Tim Wood talks what the firm looks for in IT investments and its common-sense approach to cybersecurity.
February 27, 2024
Heckens & Wood Capital, a lower middle-market PE firm, acquired FortifyIT because it fit the firm’s idea of what an IT company should be: one with a robust open door policy with its customers. And FortifyIT is not a standalone acquisition for the firm, Tim Wood, co-founder and managing partner, tells Middle Market Growth—it’s their first step in a plan to create an integrated IT solutions platform.
Middle Market Growth: When sourcing the deal, what were you looking for in an investment target, and how did FortifyIT fill those requirements?
Tim Wood: We were looking for investment that would satisfy a synthetic vertical integration play with some of our existing businesses, but also give us a foray into the IT space from a B2B perspective just given my experience [of] 25 years in corporate America, and seeing the challenges of working with IT departments, both internal and external. Ultimately, we really want to play more of a business partner role in the space so we were looking at companies that were a little bit more niche, a little smaller, that would have that that feel of, hey, this is not some big conglomerate I’m working with, it’s a true partner.
So when we found Fortify, they met that underlying criteria from a business philosophy perspective. And then Mike [Williams, FortifyIT’s founder and chief operating officer] has a strong relationship with his customers and he’s got the same partnership mindset: You’re always a phone call away, you don’t have too many degrees of bureaucracy from the decision makers and the people that can fix things for the client. And that’s kind of the way we like to run. So that’s what we were looking for on the buy side.
MMG: What attracted Heckens & Wood to the technology services sector initially, and how does this deal fit into your broader investment strategy?
TW: We definitely want a technology play in the portfolio—not only from an investment perspective because of what margins look like and what the growth possibilities are in in the space as a whole—but we want a partnership amongst the properties that we own. Everyone needs IT support, right? Even at the base managed service provider (MSP) level.
But as we grow that platform now and potentially bolt on other nuanced products and services, that’s going to give us more expansion opportunities with our other investments and our other partners as far as helping our overall businesses grow. The more things that we can build, either within FortifyIT or around FortifyIT, in the technology space, that’s what we’re looking for overall from an investment perspective.
And technology obviously is just becoming a bigger part of the integrated play on the business front—you can’t really operate without it. So that’s why it was easy for us from that perspective. I have some history with MSPs, integrating from the buy side, but also working with MSPs overall and seeing what could be improved in the space.
MMG: What are some industry headwinds you’re watching in the tech services space, a sector that had its challenges in 2023, and how do you plan to drive growth despite those?
TW: The obvious one is support for growth in terms of just financing. I’m a finance guy, too, and when you look at these interest rates and the unsecured lending rates, it’s really tough to grow in those environments, especially if you’re building from the SaaS/SaaP perspective. I think that’s a big headwind for the industry.
Also, I think the disruptor of AI can potentially unfocus the industry a little bit because [I think] there’s a lot there’s a lot of room for improvement still at some of the other levels below AI, whether that’s traditional SaaS or SaaP.
Another headwind for the industry is getting out of this deal mindset of the last 15 years because of, basically, cheap free money. And now you’re looking at, what can we do to solve problems? Without mentioning specific products, I look at a lot of products that have been released, especially in the last five-to-seven years and from my perspective, they’re more connector products. They’re not products that are solving a problem, they’re potentially adding to the headache for an organization and that’s because the deal market drives some of this stuff.
What we want to do is do deals and we want to think about solving actual problems for both the consumer and for businesses and I think that’s a better way forward. If the industry takes that approach, you’re still going to have value and, ironically, the value will be greater when you’re coming to the table to solve a problem versus looking for a problem to solve and getting a deal of it—that’s where you get into trouble.
MMG: What service offerings are you looking to expand or add to FortifyIT’s toolbelt in the future?
TW: I think big picture would be enhancing the security piece, having a true security platform that’s organic and dynamic, that is just a must; and also enhancing our network side of the house, looking at the server side from data centers and server farms and those kinds of things. As we see with the demand AI creates, just the amount of data centers popping up in the United States is mindboggling, so we’d like to be part of that build out. And then SaaS and SaaP products that are once again customer-focused—I feel like there’s still some opportunity there. So, we’re going to look at all those and build around those tenets and see what works for us as we organically build this thing out.
MMG: What are some of the major cybersecurity risks you’re preparing for in 2024?
TW: The whole ransomware thing is a big deal, along with phishing in general and getting access to networks and unsecured networks. A lot of the answer to these threats is edification at the end user level—realizing what environments they work in and making sure we lock down data as much as we can. But there’s always an opportunity for users to mishandle data, potentially, especially if there’s not a real understanding of the risks at the user level.
For instance, FortifyIT has a training service here that we do for all of our customers and end users to make sure everyone knows how to handle data, how to secure it to make sure the business is protected. That helps with the insurance rates as well. But I think data management and not letting data go out the door is key to business continuity and reduced risks. I mean, obviously, you’re always going to have network threats and those kinds of things but what you can do from the user perspective and from just an everyday common-sense perspective, well, that solves 89% of the issue, right? And so that’s what we’re trying to.