The Power of GRC for MSPs & Why Saying ‘No’ Could Be the Most Strategic Move You Make This Year

👋 Welcome to the grind

I’m John Harden, and if you’ve seen me on LinkedIn, you know I’ve got a lot to say about life in the MSP trenches. This newsletter is where I bring it all together: my latest posts, no-BS takes on the industry, and highlights from webinars and livestreams. If you’re in the MSP industry looking to grow, sharpen your game, or just want to hear from someone who’s been in the thick of it, subscribe and come along for the ride.

Why Your ‘Do Not Do’ List Might Be the Most Valuable Tool You’re Not Using

What if the secret to high-performing teams was focusing not on what you will do, but on what you won’t? In this Coffee Chat with Mark Ralls, President at Auvik, we explored the art of ruthless prioritization, strategic measurement, and why trying to do everything can actually get you nowhere. Closest to the pin, not furthest down the fairway... 

🔍 What we learned:

Mark shared his philosophy that effective prioritization isn't just about picking the top initiatives… it's about explicitly naming what you won’t do. Using a golf analogy, he emphasized focusing “closest to the pin,” i.e., working on the areas with the highest, most immediate impact, then working outward from there. He also tackled the trap of over-measuring, reminding us to stay human-centered while remaining data-informed, and shared valuable insights on how to differentiate between rearview and forward-looking metrics.

💡 Biggest takeaways:

• Closest to the Pin Strategy  "Most folks want to hit the long ball, but the pros improve their putting first." Prioritize where the impact is closest, not flashiest.
  

• Build a "Not Gonna Do It" List: “The do list takes care of itself. It’s the not-do list that frees your team.” Saying no creates space for real progress.
  

• Rearview vs. Forward Metrics: Scoreboard metrics (like revenue and profit) show where you’ve been, but forward-looking metrics (like onboarding velocity or deployment rate) tell you where you’re going. You need both. Even more important, you need to know which ones you can actually influence.
  

• People Before Percentages: “No one wants to be a statistic, even if you think in statistics.” Data needs stories to stick. Communicate numbers with empathy and narrative.

✅ Recommendations:

• Create a “Will Not Do” list for your team every quarter—post it, share it, live it.
  

• Use the “closest to the pin” framework: tackle challenges downstream (closer to the outcome) before scaling upstream.
  

• Audit your metrics: label which ones are “rearview” and which are “forward-looking.” Then double down on improving the 2–3 that are truly predictive.
  

• Use anecdotes to explain the data. Context and stories make metrics actionable.Huge thanks to Esther for a refreshing, high-energy chat full of real talk and tactical gems. Her mantra says it best: “Leadership is a stance in the world… not a job title.”

Thanks again to Mark for dropping wisdom, whiteboard stories, and espresso-powered frameworks. ☕🎯

What’s one forward-looking metric you rely on? Let’s swap best bets.

What Your Clients Are Doing Behind Your Back (and How GRC Helps You Fix It)

There’s a quiet shift happening in the world of IT service providers and if you’re paying attention, you can feel it. It’s not a new buzzword or another tool. It’s something deeper, something foundational: a move toward Governance, Risk, and Compliance, or GRC.

Traditionally, GRC has been seen as something reserved for enterprise environments, a tangle of frameworks and policies that seemed far removed from the day-to-day work of MSPs. But that’s changing fast.

Let’s start with visibility. Asset visibility has always been crucial, but it’s taken on new urgency in today’s landscape. It’s no longer just about knowing what devices are connected or what software is installed. It’s about understanding what identities are accessing which systems, where data is flowing, and whether anyone’s even aware of all the moving parts.

Then there’s Shadow IT. Shadow IT are the tools users sign up for without telling anyone. Add to that Shadow AI, where employees quietly explore generative AI tools like ChatGPT or Perplexity for everything from productivity boosts to drafting client emails. It’s happening behind the scenes, outside of policy, and often without any oversight. That’s a problem.

This is where the idea of GRC becomes more than a checklist. It becomes a lens MSPs can use to bring clarity to the chaos. Governance isn’t just about saying “no,” it’s about setting boundaries, understanding risk, and having real conversations with clients about what’s happening in their environment. Risk isn’t just something to mitigate. Risk is something to map, explain, and sometimes accept. Compliance becomes a shared responsibility, not a one-time report.

What’s exciting is how these tools elevate your role. Instead of “Are you using AI?” conversations that end in shrugs, you get to walk into a client meeting and say, “Here’s what you’ve added since last quarter. Here are the new apps, and yes, a few AI ones too. Let’s talk about what that means for your data.”

It’s a shift from assumption to evidence. From compliance as a checkbox to compliance as a shared conversation. And it's becoming a defining marker for the next-gen MSP, one that doesn't just secure infrastructure but co-manages smarter, safer growth with their clients.

GRC is still early in the MSP space, but that’s exactly why it matters. It’s an opportunity to lead, to be the partner who brings clarity, not just service tickets. To move beyond managing infrastructure and start managing trust.

This isn’t about becoming a compliance officer overnight. It’s about recognizing that your clients already trust you with their systems and it’s time to extend that trust to their strategy.

🎙️ I’m Live Next Week

Filter Your Focus, Measure the Magic (June 19, 9am ET)

What trends are truly reshaping the MSP landscape... and what is just noise? Join me for a high-energy LinkedIn Live with Carolyn April, Vice President of Research and Market Intelligence at GTIA, as we unpack the latest market forces, tech evolutions, and strategic moves MSPs can’t afford to ignore.

What we’ll cover:

• Market forces in motion: What’s the most disruptive trend MSPs face right now?

• Tools of tomorrow: Which platforms and technologies are MSPs rapidly adopting, and how are AI and automation playing a role?

• Business outlook: How are client expectations, pricing models, and competitive threats evolving in today’s economic climate?

• Real-world strategy: What practical moves are driving ROI for MSPs—and what advice would Carolyn shout to the entire channel?

Drop your hot takes or questions in the comments, and tag someone who needs to catch this one live!

🎧 Register here 

🔗 Stuff Worth Clicking

• IT Pros ‘Extremely Worried’ About Shadow AI: Report

• Brain activity much lower when using AI chatbots, MIT boffins find

• 20 Expert Tips To Avoid Network Automation Pitfalls

📬 Hit Me Back

So—what won’t you do this quarter? And just as importantly, what might your clients be doing without telling you? Between Mark Ralls’ reminder to ruthlessly prioritize (yes to impact, no to noise) and the growing role of GRC in uncovering what’s hiding in plain sight, one thing is clear: clarity is your new superpower. Whether it’s your internal team’s “Not Gonna Do It” list or your clients’ quiet adoption of Shadow IT and AI, the goal is the same—less guesswork, more intentionality.

So hit me back: What’s one thing your team is saying no to right now? And how are you helping clients see what they can’t? Let’s keep the real talk going.