In today’s high-intensity tech training, Telarus advisers are equipped with a comprehensive playbook designed to enhance their cybersecurity conversations with clients. The session emphasizes the importance of understanding various roles within organizations, such as CISOs and CFOs, and their unique concerns regarding risk management and compliance. Key topics include the integration of AI in cybersecurity, the significance of compliance for business relationships, and the evolving landscape of cyber insurance. The playbook serves as an interactive resource, guiding advisers through essential discussions and strategies to address client vulnerabilities effectively. The session concludes with a positive outlook on continued engagement in cybersecurity topics.
Transcript is auto-generated.
Today’s high intensity tech training begins now. Continuing our cybersecurity awareness month, Teleris advisers will leave today with a phenomenal new resource, exactly what they have been requesting.
You’ll help we’ll help advisers in identifying client vulnerabilities, leveraging proof points and case studies, navigating those objections, and creating urgency that drives decision making. Today’s discussion and the resource you’ll receive will provide the tools and confidence needed to transform cybersecurity from complex technical topics to a valuable trusted adviser conversation.
Your comments and questions, of course, are welcome in the chat window to which our presenters today will respond both during and after today’s event. Today, we feature a tale of two Jasons.
Greet Teleris VP of cybersecurity Jason Stein joined by Teleris cybersecurity solutions architect Jason Kaufman. Stein Kaufman, welcome back to both of you. Glad to have you here on the Tuesday call. How are doing?
Doing great. Hey, Doug. How are you? That’s terrific. Thanks.
Thanks, Doug. And, I’m always forever known as Jason number two for everybody watching Jason number two. Alright.
Well, great to have you both here. We’ve got a tremendous discussion planned, and you’ve got a great resource today for our advisers as well.
I love it. Thank you. So, a lot of preparation has gone into some of the things that we have launched, for cybersecurity awareness month. So first off, I wanted to say appreciate the incredible work that our marketing team has done.
You know, Rochelle and and team in in launching a bunch of blogs for cybersecurity awareness month. This cybersecurity playbook, you know, Kobe had a vision for what, we could do here to help tech advisers on How to navigate a cybersecurity conversation? And some of the conversations that we get from everybody is, I just need to know what to say, what products how do you talk differently to different personas? How do you navigate a different industry?
And so what we did is we put together a forty page playbook. And so we’re gonna have the playbook for you, but you can see it right here, teleris university dot com, and then it’s marketing dash resources slash cyber. So what we do is you actually can go in, click on the download full button, and it opens up this document. I’m gonna navigate a couple screens real quick, and it’s interactive.
So our marketing team did a phenomenal job of being able to click on different aspects of this, and I’ll take you right to that section, which is huge.
So the third screen, though, everything that we did is built on the mesh architecture for Gartner. So over the last few years, during our cybersecurity universities, Ascends, trainings, we built everything around how do you have a business conversation around security? How do you understand the different products? How do you sell the different personas?
How do you navigate different industries? How do you overcome objections? So we put it all in this interactive, tool guide playbook. So if you click then on this meshed architecture, which is the Gartner meshed architecture, it actually opens up another interactive tool that gets you into the complete cybersecurity architecture that Gartner’s come up with.
So now all of this is interactive. So if I wanna go in here and click on MFA, not only is it gonna give me a definition of multifactor authentication and what it is, it’s then gonna give you a simple explanation of it, and then it’s gonna talk about how do you discuss that to a client. So now everything that Gartner says that a cybersecurity leader should be focusing on is at your fingertips. And then you can go in and see how do you navigate a conversation on mobile tablets, PCs and laptops, servers and virtual machines.
Then you get into the cloud, then you go get into the user security, then you get into the data, DLP, your data loss prevention, your data classification. So if I wanna find out what data classification is, I click on the interactive map. Now we’ve separated that out. What we wanna do, though, is get into this amazing guide.
So, this guide is about forty pages, and it’s super interactive. And so Jason Kaufman and I are gonna navigate and tell you how to use it, what are some of the the great tools that are in here, and then how do you understand it. So first off, we’ve got a great in introduction section, and then each section gives you different things that you can focus on with your clients.
So, again, we get into that mesh architecture on page three, and then we start to understand personas. And so if you’ve been to any of our sales trainings, you know, we’ve done a lot of information on how do you talk to a CISO, what are their priorities, what are the talking points, how do you focus on some of that stuff. So please throw any questions you have in the chat. We’re gonna try and get to all of them. So let’s talk about a CISO. So, obviously, their their priorities are lots of different systems, alert fatigue, risk reduction.
They have to report to a board. They’re worried about artificial intelligence that’s being decided by nontechnical people thrown on IT. IT then is trying to navigate it, but they don’t have AI resources. So they’re trying to follow a framework.
They’re trying to make sure that they’re implementing AI and the security guy or girl is over the top saying we need to make sure that we’re putting the right security in place. An incident response plan has to be orchestrated and architected. So then as you do this, then you can start to talk about what are some of the talking points to a CISO. How are you validating your current risk exposure?
What is your board worried about? Are there compliance mandates that you worry about? And then we have a sales focus aspect. Then we get into the CIO.
Now the CIO cares about their resources. They worked hard to get that head count. They have to worry about budget. They have to worry about all the different aspects of it, including their head count and the network and cloud transformation, operational resilience, lot of different things.
And so then you have talking points on that. Then we start to get into what some of the newer chiefs that are out there, a chief compliant officer, a chief risk officer, and what are their concerns, and how do you worry about them? They worry about fines, reputation, reporting readiness. Then you start to get into a CFO, and the CFO cares about cost reduction, cost management, liability reduction, insurance.
Most of the time, the CFO reports to either the CEO or the board.
And so there’s a lot of different ways in which we’re we’re talking about reduction of cost. Well, cybersecurity is not always a cost reduction. It’s a cost investment so that you can do cost prevention. So then we start to work on different tools and resources that you have there.
Head of IT, similar to a CIO, but a little different. Tool fatigue, they have a lot of different things that they need to have access to and get to integrate to their entire environment. Limited staff, the need for twenty four by seven, but not enough resources to do twenty four by seven. Then you start to get into what Doug mentioned earlier, which gets into working with a CISO and then legal counsel.
And you have to worry about all the different aspects and things that you need to navigate there.
Incident disclosure compliance, you have to worry about, you know, reputational damage, litigation defense, and doing the right steps so that your cyber insurance policy pays. And then you get into other different aspects of the business. So this document’s gonna continue to evolve. We’re gonna continue to add to it and give you different iterations of this.
So, Jason Kaufman, as you start to prepare for a call and you’re talking to a tech adviser and they say, hey. You’re talking to a CFO this time. You’re talking to a compliance person this time. You’re talking to a CIO this time.
How do you prepare for that conversation? What do you do differently for each of those different talking points?
Yeah. I mean, it’s exactly what you were saying on, like, what’s the important business drivers for them? Like, the CISO, one of the big things that you can’t really document that you get in a conversation with the CISO, they’re not only trying to derisk the business, they’re trying to derisk themselves.
So their idea is, hey. I need something that’s recognized from a product perspective to where, you know, everybody’s heard the mindset of you don’t get fired for buying Cisco. The same thing happens with, like, CrowdStrike, SentinelOne, Microsoft Defender. So having a globally recognized entity that you’re bringing in from a technical tool perspective, that also derisks them as a persona. So you’re not only you’re not only talking to them about, hey. What are you what’s the important drivers for the business? You’re also talking about for themselves.
You know, the difference between a CISO is trying to get in front of the business and keeping up with the business on the innovation side from protecting and derisking everything that they’re trying to do from AI to, you know, whatever tool sets or anything they wanna implement or whatever their their, you know, human capital, the actual employees are trying to do, trying to get in front of that to where they they keep the risk minimal. But then the CIO is kind of, you know, doing the exact opposite. They wanna be innovative to where they can compete with the the competition, or they wanna be you know, they have all these objectives where they need to be more efficient. They need to drive revenue. They need to put all the tool sets in there to help out the other c level folks. So how does the CISO get in front of that to where they’re not hindering the company growth or adding a ton of additional risk? So there’s that constant battle on how do you navigate that conversation.
But one of the big feedbacks, Jason, number one, specifically, if if you can go to the next page, one of the big feedbacks we get is, okay. I don’t have a customer entity that has all these, c level folks in there. You know, I’m dealing with SMB, the lower mid market that may have an owner, a family business, or something like that. One thing to point out is live and breathe by the line of business executives there on the bottom right.
So if you talk to any owner, they they’re gonna follow, like, individual categories across all these other different talking points, but what’s the biggest truest thing for them? I wanna be able to pass this on to my family, or I want to be able to keep the company going to where I don’t have to worry about company my business closing down for x amount of days to where we lose a ton of revenue and my employees are going without paychecks or going without work, all that different type of stuff. So their value prop is aligning up a lot with the line of business executive there. I think if you if you focus on that as well, like, hey.
If I don’t I don’t recognize a lot of these different entities within the businesses that I work with, focus on that line of business executive, and that should get you a lot of great talking points for the customers that you’re actively working with today.
I love it. Great points. And I also wanna give a huge thank you to our security team, which would be Jason Coffin, Samara, Trevor.
We had a lot of input on how to make sure that you had the best resources at your fingertips. And and now, Jason, we’re seeing more and more that in some of our meetings, there’s multiple division heads. You may have a CIO in there who brings in the CSO and brings in the compliance officer, and sometimes legal counsels are all involved in that same meeting. And then we have to navigate how do we talk differently to each person in that room. And so this is gonna really prepare, all the tech advisers to make sure that you understand the different pain points and you can take notes or you can print this out so that you have those talking points in mind.
So we wanted to then get into some of the trends. And what we just did was we said, what are the biggest trends, Jason Coffin, Samara, and Trevor, that that we get asked for as an engineering team, Teleris as a TSD, that a lot of organizations are relying on Teleris for. And so some the first one is AI driven threat detection. So that can mean a lot of different things.
Managed security, AI security tools, part of the compliance conversation. So then what we’ve done is, one, giving you trend insight as to, hey. A lot of people are focused on generate generative AI, large language models like ChatGPT, AgenTik AI platforms, and then, you know, the transformation of that, and then all the tools that you need to reduce detection and and triage times and eliminate noise. Then what we did is we said, okay.
Now depending on who’s in your meeting, here’s the key focal points that you would have. You’re talking to a CISO about AI. You’re talking to a finance person about AI. So we’ve given you the different talking points, the areas to focus on, the position of strategy, and then we gave you key talk tracks around what are some of the bottlenecks that people, have, what are some of the risks that we should be thinking about, what is some of the compliance driven automation that either they need to focus on or they hadn’t thought about.
And then we start to get into what are the market impacts on different things. So, Jason, as we talk about AI driven threat detection, how often is this coming up in a conversation with clients, and why is it important to be able to focus on in two thousand twenty six for all the tech advisers on this call?
It’s probably part of at least ninety to ninety five percent of the conversations because the CISO is trying to get in front of it. Hey. The company is trying to implement AI. They’re getting the board or, you know, they’re getting pressure to implement AI solutions.
How do we make sure that the company is not adding additional risk by having machine access all of our different data that doesn’t have the same human, human level, you know, CYA as something that’s being programmed. So how do that doesn’t actually understand, like, hey. This is additional risk if I present this data to somebody. It’s only programmed to do what it’s designed to do.
So how do we put those guardrails in place to where you’re protecting company data by making people more efficient and access to the data, you know, infinite data immediately? It’s a nonmalicious use case on, hey. I wanna I don’t wanna hinder the business by employees being more efficient, but I wanna make sure by doing that efficiency, they’re not adding risk to the business to where we’re gonna have data leakage. And the same thing from the the threat detection.
It was, hey. We have this this new endpoint detection response solution that’s powered by AI. It’s using all this machine learning to determine, you know, what is the baseline of behavioral and, you know, heuristics for this actual person or this machine, and I’m gonna react on stuff that’s falls outside of that as an anomaly. Now we’re getting to the point where, hey.
We could you know, we’re thinking we’re gonna augment some SOC teams by using some AI stock or SecOps that could do the, you know, the recognition of an alert to triaging, containment, prioritization, all that stuff that a standard tier one analyst would do. Now we’re getting up the stack to where they can actually do some containment remediation on behalf of folks to where you can augment staff not only from a managed services perspective, but also internal. So there there’s still the competing they’re competing debate on how much of a SOC team can you actually augment from a toolset perspective.
Can you fully augment it? I was in a conversation with the CSO the other day that was fully adamant that they could augment entire MDR team by using an AI SOC and then just, you know, escalate everything to internal staffing for anything tier two or tier three. And, you know, there there’s a lot of conversations going on about this on how far can AI actually get into there. Because one, AI can react a lot quicker than a human can.
It’s reacting in milliseconds. I can barely react in seconds if I, you know, move as fast as I can. So, I mean, there’s there’s a lot of different discussions going on there, so that’s why it’s part of ninety to ninety five percent of those conversations. We’re happy to be a part of those.
I love that. So AI, you’ve seen from our track report trends report is the number one conversation. Number two, cybersecurity. So this all meshes well together.
Then at the end of all the information that we just gave you, then we say, okay. Is your customer a health care client? Are they a finance client? Are they manufacturing?
Here’s some of the top use cases that we have. And so what’s the use case? What’s the supplier role? What’s the tech tech adviser sales strategy?
So we’ve given you each of these for each of these trends. So the next trend then would get into the regulatory landscape, which would then talk about managed security and compliance. And why is compliance important? How do you safeguard against certain certain aspects of compliance?
And then how do you talk differently to the different levels? There’s a compliance officer maybe. You may have a CSO. CFO is typically the person that, is responsible or the COO, you know, and that could be a couple different things.
And then key talk tracks, regulatory readiness. Do you have audits that you need to pass? Accountability in to the board level. Do you have executive compliance team, collaboration that you need to do?
AI transparency. Then from there, as we start to go down, you again get into different checklists, giving you all the tools that you need to be able to have conversations to different industries, different types of, resources within the organization. So, Jason, why is the regulatory landscape important, and and is it coming up pretty regularly?
Yeah. I mean, I mean, it’s driving a lot of the conversations besides AI. This is probably the second one, the compliance, because customers, if they want the revenue from a specific customer, a lot of those customers through the third party risk mitigation require some some compliance in order to say, hey. You’ve established a minimum baseline that you’re doing some form of, risk mitigation with our data.
Now we can do business with you rather than filling out these long forms. A lot of companies are going in and getting, like, SOC two compliance If it’s health care, HIPAA, you know, PCI, if they’re payment processing, or if they’re, you know, working with government entities, now you’re being forced to CMMC. You know, they’re doing all that due diligence in getting that compliance upfront because it makes their job a lot easier when they’re filling out the this due diligence sheet when a customer says, hey. In order to do business with us, you have to have this minimum threshold and standard in order to get our revenue.
So compliance is driving a lot because that is what’s hindering know, business with other customers. And I do wanna hit on the TMMC again. I know we pitched that numerous times. That is the only one that I’ve seen where I’ve had, like, you know, fifteen employee customers that come in.
They’re saying, we’re about to lose this twenty eight million dollar contract with the government if we don’t get CMMC level two by this specific date. So they’re gonna lose out on contracts that they’ve already won on renewal, and that’s pretty much theirs to lose by not having that that attestation. So we have CMMC ready folks that focus and live and breathe in that world. They can create an enclave like, hey.
CMMC or CY data goes here. All your enterprise data goes here. Let’s do this the most cost effective and quick way. So, I mean, we have many different solutions that we can bring here from from tool sets to compliance as a service teams to also services that can get you out of those, you know, hundred and ten required TMMC controls.
They can get you ninety to a hundred percent of the way there and get you to an attestation within ninety days or sometimes even even less, which usually the wait time on that is about twelve to eighteen months. So, yeah, lot of lot of compliance driven conversations.
Yeah. I love that. And doubling down on CMMC, we have some great providers in the portfolio that can do that. I know we have, c three IS is fantastic.
Oriental, we got Trustwave. I know ECI can help. And then Oriento also has auditors that can do the c three PAO, and and all that needs to be done by March. So we’ve worked together with Oriental to come up with a list of two hundred and eighty thousand companies that have to be CMMC.
I love the data here too. If you look under finance, AI enabled compliance audit automation reduces reporting time by seventy percent. Imagine if you have that while you’re having a compliance conversation and you have that statistic in your back pocket. We have so much statistical data that will help you in this conversation and how to navigate them.
So Thanks, Jason. Great job. So then cyber insurance, we just had, AccraSure come in. We also have, a bunch of organizations in the portfolio that can help you with a cyber insurance conversation.
We can help with the attestations, the requirements, the solutions that are needed, as well as provide a cyber insurance policy. It’s heavily regulated, so they they were they’re not able to compensate, but they can throw MDF dollars and figure out ways to do events with you in the future. But it talks about how do you navigate a cyber insurance policy conversation, and then how do you navigate that differently? The CFO obviously cares that they pass their audit, that they reduce some of their costs.
They don’t want that policy to be super astronomical. CISO needs to be able to fulfill all of those requirements, reduce risk, make sure that they’re they have incident response plans in place. So it gives you those talking points on how to navigate that conversation differently. And then you have all these key talk tracks over here, encryption readiness, things that they haven’t thought of, tie into your audit support, giving you better visibility, trigger the budget to help shift and lower costs.
Lot of really interesting things. You know, Jason, I think we focused a lot on cyber insurance over the last couple years. We probably don’t get asked for it as much from a policy perspective, but we get asked a lot for, can you help me fulfill all those requirements so I can keep my costs down? How often are you still coming up with cyber insurance?
Is it still a a very a strong conversation for TAs?
Oh, very much so. So there’s a lot of different tools that that can align with the specific controls of a cybersecurity insurance provider. So not only do you have to control to get the the policy so you can pay the premiums, but then when you have a breach, or some form of of, impact that happens where you have to actually engage to try to get a payout in order for direct or indirect costs, those controls get a lot much harder. Because the insurance company, their business is driven by not paying out on those payouts, but they wanna accept all those premiums.
So how do you align with all those objectives? Make sure you know the difference between controls to get a premium and then controls for a payout. So there’s multiple different tool sets. Some are even dedicated for insurance policies.
So to run a a vulnerability scanner, test it out compared to policies, you know, kinda like a technical way to to CYA on those on those controls. And then there’s other ways to know, take the same type of methodology but quantify those risks. So, hey. In order to hit the certain cybersecurity insurance or all the vulnerabilities that stack up within the business, you could actually get a machine learning qualified quantitative analysis, so a dollar amount on what the potential impact could be to the business.
So we’re seeing a lot of uptick there.
But one of the main ones I do want to toss out, can you go back to the previous slide? I wanted to point out to the incident response plan. I have many different partners that lead with this with customers. They’re like, hey.
We don’t wanna invest in cybersecurity now. You know, we don’t we see it as a cost driven factor. You know, we don’t see an importance for it. We can’t afford it.
You know, whatever pushback they’re getting, establishing credibility to where, like, hey. You know, when you’re ready, I’m I’m happy to talk to you about that. But I do have an avenue where if a breach happens or you have something that’s cause of concern, there’s there’s a you know, you you get that blue screen of death that says, hey. Pay us some Bitcoin, or you potentially see some weird behavior.
We have people that can come in off the bench that can help you with that incident without, you know, having some form of retainer or anything on that. So call me. I can get you there.
So establishing that credibility to where you’re that first call when something happened, that always leads to a service after the fact because, unfortunately, in cybersecurity, an an incident is what opens up that budget. But having that form to where they know to call you instead of, you know, having that deer in the headlights moment, that is where you wanna establish that rapport. And I’ve seen many many partners have that you know, they they get a ton of different cybersecurity business based on that factor. So it’s one of those little tidbits there at number three, incident response plans.
Okay. I love that. So you can see all the effort that we put into giving you, you know, just a really good comprehensive cybersecurity playbook that you can follow. Again, then you have other checklists that you can take advantage of.
You have some of the industries that are most reliant on us, so having a lot of conversations and what their focal points are. Then we give you a lot of different ways that you can actually work with the different types of insurance requirements that are out there. How do you have conversations with each of those? Multifactor authentication, why it’s important, what’s the angle to sell.
So a lot of really, really great stuff in here. Again, this is a forty page document that we want you to spend more time on. Then we get into SOC modernization.
Let’s talk about that, Jason. So why is SOC modernization important and there’s pressure on it? And are we starting to see AI and cyber SOC becoming one conversation versus it used to be, yes, AI and machine learning are part of the cybersecurity, but now I think every provider that we have has artificial intelligence woven into their their practice.
Yeah. It’s it’s the idea on why governance is is important and frameworks because they’re always continuous. So if you take cybersecurity and say, hey. We have these risks. This is how we’re gonna mitigate it, and then you never come back to it.
The market is going to and the threat actors are going to evolve. And if you don’t evolve at the same time, or you don’t respond to it, then you’re gonna fall way behind, and that leaves you up even more risk and vulnerabilities. So back to the SOC conversation, you know, now it’s a hybrid approach. Generally, we’re seeing across the board where a lot of automation is doing that initial triaging, the prioritization, the data consolidation.
So by the time it’s presented to a SOC analyst, there has some work that’s already been done from the automation, whether it’s containing the the potential breach or just getting gathering data to try to get immediate root cause analysis to track where that incident came from, to where that person doesn’t have to do the due diligence when they get that immediate alert. You can immediately start acting upon it. So you have to react super quickly in order to compete with the AI threats that are out there. They’re you know, it’s it it you have to move super quick when something is just a prompt or something’s acting autonomously and it’s moving super fast.
You have to react to the thing you know, the same speed or else it’s gonna be in the network before you even be able to react to it. So that’s where the AI stock and all those conversations come in, the Power BI AI, is they wanna react to Contain really quickly before a human can actually touch it. Because if you have a fifteen minute SLA in your SOC and something’s moving in millisecond time increments, by the time that fifteen minute reaction is already there, that that potential threat is already, you know, providing extra impact in moving throughout the network itself. So that’s why we’re seeing that a lot.
I love that. And so here’s good key talking points on how to position, you know, SOC modernization, you know, budget optimization, giving you more resource in house resource constraints, and then how do you talk about the market impacts, then it gives you some checklist, then we go into how do you sell and position it differently to, again, different industries, you know, which we always try to put the the four biggest ones. So then we start to get into zero trust, and there’s a lot of evolution on zero trust, Jason. When you think about zero trust today is typically aligned with the SD WAN conversation and SASE, and it’s a part of the SASE framework. But now we’re starting to see zero trust be become part of that artificial intelligence conversation. So let’s talk about what is Zero Trust to you, how often is it coming up, why is it important just as a standalone offering, and then why is it important as we start to see the future of artificial intelligence.
Yeah. It’s just a methodology of least privilege. And, hey. I’m I’m only gonna give access to people to only only need access to systems that they need to do their job, nothing more, nothing less.
So it’s saying, hey. I don’t wanna give the keys to the kingdom to every single employee like a traditional, you know, VPN tunnel would do or an open key or something like that to a door. Now it’s saying, hey. You only need access to these systems, this data to do your job.
So if your credentials get leaked or you get compromised, then the the impact is minimal to only the data you have access to or the application. So the same thing is happening with, you know, with with AI because now you’re talking about a human persona and you’re talking about a machine. So for breaking up that identity, what is that machine’s actual identity and what does it have access to? Does it have access to everything or only the the job if it’s specific to, like, a narrow intelligence type of model?
Does it only need access to a certain amount of data to do its job? Or is that machine being triggered by a human to where it now needs to have limited data access to what that human has access to? So now you’re getting a lot much more granular from an identity perspective for that specific machine, whether it acts autonomous or is it triggered by a human event or it’s triggered by some form of other alert or, you know, whatever it’s triggered by, it has the zero trust principles and least privilege to only do what it needs to do. So it’s just minimizing the impact of something assuming a breach occurs.
That’s all cybersecurity really is is saying, hey. I wanna mitigate the impact of of some form of risk assuming that something’s physically going to happen.
Love it. Thank you. Great viewpoints on that. So, again, we give you key talk tracks, market impacts, different types of checklists, how do you navigate that conversation with the the top three or four or five different industries.
We’re gonna continue to add to this too. So, again, this is gonna be a living, breathing document. We’re gonna add more trends as two thousand twenty six rolls around, and we start to get into quantum computing and user behavior analytics. So we’re gonna continue to add and make this even bigger and better, but we wanted a good starting point.
If we added everything to this, would this would be a five hundred page document and I think overwhelming for a lot of people. So that’s why we have the interactive part, and you could click on different things, and it’ll take navigate and take you right to that specific page so you’ll be able to continue to have this. Then we get into the cloud. And, you know, with with Kobe and and Chad Muckenfoss and the team in the cloud, we start to worry about the edge and large language models and protecting the data and who has access to the data and how do you talk differently to different levels of the cloud leadership.
And so we give you talking tracks on, you know, where are some of the reasons and ways that you should focus, talking about reducing risk again, but in a hybrid environment, talking about zero trust adoption and why that’s important to the cloud conversation, visibility for incident response and why that also ties into the cloud. And then we give you a lot of different checklists again that you can utilize and know how to navigate some of those conversations. Then, again, we get into the different verticals and and industries, health care. Why is HIPAA and cloud a good conversation?
How do you understand the different supplier roles? And then how do you navigate that strategy, that sales strategy? And then we will start to get into the hybrid and remote workforce, which bleeds into a lot of different aspects. It bleeds into the cloud, who has access to all the the information.
We need to make sure that the customer experience is good, the employees can access what they want, which bleeds into Sam Nelson and CX and that entire experience, and then AI is part of that. And then you bleed into how do we navigate that and get into the connectivity aspect, goes into Graham Scott and advanced network and mobility and IoT, the Internet of things. And so we have a lot of remote workforce still, hybrid environments. We need to make sure that we’re worried about the identity and the access of the employees getting into passwordless user, credentials and not have to always worrying about, any user can get into any aspect of the environment.
So lot of really, really good information here. You know, there’s talking about remote device security. Some of the tools that people have, again, gets into zero trust policy enforcement, making sure that there’s tools and training in place.
Then we wanna train the users and get into different act aspects of security awareness training, artificial intelligence awareness training, which is also huge. Then we get into a lot of different aspects of the the industries that are doing really well in this conversational talking point. Health care has a lot of people that still go into an office, but they still have a lot of remote users. So then the next section is really cool, and I wanna make sure we hit on this before we run out of time.
Compliance, regulatory selling, and framework. So, Jason, let’s talk about this. As we navigate this section, there’s a lot of different things we wanna understand, you know, the regulatory framework different than what we talked about earlier. We wanna talk about objectives, key activities, and and sample types of questions. So as you navigate a compliance conversation, you know, this comes straight from some of the things that you think about and how you navigate. Why is this important, and how do you navigate a compliance regulatory selling framework conversation?
Yeah. It’s more about asking what’s driving the compliance. Is it just for cybersecurity maturity internally? Like, you wanna follow a framework like NIST, ISO, or you you have some requirements from, an industry perspective, like we’re talking about, you know, the HIPAA or PCI or something or even HITRUST if they wanna go for that.
But, ultimately, it’s it’s getting to what’s driving it and then what are you going to lose if you do not get this compliant. So that’s where always it leads to TMMC. Like, they know which contracts they’re gonna lose. That one’s immediate from an ROI perspective because they can tell you exactly which contracts they will lose. But a lot of them are determining like, hey. We have this application that people have access to, and we need to get SOC two compliant that’s required by most customers. Or we we’re starting conversations with this customer, and we’re expecting that to close in six to twelve months, and we need to have this compliance.
Or, you know, we’re going through all these due diligence, and we’re seeing these compliances come up over and over again, and then we have to adhere to the controls and document how we’re doing all this stuff because we don’t have the specific attestation for it.
So, again, it always comes back to what’s driving that compliance and the need for it to where, you know, you’re basically asking them, hey. Is this an internal process to where you have a security minded person that wants to govern everything, or do you have this requirement from a customer in order to get revenue or something? Most of the time, you’re gonna see it’s a revenue driving factor that’s requiring that compliance.
So last thing I wanna hit on is is the section three talks about the different phases. You’d have a discovery phase and the objective for the discovery phase, the key activities, the sample types of questions, then you get into a mapping phase, you have an influence phase, Then you get into a design phase. Then you start to worry about when do you want all of this implemented by so that we can then say, okay. You wanna implement by June of two thousand twenty six?
Okay. How long does your legal counsel take, your contracts take? How long do you wanna put the information in there and test it? So that puts us in March.
So that means we need to probably sign by February so you can backdate it. So it really walks you through the sales process of how to understand the different phases on selling to a different cybersecurity unit and understanding each phase as you’re going there. So really good stuff on how to position MSSP versus a customer trying to do it themselves.
And then, again, it goes into the different verticals and industries and give you gives you a lot of granular information, finance, public sector, manufacturing, retail, their focal points, how do you position things differently. So a lot a lot of great stuff in here. So I wanna make sure we have enough time for Doug to to wrap things up. We’ve also put together a cross sell, upsell playbook that I’ve, identified four key talking points that you can have, conversation tracks for that we’ll get into, and we’ll be able to share that document out to everybody. Lot of great information that everyone will have here that you can use for your client conversations on how to navigate the cybersecurity conversation.
Doug, do we have any questions?
I think you’re on mute, my friend.
Muted? Yes. Ah, you missed my great lines. I just said I don’t think you took a breath that entire time.
That was phenomenal. Great resource, unbelievable amount of information in this. We asked for a two hour call today. They said no.
But, I appreciate the information. I wanna emphasize to everybody that the Playbook is available to all Teleris technology advisers. You would have received an email either yesterday or today. If you haven’t gotten that email yet, go ahead and reach out to your Teleris sales representative or you can email marketing at teleris dot com.
We’ll make sure that you get that. But guys, phenomenal resource. I’m sure we’re gonna be talking about this more. It brings together everything that we’ve talked about with every discipline under that cybersecurity umbrella.
Phenomenal.