The rules of running an MSP are changing. And the hardest problems aren't technical.

Agentic AI has undoubtedly changed the MSP landscape. And the traditional MSP playbook is running out of road. The current way of working - reactive support, undifferentiated positioning - has maybe three years of runway left as-is. While that’s not a reason to panic, it's a reason to move.

That's why we at SuperOps, in partnership with ESET, hosted an invite-only roundtable for MSP leaders in San Diego. Not a conference or a product showcase, but a room of practitioners, operators, and industry voices, talking honestly about what's actually happening and what to do about it. 

SuperOps MSPSuite is purpose-built for the MSP industry.We host events like this because the closer we are to the real problems, the better we can build for them. And because the industry moves faster when the people running it are talking to each other, not just to vendors.

The event covered three distinct sessions, each led by a practitioner with a different vantage point on the industry. 

Cameron Tousley, Director of MSP Channels at ESET, opened with a look at the AI-powered threat landscape and what it means for how MSPs position and protect their clients. 

Jacob Bespalec, CEO of APT Interactive, followed with a candid account of the operational mistakes that nearly cost him his business and the reset around speed, trust, and care that turned things around. 

Jeff Loehr, CEO of Start Grow Manage, closed with the market picture and a practical framework for unlocking revenue from existing clients without chasing new ones.

Key takeaways: The six things that kept coming up

1. The threat landscape isn't just accelerating. It's industrializing.

Cameron Tousley opened with stats that highlight the problem: a 1,265% increase in malicious phishing emails since 2022, business email compromise up 1,760%. But the bigger shift isn't volume, it's accessibility. AI has lowered the barrier to entry so far that someone with no technical background can now buy a malware platform, customize it, and deploy it at scale in minutes. The attackers aren't more sophisticated. They just have better tools. And so do you, if you're paying attention.

2. Security and business risk are the same conversation now.

This came up in every session, from every angle. Cameron pushed the room to move from IT-first to security-first DNA, not just in their product stack, but in how they talk to clients. "We need to think: hey, I want to keep your lights on in one to two years. What's your long-term plan? Are you trying to exit? Well, that doesn't matter — we need to make sure that you guys stay safe, that you don't lose assets, that you don't encounter a breach because that can devalue your company, maybe to the point of closing the doors." That's a QBR conversation. Most MSPs aren't having it.

4. CSAT is lying to you.

Jacob Bespalec outsourced his help desk, watched his CSAT scores stay high, and lost clients anyway, quietly, without a single complaint. Damian Anderson from Fit Solutions put it well: "The punches that hurt the most are the ones you don't see coming." The score tells you how people feel in the moment. It doesn't tell you whether they trust you enough to stay. The only metric that does is retention.

5. The people problem is harder than the tech problem.

The room kept returning to this. Jacob's co-founder was technically brilliant and interpersonally difficult and it cost him clients. Carl, an MSP advisor in the group, named the promotion trap clearly: the smartest engineer in the room gets moved into leadership, fails, and everyone acts surprised. Jacob's fix has been hiring from non-technical backgrounds — his ops director came from an axe throwing bar. The argument: the technical piece is now teachable. Articulation, presence, the ability to walk into a boardroom and be a real human, that's what you can't train from scratch.

6. The money is already in your existing relationships.

Jeff Loehr's session was built around one observation: MSPs are pounding the pavement for new clients while walking past revenue that's sitting right in front of them. The reason is simple — they're asking the wrong questions. Stop doing technical business reviews. Start asking what would make your client's business more successful. One of Jeff's clients built a prenuptial agreement writer for a law firm, sold it back at $100 a seat, and now collects thousands in MRR monthly for a couple hours of maintenance work a month. The money was already there. They just had to ask the right question to find it.

The sessions, unpacked

If you want a sense of what the room actually sounded like, here's the session-by-session breakdown.

Session 1: The threat landscape isn't just accelerating. It's industrializing.

Cameron Tousley, Director of MSP Channels, ESET

Cameron opened with the security picture, and he didn't soften it.

The AI-powered threat landscape, he argued, has three defining characteristics right now: scale, industrialization, and speed. And the most underappreciated of the three is industrialization.

"These malware teams and groups are able to create platforms out of it. Just like you buy something as a service — like you're buying SuperOps or you're buying ESET — you can buy malware. With AI it's improving the accuracy of it. It's allowing it to be more repeatable in a process that someone can go and buy and modify and then just go and use."

This isn't a story about sophisticated nation-state actors anymore. The barrier to entry has collapsed. Someone with no technical background can now buy a malware platform, customize it, and deploy it at scale in minutes, not weeks.

The stat that landed hardest: a 1,265% increase in malicious phishing emails since 2022. Business email compromise up 1,760%. These aren't incremental jumps. They're indicators of a threat environment that has fundamentally restructured around AI-assisted tooling.

Credential phishing came up as the room's number one concern but the conversation quickly moved past phishing to something more unsettling: session hijacking. One attendee noted they'd seen it four or five times already this year. "They're getting a link. They're asking for the credential, but I don't even think they actually need the credential to take over the session." Another attendee put it plainly: "They are definitely satisfying MFA via session."

The implication is that some of the attacks your clients will face this year will look completely authorized. The only tell is anomalous behavior after the fact, which is why constant monitoring and XDR/EDR tooling isn't optional anymore.

Deepfakes came up too, and not as a theoretical future threat. Cameron walked through a scenario most MSPs haven't fully prepared their clients for: a video call from what appears to be the CFO, using likeness scraped from LinkedIn, asking an employee to share an MFA code. "They're totally faked out. They have no idea. And then they move forward."

The shift Cameron kept pushing the room toward was deliberately moving from IT-first to security-first DNA. That means not just having the right product stack, but talking to your clients the way a business risk advisor talks, not the way a help desk technician does.

"We need to think: hey, I want to keep your lights on in one to two years. What's your long-term plan? Are you trying to exit? We need to make sure that you guys stay safe, that you don't lose assets, that you don't encounter a breach because that can devalue your company, maybe to the point of closing the doors."

Session 2: The hardest problems in MSP aren't technical

Jacob Bespalec, CEO, APT Interactive

Jacob runs a micro-SMB-focused MSP in rural Nebraska. His session was billed as "The MSP Reset: Speed, Trust, and Care"  and it delivered exactly that, except the reset he was describing was personal. A near-miss. A series of expensive mistakes he made in plain sight without realizing it until clients were already gone.

The three mistakes he unpacked were specific enough to sting if you've lived any version of them.

Promoting the wrong people.

Jacob's co-founder was technically brilliant and interpersonally difficult. "You can know how all the tools work and orchestrate every single piece of it perfectly, but if you rub the CEO and the CTO and the CFO of your clients the wrong way, they're going to find some guys that they like better."

The room recognized this immediately. An MSP advisor in the group articulated the promotion trap clearly: "We got the smartest guys in the world, the guys with amazing utilization, but they can't talk to leaders. But they're promoted into a space where they're expected to be a leader, not a manager. And then what happens? They fail. They have personal self-loss. It was actually the organization's leadership that failed by promoting the wrong person."

Jacob's counterintuitive hire that's worked is his ops director who came out of an axe throwing bar. "We like grabbing people out of non-technical roles. Find folks that can be articulate, sit in this room in this type of a chair and talk with your clients, go into boardrooms and talk to CFOs and CEOs as real people.”

 The technical piece, he argued, is now teachable in ways it wasn't before. "We built a whole bunch of computers that know all of human knowledge and can be queried at nearly any moment. You can teach those technical skills. You can enable your technicians with AI tools to do work they've maybe never done before. But to then articulate all of that is really difficult." Find the people who can do the second thing. Teach them first.

Outsourcing the help desk.

This one nearly killed the business. Jacob outsourced to a group in the Philippines and Australia, and for a few months it looked fine. CSAT scores stayed high. Clients said nothing. And then they started leaving quietly, without explanation, without a single indicator anything was wrong.

"Most of our customers that left never indicated through QBR or anytime I dropped by their office — they never indicated that they were dissatisfied. The CSAT scores came back great. There was not a single indicator in any of these clients that they were unhappy with our decision."

What broke wasn't quality exactly, it was the framework. Going from picking up the phone and fixing something in ten minutes, to a dispatch queue with L1, L2, L3 escalation and a callback in a couple of hours. The freshest employees got put on the phones. First impressions became the worst impressions.

Damian Anderson, from Fit Solutions, recognized the pattern: "The punches that hurt the most are the ones you don't see coming. I have a great relationship with a customer in my mind and then for some other reason out of nowhere they're like, listen — what happened?"

Being the bottleneck.

The third mistake is staying on the tools as an executive, being the one who jumps in when something breaks. Most MSP founders don't recognize it as a mistake until it's already cost them. "I am the bottleneck a lot of times as the executive. I have this instinct to always want to be in control. You want to run and own the process."

The fix wasn't just delegation. It was a change in how he responded when his team made decisions differently than he would have. "I found that no matter if I hired somebody that was trustworthy enough to be hired — in any opportunity where a decision needed to be made, they were probably going to make the best decision with the information that they had."

Several people in the room said versions of the same thing: the teams they'd given latitude to came back with solutions they wouldn't have thought of themselves. The shift from control to trust wasn't just cultural, it unlocked capability that was already there.

What tied all three mistakes together was a reset around hospitality. Not as a service buzzword, but as a genuine operating philosophy. Jacob cited three books: Marcus Aurelius' Meditations, Angela Duckworth's Grit, and Will Guidara's Unreasonable Hospitality. The last one is the most directly applicable: "How do you put the plate on the table? How do you set the fork? How do you let a guest depart your restaurant? Not how they feel when they're in the door, but how do they feel immediately after?"

For an MSP, that translates to: are your clients leaving interactions feeling more in control, more informed, more heard — even when the problem isn't fixed yet? "Our customers don't speak this language. They don't know who any of the vendors in this room are. They've never heard of any of you. And they don't care — we are the closest thing that they have to any escalation to any of the people that are actually making life harder. When Outlook doesn't work, they can't yell at Microsoft. They can yell at us." 

The metric Jacob cares about now: churn. Not CSAT. "In the last 24 months, only one client left."

Session 3: The revenue opportunity you're not seeing

Jeff Loehr, CEO, Start Grow Manage

Jeff came in with the market picture and a blunt ask.

His argument starts with competitive positioning. As markets mature, companies start to look alike. When companies look alike, customers can only tell them apart one way: price. That's the trap most MSPs are walking into right now — and MSP 3.0, as a concept, mostly accelerates the walk.

"What MSP 3.0 seems to be talking about is working harder within this little tiny space. Use AI to grind more, to work more, to get more out of your time but staying inside this little tiny space, which means the only way they can tell you apart is with price."

He put two options on the table: be a water heater or be a rocket ship. Water heaters are invisible until they break. One company's recent pitch to MSPs was essentially: accept that you are a water heater, cut your costs, and survive. 

Jeff's counterargument is that this ignores the actual market opportunity sitting in front of every MSP right now.

SMBs are investing in technology as a strategic advantage in a way they never have before. 65% see it as an investment, not a cost. 88% of growing SMBs are spending more on technology year on year. But only 22% feel they actually have an edge from it. That gap between investing and feeling the return is where MSPs can own the room, if they show up differently.

The pivot Jeff is pushing: stop being a technical service provider, start being a business solution partner. "You're closer to the needs of your customers than the capabilities of your competitors.

You understand them better than you understand your competitors."But to do that, you have to stop asking the wrong questions. And the QBR, as currently practiced, is full of wrong questions.

"My plea to you guys is to stop doing technical business reviews. Please. Because nobody likes them. You're boring them to death and they're going to tell you how happy they are just so that you believe it and yet there's this massive opportunity."

The alternative he's built is a seven-question framework he calls the game plan. It runs through past, present, and future and it's deliberately emotional rather than operational.

"These are emotionally based. People reveal things emotionally. We all make decisions emotionally. And then we confirm the decisions with facts and data. So if you really want to know what's going on with them, you have to connect on an emotional level."

What comes out of the conversation sorts into four buckets: things to fix in your delivery, things to fix in your communications, project revenue opportunities, and recurring revenue opportunities. 

One of his clients built a prenuptial agreement writer for a law firm, sold it back at $100 per seat, and now collects thousands in MRR monthly for a couple of hours of maintenance work. "They were still billing 10 hours for every prenuptial agreement even though it was only taking them a half an hour."

The point isn't the prenuptial agreement. The point is that the money was already there, in a relationship that already existed. They just had to ask the right question to find it.

The conversation doesn't stop here

SuperSummit x ESET was one day. The conversations it started will take longer than that to work through. If you're an MSP thinking about any of the above — the threat posture, the client relationships, the business model — we're building the tools to help you move faster on all of it. Explore the SuperOps MSPSuite by booking a free demo today!