Sign up to save your podcasts
Or
Share 333: Turn Your IT into Your Growth Engine with Tom Kirkham
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
333: Turn Your IT into Your Growth Engine with Tom Kirkham
https://youtu.be/sUyjA0muVgM
Tom Kirkham, Founder and CEO of Kirkham IronTech, believes business should create value for everyone involved — employees, clients, vendors, and the broader community. After overcoming major personal challenges and rebuilding his perspective on leadership, Tom embraced stakeholder capitalism and built a company culture focused on long-term partnerships, trust, and continuous learning.
In this conversation, Tom shares the IronTech Framework — a practical approach to modern IT management built around three core pillars: Generate ROI and Productivity, Make Cybersecurity Core, and Surround it with a Governance Layer. He explains why businesses should stop treating IT as an expense and instead view it as a strategic investment that improves productivity, protects the company from cyber threats, and aligns technology with leadership goals. Tom also dives into the massive scale of the cybercrime industry, why governance is often the missing piece in cybersecurity, and how proactive IT strategy can dramatically improve business performance.
—
Turn Your IT into Your Growth Engine with Tom Kirkham
Good day. Steve Preda here with the Management Blueprint Podcast, and today’s guest is Tom Kirkham, the Founder and CEO of Kirkham IronTech, where he helps businesses build strong, secure IT foundations, whether fully managed, co-managed, or cybersecurity only. Tom is a keynote speaker on cybersecurity, and he’s the author of two books, Hack the Rich and The Cyber Pandemic. Tom, welcome to the show.
Oh, it’s great to be here, Steve.
Well, great to have you here. And I am curious to dive in, and would like to ask you my favorite question. What is your personal ‘Why’, and how are you manifesting it in Kirkham IronTech?
That’s a great question. So the company’s about twenty-six years old. I went through a lot of personal health problems, and then my wife was real sick, and she ended up passing away—it’s been about eleven years ago now. And I was fortunate enough to put a friend of mine in the company, and he was able to take over while I was dealing with this for a couple of years. And when most of it was done, I took some time off and did a lot of traveling and a lot of thinking and a lot of reading.
And I’m a lifelong reader, a lifelong learner, and I went back through my history of investing techniques, understanding what makes a good company great. If you’ve read Jim Collins, you know what I’m talking about. And so during those times, I was reflecting, studying philosophy, studying biographies of other CEOs like Elon Musk, Steve Jobs, Andy Grove—gosh, the list goes on and on. Whether you like them or hate them, it doesn’t matter, right? There’s always something you can learn. And I came upon and read a lot about stakeholder capitalism. Like Peter Drucker says, “Culture eats strategy for breakfast.” And I understood what that meant, and it was kind of weird.
So when I re-engaged with the company, I identified one of the weaknesses, and I said, “Well, if we need to do marketing in this business—which we have to do in any business—I really need to master marketing.” So I spent a lot of time with marketing gurus, most of them are what I would consider household names these days, and re-engaged with the company to do marketing to establish a great culture around stakeholder capitalism.
In other words, we exist as a for-profit business not just for the shareholders but for everyone—the community, vendors, employees. And I really wanted to be around people I enjoyed being around. I wanted them to enjoy coming into work.
Share on X
Of course, no one’s perfect, but if you pursue perfection, you can achieve excellence. And I think we’ve done a really good job. We have very low turnover. Everyone seems genuinely happy to be there, and it’s really fulfilling. It’s more of a personal feeling because I’ve been a successful investor practically my whole adult life. I started investing in stocks when I was nineteen, and I’m sixty-four now. So I didn’t really need the company. I could have just closed it up or sold it or whatever. But I really wanted to have my own reasons. Those are the things that drive me, and I hope they drive everyone else too.
What resonated with you with this idea of stakeholder capitalism?
It just made sense. The obvious part is with employees—all of that is true. That’s obvious to any good leader or manager, right? As you well know, there’s a difference between leadership and management, and understanding that distinction, and the difference between sales and marketing, and understanding those things. A good example is dealing with vendors. There are all sorts of vendors that supply products and services to us, so we carefully vet these tools and vendors to see if their values align with ours, just like we do with prospects. But especially with vendors, if it’s something new—a new tool that we’re going to invest a lot of time, money, and energy into to make their product or service successful for us and successful for them—we make a commitment to that vendor.
So it’s not about the money or how cheap I can get it. What I want is a good partnership with every stakeholder. And I want to make sure that when I’m dealing with a vendor, if it fails for us, it’s not our fault—it’s their fault, right? Either they oversold the product or they didn’t deliver on the service component. I didn’t want it to be because we failed to do the right training, or didn’t communicate properly, or missed all the other things that are just part of doing business the right way. And that applies to our employees, our local community, and every stakeholder in the company.
Yeah. I like it. So you’re looking for partnership-based relationships where it’s win-win. And yeah, if you want people to stick around, it has to make sense for them too. You can’t exploit your partners forever without consequences. So that makes a lot of sense. So Tom, let me ask you this other question. This podcast is called The Management Blueprint because I’m always looking for frameworks—something practical that helps businesses achieve results. Usually it’s some kind of three-to-five-step process that helps you grow the business, get customers, improve operations, or understand something at a deeper level. So when I ask about your favorite business framework, what comes to mind?
Well, we have a thing we call the IronTech Framework.
Okay.
And it was something that we came up with many years ago and started practicing seven or eight years ago, and it’s a framework. It’s like the NIST Cybersecurity Framework. I looked at NIST and there’s five components to it, and it’s about cybersecurity. And I looked at this and I go, “None of this works without the right policies and procedures in place.” The security training—it’s not enough just to throw it out there and tell all your people to take it. You’ve got to follow up, you’ve got to manage, and coach, and everything like that. And so I started adding this governance component to the way we sold it, presented it, and practiced what we do for our clients day in and day out. Help them develop the policies and procedures for all of the different things, the protocols.
If somebody accidentally fires off a ransomware attack, they need to know they’re not going to be penalized for it. We need to know as soon as possible to stop it. And just little things like that, there’s a lot that really improve the effectiveness of all of these tools and services that we provide to their clients. And unbeknownst to me, NIST, who has the cybersecurity framework, they added governance about three years ago to the other five things. And so that was kind of nice to know that we were exhibiting some thought leadership. And so when we go in, it’s all well and good if you want to put these protections in and these particular products, but we’re a best-of-breed company. Like one of our critical tools that’s required for our clients to put in place, to buy it and use it every single day on every single computer, is what’s known as an EDR. And it’s basically an AI-based super turbo antivirus.
To even call it an antivirus is not doing it justice. So there’s three legs to the IronTech Framework.
We want to make sure that you’re getting a return on your investment in IT, because that’s why you buy it. If you treat IT as an expense, you need to kind of change the way you’re thinking. You want to improve productivity and efficiency.
Share on X
We’re talking to Susie every day. We’re talking to Bill every day. We know that Mary’s out sick and Steve’s on vacation. I mean, when you’re running help desk, stopping attacks, providing training, and all the support we provide along those lines, we get to know their company better than practically any other vendor by far.
So it really helps if our clients treat us as a partner to help them realize their goals and objectives. And when all of that clicks into place, then it makes recommending things easier.
Share on X
Yeah. I love that. So when I had an IT back in the 2000s, I had an IT person who was a contractor, but he was very active in my business, and I always wanted to talk to him and pick his brain. What are the new things out there? How can we make our business more efficient, more effective, more attractive to employees? Cooler. I wanted to be cool. So I wanted everyone to have a PDA in the early 2000s with email on it—a PalmPilot.
And we had multiple screens, and I was looking at, okay, how can we manage data in the cloud and on our server so we don’t have to deal with it in the office? That kind of stuff. And I really thought about it as a great investment because it was much cheaper than hiring people. And if you give people good tools, they’re going to be more motivated and more effective. So I thought it was a no-brainer.
Yes, but there’s still a subset of people that treat IT as an expense. Then there are some companies that tend to put IT under the finance guy because the finance guy usually has a lot of IT experience, but never actually did it as a career or a job, right? And those situations are hard because I need CEO-level or owner-level approval, and I need a direct route to that person.
Yeah, that makes sense. So Tom, tell me, what drives growth in your business?
Yeah. From a growth perspective, for us, number one is maintaining our clients and reducing churn. Number two is—I don’t know if you’re asking about tactics or strategy—but of course we want to get new clients for the right reasons. So we prefer inbound strategies. We don’t cold call people unless we’ve already contacted them in another way, if that’s what you’re asking.
Yeah. I’m asking what the real driver of growth is. I understand that you do marketing and inbound marketing, but what makes people want to have an IT service partner like you?
Well, they understand those three pillars of the IronTech Framework. They may not believe in stakeholder capitalism, but they don’t treat IT as an expense. And they understand—especially after talking to me—the true risk of being hacked. A lot of people don’t understand the size and scale of that industry. It’s a $10 to $12 trillion industry now.
Wow.
If it were a country, it would have the third-largest GDP. The US would be first, China second, and then the hacking industry. It is an industry that hacks at scale. So when these companies—maybe a small 10-person accounting firm in North Dakota in the middle of nowhere—get these ransomware emails and someone tries to hack them, and we alert on it and trap it, and nothing goes wrong, everything’s fine… If they don’t already understand it, they go, “Well, why are they trying to hack me?” And I say, “You don’t understand. That email was one of 100,000 emails that got blasted out. They don’t know who you are, nor do they care who you are.” They’re playing a numbers game. And it’s kind of like marketing. They’re looking at conversion numbers.
Yeah.
Let’s say it’s 100,000 emails. They got a list of all the certified public accountants in 10 different states. They set up the email, they send it all out, and let’s say 1% become victims. And let’s say they collect an average of $10,000 per victim. Well, that’s a multi-million dollar payday for about a week or two of work. And then they rinse and repeat. It’s done at scale, and it’s a much bigger industry than that. That’s just a taste of it. Some of our clients are targeted. In other words, hackers are investing time, money, and energy specifically into that company. We’re one of them. Any law firm that does intellectual property law—especially around patents, manufacturing, and things like that—you’ve got China and other nation states not only trying to get into your client, but you’re also a threat vector. You’re a way to get into that client’s patents and secrets.
So we’ve got to treat that differently. It’s not just about the money. There are different types of threat actors, and we have to educate clients, bring them up to speed, and say, “Well, because of this case, you need this other service and tool that we’re offering to prevent China from breaking in.” Or, “You need to follow this practice.” Maybe you don’t publicly talk about one of your clients being Ford Motor Company or NVIDIA. You just keep that quiet. You don’t want that to be public knowledge. That’s one of the things we do. You spent time on our website, and you didn’t see a single client name on there. And that’s just one of the small things we do to protect our clients’ security and privacy, because privacy and security go hand in hand.
Yeah. That is fascinating. So what is it that you’re trying to figure out in your business right now? What’s the big thing for you?
I think because of all the chaos in the United States, making a decision to do anything—everybody’s kind of frozen. There are a lot of hiring freezes. I know we’ve got a freeze on right now because we’re looking to see, well, do we really need to add somebody, or can we do this with AI? The hackers do the same thing. That’s one of the challenges, is getting people over the hump. No matter what you do, if you’ve got an IT company doing your stuff and you only call them when things are broken, there’s a much more profitable way to do that. You’re spending more money.
So there are benchmarks in industries, right? Basically, the research—and these aren’t numbers we made up, this is legitimate research from many independent sources—says the average professional service provider, like law firms, accounting firms, healthcare providers, and on and on, should be spending 6 to 12% of their revenue on IT and cybersecurity. And that’s everything. I’m talking servers, wiring, cloud, security, defense—all of those things should be 6 to 12%. We know that. That’s the way it works. So when we engage with a prospect and find out they’re only spending 3 or 4%, then I already know they have gaps. I don’t even have to do an assessment to see what they’re not doing.
They’re either not getting a return on investment, or they’re not secure. That’s it. If all the accounting firms are spending 6%, and you’re only spending 4%, don’t just pat yourself on the back. That’s one of those moments where you should ask, “What am I missing?” Because I do that often. Someone on the management team will come up with an idea, and we all agree. Well, that’s a red flag for me. I want to know: what are we missing? If we all agree on this, is there some gotcha or something we haven’t uncovered? And those are some of the things we try to educate our clients on. They don’t have to tell us their revenue. I can give them the numbers. I can do the math. I can show them the numbers for something like laptop replacement. Maybe it’s $1,000 to $3,000 depending on the industry. If the employee using that laptop is making $100,000 a year, why are you trying to squeeze another year out of a $2,000 investment when it’s hurting productivity by 10% or more?
Yeah. That’s a no-brainer.
Yeah. It should be.
Yeah. It’s not just in IT. I had a client years ago in civil engineering, and they had a rule that they would never keep equipment longer than four years. And they were selling equipment that still looked brand new. And I asked them, “Why are you doing this? It seems like this equipment still has a lot of life left in it. Why are you selling it or giving it back to the lease company?” And he said, “We did the math, and we figured out that this is the optimal time to replace it.” If they got rid of the equipment at that point, they wouldn’t have to deal with fixing it. There would be less disruption. They would stay state-of-the-art all the time. And their clients would be impressed. And it actually worked for them. It was a high-margin civil engineering firm.
Precisely. I mean, we’re so tuned into that that we’re a Mac house. We all use Macs. We all have laptops, and we all have setups with screens at home and in the office. We spare no expense on that. If somebody wants an extra screen for their house—alright, here it is. We’ll order it and get it there for you. We’re so tuned into that, that we went all Mac back when they were still Intel Macs. And I don’t know how much you know about Macs, but they were…
I have a couple. Okay. Yeah, we’re Mac people too.
Yeah, so they were running Intel processors. Well, Apple decided to build their own processor and moved to the M-chip. And so I bought an M1, and it was like, holy cow, everybody in the company has got to have one of these. And I don’t think there was a single one more than two years old at that time. So we replaced them all. Now, the M-series generations themselves—M1, M2, M3, and on—those changes aren’t as dramatic as going from Intel to the first M-series chip. But it’s still unusual. I said two years, but there are probably people right now with a three-year-old laptop. But we definitely trade them in. That’s where the sweet spot is on trade-in value. We rotate them every two to three years and they’re out. I think mine is maybe a year old, but I’ll probably keep this one for a couple more years.
By the way, you’re the first IT company and MSP I’ve met that doesn’t use PCs—you use Macs. Yeah. And I long had this theory that all the IT companies I worked with were always anti-Mac, and I never understood why. And when I got my first Mac, I realized I actually didn’t need them anymore since I had the Mac.
Yeah, that’s kind of funny because it really started with me during Covid. It may not have been seven years now, but whatever it was, it kind of started with Covid. And for years I was a PC guy. I tried Macs briefly back in the old MacBook days—you know, the white plastic ones? Whatever that was, 15 or more years ago.
Yeah. Classic. Very classic.
Yeah. But what I kept trying to do with a Windows laptop—and I like Dell, I had Dell XPSs, good Dell computers, and we’re a Dell partner— What I could never get a Windows computer to do was seamlessly come off a docking station and then plug into another monitor at my house. It would always blue screen or something. So when I went back to a Mac, I was like, “Holy cow, it doesn’t break. It doesn’t mind being unplugged from a docking station. It just works.”
Yeah.
And then all the other things—that they’re generally built better, they have a longer lifespan, and they hold their resale value longer, and all of that. Even as old as I was, I forced myself to really get proficient at using a Mac. And when we sent everybody home during Covid, I said, “Well, everybody’s going Mac.” And, oh, there was a revolt. And I said, “Just give it a few months.”
Yeah.
About half the office resisted it. And I said, “You gotta try it because I think you’ll like it, and if you don’t, then we’ll deal with it then.” We had Linux people, PC people. So then I said, “Well, maybe we should open it up and let people pick what they want.”
Yeah, I love it. Yeah. So our time is coming to an end, but if someone is running on Mac and they’re finally talking to an IT service company that’s not anti-Mac, and they want to connect with you immediately, where should they go and where can they learn more about Kirkham IronTech and maybe connect with you personally?
The website is the best place to go. It’s www.kirkhamirontech.com. Just give us a call, fill out a form, let us know what you’re thinking, because we want to know what you’re thinking and see if there’s a fit with the way we do things. Macs started becoming important with executives. That’s where we first started seeing it. So even though they may still have to run Windows, the owners and executives wanted to carry Macs for the very reasons I mentioned. So we’re perfectly happy with that.
Yeah. Okay. Very good. So if you’re listening to this and you enjoyed hearing about how to make your IT work—how to increase ROI, make sure you’re doing cybersecurity right, and implement governance so you can use IT as a strategic tool to run your business better—then definitely reach out to Tom Kirkham. Or stay tuned to this show, because you’re going to hear from other entrepreneurs who are very smart about business. And preferably do both. Tom, thank you for coming and sharing your wisdom, and thank you for listening.
Oh, it’s been my pleasure, Steve.
Important Links:
View all episodes
By Steve Preda
5
3535 ratings
https://youtu.be/sUyjA0muVgM
Tom Kirkham, Founder and CEO of Kirkham IronTech, believes business should create value for everyone involved — employees, clients, vendors, and the broader community. After overcoming major personal challenges and rebuilding his perspective on leadership, Tom embraced stakeholder capitalism and built a company culture focused on long-term partnerships, trust, and continuous learning.
In this conversation, Tom shares the IronTech Framework — a practical approach to modern IT management built around three core pillars: Generate ROI and Productivity, Make Cybersecurity Core, and Surround it with a Governance Layer. He explains why businesses should stop treating IT as an expense and instead view it as a strategic investment that improves productivity, protects the company from cyber threats, and aligns technology with leadership goals. Tom also dives into the massive scale of the cybercrime industry, why governance is often the missing piece in cybersecurity, and how proactive IT strategy can dramatically improve business performance.
—
Turn Your IT into Your Growth Engine with Tom Kirkham
Good day. Steve Preda here with the Management Blueprint Podcast, and today’s guest is Tom Kirkham, the Founder and CEO of Kirkham IronTech, where he helps businesses build strong, secure IT foundations, whether fully managed, co-managed, or cybersecurity only. Tom is a keynote speaker on cybersecurity, and he’s the author of two books, Hack the Rich and The Cyber Pandemic. Tom, welcome to the show.
Oh, it’s great to be here, Steve.
Well, great to have you here. And I am curious to dive in, and would like to ask you my favorite question. What is your personal ‘Why’, and how are you manifesting it in Kirkham IronTech?
That’s a great question. So the company’s about twenty-six years old. I went through a lot of personal health problems, and then my wife was real sick, and she ended up passing away—it’s been about eleven years ago now. And I was fortunate enough to put a friend of mine in the company, and he was able to take over while I was dealing with this for a couple of years. And when most of it was done, I took some time off and did a lot of traveling and a lot of thinking and a lot of reading.
And I’m a lifelong reader, a lifelong learner, and I went back through my history of investing techniques, understanding what makes a good company great. If you’ve read Jim Collins, you know what I’m talking about. And so during those times, I was reflecting, studying philosophy, studying biographies of other CEOs like Elon Musk, Steve Jobs, Andy Grove—gosh, the list goes on and on. Whether you like them or hate them, it doesn’t matter, right? There’s always something you can learn. And I came upon and read a lot about stakeholder capitalism. Like Peter Drucker says, “Culture eats strategy for breakfast.” And I understood what that meant, and it was kind of weird.
So when I re-engaged with the company, I identified one of the weaknesses, and I said, “Well, if we need to do marketing in this business—which we have to do in any business—I really need to master marketing.” So I spent a lot of time with marketing gurus, most of them are what I would consider household names these days, and re-engaged with the company to do marketing to establish a great culture around stakeholder capitalism.
In other words, we exist as a for-profit business not just for the shareholders but for everyone—the community, vendors, employees. And I really wanted to be around people I enjoyed being around. I wanted them to enjoy coming into work.
Share on X
Of course, no one’s perfect, but if you pursue perfection, you can achieve excellence. And I think we’ve done a really good job. We have very low turnover. Everyone seems genuinely happy to be there, and it’s really fulfilling. It’s more of a personal feeling because I’ve been a successful investor practically my whole adult life. I started investing in stocks when I was nineteen, and I’m sixty-four now. So I didn’t really need the company. I could have just closed it up or sold it or whatever. But I really wanted to have my own reasons. Those are the things that drive me, and I hope they drive everyone else too.
What resonated with you with this idea of stakeholder capitalism?
It just made sense. The obvious part is with employees—all of that is true. That’s obvious to any good leader or manager, right? As you well know, there’s a difference between leadership and management, and understanding that distinction, and the difference between sales and marketing, and understanding those things. A good example is dealing with vendors. There are all sorts of vendors that supply products and services to us, so we carefully vet these tools and vendors to see if their values align with ours, just like we do with prospects. But especially with vendors, if it’s something new—a new tool that we’re going to invest a lot of time, money, and energy into to make their product or service successful for us and successful for them—we make a commitment to that vendor.
So it’s not about the money or how cheap I can get it. What I want is a good partnership with every stakeholder. And I want to make sure that when I’m dealing with a vendor, if it fails for us, it’s not our fault—it’s their fault, right? Either they oversold the product or they didn’t deliver on the service component. I didn’t want it to be because we failed to do the right training, or didn’t communicate properly, or missed all the other things that are just part of doing business the right way. And that applies to our employees, our local community, and every stakeholder in the company.
Yeah. I like it. So you’re looking for partnership-based relationships where it’s win-win. And yeah, if you want people to stick around, it has to make sense for them too. You can’t exploit your partners forever without consequences. So that makes a lot of sense. So Tom, let me ask you this other question. This podcast is called The Management Blueprint because I’m always looking for frameworks—something practical that helps businesses achieve results. Usually it’s some kind of three-to-five-step process that helps you grow the business, get customers, improve operations, or understand something at a deeper level. So when I ask about your favorite business framework, what comes to mind?
Well, we have a thing we call the IronTech Framework.
Okay.
And it was something that we came up with many years ago and started practicing seven or eight years ago, and it’s a framework. It’s like the NIST Cybersecurity Framework. I looked at NIST and there’s five components to it, and it’s about cybersecurity. And I looked at this and I go, “None of this works without the right policies and procedures in place.” The security training—it’s not enough just to throw it out there and tell all your people to take it. You’ve got to follow up, you’ve got to manage, and coach, and everything like that. And so I started adding this governance component to the way we sold it, presented it, and practiced what we do for our clients day in and day out. Help them develop the policies and procedures for all of the different things, the protocols.
If somebody accidentally fires off a ransomware attack, they need to know they’re not going to be penalized for it. We need to know as soon as possible to stop it. And just little things like that, there’s a lot that really improve the effectiveness of all of these tools and services that we provide to their clients. And unbeknownst to me, NIST, who has the cybersecurity framework, they added governance about three years ago to the other five things. And so that was kind of nice to know that we were exhibiting some thought leadership. And so when we go in, it’s all well and good if you want to put these protections in and these particular products, but we’re a best-of-breed company. Like one of our critical tools that’s required for our clients to put in place, to buy it and use it every single day on every single computer, is what’s known as an EDR. And it’s basically an AI-based super turbo antivirus.
To even call it an antivirus is not doing it justice. So there’s three legs to the IronTech Framework.
We want to make sure that you’re getting a return on your investment in IT, because that’s why you buy it. If you treat IT as an expense, you need to kind of change the way you’re thinking. You want to improve productivity and efficiency.
Share on X
We’re talking to Susie every day. We’re talking to Bill every day. We know that Mary’s out sick and Steve’s on vacation. I mean, when you’re running help desk, stopping attacks, providing training, and all the support we provide along those lines, we get to know their company better than practically any other vendor by far.
So it really helps if our clients treat us as a partner to help them realize their goals and objectives. And when all of that clicks into place, then it makes recommending things easier.
Share on X
Yeah. I love that. So when I had an IT back in the 2000s, I had an IT person who was a contractor, but he was very active in my business, and I always wanted to talk to him and pick his brain. What are the new things out there? How can we make our business more efficient, more effective, more attractive to employees? Cooler. I wanted to be cool. So I wanted everyone to have a PDA in the early 2000s with email on it—a PalmPilot.
And we had multiple screens, and I was looking at, okay, how can we manage data in the cloud and on our server so we don’t have to deal with it in the office? That kind of stuff. And I really thought about it as a great investment because it was much cheaper than hiring people. And if you give people good tools, they’re going to be more motivated and more effective. So I thought it was a no-brainer.
Yes, but there’s still a subset of people that treat IT as an expense. Then there are some companies that tend to put IT under the finance guy because the finance guy usually has a lot of IT experience, but never actually did it as a career or a job, right? And those situations are hard because I need CEO-level or owner-level approval, and I need a direct route to that person.
Yeah, that makes sense. So Tom, tell me, what drives growth in your business?
Yeah. From a growth perspective, for us, number one is maintaining our clients and reducing churn. Number two is—I don’t know if you’re asking about tactics or strategy—but of course we want to get new clients for the right reasons. So we prefer inbound strategies. We don’t cold call people unless we’ve already contacted them in another way, if that’s what you’re asking.
Yeah. I’m asking what the real driver of growth is. I understand that you do marketing and inbound marketing, but what makes people want to have an IT service partner like you?
Well, they understand those three pillars of the IronTech Framework. They may not believe in stakeholder capitalism, but they don’t treat IT as an expense. And they understand—especially after talking to me—the true risk of being hacked. A lot of people don’t understand the size and scale of that industry. It’s a $10 to $12 trillion industry now.
Wow.
If it were a country, it would have the third-largest GDP. The US would be first, China second, and then the hacking industry. It is an industry that hacks at scale. So when these companies—maybe a small 10-person accounting firm in North Dakota in the middle of nowhere—get these ransomware emails and someone tries to hack them, and we alert on it and trap it, and nothing goes wrong, everything’s fine… If they don’t already understand it, they go, “Well, why are they trying to hack me?” And I say, “You don’t understand. That email was one of 100,000 emails that got blasted out. They don’t know who you are, nor do they care who you are.” They’re playing a numbers game. And it’s kind of like marketing. They’re looking at conversion numbers.
Yeah.
Let’s say it’s 100,000 emails. They got a list of all the certified public accountants in 10 different states. They set up the email, they send it all out, and let’s say 1% become victims. And let’s say they collect an average of $10,000 per victim. Well, that’s a multi-million dollar payday for about a week or two of work. And then they rinse and repeat. It’s done at scale, and it’s a much bigger industry than that. That’s just a taste of it. Some of our clients are targeted. In other words, hackers are investing time, money, and energy specifically into that company. We’re one of them. Any law firm that does intellectual property law—especially around patents, manufacturing, and things like that—you’ve got China and other nation states not only trying to get into your client, but you’re also a threat vector. You’re a way to get into that client’s patents and secrets.
So we’ve got to treat that differently. It’s not just about the money. There are different types of threat actors, and we have to educate clients, bring them up to speed, and say, “Well, because of this case, you need this other service and tool that we’re offering to prevent China from breaking in.” Or, “You need to follow this practice.” Maybe you don’t publicly talk about one of your clients being Ford Motor Company or NVIDIA. You just keep that quiet. You don’t want that to be public knowledge. That’s one of the things we do. You spent time on our website, and you didn’t see a single client name on there. And that’s just one of the small things we do to protect our clients’ security and privacy, because privacy and security go hand in hand.
Yeah. That is fascinating. So what is it that you’re trying to figure out in your business right now? What’s the big thing for you?
I think because of all the chaos in the United States, making a decision to do anything—everybody’s kind of frozen. There are a lot of hiring freezes. I know we’ve got a freeze on right now because we’re looking to see, well, do we really need to add somebody, or can we do this with AI? The hackers do the same thing. That’s one of the challenges, is getting people over the hump. No matter what you do, if you’ve got an IT company doing your stuff and you only call them when things are broken, there’s a much more profitable way to do that. You’re spending more money.
So there are benchmarks in industries, right? Basically, the research—and these aren’t numbers we made up, this is legitimate research from many independent sources—says the average professional service provider, like law firms, accounting firms, healthcare providers, and on and on, should be spending 6 to 12% of their revenue on IT and cybersecurity. And that’s everything. I’m talking servers, wiring, cloud, security, defense—all of those things should be 6 to 12%. We know that. That’s the way it works. So when we engage with a prospect and find out they’re only spending 3 or 4%, then I already know they have gaps. I don’t even have to do an assessment to see what they’re not doing.
They’re either not getting a return on investment, or they’re not secure. That’s it. If all the accounting firms are spending 6%, and you’re only spending 4%, don’t just pat yourself on the back. That’s one of those moments where you should ask, “What am I missing?” Because I do that often. Someone on the management team will come up with an idea, and we all agree. Well, that’s a red flag for me. I want to know: what are we missing? If we all agree on this, is there some gotcha or something we haven’t uncovered? And those are some of the things we try to educate our clients on. They don’t have to tell us their revenue. I can give them the numbers. I can do the math. I can show them the numbers for something like laptop replacement. Maybe it’s $1,000 to $3,000 depending on the industry. If the employee using that laptop is making $100,000 a year, why are you trying to squeeze another year out of a $2,000 investment when it’s hurting productivity by 10% or more?
Yeah. That’s a no-brainer.
Yeah. It should be.
Yeah. It’s not just in IT. I had a client years ago in civil engineering, and they had a rule that they would never keep equipment longer than four years. And they were selling equipment that still looked brand new. And I asked them, “Why are you doing this? It seems like this equipment still has a lot of life left in it. Why are you selling it or giving it back to the lease company?” And he said, “We did the math, and we figured out that this is the optimal time to replace it.” If they got rid of the equipment at that point, they wouldn’t have to deal with fixing it. There would be less disruption. They would stay state-of-the-art all the time. And their clients would be impressed. And it actually worked for them. It was a high-margin civil engineering firm.
Precisely. I mean, we’re so tuned into that that we’re a Mac house. We all use Macs. We all have laptops, and we all have setups with screens at home and in the office. We spare no expense on that. If somebody wants an extra screen for their house—alright, here it is. We’ll order it and get it there for you. We’re so tuned into that, that we went all Mac back when they were still Intel Macs. And I don’t know how much you know about Macs, but they were…
I have a couple. Okay. Yeah, we’re Mac people too.
Yeah, so they were running Intel processors. Well, Apple decided to build their own processor and moved to the M-chip. And so I bought an M1, and it was like, holy cow, everybody in the company has got to have one of these. And I don’t think there was a single one more than two years old at that time. So we replaced them all. Now, the M-series generations themselves—M1, M2, M3, and on—those changes aren’t as dramatic as going from Intel to the first M-series chip. But it’s still unusual. I said two years, but there are probably people right now with a three-year-old laptop. But we definitely trade them in. That’s where the sweet spot is on trade-in value. We rotate them every two to three years and they’re out. I think mine is maybe a year old, but I’ll probably keep this one for a couple more years.
By the way, you’re the first IT company and MSP I’ve met that doesn’t use PCs—you use Macs. Yeah. And I long had this theory that all the IT companies I worked with were always anti-Mac, and I never understood why. And when I got my first Mac, I realized I actually didn’t need them anymore since I had the Mac.
Yeah, that’s kind of funny because it really started with me during Covid. It may not have been seven years now, but whatever it was, it kind of started with Covid. And for years I was a PC guy. I tried Macs briefly back in the old MacBook days—you know, the white plastic ones? Whatever that was, 15 or more years ago.
Yeah. Classic. Very classic.
Yeah. But what I kept trying to do with a Windows laptop—and I like Dell, I had Dell XPSs, good Dell computers, and we’re a Dell partner— What I could never get a Windows computer to do was seamlessly come off a docking station and then plug into another monitor at my house. It would always blue screen or something. So when I went back to a Mac, I was like, “Holy cow, it doesn’t break. It doesn’t mind being unplugged from a docking station. It just works.”
Yeah.
And then all the other things—that they’re generally built better, they have a longer lifespan, and they hold their resale value longer, and all of that. Even as old as I was, I forced myself to really get proficient at using a Mac. And when we sent everybody home during Covid, I said, “Well, everybody’s going Mac.” And, oh, there was a revolt. And I said, “Just give it a few months.”
Yeah.
About half the office resisted it. And I said, “You gotta try it because I think you’ll like it, and if you don’t, then we’ll deal with it then.” We had Linux people, PC people. So then I said, “Well, maybe we should open it up and let people pick what they want.”
Yeah, I love it. Yeah. So our time is coming to an end, but if someone is running on Mac and they’re finally talking to an IT service company that’s not anti-Mac, and they want to connect with you immediately, where should they go and where can they learn more about Kirkham IronTech and maybe connect with you personally?
The website is the best place to go. It’s www.kirkhamirontech.com. Just give us a call, fill out a form, let us know what you’re thinking, because we want to know what you’re thinking and see if there’s a fit with the way we do things. Macs started becoming important with executives. That’s where we first started seeing it. So even though they may still have to run Windows, the owners and executives wanted to carry Macs for the very reasons I mentioned. So we’re perfectly happy with that.
Yeah. Okay. Very good. So if you’re listening to this and you enjoyed hearing about how to make your IT work—how to increase ROI, make sure you’re doing cybersecurity right, and implement governance so you can use IT as a strategic tool to run your business better—then definitely reach out to Tom Kirkham. Or stay tuned to this show, because you’re going to hear from other entrepreneurs who are very smart about business. And preferably do both. Tom, thank you for coming and sharing your wisdom, and thank you for listening.
Oh, it’s been my pleasure, Steve.
Important Links: