Working with Fractional CTOs and MSPs ===================================== Slide 1: Working with Fractional CTOs and MSPs Narration Anna: Lean teams eventually hit a ceiling—product ambition outpaces leadership bandwidth. Greg: That's when fractional CTOs and MSP partners start appearing in board meeting minutes. Anna: The trick is to use them to accelerate maturity, not to abdicate the hard decisions. Greg: So today we unpack when to bring each partner in and the questions that keep expectations sane. On-screen text Working with Fractional CTOs and MSPs Choosing the right leadership model for lean teams Slide 2: Why fractional leadership exists Narration Anna: Founders usually wait too long to admit they need senior guidance. Greg: Right—fractional leaders exist because hiring a permanent CTO takes months and equity you can't spare. Anna: Virtual CIOs and MSPs handle different pain: governance, policy, 24/7 operations. Greg: Most engagements land in the 6 to 18 month window—long enough to stabilise, short enough to keep urgency high. Anna: When cash is tight, trade 0.5 to 1 percent equity for part-time leadership instead of a $150k salary you can't cover yet. Greg: Expect blended billing—retainers, day rates and per-incident fees—so model the spend before you commit. On-screen text Why fractional leadership exists - Start-ups need senior judgment before they can afford full-time executives - Fractional CTOs, virtual CIOs and MSPs fill different gaps across strategy, delivery and run operations - Typical engagements run 6–18 months until hiring a permanent leader or internal capability matures - Expect blended fees: day-rates for discovery, retainers for leadership time, per-incident or per-device MSP charges - Stage cues: pre-seed firms borrow architecture patterns, Series A scale to multi-region uptime, Series B demand compliance rigour and portfolio planning - Equity trade-offs: 0.5–1% advisor equity versus a $150k cash salary keeps burn low when revenue is volatile Slide 3: Example: Series A SaaS Startup Narration Anna: Example: Series A SaaS Startup focuses attention on a concrete part of the work. Situation: 15-person team, scaling from 1K to 10K users in six months, Challenge: CTO departed mid-migration, roadmap slipped, board mandated security audit, and Solution: 6-month fractional CTO to stabilise architecture and hiring paired with co-managed MSP for compliance automation. Greg: In practice, ask who owns the work, what evidence proves it happened, and what handoff comes next. Use the supporting details as a checklist: Challenge: CTO departed mid-migration, roadmap slipped, board mandated security audit; Solution: 6-month fractional CTO to stabilise architecture and hiring paired with co-managed MSP for compliance automation; Outcome: Permanent CTO hired, SOC 2 audit passed on schedule, roadmap velocity recovered without losing key customers. On-screen text Example: Series A SaaS Startup - Situation: 15-person team, scaling from 1K to 10K users in six months - Challenge: CTO departed mid-migration, roadmap slipped, board mandated security audit - Solution: 6-month fractional CTO to stabilise architecture and hiring paired with co-managed MSP for compliance automation - Outcome: Permanent CTO hired, SOC 2 audit passed on schedule, roadmap velocity recovered without losing key customers Slide 4: When to engage each partner type Narration Anna: Let's sort out who to call based on the mess in front of you. Greg: Product roadmap chaos? A fractional CTO sets architecture guardrails and mentors engineering leads. Anna: Board grilling you on IT risk? A virtual CIO can own policy cadence while the MSP implements the controls. Greg: And if pager duty is burning everyone out, the MSP has to anchor the help desk and incident response. On-screen text When to engage each partner type SituationFractional CTOVirtual CIOManaged Service Provider Product roadmap in flux✅ Sets architecture guardrails, mentors engineering leads⚠️ Provides governance but less hands-on❌ Focuses on run operations Board demanding IT controls⚠️ Can cover interim CIO duties✅ Owns policy, risk and budgeting cadence✅ Implements controls and monitoring 24/7 support gaps⚠️ Designs on-call model⚠️ Escalation owner✅ Runs help desk, NOC and incident response Major platform migration✅ Leads technical decision-making✅ Aligns roadmap with business priorities✅ Supplies delivery squads and change management Slide 5: Typical Investment Levels Narration Anna: Typical Investment Levels focuses attention on a concrete part of the work. Fractional CTO: $8K–15K/month for 1–2 days per week, often with ramp-down clauses, Virtual CIO: $5K–10K/month covering governance, budgeting and board prep, and Co-managed MSP: $3K–8K/month plus per-incident fees for after-hours or specialised work. Greg: In practice, ask who owns the work, what evidence proves it happened, and what handoff comes next. Use the supporting details as a checklist: Virtual CIO: $5K–10K/month covering governance, budgeting and board prep; Co-managed MSP: $3K–8K/month plus per-incident fees for after-hours or specialised work; Budget rule: Allocate 15–25% of the engineering/IT budget to external leadership to avoid starving internal capability. On-screen text Typical Investment Levels - Fractional CTO: $8K–15K/month for 1–2 days per week, often with ramp-down clauses - Virtual CIO: $5K–10K/month covering governance, budgeting and board prep - Co-managed MSP: $3K–8K/month plus per-incident fees for after-hours or specialised work - Budget rule: Allocate 15–25% of the engineering/IT budget to external leadership to avoid starving internal capability - Equity swaps: Some leaders accept 0.25–0.5% options in lieu of cash—model dilution before agreeing Slide 6: Partnership models and ownership Narration Anna: Engagement shape matters just as much as who you hire. Greg: An embedded fractional leader joins exec meetings weekly and steers hiring and architecture. Anna: Some founders only need a six-week strategist to map the roadmap and hand off to their own team. Greg: Co-managed MSPs keep product decisions in-house, but a full outsource risks skills atrophying if you don't stay engaged. On-screen text Partnership models and ownership - Embedded fractional leader: 1–2 days/week, attends exec meetings, drives architecture and hiring - Project-based strategist: 4–6 week discovery, hands over roadmap to internal team or MSP - Co-managed MSP: Provider runs service desk while founders retain product and security decisions; expect shared tooling within 30–60 days - Full outsource: MSP controls infrastructure, releases and vendor management—risk of skill atrophy without oversight and longer re-entry timeline - Transition milestones: Define 30-, 60- and 90-day checkpoints for documentation, tooling access and leadership cadence Slide 7: Evaluating fractional CTO candidates Narration Anna: Vet a fractional CTO like you would a permanent exec. Greg: Ask which stages they've navigated—seed, Series B, messy turnarounds—and what outcomes they achieved. Anna: Availability matters; if they juggle five clients, who shows up when your production outage hits? Greg: Request artifacts—architecture memos, hiring scorecards—and learn whether they coach, architect or swoop in as a fixer. On-screen text Evaluating fractional CTO candidates - What stage experience do they have (seed, Series A, turnaround) and which outcomes did they deliver? - How do they split time across clients and guarantee availability during incidents or board crunches? - Ask for artifacts: recent architecture memos, hiring scorecards, budget models - Probe for collaboration style with in-house engineers and product leads—coach, architect, or fixer? Slide 8: Evaluating MSP partners Narration Anna: MSP due diligence can't stop at a glossy pitch deck. Greg: Drill into incident response—who answers at 2 a.m. and what escalation path they follow. Anna: Check their security posture and whether they'll integrate with your ticketing and SSO instead of adding silos. Greg: And nail down the commercial model—after-hours rates, pass-through costs and the fine print on exit clauses. On-screen text Evaluating MSP partners - Incident response expectations: who answers the 2 a.m. call and within which SLA window? - Security posture: SOC 2, ISO 27001, background checks, tooling stack for monitoring and patching - Integration depth: can they plug into your ticketing, SSO and asset inventory instead of running siloed tools? - Commercial transparency: rate cards for after-hours work, pass-through vendor costs, exit clause specifics Slide 9: The vendor promise vs delivery gap Narration Anna: Vendors love promising "unlimited" everything. Greg: My favourite line is "we onboard in a week"—sure, if you don't mind copy-pasting scripts yourself. Anna: Use humour to keep it human, but make them show the runbook, the ticket queue stats and who actually did the work. Greg: When they boast "our AI monitors everything", I ask to see the alerts that drag them out of bed at 3 a.m. Anna: And "seamless integration" translates to "tell me how many API calls your tooling will hammer our systems with". Greg: If they can't laugh and still produce evidence, that's a red flag before you even sign. On-screen text The vendor promise vs delivery gap - Sales teams promise "unlimited support"—clarify concurrency limits and scope exclusions - Ask how many startups of your size they actively serve; beware being the smallest fish - Request real-world incident reviews: what went wrong, how communication flowed, lessons learned - Humour helps: "Show me the runbook, not just the glossy brochure" sets tone without burning bridges - When they tout "AI monitoring everything", counter with "Great—show me the 3 a.m. alert stream and who triaged it" - If they promise "seamless integration", ask "How many API calls will your tooling make against our stack each hour?" Slide 10: Due diligence and reference checks Narration Anna: References tell you how providers behave when things get messy. Greg: Call past clients and ask how knowledge transfer went when the engagement ended. Anna: Run a tabletop exercise before you sign—it reveals decision-making speed and tooling depth. Greg: Don't forget subcontractors and insurance requirements; your customer contracts probably demand both. On-screen text Due diligence and reference checks - Speak with at least two former clients about responsiveness and knowledge transfer at exit - Run a tabletop exercise during contracting to observe decision-making and tooling capabilities - Review subcontractor usage and ensure confidentiality clauses cover fractional leaders and MSP engineers - Align insurance requirements (cyber, professional indemnity) with your customer contracts - Protect intellectual property: stipulate source control access boundaries, invention assignment, and how strategic docs are stored - Watch for red flags: vague SLAs, resistance to documentation handover, or reliance on a single engineer for critical services Slide 11: Onboarding and ongoing governance Narration Anna: Once the contract is signed, governance keeps everyone aligned. Greg: Start with a RACI—who owns roadmap, change approvals, incident command and vendor spend. Anna: Run quarterly reviews with shared dashboards so surprises surface early. Greg: And agree on the exit plan now: documentation handover, credential rotation and how long they'll stay during transition. On-screen text Onboarding and ongoing governance - Define RACI across roadmap ownership, change approvals, vendor spend and incident command - Schedule joint quarterly business reviews with metrics dashboards and backlog updates - Capture intellectual property in shared repositories with clear licensing in contracts and shared editing norms - Integrate external leaders into stand-ups, retros and architecture councils so internal teams retain voice and context - Plan the exit: 30–60 day transition timeline, documentation handover and credential rotation - Track performance: operational SLAs met, roadmap throughput, hiring progress and internal capability uplift Slide 12: Red Flags and Exit Strategies Narration Anna: Red Flags and Exit Strategies focuses attention on a concrete part of the work. Warning signs: Repeatedly delayed incident responses, scope creep without change control, thin documentation despite reminders, Exit planning: Keep 30-day notice baked into contracts, require handover checklists, insist on joint credential rotation, and Backup plans: Maintain internal runbooks for critical systems, cross-train staff, avoid single points of failure in access or knowledge. Greg: In practice, ask who owns the work, what evidence proves it happened, and what handoff comes next. Use the supporting details as a checklist: Exit planning: Keep 30-day notice baked into contracts, require handover checklists, insist on joint credential rotation; Backup plans: Maintain internal runbooks for critical systems, cross-train staff, avoid single points of failure in access or knowledge. On-screen text Red Flags and Exit Strategies - Warning signs: Repeatedly delayed incident responses, scope creep without change control, thin documentation despite reminders - Exit planning: Keep 30-day notice baked into contracts, require handover checklists, insist on joint credential rotation - Backup plans: Maintain internal runbooks for critical systems, cross-train staff, avoid single points of failure in access or knowledge Slide 13: Industry, geography and scaling considerations Narration Anna: Industry, geography and scaling considerations focuses attention on a concrete part of the work. Healthcare & FinTech: Ensure partners can evidence HIPAA, PCI-DSS or local privacy compliance and support security questionnaires, B2B SaaS: Demand customer assurance support—MSP-ready answers for SOC 2, ISO 27001, and shared trust portals, and Consumer apps: Focus on scaling infrastructure, CDN tuning and observability for viral usage spikes. Greg: In practice, ask who owns the work, what evidence proves it happened, and what handoff comes next. Use the supporting details as a checklist: B2B SaaS: Demand customer assurance support—MSP-ready answers for SOC 2, ISO 27001, and shared trust portals; Consumer apps: Focus on scaling infrastructure, CDN tuning and observability for viral usage spikes; Geographic spread: Align on time zones, language coverage and in-region data residency obligations. On-screen text Industry, geography and scaling considerations - Healthcare & FinTech: Ensure partners can evidence HIPAA, PCI-DSS or local privacy compliance and support security questionnaires - B2B SaaS: Demand customer assurance support—MSP-ready answers for SOC 2, ISO 27001, and shared trust portals - Consumer apps: Focus on scaling infrastructure, CDN tuning and observability for viral usage spikes - Geographic spread: Align on time zones, language coverage and in-region data residency obligations - Scaling decisions: Define metrics (lead time, defect escape rate, customer NPS) that trigger transition from fractional to full-time leadership Slide 14: Key takeaway Narration Anna: Bottom line—fractional leaders and MSPs buy you time, not absolution. Greg: Use sharp evaluation questions and a bit of humour to expose gaps before they turn into incidents. Anna: Then govern the partnership like any critical system with clear roles and exit plans. Greg: For homework, draft five evaluation questions for your stage and swap them with a peer for feedback. On-screen text Key takeaway Fractional CTOs and MSPs can accelerate maturity when paired thoughtfully. Use structured evaluation questions, humour to surface mismatched expectations and explicit governance to avoid abdication. Assignment: Draft five evaluation questions tailored to your current stage and share them with a peer for critique.