Do these statements sound familiar?
- Monetizing security is an elusive goal, reserved for those with seemingly unlimited budgets to retain security talent and tools
- It shouldn’t be this hard to do security for someone who actually cares!
- Customers don’t understand their need - they think Managed Services includes (or should include) security
- MSPs should be able to offer quality cybersecurity to their clients, but they’re stuck reselling someone else’s security to their clients
- MSPs don’t know where to get started
- MSPs can’t afford the time and capital to build a security program
- There is a lack of partners to help the MSP succeed — all the “partners” are out for their own success instead.
We will discuss the following:
- EDUCATE - Educate the asset owner
- Who is going to lose reputation and/or money in a breach? Find that person and educate them.
- They’re taking cybersecurity risks, whether they know it or not — most don’t realize the risks they’re taking
- Our solution set includes marketing and sales templates and training, such as a presentation for executives called “Making Security Make Sense” which ends in a call-to-action of getting an Assessment.
- ASSESS - Sell Assessments
- You may have to run a 5-10min preliminary assessment to even get access to the asset owner in so you can educate them
- FIX - Short term remediation (fix the leaky pipes!)
- When you assess, you will find something wrong. If you can’t find something wrong, have someone else try!
- One of your goals is to find reasonable evidence that there may be something critical going on right now (like a leaking pipe in a wall) so they will agree to have you fix it today while you’re delivering the briefing
- You’re going to have some pre-written proposals for the things you think they should act on immediately
- This is where you can build some trust because you’ve just shown them a major problem and fixed it, saving the day
- REMEDIATE - Long term remediation (roadmaps, projects)
- When you present, you should be showing them a roadmap of practical risk-reduction projects
- You will start selling 2FA, password vault software, permissions audits, advanced endpoint protection, NGFW, follow-up assessments
- ALIGN - Get the IT people on your side (gatekeepers)
- They think security is a threat to their job (“going to make me look bad”)
- You’re here to HELP them understand where to spend their time and effort, and to help educate management on the need to dedicate adequate budget
- You need them on your side if you’re to secure meetings with certain people or any funding for security projects
- Force Decisions - Take over accounts or prevent them from being stolen
- Check other service providers’ work and show weakness or incompetence
- When assessments are done for your own accounts, you can build trust by acknowledging mistakes, fixing things, and showing your effort and growth — people love to see that you care and that you’re getting better
- Demonstrate Professionalism - Demonstrate your company is a leader in actually doing something about security
- Ask customers for feedback and get testimonials
- Offer a half-price follow-up assessment within the next 12 months if a customer brings you a referral (have them spreading the word for you)
Your Security Expert Guide: Caleb Christopher
Caleb worked at an MSP who wanted to build a security program. He felt the frustrations of needing to develop an education program to help clients understand cybersecurity and their need to do something about it, needing to choose the right cybersecurity tools, train-up or staff-up for security, and mobilize a salesforce and technical team around a cybersecurity program offering.
Caleb was a Director of Technical Operations at a cybersecurity firm, managing a penetration testing team, vulnerability assessments, and conducting consultative executive summary briefings with customers.
He’s authored articles in BoardRoom Magazine, is a regular speaker at regional IT and Information Security conferences, and is an active member of the local information security community.
See Caleb's Profile