CEO's Blog

Twenty years in, and I'm still learning. But if I could go back and give younger me some advice, it would be this: the technology matters far less than the relationships. Every successful engagement we've had came down to trust, communication, and actually listening to what people needed.

I spent years thinking technical excellence would win the day. It doesn't. Being genuinely helpful does. Being available when things go wrong does. Remembering that behind every support ticket is a person trying to do their job. That's the stuff that actually matters.

Running a tech company is weird. You need people who are brilliant at solving complex technical problems, but those same people often couldn't care less about business strategy or customer experience. Managing this tension is basically my entire job.

The secret, if there is one, is hiring people who are curious about the whole picture. Not just the firewall configuration, but why the client needs it. Not just the migration plan, but what success looks like for their business. Technical skills can be taught. Genuine curiosity about helping people? That's harder to find.

I know it's not trendy to be enthusiastic about Microsoft. The cool kids are all about open source and boutique solutions. But here's the thing: for most businesses, Microsoft 365 is genuinely the best option. Not because it's perfect, but because it works, it integrates, and it's supported.

When a client calls at 4pm on a Friday with a problem, I want to know we can fix it. I want documentation, support channels, and a massive ecosystem of people who've solved this problem before. That's what Microsoft gives us. And honestly? The product has gotten really good in the last few years.

Nothing in business is free. That open-source tool that saved you $5,000 in licensing? It just cost you $15,000 in consultant fees because nobody knows how to configure it. That free tier of cloud storage? Congratulations, your data is now training someone else's AI model.

I'm not saying paid software is always better. Sometimes the free option genuinely is the right choice. But please, for the love of all things sensible, factor in the total cost. Support, integration, security, and the value of your team's time. "Free" is almost never actually free.

Everyone talks about backups. Important? Absolutely. But backup is just one piece of business continuity. What happens when your office floods? When your key supplier gets hacked? When half your team gets the flu? These aren't IT problems. They're business problems that technology can help solve.

Real business continuity planning asks uncomfortable questions. How long can you operate without email? What if your accountant's laptop gets stolen? Where are your most critical documents actually stored? If you can't answer these questions confidently, it's time for a conversation.

I've seen businesses cycle through IT providers like they're changing socks. Every few years, someone new promises to fix all the problems the last person created. It's exhausting, expensive, and usually unnecessary.

When you're choosing a technology partner, forget the flashy presentations. Ask them about a time they messed up. Ask what happens when you need help at 7am on a Saturday. Ask to speak to clients they've had for more than five years. The answers will tell you everything you need to know about who you're actually dealing with.

Remember March 2020? When everyone suddenly needed to work from home and IT departments collectively panicked? We learned more about remote support in those three months than in the previous ten years combined.

The biggest lesson: most problems don't require someone physically present. With the right tools and the right access, we can fix 95% of issues without leaving our office. It's faster for you, cheaper for everyone, and honestly? We're better at it now than we ever were at on-site support. Some silver linings from that chaos.

Quick poll: when did you last test your disaster recovery plan? If you had to think about it for more than two seconds, I have concerns. A disaster recovery plan that hasn't been tested isn't a plan. It's a hope. And hope is not a strategy.

We test our clients' recovery procedures regularly. Not because we're paranoid (okay, maybe a little), but because untested backups are basically Schrödinger's data. They might be perfect. They might be completely useless. You won't know until you desperately need them, and that's a terrible time to find out.

For years, business owners saw IT as a cost centre. Something to minimise, tolerate, and occasionally complain about. That's changing. Smart businesses are realising that the right technology, properly implemented, is a genuine competitive advantage.

I'm not talking about flashy AI projects or blockchain nonsense. I mean basics done brilliantly. Fast, reliable systems. Secure data handling that lets you win contracts your competitors can't. Automation that frees your team to focus on what they're actually good at. This is where technology pays dividends.

Should you outsource your IT? It depends. (Sorry, I know that's not the definitive answer you wanted.) But it genuinely does depend on your size, your complexity, and what you're trying to achieve.

Here's my honest take: if you've got fewer than 50 people and IT isn't your core business, outsourcing usually makes sense. You get access to expertise, tools, and coverage that would cost a fortune to build internally. But if you've got 200 people and complex systems? A hybrid approach often works better. Some things in-house, some things with a partner. No shame in admitting you can't do everything yourself.

Here's something that keeps me up at night: small businesses face the same cyber threats as large enterprises, but with a fraction of the resources to defend against them. Attackers know this. They're specifically targeting SMBs because the defences are weaker.

The good news? Enterprise-grade security has become accessible. Tools that cost hundreds of thousands of dollars a decade ago are now available as affordable subscriptions. You don't need a security operations centre. You need a partner who has one. That's the model we've built, and it works.

Twenty years. That's how long I've been doing this. Started with a van, a toolkit, and more optimism than sense. Now we're a proper company with proper systems and proper clients. Looking back, the industry has transformed completely. The fundamentals? Exactly the same.

People still want technology that works. They still want someone who answers the phone. They still want honest advice instead of sales pitches. The tools have changed dramatically, but the job hasn't. Help businesses succeed with technology. Everything else is details.

I could have built this business anywhere. But Auckland has something special. There's a pragmatism here that I appreciate. Kiwi business owners don't want flashy presentations and buzzwords. They want to know: will this actually work, and what's it going to cost me?

There's also a collaborative spirit that surprises people from overseas. Competitors have lunch together. We refer business to each other when it's the right fit. The IT community here is tight-knit in the best possible way. Twenty years in, I'm grateful to be part of it.

Everyone's talking about AI. Microsoft Copilot this, ChatGPT that. If you believe the marketing, artificial intelligence will revolutionise everything and probably make your coffee while it's at it. The reality is more nuanced.

AI tools are genuinely useful for specific tasks. Writing drafts, summarising documents, analysing data. They're not going to replace your team, but they might make them significantly more productive. The key is starting small, measuring what actually helps, and not getting swept up in the hype cycle. Revolutionary technology usually arrives quietly, doing boring things well.

If I could wave a magic wand and implement one security improvement across every business in New Zealand, it would be multi-factor authentication. Not because it's perfect, but because it stops the vast majority of account compromises cold.

Yes, it's slightly inconvenient. You'll need your phone to log in sometimes. But that minor friction stops attackers who have your password from accessing your accounts. In a world where passwords get leaked constantly, MFA is the difference between "minor inconvenience" and "major breach." Just do it. Please.

Despite all the sophisticated attack vectors out there, email remains the primary way bad actors get into organisations. Phishing. Business email compromise. Malicious attachments. It's not glamorous, but it works, which is why attackers keep doing it.

Modern email security goes way beyond spam filtering. We're talking AI-powered threat detection, sandboxing suspicious attachments, and blocking impersonation attempts before they reach your team. If your email security hasn't been reviewed in the last couple of years, it's probably not up to the current threat landscape.

Nobody likes being told they need to spend money on new computers. I get it. The conversation usually goes: "But it still works!" Yes, technically it still turns on. But that five-year-old laptop is costing you more in lost productivity than a new one would cost to buy.

Hardware has a lifespan. Fight it all you want, but eventually the slow boot times, the security vulnerabilities, and the incompatibility issues add up. Good technology partners help you plan for these refreshes, spreading the cost and the disruption over time. Bad ones wait until everything breaks simultaneously.

Controversial opinion: "best practices" is often a phrase people use when they don't want to think about what's actually appropriate for your situation. Best for whom? Best under what circumstances? Best according to which vendor who's trying to sell you something?

I prefer "appropriate practices." What's right for a 10-person accounting firm is different from what's right for a 200-person manufacturer. The principles might be similar, but the implementation should be tailored. Beware anyone who offers one-size-fits-all solutions. Your business isn't one-size-fits-all.

Growing a business is wonderful until your infrastructure starts groaning under the weight. That file server that worked fine for 15 people becomes a bottleneck at 40. That ad-hoc approach to user accounts becomes a security nightmare. Suddenly, things that used to be simple are complicated and slow.

The trick is anticipating these growing pains before they become emergencies. If you're planning to double your headcount in the next two years, your IT should be ready for it before you start hiring. Scaling technology after the fact is always more painful and expensive than doing it proactively.

Every few months, we get a call from a business that's just been hit by ransomware. Not one of our clients (thankfully), but someone who found us while desperately Googling for help. These conversations are always heartbreaking. Usually, we can help. Sometimes, we can't.

Ransomware doesn't discriminate by business size. The local bakery is just as likely to get hit as the multinational corporation. The difference is preparation. Good backups, tested regularly. Up-to-date security. Trained staff who know not to click suspicious links. None of this is complicated. It just needs to be done.

The competition for good IT people in New Zealand is fierce. Everyone wants experienced engineers, and there aren't enough to go around. This is true whether you're hiring internally or looking for an IT partner. Quality is in short supply.

We've had success by focusing on attitude over experience. You can teach someone the technical skills. You can't teach someone to care about doing a good job. Our best hires have been people who were curious, humble, and genuinely interested in helping clients succeed. Everything else can be learned.

SOC 2. ISO 27001. NIST. CIS Controls. Essential Eight. If you're confused by the alphabet soup of compliance frameworks, you're not alone. Even people in the industry sometimes struggle to keep track of what's what and which ones actually matter for your situation.

Here's my simplified take: most NZ businesses should start with the Essential Eight. It's practical, focused, and covers the basics well. If you're handling sensitive data or working with enterprise clients, you might need formal certifications. But for most companies, doing the fundamentals consistently beats chasing compliance certificates.

Automation is great. Chatbots, automated responses, self-service portals. They handle routine stuff efficiently and free up humans for complex problems. But somewhere along the way, some companies forgot that automation is supposed to enhance customer service, not replace it.

When you call us, a person answers. An actual human who can help you or connect you with someone who can. We use automation for the boring stuff, so our team has time for the conversations that matter. Technology should serve people, not the other way around.

Years ago, we charged by the hour like everyone else. Then I realised something uncomfortable: hourly billing creates a perverse incentive. The longer a problem takes to fix, the more we get paid. That's backwards. We should be rewarded for solving problems quickly, not slowly.

Now we charge flat monthly fees for most clients. They get unlimited support, and we're motivated to fix things permanently rather than applying band-aid solutions. Our interests align with theirs. It's a better model for everyone, even if it means we occasionally work for "free" on complex problems.

How much should you spend on IT? The uncomfortable answer is: more than you think, but probably less than vendors tell you. There's no magic percentage of revenue or per-employee benchmark that works for everyone. It depends on your industry, your complexity, and your risk tolerance.

What I do know is that underinvesting in IT is a false economy. The businesses that treat technology as a strategic investment consistently outperform those that treat it as a grudge purchase. The question isn't "how do I minimise IT spending?" It's "how do I get the best return on what I spend?"

One of the hardest things about growing a business is letting go. In the early days, everything runs through you. Every decision, every client relationship, every problem. At some point, you have to trust other people to do things as well as (or better than) you would.

For us, this meant building systems and training people. Documenting how we do things. Creating processes that work regardless of who's handling them. It's not glamorous work, but it's what lets a business scale beyond what one person can manage. And yes, sometimes I still struggle to let go. Work in progress.

Not every shiny new technology deserves your attention. For every genuine innovation, there are a dozen overhyped tools that will waste your time and money. Part of our job is helping clients distinguish between the two.

My filter is simple: does this solve a real problem you actually have? Not a problem the vendor convinced you that you have. Not a problem that might hypothetically exist someday. A real, current problem that's costing you time or money. If yes, let's talk. If no, let someone else be the guinea pig.

Modern businesses deal with dozens of technology vendors. Internet provider. Phone system. Line-of-business software. Cloud platforms. Security tools. Each has their own support process, their own billing, their own quirks. Managing all of this is practically a full-time job.

Part of what we do is become the single point of contact. When something goes wrong, you call us. We figure out whose problem it is and deal with them. When vendors point fingers at each other (and they always do), we sort it out. It's not glamorous, but it saves our clients countless hours of frustration.

Here's the uncomfortable truth: small and medium businesses are increasingly targeted by sophisticated attackers. The criminals have realised that SMBs often have valuable data and weaker defences than large enterprises. It's asymmetric warfare, and the odds aren't in your favour.

But David beat Goliath, and small businesses can defend themselves effectively. It requires being smart about where you focus your limited resources. Strong fundamentals: patching, backups, MFA, email security. These basics stop the vast majority of attacks. You don't need enterprise budgets. You need discipline and consistency.

Before IT, I trained as a pilot. One thing aviation drills into you: checklists save lives. It doesn't matter how experienced you are or how many times you've done something. The checklist keeps you from missing critical steps when you're tired, stressed, or distracted.

We've brought the same philosophy to IT. Server builds have checklists. Security configurations have checklists. Client onboarding has checklists. It's not exciting, but it's why we don't miss things. When you're managing technology for hundreds of users, "I usually remember to do that" isn't good enough.

Remember when every office had a server humming away in a closet somewhere? That noisy box that nobody really understood, that required expensive maintenance, and that became a single point of failure for the entire business? Good news: those days are ending.

Cloud services have matured to the point where most businesses simply don't need on-premises servers anymore. Your files in SharePoint. Your email in Exchange Online. Your applications in the cloud. Faster, more reliable, and someone else handles the maintenance. The office server isn't quite extinct, but it's definitely endangered. I won't miss it.

Backups aren't sexy. Nobody gets excited about backup solutions at conferences. There's no backup startup raising billions in venture capital. But backups remain the single most important thing you can do to protect your business from disaster.

Ransomware? Restore from backup. Hardware failure? Restore from backup. Employee accidentally deletes everything? You guessed it. A good backup strategy is your insurance policy against almost anything that can go wrong. Test it regularly, keep copies off-site, and sleep better at night. Boring but essential.

Every few months, someone asks me if AI is going to replace IT professionals. Short answer: no. Longer answer: AI is going to change what we do, not eliminate the need for us. The boring, repetitive stuff? Absolutely. That's going to be automated. Good riddance.

But technology still needs people who understand context. Who can translate business needs into technical solutions. Who can explain options in plain English and help make decisions. AI is a powerful tool, not a replacement for judgment and experience. The jobs will change. They won't disappear.

Three years since COVID turned everyone's work arrangements upside down. What have we learned? Hybrid work isn't going away. Some jobs need in-person presence. Many don't. The businesses that figure out the right balance will have a significant advantage in attracting talent.

From a technology perspective, hybrid work is now table stakes. Your systems need to work seamlessly whether someone is in the office, at home, or at a coffee shop in Queenstown. Security needs to follow the user, not assume they're behind a corporate firewall. This is the new normal. Plan accordingly.

I hear this all the time: "We're too small to be a target." I wish that were true. But attackers don't care how big you are. They care how easy you are. Small businesses with weak security are often easier targets than large enterprises with dedicated security teams.

The good news: you don't need a massive budget to defend yourself effectively. Basic hygiene goes a long way. Keep your software updated. Use strong, unique passwords with MFA. Train your team to recognise phishing. Back up your data. These fundamentals stop most attacks. You're not too small to be targeted, but you're also not too small to protect yourself.

Most businesses buy Microsoft 365 and use it for email. Maybe Word and Excel. That's like buying a Swiss Army knife and only using it to open letters. You're paying for a comprehensive productivity platform and using a fraction of its capabilities.

Teams for communication. SharePoint for document management. Power Automate for workflows. Planner for projects. Forms for surveys. All included in the license you're already paying for. Spend an hour exploring what's available. You might be surprised what you can do without buying additional software.

Let me tell you about a client who learned the hard way. Their server failed on a Friday afternoon. No backup. By Monday morning, they'd lost a weekend of panic and approximately three months of financial data. The actual cost? About $40,000 in recovery efforts and lost productivity. The backup solution they'd declined six months earlier? $150 per month.

Downtime isn't just an inconvenience. It's a direct hit to your bottom line. Lost productivity, missed deadlines, damaged reputation, and sometimes unrecoverable data. The math almost always favours prevention over cure. Learn from other people's expensive mistakes.

Don't get me wrong. That person who's been looking after your computers for years is probably great. They know your systems, your people, your quirks. But technology has become so complex that no single person can master all of it. Security alone is now a full-time specialisation.

The question isn't whether your IT person is good at their job. It's whether one person can reasonably stay on top of security threats, cloud platforms, compliance requirements, and day-to-day support simultaneously. For most businesses, the answer is no. It's not a reflection on anyone's skills. It's just the reality of modern IT.

Moving to the cloud sounds simple in the sales pitch. Everything magically floats up to someone else's servers, and your problems disappear. The reality is messier. Applications that worked perfectly on-premises behave differently in the cloud. Users get confused. Costs are harder to predict than promised.

None of this means cloud is wrong. For most businesses, cloud is absolutely the right direction. But go in with realistic expectations. Plan for a transition period. Budget for some unexpected surprises. And please, for everyone's sanity, don't try to do everything at once. Phased migrations are your friend.

After decades of security awareness training, people are still using "password123" and writing credentials on sticky notes. It's not because they're stupid. It's because we've created an impossible situation. Dozens of accounts, each requiring a unique complex password that changes regularly. No human brain can handle that.

The solution isn't more training. It's better tools. Password managers that generate and store strong passwords. Single sign-on that reduces how many passwords you need. Multi-factor authentication that makes stolen passwords useless. We need to stop blaming users and start giving them systems that actually work with human nature, not against it.