MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

3 Milestones Every MSP Should Hit When Launching a Security Line of Business

Posted November 14, 2017by Chris Johnson

3 Milestones Every MSP Should Hit When Launching a Security Line of Business

In previous articles, I have talked about the differences between MSP and MSSP and how important it is to practice what you preach as you look to differentiate yourself in the cybersecurity space. As we quickly approach the end of the year, I’d like to provide you all with a tried-and-true strategy for successfully launching your cybersecurity offering as a new line of business in 2018 and beyond.

Before we dive in, let me highlight one thing that I know has plagued our industry in the past. We too often end up focusing on the wrong things even though this is definitely the right time, a.k.a. “right train, wrong track.” This mentality could likely be applied to launching any new line of business, but I’d like to share what I’ve learned from my own experiences and watching what other MSPs have done, through the lens of cybersecurity.

Backstory

A few years ago, I was tasked with tightening up our product offerings, reducing the product lines we support, and adding value to the existing products and services that our prospects and clients would find tangible. My big mistake was when I took our cleaned-up product line and added security as a bolt-on, not as a separate line of business. The problem was we were too focused on evaluating and selecting products.  We should have been focusing on the business line delivery. I stumbled around in the dark for almost two years before I realized that my wants were becoming a higher priority than my clients’ needs.

I wish I had known the three things I am about to tell you as it would have saved me thousands of hours of time, as well as thousands of dollars. My premise is that you desire to go from a state of not having a cybersecurity line of business, to successfully launching a cybersecurity line of business. This can be done by hitting three essential milestones. If you commit to ninety days of effort and follow this roadmap, you can be in business in one of the smartest ways possible.

Milestone 1: Learn It

When it comes to cybersecurity, my goal is to take you from being uninformed and hesitant, to capable and ignited. To do so, you need to educate yourself.

One of the first things you must learn is what exactly it entails to be an MSSP. From there, you should define and determine the following key elements:

  • Your cybersecurity business model
  • Your development strategies for cybersecurity clients
  • Your cybersecurity service delivery stack

Essentially, this will help you establish the various people, processes, and technology you need to make up your cybersecurity line of business.

Milestone 2: Lock It

As mentioned in my latest post about practicing what you preach, your next move is to become your own MSSP before you can service clients. This milestone is all about understanding your current challenges (whether it be the technology or the skills gap) and how to overcome these challenges. I want to make sure that you also understand that if you don't have the know-how and experience, it is ok to seek out a strategic partner. In fact, when we first started out, we were able to succeed because we found strategic partners.

First things first, you need to figure out the right technology stack that will enable you to lock down your own business. For many, you will likely need to take a layered approach in order to protect against the ever-changing threat landscape.

From here, you need to nail down the cybersecurity management process you intend to adopt. How will you assess and identify your cyber risks? What steps will you take to reduce your risks? Questions such as these should all be outlined and answered in your cybersecurity framework and enforced (for example, I adopted NIST 800, but there are many others). It’s important to note that this framework may be affected if you operate in a specific vertical.

Lastly, the IT talent you assemble to enforce your cybersecurity and will impact your outcome. This is probably the most important—yet difficult—step to this milestone because the people, competencies, and skill sets need to be up to par. My insight here is to lean on a third-party partner, such as Continuum, if you struggle with finding the right talent. Through the support of a Security Operations Center (SOC), IT service providers can have access to world-class security talent who act as an extension of your team. This way, you won’t have to delay the launch of your cybersecurity offering due to lack of talent development or acquisition.

Milestone 3: Launch It

Similar to the previous milestone, the “Launch It” millstone requires three pillars.

1. Demand Generation

In order to bring on new cybersecurity business, you need to first generate interest and leads. If you want to successfully launch your new cybersecurity offering, you need the right market, the right media, and the right message. Be sure you have a solid plan for targeting each of these elements before your launch date.

2. Sales Process

Effectively selling cybersecurity requires a bit of a shift from selling basic IT services. Look to nail down the packaging of your cybersecurity service offering and carefully develop your pricing strategies, which will then help you when communicating with cybersecurity prospects and making the sale. Also, be sure to build out a proper framework and messaging if you’re looking to cross-sell existing clients on cybersecurity.

3. Customer Experience

Lastly, you need to take into consideration the customer journey for your new line of business. This includes their entire lifecycle. Make sure you’re setting the right expectations for new cybersecurity clients and actually deliver on those expectations once you bring them on.
 

Conclusion

There is a great need to understand these three milestones in more detail. For those interested in drilling down in to these concepts on an operational level, I am offering a FREE, three-hour workshop! Contact me to get on my early bird list today!

Handpicked for you:
Watch Cybersecurity-As-A-Service Blueprint Webinar

Chris Johnson is a Cybersecurity Compliance Strategist at onShore Security, where he is responsible for leading the Cybersecurity Leadership Initiative. As a former MSP, Chris specialized in helping SMBs make strategic IT decisions that improve their cybersecurity posture by lowering their risk and exposure in an ever-evolving threat landscape. Today, Chris is the Ex-Officio chairperson of the CompTIA Security Community and an active CompTIA Ambassador. In these roles, his work focuses on guiding MSPs with his vast knowledge, insight, and expertise as they make their transition to MSSP.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus