5 Questions with Patrick Burgess: 2023 Winner of CompTIA’s UK&I Community Cybersecurity Leadership Award

Cybersecurity is on a lot of MSPs’ minds these days—and rightly so—but it might not be on anyone’s mind more than Patrick Burgess, technical director of Nutbourne Ltd., a London-based MSP.

Whether he’s talking about two-factor authentication and advanced endpoint defense, or any number of strategies for a stronger defense, Burgess has been a fervent advocate for MSPs to be more cyber resilient.

For his determination, Burgess received CompTIA’s UK&I Cybersecurity Leadership Spotlight Award for 2023 for his outstanding commitment, thought leadership and passion regarding cybersecurity, which has helped advance the resilience of the CompTIA Community as a whole.

Burgess recently discussed why cybersecurity should be of paramount importance to MSPs and why it’s OK to ask for help to get there. Here’s what he had to say.

What are you most proud of in your career and what’s helped get you to where you are now?

Building Nutbourne Ltd. With Marcus Evans has been a huge part of my life and something I’m immensely proud of. We have had huge ups and downs that any business owner would identify with, but we have been lucky enough to be surrounded by brilliant people who have helped us meet those challenges head on. Nutbourne has provided me with a platform and opportunity to talk publicly about things I feel passionate about, such as cybersecurity but also the flexibility to take a day a week to look after my young daughters as they have grown up.

What advice do you have for MSPs and other tech businesses to be more successful?

I have become a huge advocate for reaching out for help. I spent the first six to seven years working in the MSP industry trying to solve all my own problems and thinking I was doing it better than other people. By the time it finally dawned on me that 90% of the problems around running an MSP had already been solved by other people, I was almost on my knees and burnt out. You just need to put your head up and ask for help. CompTIA’s UK and Ireland Community is overwhelmingly collaborative, friendly and happy to talk. Whilst I am learning all the time, I now find myself able to pass on some of the wisdom I was given, which is really nice.

Why is volunteering for CompTIA important to you and what goals do you have in your role?

I was introduced to the CompTIA community through a security course with a vendor who gave a year’s free access to the CompTIA ISAO. Before this, I had only known CompTIA for the training and certifications. It blew my mind to find a vendor-neutral safe space where I could talk to other MSP owners and employees. Since then, I have found myself increasingly volunteering through committees and events which has allowed me to give back to the community who so kindly pointed me in the right direction when growing my MSP with Marcus. I am passionate about the cybersecurity programs and the industry education courses. I want to work with the UK teams to make sure that the discussions happening globally include the UK perspective and the state of cyber health here.

What cybersecurity challenges/trends do you want to raise more attention/awareness for in your UK&I Community role?

How unprepared a lot of MSPs are to take their clients on the overall journey. I see a large number of MSPs and vendors selling products with no overall strategy around them. These products are sold as a proposed big metal fence around a client’s company, but without basic cyber hygiene there are lots of holes under the fence. MSPs need to get our own houses in order. We are very busy and running around, so many are forced to operate a policy of, “do what I say, not what I do.”

We need MSPs and their clients to do the basics. Improve the overall cyber hygiene by enforcing multi-factor authentication on every cloud platform, implementing robust email and endpoint defense and training everyone. The vast majority of threats still start from phishing and the greater people’s awareness, the more chance we have of getting employees onboard to help solve the threats. On that note, we also need to remove any cyber shaming and make it safe for people in the MSP industry to put their hands up and ask questions or admit they don't understand.  

How are you working with CompTIA to address those issues and promote more awareness?

I have been working as a CompTIA industry education instructor to deliver training courses to MSPs in the UK and Europe through vendor events. These courses are brilliant because they come from real world MSP experiences and have no agenda other than to provide advice. There is a huge amount of willingness to improve the industry. I never meet MSPs who don’t want to be moving forward, but I regularly meet MSPs who are too busy or whose clients don’t pay enough. We need to increase the overall hygiene of the MSP industry if we are to expect the wider business world to improve.

With this aim I have been working with CompTIA’s cybersecurity teams in North America on the CompTIA ISAO and the CompTIA Cybersecurity Trustmark. Initiatives such as the Cybersecurity Trustmark cannot come fast enough when we have governments like the UK warning they are going to legislate to improve us. I want us to get ahead of the curve and work together to educate the industry as a whole before this happens so the shock will be minimised and we are already following best practice.