Why should you care about compliance? Tim, who helped develop the SAS application Polygon, joins us this week to discuss compliance for engineers and why it matters. Polygon is shaping the future of policy processing management by helping MSPs streamline the policy process.
To understand why you should care about compliance, it helps to really know what compliance is. Essentially, it is adhering to some standard. In the technology world, there are Risk Management Frameworks (RMFs) that are used as a compliance standard to adhere to. You could compare it to quality control, or the referee of cybersecurity. This “referee” is helping guide you through the rules that you and the client should adhere to in order to avoid the ramifications and consequences that could follow.
2 min read
Compliance for Engineers - Part 1
By Adam Walter on Oct 24, 2022
Topics: IT Security compliance
2 min read
Automated Pentesting and Profit: Part 2
By Adam Walter on Aug 29, 2022
Last week, we discussed pentesting and why it’s important. This week, we are going to dive into how MSPs can utilize automated pentesting to generate higher profit margins.
Pentests have never been so accessible in terms of a price point and turnaround times, making it a valuable tool to add to your security tech stack as an MSP. However, you’re already as busy as it is - despite the revenue that an automated pentest can generate, you just don’t have the time to implement it into your offerings.
This is where a third-party consulting firm comes into the picture. They will advance your security stack to include pentesting, which ultimately attracts businesses who are interested in improving their uptime.
Topics: Disruptive MSP Implement New IT Services IT Security
2 min read
Automated Pentesting and Profit: Part 1
By Adam Walter on Aug 22, 2022
Vulnerability assessments and penetration testing - more commonly known as pen testing - play a huge role in cyber security, something that is more important than ever. According to a report by Dark Reading, businesses suffered a 50% increase in cyberattack attempts per week in 2021. This huge increase should alert all business owners to ensure their networks are adequately protected.
To more efficiently help business owners do just that, there have been some drastic changes in the world of vulnerability assessments and pen testing. Here are some of those key changes, and why you should care.
Topics: vCIO Win New Clients IT Security
2 min read
Gap analysis for profit
By Adam Walter on Aug 1, 2022
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
Youtube: https://youtu.be/jSRDaSpEdBw
When reviewing a gap analysis with a client, we often come off as the person on a terrible first date. Instead of conversing with our clients, we sit down and point out all the wrong or missing things. No one wants a date like that, and your clients are no exception.
A poor approach to gap analysis can hurt your business and the relationship you are trying to build with your customers. Of course, you need to do a gap analysis for your clients. It’s part of what helps you understand the goals of their business and how you can help. However, if you can’t align your findings with the needs and values of your client, you’ll find yourself getting nowhere. When approaching your client with your analysis, it’s not your thorough, super detailed report that will catch their attention. It’s understanding your client and the value you bring to the table. When your clients come to the same understanding, you stop becoming a nag with the same repetitive concerns. You become a partner and an asset.
Talk to your clients about their business. Make it a point to understand what aspects of your gap analysis are most valuable to their operation. You may have a lengthy list of items that need to be addressed, but not all of them are things your client will care about. Let them know how your gap analysis helps them run their organization and generate profit. When you take the time and effort to have a conversation with your customers, you start to build trust, which will, in turn, open up more opportunities for you!
There will be gaps that your clients will not understand. This is not a foreign concept to those of us in the IT world. We have language and lingo that a layperson does not use. While this can be a challenge, you should take this as an opportunity to showcase what you have learned about their business and how your gap analysis pertains to their success. Educate them as to why your services are needed. Prioritize the things that are most important to them. This is not you being a salesperson. It allows for a customer-led strategy! Your customers have the chance to do the work for you by prioritizing what risks need the most attention. Then let them know what future steps you can take to improve things in the future. It’s a win-win scenario!
Remember, you do not know every gap in your customer’s portfolio. When a client seeks your services, you are often given a small window of insight that usually only pertains to IT. Make an effort to build rapport. It will help you prioritize the gaps that need the most attention, and your client will start to trust you to make decisions. Again, this allows you more opportunities to expand your services and build a business relationship that can last decades.
Gap analysis doesn’t have to be boring and repetitive. Use it as a tool to strengthen your business relationships and turn them into a profit!
Topics: Demand Generation for IT Companies Technical Account Manager IT Security
2 min read
Why Tech Companies Suck at Risk Analysis
By Adam Walter on Jul 11, 2022
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
Youtube: https://youtu.be/7uIOwxWU_HU
In the tech world, we tend to focus on the tasks that directly correlate to our work. But if we only focus on things like fixing firewalls and cybersecurity without understanding our clients - that is what makes tech companies suck at risk analysis.
That is not to say that what we do is unimportant. Our clients would not have hired us if they did not need our services. What is important is that we understand that to our clients, there is a difference between technical risk and business risk.
It is only natural that tech companies focus on technical risk. It’s what we do! But, you must remember that business risk will always outweigh technical risk to your client. Make it a point to talk to your customers. Understand what they see as risks and threats to their company, and then align your services with their needs. For example, if you have a client that runs a dog kennel, their main concern is the health and safety of the animals. If you only talk to them about everything you have done to improve their cybersecurity, your words will fall on deaf ears. But, if you can explain to them how improvement to their cybersecurity helps oversee all dogs that they are caring for and allows owners to safely access live streams of their pets from work, you have proven how your goals match those of your customers. Now your client has more features to sell to their customers, and you have opened the door for your business to provide additional services to build an ongoing relationship.
Aligning technical risk with business risk benefits you and your customers by providing a clear path to success. It helps your clients prioritize the factors that threaten their business and enables you to understand how your services help them meet their goals. Use this as a foundation to expand your business.
Business Risk x Technical Risk = Opportunity
When your client understands how the risks and threats to their business can be resolved by addressing technical issues, it allows you to cultivate your business relationship and the opportunity to offer additional services. In turn, it is your responsibility to ensure that you understand your customers. Focus on what your clients care about and what is most important to them. Learn how to identify the problems they face and then mitigate them to how IT can help prevent problems from happening. This strengthens the trust your clients have in you, provides direction for you and your client and creates a base on which you can expand your services.
Tech companies don’t have to suck at risk analysis. We just need to listen and understand how our work impacts client businesses and reduces the threats they face. Building client rapport is more than just doing a good job. Remember, we have conversations, not presentations! Take the time to understand what they value. Turn your risk analysis from sucking to spectacular!
Topics: IT Sales Person Managed Services Providers IT Management IT Security
3 min read
Holiday Security Tips
By Adam Walter on Dec 13, 2021
Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
The holiday season is in full swing, which means that you need to know security tips to protect
yourself from fraud and getting information stolen.
Topics: Managed Services Providers IT Security
8 min read
The 4 Steps of Successful Cyber Security Service Monetization
By Caleb Christopher on Aug 15, 2019
In my observation, previously working for an managed service provider and now with MSPs: for some, monetizing security is an elusive goal that seems to be reserved for those who already have connections, experience, and the right customers. Why?
Topics: IT Sales NIST Cyber Security Implement New IT Services IT Security IT Business Development
2 min read
Webinar Takeaways on Selling IT Security and Compliance
By Denes Purnhauser on Aug 15, 2014
It was a really engaging talk with Steve Rutkovitz CEO of Choice CyberSecurity. He is a very successful MSP practitioner specializing in IT Security and Compliance.
We were talking about MSP challenges, strategies, IT consultative sales processes, IT security and compliance opportunities and partnerships, and I learned the following: