View From A Mid-Market Customer: Help Us Save Money, Gain Expertise

MSSPs are at their best when they help clients drive security strategy and deliver services at a fraction of the cost of an internal hire, according to one customer executive.

The average salary for a cybersecurity expert today is $137,000, which presents MSPs and MSSPs with a tremendous opportunity to save businesses money, according to Paul Furtado, who was most recently vice president of information security for real estate software company Lone Wolf Technologies. Lone Wolf turns to channel partners for help driving its security strategy, getting advisory services, and capitalizing on vendor training opportunities.

"I have tunnel vision," Furtado said Sunday at XChange University: IT Security, hosted by CRN parent The Channel Company. "I leverage your expertise, your experience, and the diversity of your customer base to help me make good decisions."

[Related: Expert: Safety Will Trump Compliance In Future Security Conversations]

Lone Wolf signed a contract with a partner who would serve as its virtual SOC (security operations center) for a cost that's less than hiring two full-time equivalents (FTEs) for a year, Furtado said. This is a great value for Lone Wolf, Furtado said, since staffing a 24/7 SOC of its own would require the company to hire four or five FTEs, which there simply isn't budget for.

From an expertise perspective, Furtado said he likes to have a training component included in the solutions he receives from an MSSP. The training doesn't need to be specific to a vendor or result in a certification once it's finished, Furtado said.

All Furtado wants is for the channel partner to provide Lone Wolf with one of its sales engineers for a day so that employees can received functional training around how to implement and use the tool to the best of their ability.

"This is another great area where I think some VARs miss the mark," Furtado said.

Another area were MSSPs sometimes fall down is when they excessively focus on the tools and techniques they'll use to keep their customers secure and end up overlooking or neglecting the role policies and procedures play in a businesses' overall security posture, according to Robin Yates, executive vice president at Winston-Salem, N.C.-based solution provider NOCDOC.

NOCDOC focuses primarily on providing customers with a service desk and virtual network operations desk, Yates said, and partners with other solution providers to deliver higher-end virtual SOC services.

NOCDOC has positioned itself over the past three years to be a security company first, and now achieves 93 percent of its revenue on a recurring basis thanks to the services the company provides. At the same time, Yates said the company has pursued partnerships in areas of security where it doesn't have much expertise to ensure that customers have the best possible experience.

Lone Wolf counts on its solution provider partners to negotiate purchases based on vendor fiscal periods in hopes of obtaining a discount, Furtado said. In addition, Furtado said the company wants its MSSPs to select vendors that integrate well with one another through something like an API.

"Make my job easier," Furtado said. "I don't want to have to retain my staff on everything."

Small and mid-sized customers might not need a full-time virtual CISO, Furtado said, but they do need an outside expert who's focused on driving security strategy and working to move the needle to put the business in a better security posture. This strategic conversation will likely be with someone different than the people responsible for product procurement or monitoring the SOC, according to Furtado.

Nearly 60 percent of corporate leaders have said their businesses are at risk due to the shortage in cybersecurity experts, according to Furtado. This puts the channel in a great position, Furtado said, since the have the information C-suite executives want but can't afford to hire internally.

"This is a great opportunity for everybody in this room to tackle," Furtado said.