Sales vs Engineering
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
Today, we’re answering the big question: which is more important, sales or engineering?
Now, before we get started, we want to clarify that both sales and engineering are super important. You really shouldn’t have one without the other. Our goal is to figure out where your energy and money should be invested in those two topics.
Multitasking is looked at as a skill that will allow you to accomplish more. When it comes to MSPs, it’s not smart to multitask. You must have a main focus, and you shouldn’t prioritize everything. So, we’re here to help you decide what your main focus should be.
Let’s say you only have money for one new position—either a salesperson or an engineer. What do you think will benefit your team the most? We think it’s a new salesperson. Now, engineers, don’t get upset. Let us explain! You can be the greatest engineer in the world and bring a ton of different skills to the table. If you don’t have any clients to work with, then those skills won’t matter. You must sell your services in order to actually have anyone to work with.
Ultimately, if you don’t sell yourself, no one will know about you. If an organization is not growing, it’s dying. And, in order to grow, you must sell.
Let’s take a lawn mowing business for example. If you are looking to mow lawns, you have to tell your neighbors about what you’re offering. You could be really great at mowing lawns, but without telling anyone, you won’t make any money. If you become even better at mowing and upgrade your lawnmower but don’t sell your services, you would still be in the same place as before: not making money. When you sell your services to your neighbors, then your upgraded mower and enhanced skills will finally be able to pay off. But, it took selling to get you there.
The real superstar in an IT organization is the engineer who can sell. This is the person who understands all the technical work and can talk to clients to figure out what they need. With this type of person at your disposal, your MSP will be unstoppable.
There tends to be a bit of friction between the operation and sales team, but what you have to understand is that you can’t have a successful company without both of these groups. Even though you have to focus on the sales team, the technical team needs to be the ones helping the sales team know what to sell. When you think about it, the sales team is selling the engineers’ skills. If your engineers and sales team work together, you will experience success. Engineers, be friends with the sales team! If you can sell your services to the sales team, then they can sell what you do best to clients. It’s a win, win.
If you take away anything from this blog, let it be this: you must align your sales and engineering team to have the best results. The sales team sells the MSP, and the engineers make it profitable.
You have to work on your business and how things are working together so you know what to sell. Then your sales team can identify appropriate opportunities. Don’t just be more efficient at delivering; be better at selling and everything will resolve itself.
New Year, New Topics
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
The new year is coming and we are starting it off with new content! In the new year, we really want to focus our attention on MSPs because some people don’t even know what MSPs do and how they can help a business grow. We’re going to provide tons of MSP-related content — here’s a sneak peek into what 2022 will bring!
Who MSPs are and what they do
We will dive into who came up with the term Managed Service Provider and how the position has developed into what it is today. Managed Service Providers developed due to a need for businesses to see how critical technology is for their business and needing a better way to manage it all and provide stability. We will also discuss how MSPs can help businesses, no matter what type of products or services you offer.
How to choose a good MSP
This ones for you, business owners! If you’ve been wondering how to actually go about finding the right MSP for your business, we will help you figure out the necessary steps to finding the perfect solution for technology management.
How does an MSP find good clients
Not all business is good business. With that in mind, we’ll show you how to have the best experience with your clients. You definitely don’t want to work with difficult clients, so we’ll point out red flags to stay away from and how to attract the people and companies that you really want to work with.
How to match up what is actually important to a business
Every business is a snowflake — completely unique from the next. As an MSP, you have to be aware of that fact and run your services accordingly. We’ll give you tips and tricks to gage what your client needs in order to best align with them and provide as much value as possible.
These are just a few of our topics that we will be diving into in 2022 — get excited about everything that is to come! Our main goal is to be a resource for you, whether you’re an MSP or a business professional. The businesses that have ended up on top have learned to use technology in new and exciting ways so they are able to outperform their competitors and provide an amazing product — we’ll help businesses get there!
We’ve got something for everyone! If you’re a business professional, we’ll help you align with your MSP. If you’re an MSP, we’ll help you learn to align with your clients to get them to stick around and have the best possible relationship with them. We’re excited for 2022!
Tech Conferences
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
A few months ago, we posed the question: are conferences dead? We weren’t sure at the time, but, after recently attending a conference in Florida, we’ve got some more answers.
Our experience at the recent conference was very similar to a normal event pre-covid. There were lots of events and activities going on within the conference and people were generally treating it like a normal event. For those of you that love conferences, this should be very encouraging to you!
Going forward, hybrid-type conferences are probably going to stick around. There are lots of positive things about this method of getting together, but there are also things that you can’t really receive in a remote format.
Now, when you go to a conference, you shouldn’t go for information. You should always attend an event to make connections and build relationships with people. It’s not bad to learn at conferences, but most of that learning can come from talking to people who are passionate about the same things as you. This is the item that might be missing from your remote conference experience: connections with people in person! You might be an introvert, so this might be the factor that you are glad to be apart from, but, there is so much value in being able to chat with someone face-to-face.
If you are attending an event, go to the keynote presentations and listen to what the speakers have to say, but the most important part of these days is what happens after the event is over. Take the time to interact with other people in any way. That can be getting dinner or drinks with other attendees or simply having side conversations with people throughout the evening. These conversations generally lead to getting more information and insight than you could ever get during the event itself. The real meaty party of those conversations probably could not have happened remotely.
If you don’t love going to conferences, try being a vendor instead. Vendors generally do not attend the main events, and they get a lot of free time. This means that they have more time to meet people and connect with them over a load of topics. This is a great way to learn what other people are doing for their businesses and maybe even partner with an organization to make your company even better. B to B relationships are very important, and being a vendor can lend you the time and experience to make those connections.
It’s important to pay attention and look for the really engaging parts of conferences. Sometimes, they aren’t found where you were expecting them. Listen intently to the Q and A sections of speeches and create side conversations throughout the event. This will ensure that you get the most out of any and all conferences that you attend going forward.
If you had to boil it down to what a good conference looks like, it’s all about building relationships. So, we don’t think conferences are dead. Hybrid systems will stick around, but conferences are here to stay!
Thanksgiving 2021
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
Happy Thanksgiving week! To celebrate this special time of year, Elijah, Adam’s son, guest-starred to chat about Thanksgiving and conversations. Let’s dive in!
Knowing who you are talking to and getting on the same page as them is very important for having meaningful conversations. While sipping on Fanta, Elijah shared his love for My Little Pony — something he and his dad watch together. This is a shared experience between the two that allows them to further and deepen their relationship.
Whether you are talking to someone that has advanced degrees in finance, history or engineering, or it’s your 10-year-old son who’s just awesome, you have to find ways to relate to them. It’s important to look at client and co-worker relations in this same way. Create personal friendships with those that you are around and further your work ability and skill in return.
Remember that you can have conversations with anyone, no matter what their background is. You can create shared experiences wherever you go. Whether it’s hanging out, drinking fanta or talking to a business owner, the most important part is creating relationships and being thankful for those relationships — this will make sure that you always be able to build memories that you can fall back on. When you talk to someone, it doesn’t have to only be business all the time. Create memories so you can work with and for people you know well and have a relationship with and enjoy spending time with.
Adam is extremely thankful for those types of relationships, as well as being able to buy a business, go on trips and spend time with family and friends. As you enter Thanksgiving celebrations, be thinking of how you talk to your family and friends and maintain those relationships. Then, bring that charisma into your working relationships.
Dumb Technology
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
Over the years, there has been a lot of dumb technology. It’s hard to keep track of all the ideas that seemed great at first but ended up being a nightmare. Here are a few pieces of technology that just didn’t make the cut.
Autodialers: an electronic device that automatically dials phone numbers. Once the call has been answered, the autodialer either plays a recorded message or connects the call to a live person. There were great intentions behind this invention, but autodialers aren’t people’s favorite piece of technology.
Virtual Boy: a tabletop portable video game console developed and manufactured by Nintendo. Basically, these 3D goggles were the 90s version of virtual reality but the technology was not ready for this advancement quite yet.
Microsoft Bob: an attempt at a digital assistant, this software was intended to provide a more user-friendly interface for Windows computers. It was discontinued shortly after because it was very clunky and cheesy.
Clippy: a paperclip office assistant character that was created by Microsoft. The main issue with Clippy was the technology was not fast enough to load in a timely manner, making the entire screen freeze and work come to a halt.
Digital Pets: an online pet you could feed, play with and take care of — this technology made doing real chores impossible due to the time commitment to caring for fake pets.
The main point is, there is a lot of technology and some of it works and some does not. The difference between good tech and interesting tech is the implementation and the audience.
If you have new technology, make sure people are ready for this technology and make it work with the already existing tech. If you solve problems instead of adding to them, new technology will be seamlessly added to people’s lives easier.
The 6 Steps of the IT Consultative Sales Process
The currently dominant sales processes aren’t able to generate enough leads nor provide proper differentiation for MSPs. This undermines any chance for predictable growth. When they aren’t able to win new business in a predictable way, managed services providers can’t grow, develop new services, hire the ‘A’ players, develop internal processes or scale. The root problem is that the current transactional (the client is looking for an IT provider) and solution (IT Infrastructure or NIST Cybersecurity Assessments) sales models are reactionary. These methods assume that the client understands the problem and has a pretty good idea of the solution they’re looking for. These models don’t enable the managed services provider to elevate the message, educate the client about what’s important, differentiate the MSP’s offering, set proper expectations, or start a conversation without a buying intent. The IT consultative sales process does all of that and thus provides far more predictability.
|
Differentiate yourself from your competition
and become sales ready
Why IT Consultative Sales important for MSPs?
The IT service market has been saturated, the offerings have matured and the typical IT infrastructure problems are easily solved. Generating demand among high-value, high-maturity clients with business potential is a challenge as they very likely already have an IT service provider they’re happy with. Potential clients are not out shopping.
Once the referral channels have dried out, selling MSP services became a very unpredictable and long process. If a prospect has no visible pain she won't change her provider if only for a better price. It’s difficult to differentiate from the competition as everybody can claim to be a world-class MSP.
The current transactional and solution sales processes have proven to be successful when prospects have immediate and obvious IT needs. That’s why referrals worked so well and why inbound calls get through the website. IT infrastructure or cybersecurity assessments have been a big help to manage the process by qualifying clients and offering an IT solution.
The IT consultative sales process is a proactive one, that does not require the prospect to start the buying process and it performs better on this new landscape.
|
What is the process of IT Consultative Sales?
The IT consultative sales process consists of six major steps. Each works toward differentiating your MSP business from the current competition by redefining the market and services. You are not claiming “to be better, faster, cheaper, or more” you are claiming to solve different problems and defining a unique context of your IT services. The process itself helps to set their expectations of their current provider higher and to evaluate them in your context.
- Differentiate Your MSP’s Message - The IT consultative sales process starts by developing an elevated message. This message drives a wedge between you and your market competitors, reframes the problem the prospect has as well as the expectations. Typically this is a new “category” of services they have not used before.
- Capture Leads with Education on Business Problems They Want to Solve - The sales process is supported by specific, unique, and very valuable content. This content helps to educate your potential clients on the business problems they want to solve, relates to your services and exhibits the value of the “category” of your services.
- Qualify Leads Focusing on Quick Win Solutions - The lead generators are followed by a first interaction which is your introduction. This first meeting sets you apart from the current IT service provider “category” and quickly demonstrates many of their current problems you can actually solve.
- Deliver Value Connecting Business Problems to Technology Solutions - The first meeting leads to a business workshop where you are able to lay down the map for success. You can articulate their business challenges, current reality and set proper IT goals for them. This workshop helps them translate the “vision” to actionable steps.
- Gain Clarity with Proposals - Your proposal does not consist of a final and large commitment engagement (such as switching their managed service provider). Instead it’s a “springboard” engagement, which is easier to buy and solves a very specific problem.
- Upsell Your Clients - This process expands the IT strategy where the client starts engaging you, leading to further engagement and value delivery..
HOW DO I LEARN MORE ABOUT IT CONSULTATIVE SALES?
The 3 best consultative sales books:
- Let's Get Real or Let's Not Play: Transforming the Buyer/Seller Relationship
- The SaaS Sales Method: Sales As a Science
- The Challenger Sale: Taking Control of the Customer Conversation
The 3 best consultative sales videos:
- The Power of Remote Sales
- What is the Difference Between Consultative Selling and Normal Selling?
- What's the difference between Consultative and Provocative Selling?
The 3 best consultative sales blogs:
- The 6 Principles of a Consultative Sales Process
- The Consultative Sales Process: A New Model of Selling
- Digital Maturity Group
3 previously posted Managed Services Platform blogs about IT consultative sales:
- Two Ways to Differentiate Your MSP
- What is the One Business Skill MSP Leaders Can Teach Their Clients?
- Why MSPs are not Closing Business Enough
5 Reasons You Lose Deals to Your Competitors
Are you struggling to sell Managed Services?
If you are struggling to sell services, don't worry, you are not alone. MSPs of all sizes are feeling the pinch when it comes to sales, so this struggle is not exclusive to you.
Factors such as increases in competition, frugal clients, poor product positioning, diminishing referrals and lack of overall strategy, cumulatively contribute to a continual decline in sales.
Leads are at an all time low and the cost of generating leads is at an all time high. In light of this, it is more important than ever to utilize ways to set yourself apart from the crowd, secure your role as an industry expert and thus, gain credibility from existing and future clients.
With referrals being fewer, and certainly further in between, it is increasingly harder to grow your business with any sort of consistency. And, SMBs are bombarded with sales and marketing messages from IT companies every day, making it increasingly difficult for you to land meetings with qualified companies.
This makes it imperative that you find a way to stand out from the competition and find a way to convert leads into clients. If you look like the current IT provider or, just like every other MSP out there, with similar service offerings, you are virtually giving the prospect a reason to buy on price.
If you want to put an end to the dreaded ‘Lead-Proposal-Closed Lost’ cycle you will need to become more effective at creating the vision of a higher value experience and demonstrate you have the ability to deliver that experience.
Does this sound like you?
"We'll be just fine once we find a way to get in front of more prospects." While this sounds logical, nothing could be further from the truth. Even referrals do not have the high close ratios which we came to expect for so long. And, leads generated by your own efforts are much more skeptical, with the industry average close ratio well below 30%. Because of this you must have a strategy and a process that sets you up for success.
DIFFERENTIATE YOURSELF FROM YOUR COMPETITION AND
BECOME SALES READY IN 30 DAYS
Make Your MSP Blog a IT Sales Tool
Okay, you just exchanged business cards with the owner of an accounting firm during a chamber event.
He said, “Sure, let’s plan on meeting some time over the next 2 weeks.”
Awesome! You left the event with a qualified lead! Plus, he agreed to meet and he already shook your hand.
The problem, because we all know it’s never that easy, is that there’s a delay. You couldn’t ask him much of anything, and nevermind describing what makes your MSP unique.
There’s no set date for the appointment, and who knows, he may bump into a competitor or research online in the next 10 days!
So, what do we do now?
You need to activate the EPSA campaign
EPSA is an acronym for education, professionalism, story-telling and authenticity, and together, these are the qualities you want your prospect to understand, because if they grasp what makes you and your company unique, your chances of winning will go up.
The full implementation of EPSA is what I’ll cover in the seminar, but for this blog, I’ll share just two examples of how MSPs are doing the “E for education” part of the EPSA methodology.
E is for Education
Let’s get back to the story above.
The CEO of that accounting firm may have asked you a question about security, or maybe they told you they were using O365 but not getting much out of it, or perhaps he didn’t say a thing aside from “we need help with IT.”
The goal with the E part, or “education,” is to teach your qualified opportunity two things. First, to teach him something he didn’t know, and second, to show him that your company is a thought-leader.
Example by NSI
NSI is an MSP in Naugatuck, CT, that my agency helps with sales and marketing. A blog called, “In the Trenches of a Real Breach” is an audio interview we did with Tom McDonald, the CEO, about some ransomware attacks. It goes into what a SOC is and the importance of having an incident response plan. By having Tom’s voice and real story, we are showing his unique expertise.
Example by Casserly Consulting
Casserly Consulting is an MSP in Boston. A blog called, “The State of Cyber Security in the Commonwealth” we took the publicly available breach data from Mass.gov and we analyzed it. By doing a deep dive into the nature of breaches in Massachusetts, we’re making Peter’s MSP a thought-leader.
The 4 roles that make you a high value business partner
Transforming your Basic IT Service Provider company into a high-value business partner is a study in communication - why you communicate, what you communicate and who is communicating to whom. There are four roles that are critical to your relationship with your clients. The communication from these four critical roles will determine whether your company is becoming a commodity or a differentiated brand. Let’s take a look at these roles and what you can do to make sure their communication will be excellent.
Client Engagement Roles
Client Engagement Roles are responsible for interaction and involvement with your clients in various distinct business activities, and are defined by their area of focus. As very few MSPs have yet to clearly delineate those roles, a lack of clarity creates unnecessary noise within the process of client engagement.
Your client engagement roles should be separated by the nature of the activities (Business or Technology Related) and by the focus of the activities (Tactical or Strategic).
We have four different roles segmented by nature and focus of activities. Account Managers and Technical Account Manager roles are responsible for the tactical focus and Business vCIOs and Technical vCIOs are responsible for the Strategic focus.
The reasons for doing this:
- the client audience will be distinct (CEO / CFO / Office Manager / IT Coordinator)
- the required skills of the various activities will be distinct (Sales, Planning, Strategy, Technical)
- the engagement cycles will be variable (Strategic - Annual and Tactical - Quarterly)
Without proper separation of the roles, client engagement will be inefficient and your communication will be confusing.
Examples:
- the owner of the client entity has to sit in a meeting discussing tickets and backup issues quarterly
- the account manager is asking approval for a project from an office manager
- clients are not interested in participating in business review meetings
- clients are not engaged with business conversations discussing only technical issues
Client Engagement Responsibilities
Each role has a responsibility to engage the client with particular activities. The Strategic roles engage clients typically annually with executive roles. The tactical roles do so with the office manager or another technical coordinator level.
Typical responsibilities for the Strategic-Business (vCIO) role: Make sure IT is viewed as a strategic business asset, not a cost
- IT Strategy Development
- Business Application Selection
- Data and Business Intelligence
- Office Productivity
- System Integrations
Typical responsibilities for the Strategic-Technical (Technical vCIO) role: Make sure that the IT Infrastructure is aligned with their business goals
- IT Infrastructure Roadmap Plan
- IT Infrastructure Budget Plan
- Technology Stack Adoption
- IT Infrastructure Risk Assessment
- Hardware Lifecycle Management
Typical responsibilities for the Tactical-Business (Account Manager) role: Make sure that the companies are aligned, engaged and are expanding their business with you.
General Client Engagement
- IT Infrastructure Roadmap/Budget Reviews
- Service Satisfaction
- Service Expansion/Renewal
- New Service Sales
Typical responsibilities for the Tactical-Technical (Technical Account Manager) role: Make sure that the service is delivered well and the day-to-day operation is efficient
- Best Practice Adoption
- Service Delivery Alignment
- Ticket, Service Process Reviews
- Security / Backup / DRP Reviews
- Lunch and Learn
The Business-vCIO role’s scope is usually outside of the MSP’s IT infrastructure offering. That means the goal of this engagement role is to expand the services with the client. The engagements should lead to extra sales.
The rest of the role’s scope is inside the MSP offering and helps engage with the IT Infrastructure core services.
Client Engagement People
You might be an entrepreneur doing client engagement on your own. Maybe you’re an owner trying to delegate some of the client engagement activities to an employee. Even if you’re leading or participating in teams dedicated to client engagement, the likelihood that the roles and their audiences efficiently matching is pretty low.
Most organizations have overlapping titles for many roles. The trick is how to map different people to distinct roles. Be aware you might have to redefine your current structure to achieve this streamlining of your processes.
Best Practices:
- If you are an owner delegating the roles, let's keep the strategic role and delegate the tactical elements to an employee. This way you can keep the high-level owner-to-owner type discussions with clients.
- If you are in a team, the sales team can take over the Account Management roles for more business development pursuits, the primary technical resource can take the Technical Account Management roles and a more senior individual can step up as a Technical vCIO. The Business vCIO can be done by the owner or a full-time consultant type resource.
Conclusion:
By clarifying roles you may find it much easier to
- hire the right people to the AM, vCIO positions
- engage clients with QBRs
- provide clients with strategic roadmaps
- get clients to adopt your best practices or solution stack
The 4 Steps of Successful Cyber Security Service Monetization
In my observation, previously working for an managed service provider and now with MSPs: for some, monetizing security is an elusive goal that seems to be reserved for those who already have connections, experience, and the right customers. Why?
Generate client engagement
with five NIST cyber security roadmaps in 30 days
Clients are confused
It is very common for managed services customers to believe their MSP is responsible for cyber security. They think it should be included in the price they already pay. This is just an extension of the misconception that Information Security is part of Information Technology.
MSPs are inadequate
Selling cyber security services is only for those “big” enough to have an in-house service because quality security talent is hard to find, expensive, and nearly impossible to retain. And without some experience on the team, many MSPs are not sure they have adequate expertise to build and run a security program anyway.
Some turn to third parties for assessments and services, but are concerned that having a 3rd party conduct assessments might reveal that somehow the MSP has been doing a bad job with security. Often, the MSP can't play a role of any significance to the customer in the assessment process, so without an option for a heads-up, many abandon the effort.
MSPs are overwhelmed
Big companies are snapping up all the qualified/experienced security staff, while the rest are playing “employment pinball” until they’ve got enough experience to be a senior analyst somewhere. From the outside looking in, there’s a strong “gotta have money to make money” vibe in cyber security.
There also don’t seem to be any partners focused on helping MSPs build cyber security programs. All the partners and products are focused on the Enterprise sector. What guidance is available costs $thousands and still takes 8-12 months to build out a cyber security program and able to offer any services.
It shouldn’t be this hard
It just shouldn’t be this hard to build and monetize a cyber security program — especially if you actually care about it! There is a way. I’ve built a cyber security program designed for MSPs. This works for those who want to work on building their own in-house program as well as those who just want to be able to sell cyber security (and remain involved) without having to hire and retain their own cyber security experts.
4 Steps to Monetize Cyber security in your MSP
Essentially, the process goes like this: Educate → Sell → Assess (and prioritize) → Remediate (remediate, and remediate some more).
Once I show a business owner their need, they then typically ask me what they should about it, so I sell them an assessment in which we build a roadmap of risk reduction projects to execute in both the short and long term. Now in my case, I’m not actively an MSP, so someone else is making the money on those remediation projects, and those projects hold more revenue than any single assessment — especially if the remediation includes subscription services.
Educate
When it comes to selling cyber security assessments, the first thing you should want to avoid is being shopped on price, so instead of vying for position in the eyes of the few who already know they need cyber security, seek to educate just some of the many who don’t understand their need.
Some will understand if only you can explain things in a way they can relate to. That is the secret sauce. I have found a way to effectively communicate the significance of cyber security to the ongoing success of their business in this internet-connected world.
In the book Made to Stick by Chip and Dan Heath, they describe how to shortcut the learning process for complex or new topics. Essentially, the human brain learns based on what it already knows. My favorite example is where they attempt to describe an uncommon fruit in detail, from scratch. When they’re done, the reader may think he has a decent understanding of this fruit. Then they start over, but this time they start with a point of common shared understanding: “it’s like a grapefruit, but bigger.” Instantly, the reader understands the fruit even more clearly than by reading the detailed description. This is the technique we use in helping business owners understand their need for security.
See a short sample video: Making Security Make Sense - Teaser
Here’s why I start with education: In my experience, when I play the role of mentor by educating the asset owners, they tend also look to me for their next step. They ask “OK, well… so now what do I do? What’s my next step?” The obvious answer is: start with an assessment.
Sell
Since the business owner already knows his need for an assessment at this point, my job is to continue to guide him toward his goal of getting one. He already wants to buy, so I explain the “simple process” the assessment follows. I do this because visualizing a simple start-to-finish process takes the mystery (read that: uncertainty) out of the purchase.
Once the process is understood, other than presenting him with a quote with a Statement of Work for an NIST cyber security assessment, my job is to not give him any reason to think twice. Show him the process, then give them the quote + SOW. I am pretty firm on this not being the time to do special scoping discussions or negotiations. Keep it simple. Anything but a smooth path to purchase introduces risk of a lost sale.
Note: As a cyber security consulting firm, the sale of the assessment is my “win,” so I don’t really budge on pricing because I know what I need to get out of the transaction for it to be profitable. But for an MSP, there is another angle to consider: the assessment is just the beginning of the revenue stream from cyber security. For the MSP, remediation projects are more likely to be the real revenue source. So MSPs can flex on the front-end pricing (quite a bit in fact, if they know their typical remediation revenue). BUT, this bears repeating: Keep it simple. If you slow things down or introduce turbulence by debating numbers, the chance of losing the sale increases greatly.
So here’s what I suggest: Before you show them pricing, decide ahead of time what “deals” you’re willing to make. So if you’re willing to offer a half-price deal, be ready to cross through that initial price and put the half price number there. However, I wouldn’t start with a bid of several thousand dollars and be willing to go to free though… People don’t respect what they don’t have to pay for, and if they took you from $thousands to $0, “What kind of game are you playing?” Whatever your numbers, pick and stick so the process is quick.
Assess / Prioritize
Whether you’re running your own assessments in-house or you’ve outsourced them, they need to be timely and relevant, and they need to demonstrate business value.
Timely Assessments
If you’ve read this far, you’re probably not trying to run comprehensive assessments with complex requirements. That means there’s no good reason for these assessments to take long.
For relatively straightforward assessments, I shoot for two weeks as a maximum amount of time to gather data, prioritize findings, produce the summary with recommendations, and be presenting back to the client. I’ve found they typically tolerate three weeks, but at the fourth week and beyond, they’re impatient and much more likely to be critical of your findings, process, advice, etc, especially if you have any “critical findings” in your report which you took your sweet time to tell them about. So if your goal is to sell remediation services after the NIST cyber security assessment, be quick about the process.
Relevant, demonstrating business value
Unfortunately, many assessments have been delivered which had little more than the standard output from whatever scanning tool was used. That’s like a mechanic handing me a color-coded printout of the OBD2 readouts and telling me to fix all the red stuff first. Thanks a lot.
For an assessment to be relevant and have business value, it has to provide realistic guidance for the particular business for whom it was performed. A quality assessment delves into the risk tolerance, the whos, and the whys of the customer. Only when you have a good understanding of the business’ objectives can you make relevant recommendations. For example, there are plenty of critical severity findings which may pose no practical risk for a given business, while several low severity findings in combination pose immediate risk.
Relevance and business value go hand-in-hand. If you understand how the business operates, what it wants to achieve, and it’s mid-to-long term goals, you can offer practical guidance on risk reduction.
Remediate
Remediation is the sweetest part for an MSP. It’s additional revenue (maybe even monthly recurring revenue!) on top of whatever managed services are already in place.
When it’s time to present findings and remediation guidance to the customer, it’s best to break it into timeframes. There may well be several relatively critical findings, but keep in mind: if this business owner only recently realized the need for cyber security, they don’t have a budget set for remediation. They bought the assessment to get a feel for what they need to do something about vs what they’re going to have to put off until later (or simply accept as inherent risk). So in my experience, it is very well received to provide them a “menu” of things to fix within different timeframes. Something like “Immediate,” “This Quarter,” and “This Year.” (Keep it simple.)
During the report presentation, I explain the implications of findings and my recommendations for immediate fixes, then I ask the business owner which ones they can / want to tackle first. Everything else in the “Immediate” section gets moved down into the “This Quarter” section, with anything else already there. Again, we discuss what would be practical to pursue within the next 60-90 days and move everything else down into the “This Year” section.
These discussions can’t really take place without some understanding of the price for the various remediation projects. So I recommend the MSP come to the meeting with individual quotes for each item in the “Immediate” section and rough price-only estimates for the items in the “This Quarter” section. This allows the business owner to do some quick mental math so we can plot a rough course for the next year during the presentation meeting. Estimates for the longer-term projects are optional, but aren’t very helpful during this meeting.
Once the business owner has decided the order of remediation projects, an Account Manager or vCIO can handle the roadmap without further need of a cyber security analyst. Any immediate actions for which the MSP brought quotes can be executed on the spot.
Note: MSPs need to be ready for the findings. Some findings may reflect poorly on the MSP, so be ready to step up and fix things ASAP. While this may be embarrassing at first, it is usually endearing to the customer when they see you doing your part, just like you’re recommending for them to do.
The 4 Steps of Successful Cyber security Service Monetization
FREE RECORDED SEMINAR