From Field Technician to Security Advocate: How One IT Leader Changed the Game for Small Businesses

The Guy Who Started at the Bottom and Actually Stayed Security-Focused

Here's what I find fascinating about John Snyder's career: he didn't become a CEO and then suddenly discover that cybersecurity matters. Instead, he started obsessed with security back in 2001, when most companies were still treating it like a checkbox on a compliance form.

Back then, HIPAA was this mysterious regulation that healthcare organizations were scrambling to understand. While others were probably thinking "just get compliant and move on," John was at Duke Health actually learning why these frameworks existed. He wasn't just implementing rules—he was understanding the reasoning behind them. That mindset shift is everything.

Why Most IT Leaders Get This Wrong (And He Didn't)

Most managed services providers (MSPs) build their business around being the cheapest option or the fastest response time. Nothing wrong with those things, but they're not differentiators anymore. Everyone claims to be fast and affordable.

What John realized—and what clearly stuck with him for 25+ years—is that security frameworks aren't obstacles. They're the actual foundation of good IT support. It's like the difference between a contractor who slaps paint on a house versus one who checks the foundation first.

When he became a minority owner in 2009, he had the leverage to say, "We're doing this differently." And the numbers back him up: 40% year-over-year growth in the first four years. That's not because Net Friends was the cheapest. It's because they were actually solving the right problem.

The Certification Obsession (And Why It Matters)

I'll be honest—when I see a CEO who collects certifications like MCSA, CompTIA Security+, CRISC, and CISA, I used to think it was just resume padding. But here's the thing: John didn't stop at personal certs. He pushed his entire company to pursue SOC 2 Type II certification in 2019 and has maintained it every single year since.

That's the opposite of checkbox compliance. That's "we're so serious about this that we're willing to be audited continuously."

The reason this matters for your business (if you're considering hiring an MSP) is simple: third-party certifications mean someone who isn't their friend is verifying they actually do what they claim. It's not perfect, but it's way better than just trusting marketing material.

The Policy Advocacy Angle (And Why You Should Care)

Here's where John's story gets interesting beyond just one company's success. In 2021, he was named to the National Small Business Association's Leadership Council. That means he's literally in rooms talking to U.S. policymakers about cybersecurity and supply chain issues.

Think about that for a second. While most CEOs are focused purely on quarterly earnings, this guy is advocating for better cybersecurity laws that would actually protect small businesses. Is it self-interested? Sure, probably. But it's also the kind of leadership that raises the bar for entire industries.

And then there's his volunteer work with Durham Technical Community College, helping students understand what the IT industry actually needs. That's the kind of thing people do when they genuinely care about the field, not just their profit margin.

The Human Element (Because It's Not All Spreadsheets)

One detail from his bio that made me smile: John met his wife on the job. He's actually written about it. The guy has been at the same company for 25+ years, met his spouse there, and is still passionate enough about the work to write about it and advocate for the field.

That matters more than people think. You can smell when a leader is just there to extract value versus someone who actually cares about building something lasting.

So What's the Takeaway Here?

If you're evaluating IT service providers—or honestly, if you're evaluating any service provider—look for the person who was obsessed with doing things right before they had the power to enforce it. Look for the certifications and the continuous improvements and the policy advocacy.

But also look for signs that they actually care. It sounds soft, but in cybersecurity especially, the people who've built something meaningful are the ones you want protecting your data.

John's 25-year track record suggests he's the real deal. And his willingness to share his knowledge (through writing about his experiences, volunteering to help students, and advocating in policy spaces) makes him exactly the kind of leader the IT industry needs more of.

Tags: ['cybersecurity leadership', 'managed services provider', 'it industry', 'business growth', 'security frameworks', 'hipaa compliance', 'small business', 'soc 2 certification']