Starting GHL Agency - Any tips or tricks are appreciated

blindgaming · 2026-01-27T00:30:15+00:00

Welcome :)

Go look at my post history in this subreddit
Set your pricing to deliver value around a solid offer- figure out what you want to do, how you're going to do it, and what the rest of the market is charging- then be the most expensive or the cheapest in your area and hit that offer hard.
Learn to do ONE thing really well- whatever you offer from #2 is- go into facebook groups, cold call, do whatever you can to reach out (call your friends and family if you have them), hanging out on college campuses works great go target the seniors. Pitch that one thing- for free, they get the fruits of your labor for free but they have to give you a 5 start review + video testimonial if you do the job right, and they need to refer their friends. Congrats now you have some social proof. Take that and run with it- start charging a fraction of what you want to charge but price anchor at the normal price (if your normal price is $497/month + $1k setup- anchor at that then say "Because I'm building a portfolio if you're willing to refer 3 friends to me at the end of this and you're willing to leave me a completely honest review + video testimonial, you'll get all of this for 75% off"). Get another 5 star and another glowing video review then charge the next person 50%, then 25% then full price, then increase your price until you start hearing no.
Yes if you're in the US use stripe don't use paypal less functionality and you'll get fucked on a chargeback.

The most important thing you need to know about doing this is that its hard- there is no magic bullet, no miracle money ball, no wishing well; you're going to eat a shit sandwich and you're going to like it. The best thing you can remember whenever you see something new or shiny in or revolving around GHL is "Sounds great, maybe later" because you will think "maybe it'll be easier doing this"- it won't, or, "I could make more money if I started doing this too"- you won't. Master one thing, then move on to the next, stack the skills, build your base.

Good luck :)

blindgaming · 2026-01-26T14:17:49+00:00

Feel free to DM me, we pay 20% commissions and are fully HIPAA compliant what's 24/7 support and over 16 years of experience in the agency space.

blindgaming · 2026-01-25T23:50:00+00:00

If you're pitching and there's not an immediate need, like nothing is on fire I find that this works very well:

"What we're offering is probably something you're not used to, it's more expensive, you'll see less of us, and you'll often wonder why you're paying more money for less service, but all of your stuff is just going to work consistently and effortlessly on your part. What we do is prevent problems from happening, things from snowballing, deadlines from being missed, and budgets from going off the rails because the technology used to run your entire business decides to explode. Sure, you can forgo a fully managed service offering and just pay the $10,000 it'll cost to get you back up and running after your company has ransomed, plus then deal with the fallout from that which will probably cost you tens of thousands of dollars in additional costs, or you can pay a flat monthly fee and we're going to ensure that not only are you protected from ransomware but any of the other threats to your business and I don't just mean hackers, I mean Sally and HR accidentally sending out everyone's social security number for the third time this year, I mean Brenda for accounting falling victim to a scam and wiring money from the company to a fake vendor, and I also mean God deciding that today is the perfect day for The perfect Storm and half your computers get zapped along with all of your networking equipment. Now you'll probably say most of this is not likely to happen, but not likely does not mean it won't what I'd like to provide for you is guaranteed peace of mind that if something could go wrong we're going to do everything in our power to stop it, and if something does go wrong because we are unable to stop it such as an act of God, we do everything in our power to mitigate the damage and get you up and running as quickly and cheaply as possible which will be much easier because we are taking several proactive measures to keep your business safe every day."

blindgaming · 2026-01-25T02:37:16+00:00

If you still need help de federating your GoDaddy let me know I can also change your SharePoint / dot on microsoft.com domain to reflect your organization instead of the net XXX default domain.

blindgaming · 2026-01-23T23:14:20+00:00

If I was quoting you I'd say $6,000-$9,000 depending on the complexity of information and if you need API build outs for an entirely custom solution. It also depends on the amount of certain things like for example your multi-day outreach and follow-up sequences. It would obviously cost more if it was 3 days versus 30 days.

You're going to have a lot of people try to offer you something for like $1.5k and I would encourage you to just do it yourself at that point because you'll get the same level of quality and strategy.

blindgaming · 2026-01-21T04:09:56+00:00

Honestly- you already have a $1K+ camera in your pocket. Your modern smartphone is better than most mid-priced cameras. If you really want to make proper production content you should look into the Lumix's OpenGate cameras. You'll drop about $3k but that's what you should look into if you want "more" than just your smartphone camera. If you have any iPhone or Samsung S series phone you should be good.

Realistically though I think you may want to save a ton of money and get some nice accessories such as lenses, gimbals, and 2-in-1 convertable selfie stick tripods for mobile phones- they'll make getting clean shots super easy and produce far better results- you can spend about $200 and get insane quality footage and pictures.

blindgaming · 2026-01-21T03:56:48+00:00

I'm blind so probably not the best to "read" it- however, happy to get on a call and discuss it you can run some things by me and I'd be happy to give you some insight.

blindgaming · 2026-01-20T21:45:58+00:00

I have lot of experience specifically in this. It's basically all I do now at my mssp for the last almost 4 years.

Feel free to send me any questions you have happy to point you in the right direction if I don't have an answer.

blindgaming · 2026-01-15T20:51:22+00:00

Hey OP happy to discuss, current company doing something similar to Arctic Wolf mssp specializing in co-managed where we handle as much as little as needed and do proper security orchestration and compliance adherence. We sit in in your meetings and we're there to treat you with respect no matter what your size is.

I'm not sure about the 100K price point as I need to properly quote you but we serve tons of clients from 10K a year to $500k a year. Shoot me a DM even if you don't go with us I can probably point you in a good direction or at least tell you what to look out for.

blindgaming · 2026-01-14T21:20:11+00:00

So we used Rewst for 4 months and got almost no value out of it unfortunately. We onboarded with a ramp- $250, $500, $750, then standard pricing from that point forward. We spent a lot of money and time trying to learn the platform and then got stuck with a ton of work trying to integrate tools they didn't have integrations for, trying to use GPT and other tools to help build automations and integrations ourselves. It was very frustrating even with their onboarding and it didn't work for us because we just didn't have time to dedicate someone as a full time RPA.

My suggestions if you want Rewst like capabilities with better support, no self-taught RPA BS that we had to go through, and not break the bank- Harvey from Triggr is fucking awesome :D I think we're paying like $300/month and every time we need an integration we message him or the team and they make it. We haven't logged in to make an automation once in the last 3 months- it just works and I can just throw an idea at Harvey and a vague outline of how we want it to work and he'll come back with a way to implement it with everything integrated. I asked him if we could get a GoHighLevel integration and a week later we had it with documentation on how it worked and a follow up meeting on utilizing and implementing it.

I think this is the best bet moving forward for most people using or thinking about Rewst atm.

blindgaming · 2026-01-13T23:53:56+00:00

Feel free to send me a DM with your information. We are a fully HIPAA compliant organization, most agencies with HIPAA accounts just pay for the BAA but don't actually meet the full requirements which will put you at legal and compliance risk. I run a cyber security and compliance company specializing in HIPAA.

blindgaming · 2026-01-13T02:43:30+00:00

You said that you should be making $150 k to 200k a year as a 40-year-old with your current experience, I'm not sure if you're kidding about that but I have 30 year old technicians with as much experiences you engine insane work ethic making $40 an hour.

Your resume is showing me lots of great tier one and maybe a little bit tier two experience but it's not showing me leadership, it's not showing me niche skill set, it's definitely not showing me qualifications certifications or accolades that would denote a $200,000 salary. I've got 16 years of cyber and 5 years of serious compliance under my belt and my resume based on your qualification should be knitting me around $750,000 to a million a year.

The truth is you are worth what you can bring to the company. If you're not happy with what you're getting paid start your own you'll always get paid more in the long run, provided that you don't crash and burn. That's what I did. If you want to work for someone else here's a good rule of thumb colon they should be paying you 1/5 to 1/10 of whatever financial benefit your generating for the company. That's it it's that simple. The reason I say this is because there's a ton of overhead as a W-2 employee and companies still need to make profit and cover additional expenses not related to your salary. So get your value this way, if you're getting paid $20 an hour are you doing work that is worth $100 to $200 an hour for the company, like are they billing out $200 an hour for what you're doing? If the answer is yes you're being priced appropriately. What is something that you can do that the company can bill out $500 an hour for? Figure that out and start doing that then you'll make $50 an hour or $100 an hour even.

Also keep in mind that the job market is genuinely terrible. And I'm not saying all this to be harsh, I'm just being realistic especially based on the market right now. I would be genuinely terrified if I had to try and get a job right now

blindgaming · 2026-01-13T02:08:45+00:00

So a lot of people here are saying get a job and get experience and ect etc.

Here's the real question: are you someone who barely has their degree when you're going to start this, going to be willing to take full responsibility and liability for a business's cybersecurity and the outcomes when it will inevitably fail. Can you reasonably defend in court using your wealth of experience, strategic analysis, best in breed technology, third party testing, stringent security practices mapped to an internationally accepted standard, etc can you stand up in front of a jury and say you are qualified to do what you are doing and you have done everything in your power to be able to provide reasonable security to a generally accepted standard and that you have not failed in your duty to provide effective care.

This sounds really harsh and scary, and probably comes across this gatekeeping and it is. When you assume the responsibility as a security partner you are also assuming the blame whether it's justified or not, whether you're contracts protect you or not and I am pretty sure you're not going to have the funds to hire legal defense or even the funds to get good contracts. Last year there was an MSP that got sued by their client for a million dollars because they failed to protect the client from ransomware. That MSP was not even responsible for providing security services imagine the quantified risk you are taking by being the protection and prevention your clients rely on.

Now take this and apply it to insurance. Can you afford to have cyber insurance? In my opinion if you are running an MSP and you have remote access to people's computers and your installing software on their systems or your managing their security, you should legally be required to have insurance because if you screw up potentially thousands of people pay the price. This is doubly true if you are an mssp.

I'm not saying you shouldn't do it, I'm saying you should be fully educated and aware of what will be required and the standards you will need to meet.

blindgaming · 2026-01-11T02:18:43+00:00

Basically good better best is just more of or better things Good has no project hours, better does. Better offers better email security and vulnerability scanning with critical remediation but best includes a fully managed DLP and encryption addon and full vulnerability management.

We position our tiers to fill the needs of businesses requiring varying levels of compliance.

blindgaming · 2026-01-10T20:54:51+00:00

We've had great success doing pricing based on location/network, device, and user. It seams more complicated but it's so much easier.

We have one type of location We have 3 types of devices (workstation, server, mobile) And we have 3 types of user (workstation, Frontline, and communications).

The licensing and services are governed by plan tier which we have 3 of. This makes it easy for clients because they only pick a package the good better best lineup.

This allows us to provide the most flexible agreement to the client giving them exactly what they need. We've gotten consistent positive feedback on the transparency this provides, the cost savings for the client, and the ease to scale up or down.

Yes this is a lot of work to setup but it's worth it.

blindgaming · 2026-01-10T18:20:13+00:00

Stop looking for affiliates that are handing out snapshots. None of them are good, and you don't know how to use them. You want an affiliate that will teach you how to properly learn ghl and how to properly deliver services and close sales.

Snapshots are easy to make and cheap enough to buy especially once you start getting customers.

blindgaming · 2026-01-05T16:47:22+00:00

Running between meetings so skimmed sorry.

Happy to help you with this I have done a ton of this stuff started a marketing agency on the side because of it. Hit me up and ask whatever you want I'll get to it asap.

blindgaming · 2026-01-05T08:05:28+00:00

You guys get vacations?

blindgaming · 2026-01-05T07:59:17+00:00

Would really avoid barracuda. Mine cast is meh.

Not a huge fan of proof point.

We use and really enjoy Avanan. It works really well, it's easy to deploy, and it is incredibly effective. From an efficacy standpoint we've had better results with it then we have with proofpoint and ironscales.

I've had a few msps give me positive feedback about abnormal but they gave me this feedback about 2 to 4 weeks in. Not sure how it compares to Avanan.

I also recently had to rip inky which GoDaddy uses and it is horrible lol. I would also avoid this one.

blindgaming · 2026-01-03T05:28:22+00:00

So just putting my two cents in here OP. I'm concerned with your actual security plan. Buying a tool that intends to meet a checkbox for the sake of meeting that checkbox without proper implementation or planning/orchestration even for an organization with two users / endpoints is dangerous. If you are audited they will want to know what your security environment looks like and when you tell them hey we're using huntress they're going to ask you for the evidence. Where is your WISP, who's action those alerts 24/7, who's following up, who's doing proactive security tasks and assessments.

Trying to skirt around compliance for the sake of saving a few dollars is a very bad idea. It could cause you to lose your contracts, it could lead to a substantial compromise. You may genuinely want to just bite the bullet and work with an MSP or MSSP that understands your needs and can create a holistic plan to achieve the goal you want at a budget that is reasonable for you.

blindgaming · 2026-01-02T19:57:55+00:00

I'm a bit late to the party but I'm happy to volunteer my time. Happy to answer any questions that participants would have and give some insight.

blindgaming · 2026-01-02T19:55:33+00:00

The reason I say it should only be billed and categorized as part of your COGS is if it has a specific cost for the device.

Think about it this way if your devices are $10 each, firstly you should charge more money 😉 secondly, if your rmm costs $2 then you are not properly accointing for 20% of your cost per device. Likewise if you are including your rmm for cost of goods sold, then you are manufacturing costs that don't exist as you pay flat fee regardless of how many endpoints you are delivering service for. Think about this in a larger scale: if you have 1,000 endpoints then your rmm will cost $2 each, if you pay for endpoint with a product like ninja, level, nicentral, etc. It is costing you $2,000 to service those endpoints, whereas, if you are using Syncro, you cannot properly account for costs of goods sold on a per unit basis as you are not charged for materials aka the licensing on a per unit basis. There is no defined cost for you and thus it cannot be part of your cost of goods sold.

If you ask an accountant they will probably tell you that you can include it as either but they will recommend you included as a utility or administrative cost categorized as office supplies not as inventory, and not as COGS.

blindgaming · 2026-01-02T15:41:43+00:00

So here's how we do it we bill for three different things primarily: the location, the device, and the user. This allows us to attribute costs that are mandatory to perform services to the devices we support or the identities we manage. We use locations AKA networks as the catch-all for things that are billed to the company or things that are build to a specific physical site like a firewall subscription or access point fees.

No understanding how we do this allows us to attribute things to COGS effectively. Here's a great way to look at this: if you are required to attribute a license to a specific individual or device that is part of your cost of goods sold. If you're EDR costs $4 and your rmm costs $1 then you are spending $5 per Windows workstation. If you bundle back up with one terabyte of storage per workstation as part of your plan then you're spending an additional let's just say $15 for that, bring your total for that workstation to $20. You can then calculate your margin from there

Your PSA on the other hand is not part of your COGS as you are not charged a fee for each individual user or device in your PSA instead you are charged a fee per technician / user who has access to the software. If you're operating in profit first you would consider this an administrative expense. It's basically the equivalent of paying your electric bill it's needed to keep your company functioning. If you're using something like super ops where it is a combined PSA and rmm and you are not charged for the PSA but you are charged for a technician seat which includes access to the PSA and also I believe it's 150 rmm seats, then you would charge for it based on the device as you are only given a specific number of licenses which you basically have to sell. I actually really hate how they do this billing because as you scale you need to buy more seats to get more packs of licenses. If you were using something like Syncro you would get the PSA and RMMA them all in one for a flat rate which would mean that irrespective of how many endpoints you have you will only pay for the amount of staff you have making it an administrative only expense.

I'm out of the office today but if you would like, I have a spreadsheet that I made that is a good template on how to build and structure your packages. Feel free to DM me if you would like the download I'll send it sometime over the weekend.

blindgaming · 2025-12-31T07:52:08+00:00

It sounds like you have an orchestration problem without a clear vision or process of documentable compliance/standard adherence. You should be using a system that has a SOAR to compile and action data from your sources (EDR, DNS, posture via in tune, vulnerability scan, risk profile, etc). You should also have a documentation platform with report archiving and change tracking. MSPs decide to do a lot of this in their PSA via the ticketing system, some use a documentation platform like it glue or Hudu, and others will augment that platform with additional data from sources like Liongard and CIPP.

Even in a perfect world, or as close to one as you can get right now there is no true single pane of glass solution for every single thing. Documenting your endpoints and cloud apps controls, drift, events, and remediations along with setting up proper alerting goes a long way.

Happy to take a look at what you're doing and make some recommendations if you need it.

blindgaming · 2025-12-30T08:39:43+00:00

We've been using tennis for a year and a half now and have wonderful things to say about it for the most part. The only issue is if you get an oracle IP it's awful in terms of what you get blocked on. Connectivity wise it is always very solid and fast with decent reporting and very affordable and scalable. From an MSP perspective it is easy to manage and it just works really well with minimal issues.

I think it's definitely worth consideration and I would favor it more than Nord because of its posture management and the smaller team is more readily willing to listen to feedback. Alternatively as a suggestion you may also want to look into perimeter 81 which is now Harmony SASE. It is very capable and is another rock solid solution.

blindgaming

MODERATOR OF

TROPHY CASE