Tlao Cover Art 2023 Vector

Johnny Lieberman & Zack Miller – “Only the Paranoid Survive”

My guests on this episode are Johnny Lieberman and Zack Miller, who together founded Worklyn Partners to acquire and grow cybersecurity and IT services companies.

Episode Description

My guests on this episode are Johnny Lieberman and Zack Miller, who together founded Worklyn Partners to acquire and grow cybersecurity and IT services companies.

A concept we talk a lot about in the episode is how the two businesses create a flywheel between each other. I find these flywheels fascinating and I’ve talked about others such as the flywheel between media and data with FreightWaves founder Craig Fuller in Episode 121.

Johnny and Zack share how the two business models function both together and independently, where growth is coming from and trends driving that growth, developing sales teams, and why only the paranoid survive. Enjoy.

Listen weekly and follow the show on Apple PodcastsSpotifyGoogle PodcastsStitcherBreaker, and TuneIn.

Clips From This Episode



Ravix Group — Ravix Group is the leading outsourced accounting, fractional CFO, advisory & orderly wind down, and HR consulting firm in Silicon Valley. Whether you are a startup, a mid-sized business, are ready to go public, or are a nonprofit, when it comes to finance, accounting and HR, Ravix will prepare you for the journey ahead. To learn more, please visit their website at

Hood & Strong, LLP — Hood & Strong is a CPA firm with a long history of working with search funds and private equity firms on diligence, assurance, tax services, and more. Hood & Strong is highly skilled in working with search funds, providing quality of earnings and due diligence services during the search, along with assurance and tax services post-acquisition. They offer a unique way to approach acquisition diligence and manage costs effectively. To learn more about how Hood & Strong can help your search, acquisition, and beyond, please email one of their partners Jerry Zhou at [email protected]

Oberle Risk Strategies– Oberle is the leading specialty insurance brokerage catering to search funds and the broader ETA community, providing complimentary due diligence assessments of the target company’s commercial insurance and employee benefits programs. Over the past decade, August Felker and his team have engaged with hundreds of searchers to provide due diligence and ultimately place the most competitive insurance program at closing. Given August’s experience as a searcher himself, he and his team understand all that goes into buying a business and pride themselves on making the insurance portion of closing seamless and hassle-free.

If you are under LOI, please reach out to August to learn more about how Oberle can help with insurance due diligence at Or reach out to August directly at [email protected].

Interested in sponsoring?

(2:41) – Can you walk us through the timeline of Worklyn and where you’re at today?

(9:35) – How do your cybersecurity & IT platforms work collaboratively together?

(11:07) – Why are you pursuing growth via acquisition on the IT side but not in cybersecurity?

(17:07) – Is there a similar dynamic between sales in IT services and Cyber?

(18:08) – How does the sales cycle work from getting an IT customer over to the Cyber side?

(22:42) – What are some high-level industry tail winds you’ve observed?

(29:49) – Could the flywheel between Cyber and IT extend to software businesses or service tools that could support the business?

(33:59) – Within Worklyn, where do you see most of the value being created?

(36:49) – How have you been working to attract great people to your teams?

(40:01) – How have you structured management compensation?

Alex Bridgeman: We were talking about kind of early days of Worklyn, and you raised initial capital to acquire the first two companies and then raised another growth round of capital. Can kind of walk through the timeline of Worklyn a little bit?

Zack Miller: So Johnny, just to give you context, I think there’s an SEC filing out there that says we raise 14.2 or something. So what I’m guessing that is, I’m 99% sure that is, that’s the capital we called. So we raised committed capital at the end of 2021. And then a portion of that committed capital was allocated and used to fund our first two deals.

Johnny Lieberman: Yeah, that’s right. So the first fund’s 40 million of committed capital, first two deals, 14 and a quarter. And the fund was closed and the first two deals were completed all within kind of a one month span at the end of last year in 2021.

Alex Bridgeman: Yeah, I’ve enjoyed using SEC filings as an interesting way to track what investors are doing. There’s occasional like fundraises that aren’t announced yet, but there’s a filing to go check them out and read a little bit about them. So I tend to- I’ve incorporated SEC filings as part of my both podcast and business research now. So I was kind of curious about that. But yeah, can you kind of walk through the early days and then what Worklyn is today?

Johnny Lieberman: Yeah, absolutely. So Zack and I started working together in Augustof 2020 5 or so months into the COVID-19 pandemic. And I had just finished business school at HBS. And Zack was two of three years complete with his JD MBA at Penn. And I called Zack and I said, “Now’s the time.” And he said, “Come on, really?” We had been talking about working together for a long time. And I used to drag him on calls with prospective investors when I was just trying to get a basic understanding of what the different avenues of entrepreneurship through acquisition really were. And I used to introduce Zack, and “Hey, this is my partner, Zack.” And he’d say, “I’m definitely not his partner but would love to learn what’s going on in the industry.” So, we did a sequence of these calls throughout 2020. And August comes and I managed to convince Zack to take a leave of absence from his JD MBA and start Worklyn. And at that time knew we wanted to focus on technology. We were pretty sure we wanted to do something in IT services and cybersecurity, but the exact thesis was confirmed in the fall of 2020. Zack, maybe you want to just touch on it.

Zack Miller: Yeah, I mean, so I didn’t take maybe as much convincing as Johnny says. So I think at the beginning, I did, like when we started, as Johnny mentioned, we really started just as friends who were talking about doing something entrepreneurial together. And I had always had, my background was investing and advising in cybersecurity, and I basically helped start a private equity fund at my last job or at the job I spent the majority of my time before grad school at, called the Chertoff Group. And we were investing in cybersecurity services businesses and had some great success. And I was in charge of sourcing and diligencing and helping to execute our investments in growth stage cybersecurity businesses. I think it was that experience that always stuck with me, where what I saw was, as the guy in charge of sourcing, kind of on the front lines, a lot of businesses that weren’t quite big enough for us, lifestyle, founder owned businesses with great customers that love them and talented people but that hadn’t made that jump to being large enough for private equity and weren’t quite growthy enough for venture capital, and they were sort of this orphan class of companies that didn’t have a home in terms of exits. And so that thesis had always been sticking around with me. And the other thesis that I had coming out of those days advising investing in cybersecurity is, look, for middle market businesses and SMBs that don’t have their own IT security professionals, they want IT and cybersecurity from a one stop shop, one throat to choke. They don’t want to have to contract with six different providers to make sure that their IT systems work and to make sure that they’re secure. And so there was this ongoing convergence of cybersecurity and IT which had historically been two different, really two different lines of business. And so that was the sort of industry thesis behind what we’re doing. So when Johnny was getting me involved in these calls with investors, I began to realize like, hey, this whole entrepreneurship through acquisition model could be adapted to facilitate the roll up strategy at this fragmented intersection of cybersecurity and IT services, which was something that I had always had designs on doing myself. But the actual moment of truth was, I think, August 2020 where I had an awesome remote internship with a really great publicly traded cybersecurity company called Okta. Everyone I worked with was smart. Everyone was kind of- like the business was firing pretty well. And I kind of looked around, I was like, God, I’m not having much of an impact here. Like, I don’t know that I’m adding much value here. And it’s really awesome to work on a great technology tool with a great team, but they’ve already done it. And I want to go do- I want to build something myself and build something with a friend and take a risk and bet on myself.

Johnny Lieberman: So I think what was really interesting, Alex, is Zack saw a number of companies that his prior firm invested in that were potentially complimentary. And because of the structure and other details, these firms weren’t under an entity structure that promoted collaboration. And one of the ideas we had was can we use a holding company structure to promote companies that should be partnering together to serve the same customer to do so in the most efficient way. So if you buy companies that have slightly different specializations that would naturally want to partner with each other, even if not owned by the same company, can you promote that collaboration by buying these businesses under the same holding company? And I think that’s when we kind of really settled on a thesis and an entity structure and a hold period, building for the long term, that we ended up raising our fund around.

Alex Bridgeman: Gotcha. And as Zack and I talked about, so as I understand it, you have two platforms. There’s one cybersecurity platform and then an IT platform. And they work collaboratively together, but structure wise, they’re two different platforms. Can you through how that works and how they interact?

Johnny Lieberman: That’s exactly right. So the thesis is that we’re going to pursue a multi acquisition strategy on the IT services side. There’s a lot of private equity roll ups going on in the MSP space. What we’re doing is slightly different. We’re going to build value by doing M&A and buying businesses that are profitable and building a basic cash flow, just as private equity is doing. But we’re targeting businesses that maybe are slightly different from the mold or kind of narrow MSP business model that private equity is. And that’s because one of the largest ways we’re going to create value is by selling cybersecurity and our proprietary MDR solution, which is a combination of tech and people, through to all the IT services businesses that we buy and use that kind of captive channel to grow the cybersecurity business. And what we end up with is, like you said, a holding company with two platforms. We have the cyber platform, which is really an organic growth play. And then we have an IT services platform that’s a cash M&A play. And we’re going to be able to use the cash generated by the IT services platform to reinvest in the cyber products and tech enabled service.

Alex Bridgeman: So how come you’re using acquisition on the IT side, but not cyber? Does cyber not grow through M&A nearly the same way? You talked about the cybersecurity being organic growth, while IT is through acquisition. How come they’re not both through acquisition? How does each company or each side grow differently? What’s different between the two?

Zack Miller: Yeah, no, it’s a great question. Because I think from a bird’s eye view, you look at these two businesses, you’re like, geez, these look awfully similar. And why aren’t they- Why don’t you just jam them all into one platform? Or why aren’t you pursuing more or less the same strategy on each side? And I will caveat this by saying on the cybersecurity side, there very likely will be an acquisition or two, but it will be very strategic acquisitions, where it’s like, listen, this particular capability needs to be added, and the most efficient way to add it is via an acqui-hire, or hey, opportunistically, we found another competitive mate that looks really similar to us, and they happen to use our software already, or some variety of our software that’s available open source. So maybe it makes sense to combine forces. That probably- I mean, that very likely will happen. But we don’t think of the cybersecurity platform strategy as an M&A based strategy. And we won’t be as dead set on multiple acquisitions on that side because the business models are just a little different. Cybersecurity, as an industry, is growing a little bit faster, and in particular, the space we play in, which is managed security services or managed detection and response, which you can think of as basically outsourced 24 by 7 security monitoring, threat detection, and response for customers. That space is growing quite fast. So, there is a lot of organic growth to be had. And then also, you look at that business, the business we own, an incredible business in Florida, they’ve built their own technology platform. And that requires a great team of developers and engineers led by a great CTO, and that requires some investment in R&D. So you almost look at that business as close to a software business model. Whereas on the IT services side, primarily, you find businesses that are partnering with large software vendors or large hardware vendors and adding services on top of that, slightly different business model, slightly different vectors of investment. And it affords the ability, they may not grow as fast, these IT services businesses, they grow steadily, but they kick off a lot of cash that can be used as a basis for more acquisitions and putting some leverage on the business.

Johnny Lieberman: Yeah, I think another reason that it makes less sense to do multiple acquisitions of similar managed section response businesses is that the likely revenue multiple that you’re paying for these businesses largely reflects the IP or technology within the businesses and it doesn’t make sense to buy what would likely be duplicative technology because the reason you’re paying a revenue multiple to begin with is that they can scale with customers. So it makes much more sense to go and acquire customers to feed into the scalable technology that you already paid a revenue multiple for.

Alex Bridgeman: You must view the IT business partly as or perhaps mostly as customer acquisition for kind of the downstream cybersecurity products as well then.

Zack Miller: I think it’s both. Like I think the large number of private equity firms that are currently in this space executing MSP roll ups, MSP is managed service provider, MSP IT services roll ups is evidence of the fact that there is a pretty just juicy opportunity in doing that. And we see that opportunity too. And I think we are benefiting from many of the same things that those MSP roll ups are benefiting from. But there’s this sort of double dip value creation opportunity where that has, that MSP roll up is going to create equity value on its own. But it’s also going to create tremendous equity value for our other cybersecurity platform in the sense of creating new customer opportunities, cross selling opportunities, and also in the sense of that IT services arm is going to help our cybersecurity platform continue to grow and mature and best feed the channel. Because for the middle market customer, like we talked about, that we’re really building with the middle market in mind. So think about a school district in Florida or a regional airport in Ohio that doesn’t have a massive team of IT security professionals in house. In order to build for and serve that customer, typically, that customer just basically says, look, whoever my IT service provider is, if I trust them, I want them to be in charge of my cybersecurity as well. And so you need to, if you’re building a cybersecurity business for the middle market, you need to figure out how to partner, how to play nice with IT services partners. And this platform really enables us to do that.

Alex Bridgeman: Yeah, we’ve had similar thoughts, we as in my work at HW Media, we’ve had similar thoughts around how media and data combine in kind of similar ways where your media business and audience can feed folks to your data product. And one question, I have a question around sales because we have a sales team for media sales, but it’s kind of a different ballgame to sell enterprise software, enterprise data. Is there a similar dynamic between sales in IT services and cyber? Or are they more complimentary than you would think?

Zack Miller: I think they’re pretty complimentary. In one sense, we still have direct sales at the cybersecurity company, but in one sense, maybe you’re building a team that’s more focused on selling through the channel, on selling through a partner rather than on selling directly to the end customer. Whereas on the IT services side, you might be more focused on going directly to the end customer. But I think there’s more similar than different in the go to market models. And in the use of digital marketing and other kind of online guerrilla marketing models as well, I think there’s more similar than different.

Alex Bridgeman: Can you kind of walk through how sales works on the IT side? I’d be kind of curious what that looks like. And how does a potential customer work their way through and get into cyber?

Zack Miller: Yeah, so it depends on the end customer. We have an IT business, for instance, that does a lot of work with state and local and education customers. That sales cycle and that sales process is entirely different than, say, if we were selling IT services to SMB local credit union or a local media company. The sales cycle is really different. So I guess I’ll start, I’ll say at a high level, on the IT services side, increasingly, the conversation is actually now starting with cybersecurity. And that gets to that convergence that I mentioned earlier. As opposed to maybe 10 years ago where it started with, hey, I got a bunch of servers that I am trying to manage on my own and it’s not going so well. And so I’d like an expert to come in and manage my servers and manage a couple other critical IT systems for me. So nowadays, you see it a lot of times starting with something like cyber insurance, like hey, I’ve got to- I’m an end customer, let’s say I’m a small health care system and I have a cyber insurance premium- I mean, I have a cyber insurance plan. And the cyber insurance plan basically said we’re not going to write you a new insurance policy until you do X, Y and Z to show that your cybersecurity is somewhat shorn up. And then, we’re where we would come in, where the work on platform comes in is both as an advisor to help you figure out what you need to do and then as an implementer, this is the IT services side, not the cyber side, to help you implement some of these more basic security controls like having multi factor authentication, and then at the end to provide ongoing 24 by 7 monitoring of your security as IT, I mean, as a company. So I give that example of cyber insurance to say there’s just so many different ways the customer journey can start, it’s hard to paint it with a one size fits all brush. Johnny, I guess I’m curious if you think there’s a more consistent way to describe the customer journey.

Johnny Lieberman: Yeah, I think the most interesting dynamic is observing existing customers that we have on the IT side and trying to draw a pattern on when is the right time for them to buy MDR. And I think what we see is that there’s largely three demand drivers for cyber. You have ransomware, where maybe one of their competitors got breached, or the CEO got some pressure by the board based on an article in The New York Times. That’s one. The second is, as Zack mentioned, cyber insurance, especially in state and local where we do a lot, it’s becoming increasingly difficult to even get into one of these access liability pools or kind of broader state offerings. There’s very little option. And in the commercial market, you’re seeing premiums go up, in some cases double year over year. So that’s two. And then the third is compliance. If you’re in an industry with increasing compliance, HIPAA, or in manufacturing, there’s a new compliance regime called CMMC that’s relevant and driving demand for increased cyber. But the point is that we know that a lot of our existing customers on the IT side are going to need to sign up for MDR. And the reason we love owning those businesses is that we can be there when whatever one of those three triggers them to finally dedicate a significant portion of their IT wallet towards cyber, but you can’t always predict when. And I think the thing about cyber over the past couple years is everyone’s been predicting these waves of mass adoption in the mid market. And I think a lot of times in the mid market SMB, it’s happened slower than then folks have predicted. But our view is if we can be there and serve the mid market on the IT side and help them through that journey, maybe first cloud migration and then comprehensive outsource cybersecurity, that’s a great place to be because you’re hanging around the hoop waiting for them to have the budget or to have the management team that understands the value in an outsourced cyber partner.

Alex Bridgeman: You have touched on a little bit, in mentioning the different drivers for the business, but what are some high level maybe industry tailwinds that you’ve observed that are kind of pushing the business along?

Zack Miller: Yeah, I think Johnny said it right with like ransomware and actual attacks, either people get hacked and get ransomed, or they hear about a friend or a competitor who happens to, and that gets them pretty concerned. Cyber insurance and compliance are two more on the cybersecurity side that are driving a large increase in demand. And then the one that Johnny didn’t mention, but I think is in a slightly different category but must be discussed is there’s a massive talent shortage in terms of cybersecurity professionals who are skilled who could come in and protect an IT distributed hybrid cloud IT environment. That’s hard to find. And so many, I’d say most customers, small enterprise and down, throw up their hands and say, look, I’m not going to build an internal team that monitors my security 24 by 7. That’s really hard to do and really expensive. I’m going to outsource that job as well as a number of cybersecurity jobs to a team of professionals who do this every day. And that’s in part because there just aren’t enough skilled cybersecurity practitioners to fill every role that a firm would want them to. So that’s on the cyber side. And then I think on the IT side, there’s cloud transformation, of course, or cloud migration that’s driving a lot of new business. But I actually think there’s a surprising number, at least it’s been surprising to me if I think back to two years ago, just how many customers that we serve or that we’d want to serve that are out there that haven’t fully migrated to the cloud and don’t plan to anytime soon. Like, you’ll see some, hey, let’s put a couple of applications in the cloud, but we need servers on premise to do X, Y, and Z. You see a lot of that. And I think we’ll continue to see that. I don’t want to say that we’re betting against the cloud. But I’ll just say the cloud is- like companies pushing all of their apps to the cloud, we still might be a ways away from that.

Johnny Lieberman: Yeah, and I think just following on in that very last point, a lot of the industries that we serve have a critical infrastructure component or maybe transportation vertical, hospitals. And the OT, operational technology environment and how that intersects with IT is pretty damn complicated. And if you layer on all these new security tools that trade publicly in the NICEy or NASDAQ, and then you think about the talent shortage, those three things add up to a pretty overwhelming amount of work for an internal team to be able to handle to properly secure themselves. And I think you’re seeing all three of those dynamics only increase where the choice to outsource is becoming more clear.

Alex Bridgeman: Do you think the challenges with hiring that talent internally is driving most of that? Or do you think maybe one other driver is more responsible for that movement towards outsourcing?

Johnny Lieberman: I really think it’s the combination of talent shortage- so definitely talent shortage, big part of it. Why does the talent shortage exist? If you step back and think about it, it is a problem specialist focused cybersecurity expertise, not IT but cyber, that’s become really important across businesses in a relatively short amount of time. It was always a risk for critical government entities or maybe critical infrastructure, but for your average mid market, banks, other kinds of life, death or large money at risk. But for your average mid market business or SMB, cybersecurity was pretty low down on the business disruption risk analysis. That’s changed. It’s changed really quickly. And I think what’s happened is there are not enough kind of post grad or college opportunities to focus in this to support how large of a problem it is right now. If you think about your average board, even at the lower enterprise, very unlikely that anyone on that board has security expertise, sub 10% chance. And I think that’s a really interesting dynamic to watch. Where has there been another problem that’s become so critical so quickly, where you have very few people in management positions that actually know a thing about it?

Zack Miller: Yeah, I agree. I think that this all kind of harkens back to the talent shortage, which I agree with Johnny, I think is the primary driver in demand for outsourced cybersecurity services. Also, by the way, makes our jobs a little harder because we have really talented security professionals who we’re always, we always got to make sure that they like coming to work every day because there’s a lot of demand for them. But I would say on the flip side, this is a secondary trend, but it’s an interesting one. Johnny mentioned these publicly traded cybersecurity product companies, the CrowdStrikes of the world, the Palo Alto Networks of the world, great businesses, but they have done a great job penetrating the enterprise markets. Where they have penetrated less, where there’s more organic whitespace for them to go after is down in the middle market with the customers that are just waking up to cybersecurity that are saying, oh shoot, I really do need to get some of these Palo Alto firewalls or some of these CrowdStrike endpoint licenses. But for Palo and CrowdStrike, and I’m just using those two as examples, but for all these large software technology companies that sell software tools, cybersecurity software tools, you can’t really hire enough salespeople to penetrate the middle market. So they need to rely upon channel partners. And again, that’s where the outsourced service provider can actually be helpful to the broader industry ecosystem. Because the outsourced service provider can say alright, pick your cybersecurity tool company, let’s partner up. I’ll hire some folks who really know how to implement your software, and I’ll serve as a sales channel for you and resell your software and take some margin. And it’s a real win-win. And that’s why you see, if you look at the major cybersecurity players that are publicly traded, big software companies, they talk a lot about the, quote unquote, channel, about MSPs and MSSPs because that is increasingly how they go to market to serve the segment of the market where there is the most whitespace.

Alex Bridgeman: So with that in mind, do you think there’ll be value in- We’ve talked a lot about how IT and cyber interact and have this flywheel between the two. But could that flywheel also extend to IT or cybersecurity software business or some other service tool or business that can support one of those businesses? Or on the flip side, do you see any of these cybersecurity software companies starting to acquire companies like the ones that you look at Worklyn?

Johnny Lieberman: Yeah, I think we’re seeing both. When we, when Zack and I see the Palo Altos of the world trying to layer on services to their kind of core products as a way to penetrate the mid market, I think we’re a little bit less concerned, just because the DNA of those companies and where the real value is driven is around product, product development cycles, market share within those defined segments, whether they be firewalls 5 to 10 years ago or zero trust now. I think services are, if you want to be critical, an attempt to move down market to support growth in what may be a declining product market, a more competitive product market. I think the way we look at our offering and who we compete with is we lead with services. And we have technology that makes our services much better. And our tech development, we try to approach technology development and RIP with a lens towards how is this making our security operations center or customer delivery better. And I think that’s a very different lens than CrowdStrike or Palo Alto are taking. They need to create the next product that is able to compete to achieve those 20 to 40x NTM revenue multiples that the Bessemer table shows and that they’re compared against. So I just think that we’re going to continue to compete at Worklyn and at Quadrant, the cybersecurity platform that we own, against companies that lead with services that view themselves as tech enabled that want to focus on the mid market primarily and not as a way to supplement growth at the enterprise.

Zack Miller: But yeah, so I agree with that. And I would say, to put it simply, the investors backing the product companies, whether that be an endpoint product or a hardware product or software product, they’re not going to let, and weather those investors be public investors or private equity or VC, they’re not going to let their gross margins be destroyed. These are companies with 80% plus gross margins and services is just you can’t get the same gross margins. You’re basically selling smart people when you’re selling services; smart people are expensive. So I think all these product companies have a services arm that they’re rolling out, and it’s kind of a consultative sales engine for them. But none of them are going to build armies and armies of services professionals. None of these software companies with 80% margins want to morph into Deloitte or PWC and become services shops. So I think I agree with Johnny, that we think the primary competition to us still is going to come from other service providers. And to answer your question, can a service provider end up buying a product company and fitting that in, I think the answer is yes, but it has to be the right type of product. I think if you’re a services company first and you are services first and you want to be owning the end customer relationship and really helping them in a holistic manner, you can’t be too reliant on any one product because you have to be able to look at a customer and say, all right, based on your environment, you need X, Y, and Z. But my other customer has a different environment and they need A, B, and C. And I want to do what’s best for the customer. And I think that results in some measure of product agnosticism, at least for certain products that are becoming critical in IT and cybersecurity stacks.

Alex Bridgeman: You mentioned how software companies want to focus on the areas that keep their gross margin high and generate the most value for their business. Within Worklyn, where do you see most of the value being created? Is that through more sustainable revenue, better products? Like what makes Worklyn a more valuable company over time?

Johnny Lieberman: Yeah, I think it’s more sustainable revenue delivered via high value recurring services like managed detection response and a bundle of critical managed IT services. So the way we view kind of the end state is that we’ve built out a bundle of IT services that have specialization in the most important things, and delivered together in a bundle, you can be that outsourced go-to IT vendor and cyber vendor. So we have complimentary managed IT services and managed cybersecurity services. And I think if you get that right, you’re really sticky because you’re not only protecting the user’s environment with diminished detection response, manage cyber, you’re also their day to day with smaller problems, managing the IT environment whether that be network monitoring for an on prem environment or help with something, a remote workforce. I think when the customer turns over the keys both for IT and cyber, you become very sticky and I think your retention stats show that.

Zack Miller: Yeah, I agree with what Johnny said. I’ll just say a weird answer, which is I look at it as people. That’s the most important thing we can invest in to grow equity value at Worklyn to improve and grow the businesses that we own. It’s people every day. So, it’s salespeople or go to market people who also are practitioners and know enough about IT and cyber that they can have consultative conversations with end customers that actually move the needle for them. And then it’s practitioners and service delivery folks who are salesy enough and sort of commercial enough to know that, hey, we’ve got this whole bigger portfolio of offerings, and for this customer, these type of things might make sense. Those are just two examples. But to me, these are people businesses, and while there’s tech enabling them and enabling us to have superior gross margins to a typical services business, at the end of the day, you still end up scaling by adding more brains. So that’s what we’re really focused on every day.

Alex Bridgeman: Have you been working to continue attracting great people to your teams?

Zack Miller: Yeah, I mean, I think it’s more challenging when you start with a small business that doesn’t have a brand. And so I think the solution, the hack there, to the extent there is one, and there isn’t really one, is just for Johnny and I to spend time on it and to say, hey, look, if you come here, you’ll be a part of building something great. And you’ll get a lot of touch points with us. And you’ll have input into key strategic decisions. Versus you go to a bigger company, and you’re kind of a cog in the machine. And I think you want to find people who are like myself and like Johnny who have been cogs in really big, really successful machines and said, this is great and this is not a bad way to spend my career, but this isn’t ultimately what’s fulfilling for me. What’s fulfilling for me is building and having some input into the direction of this business. So we need those type of people. And I think those are also the type of people we’re most likely to attract. But I think we have to be involved. We can’t pass it all off to a recruiting firm and sign here when they show up. We have to be involved in selling the vision and spending time with key hires.

Johnny Lieberman: I think there are two other specific points that have really helped us recruit. I think the first is when you’re building a broad kind of portfolio of specializations, I think that’s really attractive to younger, talented folks that want to learn about technology. Because what it allows is for someoneto come in and potentially focus on the Cisco network at airports or bus terminals or schools. And then if they do a really good job there, they have the opportunity to pivot and go work at the cybersecurity business after three years and learn a completely different skill set and maybe move from the security operations center to the development team or the engineering team. And I think that sort of mobility while also moving upwards is a pretty unique offering, where someone can kind of build a career across different tech specializations internally at Worklyn. I think the second thing I want to mention is that we structured our fund in a way where for managers and for owners that are selling to us, they have an opportunity to roll into Worklyn the holding company and have exposure to what we’re building overall. And I think that’s a really important differentiator for us because the pitch comes down to hey, instead of a stake or management options in a single operating company, as is the case with the private equity model, we, when it makes sense, have the opportunity to have that person sit pari passu with LPs in the fund. And I think that’s just a very conversation when trying to attract top talent.

Alex Bridgeman: Can you say a bit more than that? I’d be curious to hear a little bit more about how you’ve structured management compensation and incentives.

Johnny Lieberman: So I think, to start, it’s the opportunity to roll equity into Worklyn for sellers that are considering taking chips off the table and potentially selling a majority of their business but rolling a portion of the equity along with us if they continue to operate, the way we thought about it was we’re not buying businesses just because we see- yes, some of the businesses we’re buying are attractive independently of what we’re doing. I would say all of them are. But we think that they’re much better as part of a portfolio that can collaborate and work together to serve the same end customer. So I think it was really important for us to find a way to have the sellers that are rolling equity roll into the fund. And what we think that does is have them pick their head up and say, alright, how can I drive value, whether it’s cross selling or customer introductions or sharing of resources across Worklyn, as opposed to maximizing the bottom line at any one operating company. And we think over time, that’s going to be a really powerful tool to promote the kind of cross selling that we think ultimately drives value, where each IT business that joins Worklyn is going to want to prioritize selling cybersecurity, our own cybersecurity quadrant into their portfolio of customers, their customer base. I think at the highest level, instead of rolling equity and just having exposure to the operating company, you really are sitting pari passu with just the LPs in the entire fund. So, the ultimate equity value that’s created across Worklyn will be the equity value that the seller shares in, even if the seller only continues to operate at their individual company level.

Zack Miller: Yeah, that was a correction, or not a correction, but I’ve seen it work other ways, where you have companies under common ownership, but the actual operators who are making day to day decisions on who to partner with and who to recommend for this customer, they don’t have any common ownership. And so they recommend their buddy, or they recommend whoever they last spoke with, as opposed to really teaming up with the providers under common ownership. So, we tried to be really intentional about creating a structure that would allow for a constellation of companies that don’t just think about and care about their own company’s success, but that really benefit from a company that’s across, on the other side of the country but part of the Worklyn family or part of the Worklyn  portfolio as well.

Alex Bridgeman: Yeah, that’s fantastic. I find management compensation super interesting. And I’d love to keep chatting for another hour or two, but unfortunately, we can’t. So I’ll close here. Thank you both so much for coming on the podcast and sharing a little bit. This has been really, really fun. I hope we get to have you both on again here again soon.

Johnny Lieberman: Absolutely. I think thrilled to be invited and love the podcast, Alex, and would love to join you again. Thanks again.

Zack Miller: Yeah, Alex, thank you. It’s an honor to be on here and I’ve always enjoyed listening. Hopefully, we’ll continue to enjoy listening.

Alex Bridgeman: Thank you for listening. I hope you enjoyed the conversation today. If you enjoyed today’s episode, please consider leaving us a review and telling a friend to help more folks find to Think Like an Owner. I also want to thank our show sponsors Live Oak Bank, Hood & Strong, Ravex Group, Oberle Risk Strategies, and Oakbourne Advisors for their support. For full episode transcripts and more information, please visit our website at

Related Episodes

Subscribe to our newsletter

Join small company investors, search funds, private equity firms, business owners, and entrepreneurs in reading the Think Like An Owner Newsletter.

Generic filters