Cybersecurity is inherently complicated. It is not easy work, and it is also endless work. Unfortunately, there is no such thing as “completely secure”. There’s “more secure” and “behavior secure,” but you’ll never finish the game. Cybersecurity is a constant cycle of challenges and responses.
Many companies can only strengthen their cybersecurity to the extent that their budgetary and human resource constraints allow. This can be frustrating for people working in the field. For us, it is obvious that we (IT vendors, security analysts, CSOs, etc.) must do whatever is necessary to ensure that our organizations are as secure as possible.
At some point, however, we have to realize that the concept of “all that is necessary” is a never-ending pursuit. You have to prioritize. As security providers, we need to be able to choose the initiatives and investments that will have the best return. This is true not only for the security protocols and procedures we put in place internally, but also for the delivery of managed cybersecurity solutions to customers.
Scale your security business
It’s no secret that the demand for cybersecurity services is skyrocketing. Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) are shooting themselves in the foot if they don’t focus on growing in today’s market. But it’s no secret either that the job market is tight. Highly skilled and educated cybersecurity workers are expensive, and even entry-level technical employees are hard to find and retain.
So, for MSPs and MSSPs trying to grow their business, the options may seem limited. You can try to hire more people, which costs time and money, or you can try to become more efficient with the resources you have, which comes with its own set of challenges. What is the best path?
The answer is neither, and both.
Short-term solution: make the most of what you have
People can’t have all the skills. This is something MSPs need to recognize when it comes to cybersecurity. Your employees most likely wear many different hats when it comes to their roles and responsibilities. If your budget is tight, think about how you can be efficient with the money you have. Can you be creative while delivering great performance?
When I talk to MSPs and MSSPs, a lot of the conversation is about how to do more with the same number of people. For a business that provides services, outsourcing and automation may seem like a simplistic answer, but we’ve had great success when we’ve presented it in a realistic and constructive way. We’ll ask you, “What roles are you having trouble filling?” as well as “What do the people who work for you appreciate the most?” Where are they more valuable? »
The idea is this: focus your attention, resources and manpower on your existing services that are profitable and popular with customers, then find alternative solutions (whether outsourcing or automation) for other projects you want to accomplish. Focus on high-value customer-facing activities and fill in the gaps for the less exciting (but still important) things.
Standardize and automate where you can
Standardizing and automating as many operations as possible can help MSPs create a formula-driven revenue model based on profiles of customers with similar needs. Organizing the services you provide around specific verticals or target markets will also help you implement a rinse and repeat strategy for your business that will increase your monthly recurring revenue.
There are solutions that can help you ensure cybersecurity while maximizing the capacity of your current staff and continuing to add value for customers. Some Sherweb partners were able to double the number of customers they could handle with the same number of employees. This is not magic, it is simply outsourcing time and labor intensive activities such as alert monitoring, incident response management and SOC activities. This gives you more time to focus on new projects that make your MSP business more profitable.
Remember: you don’t have to say yes to everything. Sherweb’s partners who have had the most success in the area of cybersecurity are those who say no. It sounds crazy, saying you’ll get more business by declining business, but we’ve seen it time and time again. Building a standardized stack for security automation along with a standardized procedure leveraging PSA or RMM will give you a reliable practice with consistent results.
The fastest growing MSPs and MSSPs we work with are those with a succinct offer. They say, “I replace your firewalls and your router, your network equipment. Here is my antivirus software. Here is my EDR software. It must be standard. Once you have that, you can go above and beyond with special projects to your heart’s delight.
Becoming more efficient with the resources we have is a much more reliable route to success than trying to solve the workforce crisis on our own. However, while automation, standardization, and outsourcing help you meet your capacity needs and your ability to scale, you can never completely ignore the HR side of things.
Speaking of the labor crisis…
We know that the number of cyber threats increases every day and the incidences of successful cyber security penetrations continue to accelerate. The damage caused by a successful security breach is also increasing, despite the fact that we have more security tools than ever before. And yet fewer qualified humans are available to fill positions in the field. The supply of cybersecurity talent is lagging considerably behind rapidly growing demand.
If you’re currently trying to find experienced cybersecurity talent with specific knowledge of the role you need to fill, you’re probably banging your head against a wall. These people exist, they are highly educated and specialized, but you will struggle and compete to win them. If you succeed, they will be incredibly expensive, because of the supply.
On the other hand, finding staff willing to perform tasks such as nighttime security monitoring, alert response and incident management is also a challenge in today’s job market. There is no simple solution to this. But that doesn’t mean there aren’t solutions.
One of the things we’ve done internally is to train existing IT employees to become cybersecurity specialists. We start by offering targeted training. Later, we assign them tasks assisted by automation and AI. Next, more high-level cybersecurity analysts are providing additional training on a number of standardized cybersecurity jobs.
Hiring in IT isn’t easy, but it’s still easier than hiring cybersecurity talent specifically.
Another potential solution is grassroots and educational activities that push people into STEM subjects. If more people are exposed to the field of cybersecurity, it is only natural that more people will subsequently consider it as a career option.
Sherweb works with academic institutions to create internship opportunities for students in cybersecurity programs. Collaborating with schools gives us the opportunity to create our own talent pool and influence the skills acquired by employees after graduation. There is also the possibility that these interns will return to us as full-time employees, which will close the circle of our efforts.
Don’t fear this opportunity
Now is the time to capitalize on the demand for cybersecurity. There is a lot of business for MSPs and MSSPs to do. Even if you don’t have the current capacity, you can be more productive with the tools currently available to you by standardizing, automating, and outsourcing processes wherever you can.
You can also hire a partner like Sherweb to help you get there. By offloading menial tasks to our services, you can then reserve your best talent where it matters most, on the front lines of your business with your customers. Sherweb provides services specifically designed to fill gaps in MSP security teams. Some of these roles are simply things that no one wants to do – no one wants to respond to a security system alert on a Sunday night – but are still crucial. We can also help you with higher-level tasks and business strategy, enabling MSP partners to achieve their unique goals.
A competitive job market and a talent gap are issues that everyone in the tech industry must struggle with, but it is not the responsibility of individual MSPs and MSSPs to solve the crisis. Distribution companies can still offer security services and solutions despite the lack of cybersecurity talent. Enabling MSPs to do this is what Sherweb strives for as a value-added cloud solutions partner. Check out our partner guide to learn more or contact us to start a conversation about how we can help your security business grow.
Guest blog courtesy of Sherweb. Regularly contributed guest blogs are part of the MSSP Alert referral program.