Getting Started
Quick Start Architecture
AI Agents
MSP Hunter Threat Researcher Tech Support Compliance Agent Account Manager Onboarding Agent
Compliance
HIPAA SOC 2 PCI-DSS NIST
Guides
First 30 Days Scaling
API
Overview Endpoints

Your First 30 Days with Gridlock

📖 MSP Guide 18 min read Updated June 2026

This guide walks you through every actionable step in your first month as a Gridlock MSP. By day 30, your environment will be fully baselined, your clients will have their first security reports in hand, and all six AI agents will be running on autopilot. Follow the timeline in order — each week builds on the previous one.

Before You Start

Have the following ready before Day 1: your organization name, the email addresses of any team members you want to invite, and the names of your top three client accounts. You do not need any technical credentials yet — the Onboarding Agent will walk you through collecting those.

Day 1: Account Setup and First Connection

Day 1 has one goal: get Gridlock connected to at least one client environment so the agents have real data to work with. The entire process takes 10 to 20 minutes per client.

Step 1 — Create your MSP account

Go to lockthegrid.com/dashboard and register with your business email address. During registration you will be asked for your organization name, the industry vertical you primarily serve (healthcare, legal, financial services, etc.), and your approximate number of managed endpoints. These answers let the Onboarding Agent set smarter defaults for scan schedules and compliance frameworks from the start.

Step 2 — Run the Onboarding Agent for your first client

From the dashboard, navigate to Agents → Onboarding Agent and click Add Client. Enter the client's name, their primary domain, and their industry. The agent will immediately begin an asset discovery sweep across the domain — enumerating subdomains, open ports, exposed services, and DNS records. This takes three to five minutes depending on the size of the environment.

What the Onboarding Agent Discovers
  • Public-facing IP addresses and associated hostnames
  • Open ports and running service banners
  • DNS records (MX, SPF, DMARC, DKIM configuration)
  • SSL/TLS certificate expiry dates and cipher grades
  • Known CVEs matched against detected software versions

Step 3 — Review the initial asset inventory

Once the sweep completes, you will see a list of discovered assets with an initial risk score for each. Do not try to act on every finding today. Your job on Day 1 is simply to confirm the inventory looks accurate and add any assets the agent missed (internal IP ranges, for example) using the manual asset form.

Step 4 — Set your notification preferences

Go to Settings → Alerts and choose how you want to receive critical findings: email, webhook (Slack, Teams, PagerDuty), or in-app only. Set the severity threshold for immediate alerts to High or above for now — you can tune this down to Medium once you understand the noise level in your specific environments.

End of Day 1 Checkpoint

You should have: at least one client account created, an asset inventory populated by the Onboarding Agent, and notification preferences configured. If you have reached this point in under 30 minutes, you are ahead of pace.

Days 2–7: Establishing Your Baseline

Week 1 is about collecting data, not taking action. The agents need a few days of observation before their findings are meaningful. Resist the urge to immediately remediate everything — your goal this week is to understand the true current state of each client environment.

Day 2 — Review the Threat Researcher's first findings

The Threat Researcher agent runs a CVE correlation pass against every service version detected during the Day 1 sweep. By morning of Day 2 you should have a prioritized list of known vulnerabilities. The agent maps each CVE to the CVSS score, lists affected assets, and links to the relevant NVD entry. Your task today is to tag each finding as Confirmed, Accepted Risk, or False Positive. This feedback trains the agent to produce cleaner results for that client going forward.

Threat Researcher tip: Sort findings by CVSS score descending and focus your triage on anything 7.0 or above. Findings below 4.0 can generally wait until the end of the week. The agent will not alert you for low-severity findings unless you explicitly configure it to do so.

Day 3 — Configure the Compliance Agent for each client

Navigate to Agents → Compliance Agent and assign one or more frameworks to each client. The available frameworks are SOC 2 Type II, HIPAA, NIST CSF, NIST 800-53, PCI-DSS 4.0, and CIS Controls v8. If you are unsure which framework applies to a client, use the following as a starting point:

After you assign a framework, the Compliance Agent will perform an initial gap assessment — comparing the asset inventory against the control requirements of the selected framework. This generates a baseline compliance score, typically expressed as a percentage of controls met. Do not be alarmed if the initial score is low: 40 to 60 percent is normal for a fresh client account before any remediation work has begun.

Day 4 — Configure alert thresholds

Return to Settings → Alerts and add client-specific thresholds. By default, Gridlock uses the same thresholds for all clients. In practice, a regulated healthcare client needs more aggressive alerting than a small retail business. Key thresholds to review:

Day 5 — Add remaining client accounts

Repeat the Day 1 process for each of your remaining active clients. The Onboarding Agent processes clients in parallel, so you can queue multiple sweeps simultaneously without waiting for each to complete. By end of Day 5, every client account should have a populated asset inventory and an assigned compliance framework.

Day 6 — Review Threat Researcher daily briefings

The Threat Researcher agent publishes a daily threat briefing each morning at 06:00 in your account timezone. The briefing surfaces new CVEs published in the last 24 hours that match any software version across any of your client environments. It also includes MITRE ATT&CK technique mappings for active threat campaigns relevant to your clients' industries. Read the first two or three briefings to understand the format before configuring which parts you want forwarded to clients.

Day 7 — Conduct your first weekly review

At the end of Week 1, spend 30 minutes reviewing the dashboard as a whole. The metrics you want to note are:

Write these numbers down or take a screenshot. You will compare them to the Week 4 numbers when generating your first monthly report.

Common Week 1 Mistake

Do not enable auto-remediation during Week 1. You need to observe the agent behavior and verify findings are accurate before allowing automated changes. Enabling auto-remediation too early on a miscalibrated environment can cause unnecessary tickets and damage client trust. Wait until Week 2 at the earliest.

Days 8–14: Customizing Per-Client Settings

By the start of Week 2, the agents have enough data to start acting on. This week you will tune per-client configurations, enable selective auto-remediation for safe low-risk fixes, and generate your first client-facing reports.

Day 8 — Review agent feedback and tune false positives

Each agent exposes a Feedback panel in its detail view. Go through the findings for each client and confirm or reject anything you have not yet tagged. The Threat Researcher and Compliance Agent use your feedback to refine their scoring models — the more consistent your tagging, the faster the noise level drops. Aim to have a clean triage backlog (zero unreviewed High findings) before you leave for the day.

Day 9 — Enable selective auto-remediation

Navigate to Settings → Auto-Remediation and enable it for a narrow category of safe actions first. Recommended starting set:

Notice that none of these actually change anything in the client environment automatically — they create tasks and drafts that a human approves. This is the correct posture for Week 2. Full auto-remediation (where the agent applies the fix directly) is appropriate only after you have validated accuracy across at least three scan cycles for a given finding type.

Day 10 – Day 11 — Customize scan schedules

Default scan schedules run every 24 hours. Some clients need more frequent scans; others have maintenance windows that make daily scans disruptive. Go to each client's settings and adjust:

Scan capacity note: Your plan tier controls how many concurrent scans can run. On the Starter plan this is 5 concurrent; Pro is 25; Ultimate is unlimited. If you have more clients than concurrent scan slots, Gridlock automatically queues them and distributes scans across the available time window.

Day 12 — Generate your first client-facing report

Navigate to Reports → Generate Report and select a client. Choose the Weekly Summary template for this first run. The report includes:

Before sending this report to the client, review the executive summary for accuracy. The Account Manager agent generates readable prose from the underlying metrics, but it is worth verifying the framing matches your relationship with the client (e.g., tone and risk language).

Day 13 – Day 14 — Set up the Tech Support agent

The Tech Support agent integrates with your existing ticketing system or operates standalone inside Gridlock. Go to Agents → Tech Support and complete the setup:

  1. Connect your ticketing system (optional — supported: ConnectWise, Autotask, Freshservice, Zendesk)
  2. Define your escalation tiers: Tier 1 (self-service), Tier 2 (technician review), Tier 3 (senior/vendor)
  3. Upload any existing runbooks or standard operating procedures — the agent indexes them and uses them when generating resolution steps
  4. Configure the agent's response scope: which clients it can open tickets for, and what it is allowed to close automatically (fully self-resolved) versus what always requires human confirmation
End of Week 2 Checkpoint

By Day 14 you should have: per-client scan schedules configured, selective auto-remediation enabled for low-risk actions, at least one client-facing report generated and reviewed, and the Tech Support agent connected to your ticketing workflow.

Days 15–21: Running AI Agents at Full Capacity

Week 3 is where Gridlock shifts from tool to active teammate. The agents have enough history to surface non-obvious insights, and you have enough familiarity with the platform to trust and act on their recommendations. This week you will run your first lead generation campaign, dive into compliance gap remediation, and learn to read the metrics that matter.

Day 15 — Run your first MSP Hunter lead generation task

Navigate to Agents → MSP Hunter and create a new lead generation task. The agent searches public data sources for businesses in your target geography and vertical that show indicators of poor security posture — expired certificates, missing DMARC records, known CVEs in public services, etc. Configure the task with:

The agent typically returns 15 to 40 prospects per task depending on geography density. Review the list, discard any existing clients or known competitors, and use the pre-drafted outreach emails as a starting point for personalized follow-up.

Day 16 – Day 17 — Compliance gap remediation sprint

Return to the Compliance Agent and open the gap report for your highest-priority client. The agent organizes gaps by control family and prioritizes them by a combination of risk impact and implementation effort. Work through the top 10 gaps with the following approach:

Quick wins: Controls marked "Low Effort" can often be closed in under an hour — things like enabling MFA, configuring audit logging, or updating a password policy document. Close these first to improve the compliance score quickly.

Scheduled fixes: Controls marked "Medium Effort" require a change window — things like deploying endpoint detection or updating firewall rules. Create tickets for these using the Compliance Agent's built-in ticket generation, set a due date, and assign them to a technician.

Roadmap items: Controls marked "High Effort" (policy rewrites, architecture changes) belong in a quarterly roadmap conversation with the client, not a sprint. Flag them and move on.

Day 18 — Review Account Manager health scores

Navigate to Agents → Account Manager and review the client health dashboard. Each client receives a health score from 0 to 100 based on security posture trend, open finding age, compliance progress, and engagement level (how often the client reviews reports and acts on recommendations). The Account Manager agent also surfaces:

Day 19 — Interpret your security metrics

By Day 19 you have enough data to start tracking trends rather than snapshots. The key metrics to watch and what they mean:

Day 20 – Day 21 — Invite your team members

Navigate to Settings → Team and invite any technicians, account managers, or sales staff who need access. Gridlock supports three built-in roles:

You can also create client portal accounts that give a client limited read-only access to their own security dashboard. This is a powerful trust-building tool — clients who can see their own data in real time renew at a substantially higher rate than those who only receive periodic reports.

Client Portal Access

To enable portal access for a client, go to their account settings and toggle Client Portal on. The client receives an invitation email and is prompted to set a password. Their portal shows only their own data — they cannot see any other client account.

Days 22–30: First Monthly Report and Planning Ahead

Week 4 closes the loop on your first month. You will generate polished monthly security reports for each client, review your ROI metrics, and plan a 90-day roadmap for each account.

Day 22 – Day 24 — Generate monthly security reports

Navigate to Reports → Generate Report and select the Monthly Executive Summary template for each client. This report is designed to be shared directly with the client's decision-maker (CTO, CISO, or owner) and includes:

Review the report before sending. Pay particular attention to the Account Manager's executive summary language — if the client has had a difficult month (many new findings, slow remediation), you may want to soften the framing before delivery.

Day 25 — Review your own ROI metrics

Go to Settings → ROI Dashboard (or use the ROI Calculator) to see the business value Gridlock has delivered in your first month. Typical first-month metrics for a 10-client MSP:

~6 hrs Manual scanning time saved per week
~40 Vulnerabilities identified automatically
~3 New upsell opportunities surfaced
~12 Compliance gaps closed (quick wins)

These numbers vary significantly by client count, environment complexity, and how actively you engage with agent recommendations. The ROI Dashboard lets you customize the hourly rate and ticket cost assumptions to produce a figure that reflects your specific economics.

Day 26 — Plan your 90-day roadmap per client

For each client, open the Compliance Agent and click Generate Roadmap. The agent produces a prioritized 90-day remediation plan organized by control family, with estimated effort for each item. Use this as the basis for your quarterly business review (QBR) deck. Clients who receive a forward-looking roadmap — not just a backward-looking report — perceive significantly more value from their MSP relationship.

Day 27 – Day 28 — Tune agent automation rules

Now that you have three weeks of agent behavior to review, you can safely expand the automation scope. Revisit Settings → Auto-Remediation and consider enabling:

Day 29 — Set up lead generation cadence with MSP Hunter

Return to the MSP Hunter agent and configure a recurring lead generation task. A weekly cadence — running every Monday morning so you have new prospects to review at the start of each work week — is a sustainable rhythm for most MSPs. Configure the agent to skip any domain it has already surfaced in the last 90 days to avoid duplicate leads.

Day 30 — Conduct your first full monthly review

On Day 30, compare the metrics you recorded at the end of Week 1 to today's numbers. You should see measurable improvement in the following areas:

If any metric is moving in the wrong direction, use that as the agenda for a brief internal retrospective. The most common cause is that findings are being discovered faster than the team is resolving them — which is a staffing or process problem, not a Gridlock problem.

End of Month 1 Checkpoint

By Day 30 you should have: all clients fully onboarded with asset inventories, all six agents running for every client, at least one monthly report delivered per client, selective auto-remediation active, a lead generation pipeline started through MSP Hunter, and a 90-day compliance roadmap for each account.

What to Expect: Realistic First-Month Stats

The following ranges are drawn from MSPs who completed their first 30 days using this guide. Individual results depend heavily on client environment size, industry, and the existing security baseline at the time of onboarding.

Managing Client Expectations on Compliance Scores

New clients sometimes react negatively to a low initial compliance score. Frame it proactively: the score is low because nobody has measured it before, not because things got worse since you arrived. Month 2 and 3 scores will show a clear upward trend — and that trend is the value you are delivering.

Common First-Month Mistakes to Avoid

Enabling full auto-remediation too early

The agents are powerful, but they are operating in a new environment they have not learned yet. Agents that auto-apply changes before they have been calibrated to the specific environment can create incidents — not prevent them. Follow the phased approach in this guide: approve actions manually in weeks 1 and 2, then selectively automate in weeks 3 and 4.

Onboarding all clients simultaneously on Day 1

It is tempting to onboard your entire client base at once. The problem is that you will receive a large volume of findings across all clients simultaneously and have no capacity to properly triage any of them. Onboard in batches of 3 to 5 clients per day so you can give each set of findings proper attention.

Not tagging false positives consistently

The Threat Researcher and Compliance agents learn from your tagging. If you are inconsistent — marking the same finding type as a false positive for one client but valid for another without a reason — the agents cannot learn effectively. When tagging a false positive, always select the reason (environment-specific exception, outdated detection rule, scan artifact, etc.).

Sending raw reports directly to clients

Auto-generated reports are a starting point, not a finished product. Always review the executive summary before delivery. A report that says a client's compliance score dropped from 58 to 52 with no context will cause alarm. Adding a one-sentence explanation — "this reflects the addition of three new assets that have not yet been assessed" — maintains client confidence.

Ignoring the Account Manager's churn risk flags

The Account Manager agent surfaces churn risk indicators quietly in the background. MSPs who do not check the health dashboard regularly often discover a client is at risk only after a notice to cancel arrives. Make reviewing the Account Manager dashboard part of your weekly routine, not just when something breaks.

A Note on the Threat Researcher Briefings

The daily threat briefings include high-severity CVEs that match detected software in your client environments. Not all of these are exploitable in your clients' specific configurations. Before escalating a CVE to a client, check whether the affected service is publicly exposed and whether a proof-of-concept exploit exists. The Threat Researcher notes both of these factors in each CVE entry.