MSP White-Label Partner Program

White-Label Cyber, CMMC, Forensics, and AI
For The MSP That Won't Build It In-House

Petronella Technology Group partners with regional MSPs that need a CMMC Registered Practitioner bench, a private AI fleet, court-admissible digital forensics, or custom development they cannot afford to build internally. You keep the client. We deliver under your statement of work. Operator to operator, no surprises.

4 CMMC Registered Practitioners | DFE #604180 | BBB A+ Since 2003 | Founded 2002 | PPSB Accredited
Apply to the Program See Pricing & Tiers
Who This Is Built For

Three Kinds Of MSPs Get The Most From Petronella

If you have grown your book past ten clients and your weekends keep getting eaten by work the team was never built to do, this program exists to give you back the bench you cannot hire fast enough.

Three operator profiles fit the Petronella partner program cleanly. Read these honestly. If you do not see yourself in one of them, the lower-friction path is to read our complete guide to white label managed services and book the free 30-minute discovery call when you are ready.

The 10-to-100 seat regional MSP. You run a tight shop in North Carolina, South Carolina, Virginia, Georgia, or Tennessee. You are profitable. You have a help desk that runs without you most days. But the moment a client asks for CMMC, private AI, or forensics work, you have three options: refuse the deal, learn it from scratch on the client's nickel, or hand the relationship to a competitor. This program adds a fourth option without diluting your brand.

The MSP scaling into compliance. Your defense, healthcare, financial, or law firm clients are pushing you into territory the team has not lived in before. CMMC Level 2 is the wall most regional MSPs hit first. NIST 800-171, HIPAA Security Rule, SOC 2 Type II, and the new ATT&CK-mapped audits all carry the same problem: a registered practitioner has to sign the work, and hiring a Cyber-AB Registered Practitioner full time is a six-figure decision before you even know whether the contract renews.

The MSP with one big enterprise contract pulling everything sideways. Maybe a client just won a defense prime sub-contract and you have ninety days to stand up CUI controls. Maybe a healthcare client got a breach letter from their EHR vendor and needs incident response yesterday. Maybe an attorney called with a litigation hold and needs forensic imaging by Friday. Every regional MSP eventually gets an opportunity that is too big to refuse and too specialized to deliver alone. This program gives you a phone number, an MSA, and a written scope inside 48 hours.

Honest qualifier. If your book is mostly break-fix, this program is too far ahead of where you are. Spend a year building recurring revenue first. If your book is recurring but smaller than ten clients, the Stack tier is the right entry point. Anything bigger and you have real options.

The 4-Tier Petronella Ladder

Every level of maturity, from a $1,997 a month always-on membership to a Jay-Abraham-style strategic advisory engagement. Pick the tier that matches where you are right now and move up as the relationship compounds.

Tier 1: Petronella Stack

From $1,997/mo always-on membership. CMMC Bootcamp, the 39-Layer security framework, template library, peer deal-flow network. Best entry tier.

Explore Stack →

Tier 2: Petronella Fleet

Services-only private AI prototyping ladder from $35K Proof-of-Concept Lite to $125K and up Production-Ready. Free 30-minute discovery call.

Explore Fleet →

Tier 3: Operator Council

20-seat cohort for regulated-MSP owners running $3M to $15M. 12-week async curriculum, monthly Craig Q&A, P&L benchmarking. Charter $45K to $60K a year.

Explore Council →

Tier 4: Strategic Partnership

Jay-Abraham-model advisory. 3-option menu including $25K a month plus 12 percent rev-share. Capped at three concurrent partner relationships.

Explore Strategic →
Full Pricing Comparison → Onboarding Guide → Private Sessions With Craig → Free MSP Playbook →
Tier-By-Tier Detail

What Each Tier Actually Covers

The cards above are the elevator. Here is what you actually get inside each tier, and the kind of MSP that tends to graduate into the next one.

Tier 1: Petronella Stack From $1,997 / month

Best for 10-30 seat MSPs entering compliance work

Stack is the always-on membership. You get the CMMC Bootcamp curriculum, the 39-Layer security framework we use on our own client engagements, the operator template library covering MSAs, SOWs, and engagement letters for compliance scopes, and access to the peer deal-flow network. The peer network is the part most members underrate at signup and credit at renewal. When a client asks for a scope you have never written, somebody on the call last month already wrote it. This tier is also the fastest way to find out whether a Hybrid SOW with Petronella will fit your client mix before you commit to anything bigger.

Stack details and what is included →

Tier 2: Petronella Fleet Services-only, From $35K-$125K+ engagements

Best for MSPs with one or more clients asking about private AI

Fleet is the private AI prototyping ladder. You bring a client opportunity, we scope it, and Petronella delivers under either a White-Label or Hybrid SOW model on top of our enterprise GPU fleet. Engagements ladder from a $35K Proof-of-Concept Lite (one model, one workflow, 30-day timeline) up to Production-Ready engagements at $125,000 and up that include monitoring, retraining cycles, and compliance evidence packs for HIPAA or CMMC environments. Every Fleet engagement starts with a free 30-minute discovery call, and your engineers can join a live Private AI Tour to walk the infrastructure before you scope.

Fleet ladder, scopes, and discovery call →

Tier 3: Operator Council From $45K-$60K / year

Best for owner-operators running $3M to $15M regulated MSPs

Operator Council is a 20-seat cohort for regulated-MSP owners. The format is a 12-week async curriculum that covers compliance pricing, defense vertical sales motion, AI service productization, and operating-cost benchmarking, paired with a monthly live Q&A with Craig Petronella, quarterly P&L benchmarking against anonymized cohort numbers, and a private peer roundtable. Council is invitation-only and we vet for fit. The seats fill from members who graduated from Stack and from operators referred in by current Council members. If you are running a 10-person MSP doing two million in revenue, you are too early. If you are doing twenty million, you are probably already past it.

Council curriculum and seat criteria →

Tier 4: Strategic Partnership From $25K/mo + 12% rev-share menu

Best for $8M+ MSP owners with a clear growth or exit thesis

Strategic is the deepest engagement we offer and we cap concurrent Strategic partners at three. The format is modeled on Jay Abraham's strategic advisory practice, adapted for regulated MSPs. The 3-option menu includes a flat retainer, a retainer plus rev-share blend, or a pre-exit success interest where Petronella supports a defined growth or transaction milestone. Most Strategic partners come from Operator Council. We do not accept Strategic engagements through the public form. Use the application and indicate Strategic interest, and the conversation starts from there.

Strategic menu and engagement format →
Wholesale Capabilities

Four Capability Tracks You Can Resell

Your client sees your brand on the contract. Petronella delivers under your statement of work as the named technical authority on the scope that requires us. These are the four capability stacks most MSPs cannot economically build in-house.

Private AI Wholesale

Rent access to our enterprise GPU fleet, private LLM deployments, retrieval-augmented pipelines, and agent builds. Deliver private AI to your clients without buying a DGX cluster, hiring an MLOps lead, or learning how to evaluate model drift in production.

Learn more →

CMMC Level 2 Wholesale

Stand up CMMC Level 2 readiness programs for your defense-contractor clients. Four Cyber-AB Registered Practitioners on the bench. Gap assessments, System Security Plan authoring, AT-3 security training, and assessment readiness handled under your client relationship.

Learn more →

Digital Forensics

DFE #604180 credentialed forensics and expert-witness capability as an optional Fleet add-on. Incident response, ransomware containment, business-email-compromise investigation, and litigation support with a credentialed examiner who has actually testified.

Learn more →

Custom AI Development

Multi-model orchestration, domain-specific retrieval pipelines, and compliance-grade inference architectures. For MSP client needs that exceed standard prototyping. Entry at the Compliance-Aware $75K tier with senior engineering committed for the duration.

Learn more →
Private Sessions With Craig

Three Formats, One Operator In The Room

Some MSP problems do not need a curriculum or a wholesale scope. They need two hours with somebody who has solved the same problem for somebody else and can tell you which fork to take.

Format A · $5,000

2-Hour Working Session

One specific decision. Pricing a new compliance offer, scoping a specific client engagement, or working through a contract dispute with a wholesale vendor. Pre-call brief required so the two hours go to the work, not the warm-up.

Format B · $12,000 • Most Common

Half-Day Strategy Block

One topic that needs structure. Building a CMMC services line, productizing a private AI offer, or designing a defense-vertical go-to-market. Includes a written summary and a 30-day follow-up call.

Format C · $25,000

Full-Day Onsite Or Virtual

Whole-business work. Annual planning, a leadership team offsite with structured P&L review, or a multi-stream growth plan that ties services lines, sales motion, and bench hiring together. Travel billed separately for onsite.

Private Session Details And Booking

Three Pricing Models

How You Engage Per Client

Tier sets the depth of the relationship. Pricing model sets how each individual client engagement is structured. Most partners default to Hybrid SOW for compliance and forensics work and White-Label Wholesale for AI and custom development.

Model A

White-Label Wholesale

Petronella delivers silent. You invoice the client under your brand. Wholesale pricing at 30 to 40 percent off our list. Best for AI and custom development engagements. Not available for forensics or named CMMC-RP work where the credentialed individual must be named per the regulatory body.

Model B · Recommended Pilot

Hybrid SOW

You own the client relationship and the invoicing. Petronella is named in the SOW as the technical subject-matter authority on the scoped work. You pay us retail less 15 percent and you mark up as you choose. Cleanest legal path for CMMC-RP and digital-forensics engagements.

Model C

Co-Sell Revenue Share

You introduce. Petronella closes and delivers under our brand. You earn 15 percent year one, 7.5 percent year two, zero after. Simplest legally. Offered when co-branding is not the right fit, often for one-off forensics or expert-witness engagements where you do not want any client-facing role.

Full Pricing Comparison

Onboarding

How It Works After You Sign

A clean operator-to-operator engagement. Three steps from application to your first scoped client engagement.

01

Apply And Vet

Submit your application. Our team reviews your MSP profile, client mix, and the geographies you operate in within two business days. Good fits move to a 30-minute intake call with Craig Petronella so we can scope the partnership before either side signs paperwork.

02

Sign MSA And Mutual NDA

Two-way NDA plus a Master Services Agreement. Engagement-level statements of work are written per client opportunity so you are never locked into a per-deal commitment up front. See the onboarding guide for the full paperwork flow and a sample MSA outline.

03

Bring Us A Deal

You bring an AI, CMMC, forensics, or custom-development opportunity. We scope inside 48 hours, price under your chosen model, and deliver on the timelines your client signed up for. Then we run the next one. Then the next.

White-Label vs Build-In-House

Why The Math Almost Always Favors Renting The Bench

Operator-to-operator: here is the actual cost ladder of building each capability internally versus paying wholesale margin to a partner who already runs it. The numbers are conservative.

The capability gap in regional MSPs is structural, not a failure of effort. Even a well-run MSP with twenty-five engineers cannot afford to keep four credentialed specialists on the bench across compliance, forensics, AI, and custom development. The arithmetic does not pencil out at most realistic revenue scales.

CMMC Registered Practitioner team. A three-person registered-practitioner team runs in the mid-six figures fully loaded once you account for salary, certification maintenance, continuing education, the legal review costs of acting as registered practitioners, and the back-office overhead. If your CMMC pipeline is fewer than four active engagements at a time, the bench utilization will not justify the cost.

Private AI fleet. A genuine production-grade private AI fleet with current-generation enterprise GPUs runs into seven figures in hardware before you account for power, cooling, the dedicated network capacity, the model-ops tooling, and the senior MLOps person you need to keep it running without weekly fires. Most MSPs that quote private AI to a client are quietly running a public cloud reseller motion behind the scenes. That works until the client asks for a HIPAA business associate agreement or a CMMC enclave attestation, at which point the model collapses.

Digital forensics examiner. A licensed Digital Forensics Examiner with expert-witness history is a decade-long credentialing effort, not a hire. The work is also lumpy: the same client might generate zero forensics revenue for two years and then $80,000 in a single ransomware month. No regional MSP can keep a credentialed examiner on payroll waiting for that month.

Custom development team. Software developers on staff break the labor model of a traditional MSP. The utilization math, the project-management overhead, and the difficulty of carrying senior developers through slow quarters are why most MSPs that sell custom dev end up subcontracting to one or two off-shore shops with predictable quality problems. A wholesale partnership with a domestic team of senior engineers is usually cheaper net of failure cost.

Petronella has all four capabilities running, plus a CMMC assessment practice, a HIPAA compliance practice, a NIST 800-53 advisory practice, and a cybersecurity delivery track record on regulated SMB environments since 2002. We have been BBB A+ accredited since 2003. We are PPSB accredited. Headquartered at 5540 Centerview Dr, Raleigh NC. The MSP Partners program is the structured way we share the bench without diluting either of our brands.

Compliance Pedigree

Why MSPs Trust Petronella With Their Clients

A short list of the credentials and the operating discipline that have to be in place before any MSP would reasonably hand a regulated client to a partner.

Cyber-AB Registered Practitioner team. Four Petronella team members hold the CMMC-RP designation. That is the credential the Cyber Accreditation Body requires on any CMMC advisory deliverable. Not a vendor sub-contracted in for the deal: full-time staff trained inside our practice. Craig Petronella is also a Cisco Certified Network Associate, a Certified Wireless Network Expert, and holds Digital Forensics Examiner credential #604180.

Private Practitioner Standards Board accreditation. PPSB accreditation requires documented standards on ethics, scope of work, conflict of interest, and continuing professional education. It is the credential that tells your client we operate under the same kind of professional discipline they expect from an audit firm.

BBB A+ accreditation since 2003. Twenty-three years on the same accreditation, no rating drops, no unresolved complaints public on the file. That kind of continuity is unusual in the regional MSP and consultancy space and tells your client they are not handing work to a brand-new shop.

Operating discipline. Master Services Agreement governed by North Carolina law. Two-way mutual NDA standard. Engagement-level SOWs written per client. Conflict-of-interest clause that prevents Petronella from selling competing managed-services scopes to a partner-introduced client during and for a defined period after the engagement. Quarterly partner check-ins so issues surface before they become disputes.

For the operator who wants to read more before applying, the long-form pieces below cover the wholesale model, the difference between an MSP and an MSSP, and the readiness work most defense-contractor clients underestimate.

Operator Reading

Background Reading From The Petronella Blog

If you want to think this through before you submit an application, these are the pieces most partners read first.

White-Label

White Label Managed Services: Complete Guide

The full breakdown of how white-label and wholesale MSP partnerships work in practice, including the failure modes most partners hit in year one.

 MSP vs MSSP

MSP vs MSSP: Which IT Provider Does Your Business Need?

Where the line falls between managed IT services and managed security services, and how to tell your clients which one they actually need.

 CMMC Level 2

CMMC Level 2: 14 Controls Most Primes Fail

The control set that trips up most defense-contractor clients on their first gap assessment, with the practical fixes we recommend before formal readiness work begins.

 Private AI

Private AI For CTOs: Why Regulated Teams Leave ChatGPT

The compliance, data-control, and audit-trail reasons that regulated mid-market clients move off public LLMs onto private deployments. Useful background for any AI conversation with a regulated client.

 Forensics

Digital Forensics For Businesses: When You Need It

The five scenarios where an MSP client needs a credentialed digital-forensics examiner rather than a generalist incident responder, and how the engagement is typically structured.

 IR Retainer

Incident Response Retainer: Why Every Business Needs One

A practical case for why every regulated client should have an incident-response retainer signed before they need it, and how to position the conversation to a non-technical owner.
FAQ

The Questions Every MSP Owner Asks Before Signing

Operator-honest answers. If a question matters to you and is not answered here, ask it on the intake call. We would rather lose the deal in week one than surprise you in month three.

Will Petronella compete with us for the client relationship?
No. The Hybrid SOW and White-Label Wholesale models explicitly keep the managed-services relationship with you. Petronella is named only on the technical scope we deliver. The Master Services Agreement includes a conflict-of-interest clause that prevents us from selling competing managed-services scopes to a partner-introduced client during and for a defined period after the engagement. The two-way NDA protects the commercial details on both sides.
Whose brand is on the client deliverables?
Depends on the model. Under White-Label Wholesale, your brand is on every deliverable the client sees. Under Hybrid SOW, your brand is primary and Petronella is named as the technical authority on the scoped work because the credentialed individual must be named for compliance and forensics work to be admissible. Under Co-Sell, our brand is on the deliverable because the client relationship sits with us. You pick the model that fits the engagement.
What service-level agreements do you commit to on partner work?
Standard SLA on partner engagements is 48 hours from deal-intake form to written scope, business-day response inside two hours during a live engagement, and four-hour response on after-hours escalations under the incident-response addendum. Active incident response is handled separately under an IR addendum to your MSA, with Craig's escalation contact on the emergency page of the agreement.
How does escalation work if a client is unhappy with our delivery?
A defined three-step escalation: partner project lead first, Petronella practice lead second, Craig third. We aim to surface and close any client-impact issue at step one, but the path is documented so neither side improvises in a hot moment. We hold a quarterly partner check-in on every active relationship so most issues are caught before they reach an escalation.
How are we billed and on what cadence?
Fixed-fee engagements bill on a documented milestone schedule against the SOW. Time-and-materials engagements bill monthly in arrears against logged hours. Stack and Council memberships bill monthly. Retainer-style Strategic Partnership engagements bill monthly. We do not require pre-payment for partner-introduced engagements unless the client requires a deposit, in which case the deposit flows through your invoicing under the Hybrid SOW model.
What geographies do you cover?
Primary partner geography is North Carolina, South Carolina, Virginia, Georgia, and Tennessee, where we can put a Petronella resource on a client site if the engagement requires it. Forensics, expert-witness, and remote-deliverable engagements are nationwide. Federal-contractor compliance work is nationwide because the assessment regime is itself nationwide.
What are the exit clauses if either side wants to end the partnership?
The MSA is terminable by either party with 60 days written notice for convenience, immediately for cause, with a defined wind-down on any active engagements so neither side leaves a client mid-delivery. Active SOWs continue to completion under the original terms. The conflict-of-interest tail period continues for the contractually-defined window after termination so a partner does not lose a relationship just because the program ended.
Can you actually deliver CMMC Level 2 work under our brand?
Partial. The Cyber-AB rules require the Registered Practitioner to be named on any CMMC advisory deliverable, so a pure white-label cannot apply to the formal deliverable itself. Our Hybrid SOW model handles this cleanly: Petronella is named as the registered practitioner on the scope you co-brand, while you keep the client relationship and the invoicing. For advisory work that does not produce a formal CMMC deliverable, a fully white-label scope is sometimes possible and we confirm case by case.
What about digital forensics and expert-witness work?
Forensics findings and expert-witness testimony must carry the licensed examiner's name to be admissible. Craig Petronella holds Digital Forensics Examiner credential #604180. The Hybrid SOW model is used here: you introduce, you keep the attorney or end-client relationship, Petronella performs the examination and testifies, and a 15 percent referral spiff is paid on the engagement fee. We do not deliver forensics under a generic technical-services brand because the underlying client requirement is a credentialed individual.
How is this different from a standard referral program?
A referral program rewards a one-time introduction. A wholesale partnership rewards ongoing margin on every engagement you source. The economic mechanic is what keeps partners active over time. Our existing referral program has not moved the needle in any meaningful way; this program is built on a different mechanic entirely. If a one-time spiff is what you want, Co-Sell Revenue Share is the right model and the application form has a checkbox for it.
Do you sign our reseller and subcontractor paperwork?
Yes for standard mutual NDA, reseller, and subcontractor templates. We review client-specific indemnity language per engagement and we will negotiate cap-of-liability provisions inside reasonable limits. Our own MSA is governed by North Carolina law. Our standard insurance certificates (cyber, errors and omissions, general liability, workers' comp) are available on request before the MSA is signed.

Ready To Apply?

Five-minute application. Reviewed inside two business days. Good-fit applicants move to a 30-minute intake call with Craig Petronella before any paperwork is signed. Pick the tier you think fits today on the form. We will tell you on the call if you should pick differently.

Apply To Become A Partner See Onboarding Details