded through the Apple App Store, so they’re vetted. And then a concept called single sign-on will take you from the operating system into those apps. That’s the second part.
And then if you want to access a banking application or something secure, you probably get a code on a six-digit code to put into the application. That’s two-factor authentication. So those three things together, biometrics, single sign-on, multi-factor authentication, boom, you’re now passwordless on your iPhone. So then we kind of take that concept and we map that to a laptop. So you sit in front of your laptop, it scans your face, it goes, ah, it’s Dennis. And I can sign into my laptop in the morning and then I can get into all my applications and do all my work.
I haven’t typed a password for about 18 months because all the pieces are connected. You know, the biometrics, the single sign-on, the multi-factor. Now there’s some other things going on in the background, some rules and conditional access to make all that work in a corporate environment. But it’s absolutely doable. And instead of having to manage 100 passwords, you maybe have one master password, which you very rarely have to use because it’s your face.
Love it. So I’d like to switch gears here, Dennis, and let’s talk a little bit about how you built your business. One of the things that you mentioned while we were chatting last week was that you had this concept of defining the category. And, you know, we love this book with the Greg Cleary, Pinnacle. We talk about making a company a category of one in their industry, which will allow them to be dominant and be profitable, highly profitable and sustain their competitive advantage. So what is your definition of defining the category and how did you, I mean, what was your vision of taking mobile mentor into a category defining company and where are you?
I haven’t read your book yet, as you know, but I do have a signed copy on my desk at home. So I’m very excited to read it, but I think we’re on the same track in that we wanted to try to define our category and position ourselves as being a leader in that category. And so we defined it as being the endpoint ecosystem, which basically says, these are all the devices and operating systems and applications and sign-in experience that people deal with on a daily basis. And we’re going to define that. We’re going to do some research.
We’re going to talk about it. We’re going to write about it, help people to understand what’s really going on out there in the frontline of industry and what’s going on in people’s home offices. Because I don’t think there’s a good understanding of what’s going on in that home office space today. And so we’ve done the research. We did a nationwide study in the USA, a thousand people and 500 in Australia to understand the frontline realities of people working at home and where they make compromises on security, what are their priorities, what’s their experience like, the relationship they have with their company through their technology.
So I think we’ve got a good understanding of that now, what’s going on between the employee and the employer through that endpoint ecosystem. And we’re gonna repeat that study every year for the next four years. So we’ll have like a five year longitudinal track of how behaviors are changing, how security is changing, how people’s behaviors and attitudes are changing over time. And what we want to do is share all of that for free with anybody who’s interested. So we’ve built an independent website, for example, called the endpointecosystem.com.
And we bought every domain name you can imagine related to the endpoint ecosystem,.co and.org and.net and all that stuff. And we’ve put all our research on the website available for free. And we’ve sliced it and diced it by industry like finance, healthcare, education. And the idea is that journalists and analysts can go in there, take our research data, write their own story, write their own blog, just use a couple of data points in a story, and we want to make it available to people so it becomes a source of authoritative data about how people work remotely. So that’s what we’re looking to do is make it available so people use it and use that language endpoint ecosystem when they’re talking about the space.
So let’s look at the elements of becoming this category one or category defining company. So what I’m hearing is you came up with, you branded basically this category, you call this the endpoint ecosystem.
You did some proprietary research to basically position yourself as a thought leader in endpoint ecosystems and it allowed you to talk about, you know, how this is a thing, endpoint ecosystem and how it’s helping people and what it does for you. You also, you said you secured a number of different domains because there are other keywords that you kind of wanted to make your own and we call this Mindshare World. So if you can implant the words in the mind of customer, they’re going to identify you as the company that owns these words, and that’s going to put you in a separate universe from the rest of your industry. What else did you do or are you doing to make yourself a category one?
So we’re doing a lot of presentations on this. So sharing the research findings, not doing any hard selling. And by the way, we’re positioning the Endpoint ecosystem, something that’s bigger than us. So we’re one small company inside this Endpoint ecosystem, which is huge, right? But we want to make, we want to create that as an entity that lives its own life. And I’m doing a lot of speaking engagements where I’m going to conferences and getting asked to speak and share the findings employers and leaders understand what it means, and then take the data, in particular about Gen Z, which is super interesting, and using the findings from Gen Z to help predict the future.
Because the better we understand Gen Z today, the better we can predict what the workforce looks like in three years or five years time. And if we continue to study this and do this every year for the next five years, we’re gonna build a really good linear picture of how Gen Z is permeating the workforce, influencing the workforce, and how the workforce is actually adopting to the arrival of Gen Z because they’re different, they’re wired differently. So we’re sharing this through conferences, a podcast tour, and then we’re actually going to start our own podcast series later this year. And it’s going to be called the Endpoint Ecosystem. The endpoint ecosystem and the whole idea is to invite people who are doing a great job with their own endpoint ecosystem to tell their story.The endpoint ecosystem and the whole idea is to invite people who are doing a great job with their own endpoint ecosystem to tell their story. Click To Tweet
So like we already know some companies who are just doing a killer job in the way they have equipped their employees, the way they’ve kind of reduced the barrier of security, but still got really good security, but made their employees fully productive and really unlocked their potential. And the idea is bring them on the podcast and have them tell their story and share what’s working for them. And so this concept of sharing the success in the endpoint ecosystem will be something we’ll keep going for a while and sharing the success.
So your category is basically the company that makes an endpoint ecosystem secure and productive. Is this how you define it?
Yes, well, the way I see it is we help companies who have a remote workforce or a hybrid workforce, we help them get that balance right between their security and their employee experience. So we try and help them not to get hacked or ransomed, which is a big problem in business today, and help them to be able to attract and retain good employees. And that’s another very important part, because the research told us that 71% of Gen Z thinkother organizations are doing a better job with technology than their own company. 71%. They think the grass is greener in other companies. So that’s a huge risk to the employer. If they start putting more pressure on Gen Z in any way, there’s a high risk they will walk because they think the grass is greener. So helping companies get this right and make sure that they’re actually providing a great technological toolset to their employees, but not getting in the way of productivity, that’s the key.
So I have another question about Gen Z’s and also the pandemic, but before we go there, I just want to kind of synthesize a little bit what we have been talking about this category killer company or defining the category so that to help the listeners actually wrap their mind around the concept how they can build their own company to make their own company a category defining company. So in your case, you came up with a concept, the Endpoint ecosystem.
You did research around it and you started communicating it and you positioned yourself in the eyes of your market as the authority on endpoint ecosystems, which is your space that you carved out, which has not been defined in this way by other companies before. Right? You talk about MSPs, you talk about system integrators, and it’s all about, you know, helping companies operate their IT infrastructure, but your approach was not about operating the IT infrastructure, it’s about making employees happy in the situation where they are working from home and not get, you know, avoid their frustrations while also making sure that the company keeps their data secure and the customer’s data secure. So your benefit that you defined is not about operating an infrastructure, it’s about reconciling two opposing forces of security and productivity.Reconcile two opposing forces of security and productivity. Click To Tweet
I like the way you put that. Actually, I might use that language, reconciling two opposing forces, because people don’t often think about security and employee experience in the same sentence. They’re two quite opposing things. But what we’ve realized is that if you’re using modern technology, like the Microsoft 365 suite, you can actually achieve both. You can have your cake and eat it. You can go passwordless. You can have the zero trust network, no VPNs, no domain, no password. That’s this modern, lightweight security environment that enables people to be really productive. And the security is almost invisible. Almost invisible.
Even if you make it invisible, there are always always going to be some websites that will request a password and will not be able to adapt to the face recognition technology, whatever. So people will have some frustrations anyway. And if you can remove all the ones that you control, then you already made the experience much, much better. So, tell me, how did the pandemic shape perception of the workforce about IT security and about the world of work in general, you know, working from home. How did that evolve? And why do you think Gen Z is so critical in this equation?
First, the pandemic changed a lot of things very quickly, and it’s quite hard to almost synthesize all the changes. The first thing was, you know, people had to learn how to work from home because that was a big shift. Then the cyber crime attack that came upon us really made the companies had no choice. They had to put more security upon us to try and protect themselves. Then this crazy global chip shortage was a really interesting one. So in 2020, when we thought we were coming out of the pandemic for the first time and everybody started hiring new employees again, they were hiring these people remotely, people they had never met, working in home offices, and they couldn’t even supply a laptop because there was no laptops available.
And so we’re saying, work from home on your personal laptop, on a consumer-grade internet connection, and access all our company data. So the risks that employers were taking were quite extraordinary. And the other big thing that happened was the power shift. I think about it as a power shift. So employees got so much power, it changed the balance of power between the employee and the employer. And what I mean by that is changing jobs became so easy. It was just a matter of saying, I’m going to take my old laptop and put it in a FedEx bag and ship it off. And I’m going to open another FedEx bag, take out the new laptop, plug it into my same monitors on my desk, connect to my same Wi-Fi. I’m going to sit down in the same seat. I’ve got a new job. It was that easy.
And so we saw this huge liquidity in the workforce that we’d never seen before. People didn’t have to think about commuting and relationships and they’re just, it was so totally different. So there were a bunch of big, big changes that happened in a short space of time. And Gen Z was a really interesting group in our research because they are just, they’ve had a different world experience, they’re wired differently. And the first thing to know about Gen Z is they are the only generation in the workforce that has no recollection of 911. So I bet every one of your listeners, except Gen Z, will be able to remember exactly where they were, who they were with, what they were doing on the day of 9-11, and had a profound impact on us.
And for the next 20 years, we were, we changed because all the security that was imposed on us, you know, airport security, cyber security, homeland security, it was just non-stop. You know, I was a frontal lobe consideration for 20 years security, except Gen Z. They were in nappies when 9-11 happened. They didn’t really understand it at all. They went through life, they got educated, and they came out of the education system during a pandemic and got their first job, probably working remotely. And they haven’t had the experience of working in an office like we did, and going for beers on a Friday or having lunch with different people and having loose relationships with people in other departments outside your own department.
So JZ has had this experience where they look at a screen and they see four or six people they talk to every day, but they don’t have all those loose links with people in other departments across the business. They don’t have the social network that comes with working in a company. And so they’ve just had a very different world experience. And the way that manifests in the workforce is when we ask them about how often do you see a security policy? How often do you see security awareness training? They give us totally different answers to every other generation. They don’t see security. They don’t recall security policies. They don’t recall doing security awareness training. They just, they don’t recognize it.Or acknowledge it.
They take it for granted. And now the companies have to provide it as if it didn’t, you know, as if it was not a barrier. So, they have to provide it in a way so that the Gen Z who takes for granted that security is not a problem, that they actually don’t perceive a problem because they pick up the phone and join someone else overnight and take their job across across the street. So this is this is fascinating that is, I like to ask you, so if listeners would like to explore this whole idea of the endpoint ecosystem and how do you reconcile these opposing forces of security and job experience, basically, and how do they learn about your research, and what you can do for them, where do they go,
You can just go to the endpointecosystem.com. So, e-n-d-p-o-i-n-t, endpointecosystem.com and all the research is there. It’s all free. His name is Mobile Mentor. That’s mobile-mentor.com. And as we said, we’re a managed service provider specializing in helping companies get that balance right between security and productivity.
So definitely check that out and also check out Mobile Mentor’s website, mobile-mentor, to see what a category of one company looks like so that you can think about how you can take your company into a category of one as well. Also read Pinnacle. That’s going to give you also ideas and the process to do that. So that is thanks for coming on the show. I really enjoyed it. And for those of us listening, stay tuned for next week because I’m going to bring another exciting entrepreneur. We will tell you about their management blueprint and how they applied it in their company, thank you.