This HITT session focuses on teaching technology advisers how to effectively cross-sell and upsell cybersecurity solutions to expand deal sizes. Led by Sumera Riaz from Telarus cybersecurity and representatives from Netrio, the session explores how security touches every aspect of technology sales including network, voice, cloud, and managed IT services. The presenters discuss the evolution of computing platforms and how the expanding attack surface creates more opportunities for security sales. Key strategies include positioning cybersecurity as the number one business risk, using open-ended discovery questions to understand client needs, and leveraging compliance requirements as conversation starters. The session emphasizes that cybersecurity creates sticky client relationships and provides opportunities for recurring revenue through managed security services. The speakers share practical approaches for having business-focused conversations about risk rather than purely technical discussions, and explain how to identify gaps in existing security implementations through services like penetration testing.
Transcript is auto-generated.
Today, we are thrilled to welcome Sumera Riaz, and Trevor Burnside from the Telarus cybersecurity team and Chris Hewitt and Chad Frazier from Netrio. They’re going to be talking to us about a topic that I swear I talk to you guys about once a week at least, where people are talking about their strength in the land and their their stretch to get really good at the expand, how to cross sell, how to upsell. And they’re gonna be having a conversation about that for the next half an hour and change. So I’d love to have you guys just take it away. Welcome, and thank you for being here.
Thanks, Jen. Thank you everybody for joining today.
My name is Samira Riaz. I’m the VP of cybersecurity here at Telarus. And such an exciting topic, cross cross sell like a pro. This session actually came out of a deal, an opportunity that I worked with Netrio on.
And it would started out as just a basic security opportunity, turned into a network, a cloud, a voice opportunity, all with Netrio. And we really expanded that deal size almost fifty percent just by bringing in the other the other components. So that got me thinking it’s, why not take this on the road and help you guys learn how to cross sell, how to really expand the deal sizes that you have today, and not just, you know, not just incremental growth, but exponential growth. Right?
Because that’s what we can do when we cross sell. Security is sticky. As you guys know, if you have a security client, if you’ve sold security before, that client is gonna be with you for life, especially as a technology adviser. You guys are vendor agnostic.
Integrity is built by design into your business model without even trying, and that’s the CSO’s love language. So you you guys are in the right place at the right time. And today, we’re gonna teach you how to cross sell like a pro. I’m gonna hand it off to my friends at NetTrio, Chris Hewitt, Chad.
Thank you, Samira. Appreciate it.
Hey, guys. Chris here with the Trio, VP of channel. Try to introduce yourself, and and we’ll let you we’ll let you take the first slide since we’re gonna lay some foundational. So we’re gonna talk a lot about, you know, kind of cross selling, upselling, so land and expand.
All the cliches that you’ve heard about, are massive in our world. So, you know, again, I think the the Telarus team can can certainly can can vouch for us in our ability to to to handle this. So we we do get, into a lot of opportunities where clients are looking for kind of that single partnership. So, it’s a great topic for today, and and Chad’s going to start off for for all of you that are a little more, maybe a little more technical, this is a a good vision into, kind of the evolution and and trying to make sense of kind of how these these things evolve and and how to make sense of of attacking the, the market for you.
So, Chad, I’ll let you take take this, first one.
K. Thanks, Chris. Good morning, everyone. Chad Fraser. I’m the vice president of solutions engineering at Netrio.
And as Chris said, I tend to be, you know, the propeller does spend spend on the top of my head of time. So, appreciate you kinda, sitting with me and going through this. It’s not gonna it’s not I’m not an optometrist. It’s not an eye test. It’s not gonna be you’re not gonna be tested at the end. I just wanted to lay some foundation like the why behind, cybersecurity, why it’s so important, and really the evolution like, you know, computing and networking has largely driven that. If you’ll go, way back way and and you can tell by the the gray that I, I’ve lived through this on myself.
But in the early days, certainly, computing was limited to some users and, you know, mainly the workloads were on mainframes. You had to have a terminal server. You had to have physical access to get to that terminal server. So it was a very limited closed environment. There were zero network connections. So security beyond this, the physical security to make sure that you had the card to get into the lab or wherever to use use your terminal server, that was what security was about.
You say Chad, would you say it was more what you can see, feel, touch, and hear instead of virtual?
Right?
Absolutely.
Absolutely. Your perimeter, you saw your devices, and you could you could see you could see it and you could secure them.
Yep. Yep.
Good old days.
Yeah. The good the good old days. When you had certainty around things too. Right?
Yeah.
So and and to you know, and and that’s an important an important part point, Samara, is that virtualization and I didn’t talk a ton about it in here, but that really moved things along to where you could kinda virtualize things. So that that feeds in here.
So as we moved on into the second platform, you know, that’s where we start having distributed computing. You started having, you know, client server applications and you could have workloads different from where the data is presented to the to the end user or the consumer. And bear in mind, when I talk about user, that could also be, you know, another service account on a server and things like that. So that’s important as we get to the top of this graphic to understand. So it With that second platform, that’s broadband entering the stage. Right? Correct.
When always on network and that skyrocketed the sales and and the solutions for security.
Absolutely. Absolutely. Good. So at this point, you know, you went from, you know, your your users and the applications scaled up.
Right? You had more use for them. You had more users accessing accessing those applications. You had more applications that users could access.
So, if if you’re a math person, you think about the factorial, implications of that, that’s a huge change in terms of, like, the number of places, to Samira’s point, that you have to watch, that you have potential vulnerabilities. Again, billions of you know, if you extrapolate hundreds of millions of users across tens of thousands of apps, you get billions of network connections. Again, largely more controlled, you know, we’re not talking about cloud yet, but it is still a lot more entry points for the bad guys to get into. So as we move to the third platform, and I would consider us kind of in third platform moving towards, fourth platform.
You’ll hear some concepts in the fourth platform. But this is really what we are today, where we are primarily today. When you talk about web, social media, mobility, big data, cloud computing, now we’re into billions of users and millions of apps. So we go from billions of network connections to one quintillion network connections.
So that’s a lot of surface area to cover. Now you have workloads that are virtualized living up in the cloud. You can’t touch and feel them and see them to Samira’s point earlier, And it’s really expanded the attack surfaces. So things had to change where, you know, if you wanna think of, you know, perimeter defense in the second platform, let’s put a firewall out here.
Let’s firewall off our enterprise. Everything is sitting behind it. That doesn’t work anymore. Right? You have workloads in the cloud.
You have mobile applications. You have all these different places where data resides, end users are getting that data served up to them in some application. So exponentially growing in terms of features and capabilities, but also from a network perspective, which drives again cybersecurity. So you think about that attack surface, how it has grown, you know, first to second platform, it grew a ton.
Second to third, you know, it it’s just mind blowing to me when you’re starting to talk about quintillion. So as we move into the fourth platform, this is where, you know, you’re talking about machines like sensors, IoT, machine intelligence, servers talking to other service servers or applications on those servers. And then you get in the concept of, like, you know, ambient computing and you’re talking about quantum computing and all that. That that is definitely a game changer.
Now you’re talking billions of users, app sensors, and really, for all intents and, purposes, infinite network connections. So what does this mean? It means as we go on into the fourth platform that the job of the cyber teams is even harder. The attack surfaces are bigger.
You have to protect different types of, computing platforms. You have to provide secure access to those users. So just trying to paint the, the palette to understand that this is not something that we’ve reached steady state on. We’re gonna continue on that, that path to, you know, the unlimited infinite network connections, and we have to give guidance on how how you, adequately protect those.
So And that’s I love that point.
The the I would like to kinda do a couple of points on why this matters. You know, we’ve gone through we just looked at the the four layers of computing.
Why this matters is from us two things. Why this matters and why you guys as technology advisers are such a critical part of the ecosystem for CSOs and cyber teams is because cyber teams and CSOs don’t have time to research the new solutions that come into the market with emerging technologies. I’m gonna repeat that. CSOs and cyber teams do not have the time or the bandwidth to research the new solutions, that can help, lessen their attack surface.
There’s they’re firefighting every day, and what most of, the teams and CSOs, myself included, what we did was we would ask a friend that was a CSO and say, hey. What are you guys doing for this? And he would you know, one of my friends, hey. Try CrowdStrike.
I deployed CrowdStrike because my friend was doing it for his environment. What didn’t work for my company is every company has its own DNA just like humans. And it the solution has to be customized for that company because my culture, my values, my people are different. Our operating model is different than my friend’s company.
And that is why they need a technology adviser to guide them, somebody who’s vendor agnostic to come in and say, you know, hey, mister CISO. What are your risks? How can I help you lessen your risk yeah, and bring in solutions that are within your timeline are and are within your budget? And so it’s such a such a beautiful partnership there between the the TA community and and the security leaders.
What do you think, Trevor?
No. I agree one hundred percent. And, I was actually talking to a client early maybe it was last week with a a trusted adviser who was asking for something that was kind of outdated in security with a, you know, a verification that was defeatable at this point. So they’re like, hey.
Can you get on the call? The customer’s asking for something that doesn’t necessarily make sense anymore. We got on the call, and one hundred percent, the way that they were set up and architected and the old systems that they have, they they didn’t have much choice. They had to keep doing things in a different way.
So I think, you know, the the best part about being a trusted adviser is you get to really have those one on ones with customers and tailor solutions to them because security, one, it’s gonna be a journey. And two, it’s not cookie cutter. It can’t be the same for everybody. Everything’s gonna be different.
They like you said, based on culture and then also just how businesses are set up with dealing with old technology and and antiquated things, and we’ve gotta help them and secure them where they’re at today while they transition to more modern technology.
Yeah. It’s a great point. Can you go to the next slide, please? Thank you.
Perfect. Chad, I think we can we’ll probably tag team these, and, Samara, please step in, where where you see fits on your side too. I certainly wanna make this collaborative. But but, again, the focus today is is every trusted adviser on this call is at a different state in which they, they’re selling or focusing on how to bring in cybersecurity into their environment. So of you guys are doing it at a high level and and and crushing it, some of you guys aren’t doing it at all because you’re nervous. Maybe it’s fear, head trash of feeling not confident. But, so the purpose of today is to, one, bring to light what it if you’re gonna make the investment in learning these different areas.
You know, the first recommendation is to is to make sure that you you you you start small, get your small wins, and then and then grow into those, you know, grow into those opportunities so you get comfortable. I would also say that, again, if you’ve sold something, there there there are some simple ways that we can transfer the conversations from, say, network to cyber or managed services to cyber or, all the above. Right? So, that’s kinda the point of this whole entire presentation today is we’re trying to upsell and cross sell, right, with a focus on cybersecurity.
Like, why is it so important? So we we’ve outlined, kind of what we think are, eight of the most important things, and this is really focused on you, the trusted adviser. Right? So, you know, the the first one, cybersecurity is the number one business risk for every client.
I think that one’s pretty obvious. Right? You guys hear all of the different stories out there for the various ransomware, attacks, the the, you know, the the compromises that have taken place. You know, it’s no longer just, you know, Target and the the HVAC, you know, entry and all those kinds of things.
Right? You’re you’re hearing about, you know, even these small businesses who used to say, oh, well, I’m a small business, and nobody really cares about me. Well, that’s not true because these, you know, these attackers on the other end don’t see who it is. They’re, you know, they’re running port scanners, and they’re doing stuff.
So everybody is vulnerable. And so there’s table stakes. Right? And so, you know, back in, you know, two thousand seventeen when I started, here at at Nettrio, you know, the the the budgets were nothing.
Nobody was spending money. Everybody wanted to be educated. And now with every opportunity, everybody is interested if they’re not consuming at least some sort of a basic cybersecurity package with what we do. So I I think there’s there’s good alignment.
Samir, Chad, you guys wanna add to that?
Can I add one one point to that? I mean, if you really think about it, you know, being small, you’re probably more likely to be a target. Right? If they don’t distinguish between one IP address to the other, but you’re less likely to have good cybersecurity posture. So you’re probably really, in the in the grand scheme of things, probably more at risk if you think you’re not just because you’re small.
Yep. And that leads into number two. Right? Everything, that you’re selling touches security. Right? So whether it’s network or voice, cloud, managed IT, it’s again, it it’s all in there.
And, again, if you’re not aligned with you know, one one of the reasons, you know, why we’re on this call is because, obviously, we’re we’re touching all of these things within our product portfolio. So make sure you’re aligning yourself.
Use your use your Telarus resources to make sure you’re aligning yourself with suppliers that have the best interest in mind. Right? So so so when there’s a cross and and the ability to look at these things, I think, aligning yourself with, you know, the the proper resources in your TSD as well as, you know, go out there and and and try to, get to know some suppliers that maybe you haven’t used before, so that you can see what this looks like at a bigger scale. So if you’re, you know, if you’re a, you know, a a a traditional telecom seller, you know, I I had a I had a I had a, technology adviser come to me the other day and say, Chris, I’m I’m divorcing telecom, and I’m only going to sell MSP MSSPs, deals moving forward.
Can you help me? I swear to god that was a that was an email I got. But it’s pretty impactful. Right?
I think they’re, they they wanted to tie themselves to something more strategic and certainly heading down this path and getting in getting a firm understanding of how security can play a role, in all these other things, you’re you’re you’re looking for mind share. Right? And as the technology partner, you you want to upsell and cross sell, and so I think these things are are big.
We can probably go on to the next slide for say probably sake of time.
Chad, do you wanna take these next two?
Yeah. I’ll be happy to, Chris. So I think, you know, a lot of what we do when we come and talk to customers is really kind of, you know, the the scary thing about this type of conversation is you think it’s a technology conversation. Reality is it’s a business conversation.
So if you can come in and, like, just have a plain conversation with the client, kinda understand what their environment looks like, you know, identify kinda high level risk things, like if they’re, you know, where’s their data, how do their users access it, what’s are there any compliance frameworks around that data? You know, that kinda lays out your controls and things like that. But if you really just have an honest conversation with them about that and understand and put your yourself on their shoes, then you put yourself on their side. And and you’re really working in your best interest as opposed to being perceived as trying to sell something.
So as Chris said, there’s the tendrils of cyber are through virtually every piece of the enterprise today. So you are always gonna be involved in, like, giving opinions and guidance on, like, what happens because they understand that everything is interconnected. So that will inherently boost your credibility.
It will also, establish you as that, you know, trusted adviser that you are. Right? So you’ll have the opportunity to provide input, like, you know, more moving from a a tactical logistics into, like, the strategic environment. And then, you know, that’s a game changer because you they’ll come to you for other things.
Right? Because they always in the back of their minds, they’re gonna think, oh, well, I probably need to check and see what impact this has on my cybersecurity posture, things like that. So definitely, it is not a technology discussion. It’s an outcome discussion, a business conversation about what they have today and what’s the best way to derisk their environment.
Obviously, it explain it it expands the wallet share and recurring revenue. I know everybody hears EDR, MDR, XDR, SIM, blah blah blah. All the acronyms and all that. But really think of that as, like, those are protections, those different attack surfaces.
I think everybody has heard the horror stories about, you know, a very innocent thing. Like, somebody clicked on this and then you get ransomware. You know, though these things are all good protection around that, but it’s it’s more than that. You gotta have intention.
You have to have a plan that’s gonna have an outcome that drives it. And and along the way, you do expand your wallet share because you you know, as they bring in and say, hey. We’re thinking about going from on prem to cloud. The needs are gonna change.
Right? So there’s always recurring revenue opportunities. There are soft services, you know, if they wanna come in and if they want someone to come in and provide them, you know, a an assessment of where they are relative to, you know, HIPAA or NIST eight hundred one seventy one or eight hundred fifty three, whatever the case may be. So, you know, again, these are all they’re all related and they are, you know, any and to the point Chris made any earlier, anything within the enterprise is gonna be impacted by cybersecurity services.
So and it’s high margin, fast growing. It’s, you know, the fug sells. Right? I think everybody’s heard that fear, uncertainty, and doubt.
IBM built built their company on it. Right? So that I’m not saying play off that, but that raises awareness. So make sure that you you capitalize on that awareness in the marketplace because everybody reads horror stories, everybody hears them and all that.
And, you know, you can take some of that away and say, okay. Let’s quantify your risk and determine what your your, risk tolerance is, and then you can build a program around that to get them there to that outcome.
Exactly. So the reality sells. Right? It’s the stories and reality that’s what sells. And so I would I mean, definitely, like, I position the the conversation just like kinda you mentioned, Chad and Chris, is, you know, you guys see on the news today if it’s a financial client, you know, this bank got this bank got breached. They didn’t have this and this and this in place today.
Have you done an assessment yet? Have you, you know, have you measured your vulnerability scans and threats? What’s in your environment today? And how can I help you derisk your environment better?
So just any triggers in the news, and there’s always gonna be that because especially with AI coming into our hemisphere, it’s going to grow the cyber attacks, double and triple them for next year is what the forecast is. So that’s, you know, sad news, but good news for us is now we can really help our clients find those right solutions for security and not leave that at the table. Because, honestly, the the the point is if you don’t sell it to them, somebody else will. They they have to buy it from somewhere.
Why not you? Why not you guys who have invested years and years in their relationships and to make you know, to sell them these security solutions and make your relationship stronger?
Yep. Yeah. I I wanna double click on that, actually. I mean, there’s a lot of advisers probably on the call today that have regulated industries as customers like banks, you know, health care, financial institutions, you know, you name it.
Right? A lot of regulated industries that they’re doing business with. And and some of these industries or some of these customers are going from audit to audit and and all day, you know, throughout the year, and that’s what their decision making is based on. I think, you know, if we are a trusted adviser, the hardest part to me is building trust with customers.
And if you have that trust already established, you can get into that cycle of, hey. What’s what’s your next audit? Let’s go through some of the, the findings. Let’s help mitigate some of the things.
Let’s go through and help solve these solutions. If you have the trust, you can have those conversations. And to your point, Samara, for a regulated industry, they they don’t have a choice. They’re going to buy these these controls, these tools, the technology.
If you have the trust, they should be doing it through you.
Yeah. And just just one more point about that. I mean, assessments are great. Right? But they’re a point in time.
The if you really think about the what you’re bringing to the table is, you know, you’ve got to manage compliance drift. Right? For example, somebody goes in and you go, you’ve got MFA everywhere and, you know, you’re checking all the boxes, all your controls are properly managed, and then somebody goes and puts a user into an MFA exception policy for some reason and they don’t get taken out. That’s a risk and you’ve you have deviated, drifted from compliance.
So that’s an area that, we focus a lot on these regulated, verticals, and those are things that you can use some of the tools to go out and check it. And the other thing it does is it helps with to Trevor’s point, it helps with the evidencing. When somebody comes in for an audit, you already have it evidence to present to them to say, yes. I’m in compliance.
Check that box and go on instead of going through this exercise, this mad scramble to gather the data and prove it. Right? So that all kinda goes hand in hand. Don’t think of it as a one time event.
It’s an ongoing challenge to main if you to become compliant and to maintain compliance are two different things, and you have to offer both.
Yeah. Let’s go to the next slide because I think that talks a little bit about it. I also was gonna mention, I know that there are trusted advise out there that are highly focused on monthly recurring revenue, as they should be. That is the line of business we’re in. However, sometimes, leveraging a soft service like a pen test, right, can sometimes get you into the conversation and establish value.
So for the example Trevor gave, we we recently did a pen test with a bank, obviously, I’m not sharing names, but we were able to to get to the point where we were able to take over. Didn’t, but, you know, that’s pretty impactful impactful to a client when, they pay you to, to to look at these things and and and you’re able to find those gaps because then that gives you the opportunity to go in and and and solve those problems. Right? Because at the end of the day, you know, pain equals a problem to solve for these clients.
And, Pat, there’s a great question in chat. I was gonna response in in chat, but I thought this is a this is a good one to call out is it’s it’s from Jamie North, and they’re asking, what I find difficult is that how do you find that perfect stack of security? No overlaps. They’ve had challenges with vendor overlap, heavy overhead, massive gaps, overpromised security that doesn’t work.
So how do you find that perfect stack? And I love that question because, one, there’s no perfect stack. Right? There’s it’s only what’s perfect for your clients.
And for that, you would have a discovery conversation to see what their needs are and, you know, not open it up to the panel to answer as well. It’s such a great great great topic because every company has their own DNA. So you have to find, kinda like a doctor, what’s the best prescription for them to derisk their environment and move to a better security posture than they had before. For that, when we Telarus engineers, myself included, when we talk to a client, we start off with a strategy conversation.
We then we move into discovery. Strategy is, hello, mister client. Where have you been? Where are you today?
And what does your north star look like? That gives us a sense of where they are today and where do they wanna go. And then we dive into discovery conversations as what other technologies are in your environment today? What does your tech stack look like today in infrastructure, in network, in CX, in apps if they have DevOps teams?
And then we’ll take all that information. And because we’re architects, we can then design a solution for them that is best, for them that’s within their budget, and that’s gonna provide, the coverage that they’re looking for. And we’ll, of course, bring in three providers to the table that that, that meet those requirements, and and then we go from there. Do you guys wanna add anything to that?
I I think you hit it perfectly, Samara. I mean, the the reality is needs of different different customers vary because they have they have different environments. They you know, some of them may be all on prem. Some of them may may be all up in the cloud.
And it really depends on, you know, I always think of, like, where is the risk? The risk is around data exfiltration, privacy, all the regulations around that, you know, and compromising. And then the other big one is business continuity. Right?
One ransomware’s event can shut down a business. And I’ve seen it where, you know, the failures usually you don’t have good backups. Right? That’s why it’s all interconnected that good backups, you know, ultimately air gapped if possible, are are the best prevention.
And and the point I’m trying to make is you can’t always stop everybody, but you’ve gotta be able to mitigate, and you’ve gotta be able to recover quickly. So that’s gonna vary, you know, environment to environment. So well said.
Along those lines and there’s actually some good questions in the chat that I think kinda go around this as far as, you know, hey.
For customer size, you know, how is it tailored to different, you know, verticals, complexity?
You know, how do we how do we translate risk to a c suite? I think a lot of this comes down to, when we look at from an organization perspective or a business, the asset value, right, of okay. What what do you have in the organization? What does it work for the organization?
And, usually, we can determine that by, like, okay. If it’s compromised, how much is it gonna cost the the organization to to resolve and fix? So everything is gonna be different for an organization. I was actually talking to a customer that was fifty users but had a massive online presence and a lot of online servers, and they were absolutely willing to to spend budget to protect their servers even though from a sizing perspective, they may be considered SMB based on fifty users.
But the assets or the value of their their, virtual servers was, was pretty extensive. So when we look at asset value and, you know, to your point, Sad, as far as, like, hey. Are we trying not to sell with FUD? If you sell towards value and that, security can be a cost efficiency center for the organization, it ends up being better, especially when you’re talking to a c suite.
Yeah. And I I’ll I’ll say the other thing to consider, and I’ve this is one of the more fascinating exchanges I saw was, like, if you think about, you know, not only risk tolerance, but impact on the business, you know, there’s been certainly people out there who said, you know, in some cases, it’s better just to pay the ransomware. Right? Because if you think about, you know, if you’re losing two million dollars a day and you’re gonna try and go do recover and all that, it’s gonna take you forty five days to do it, you know, do the math versus the payout.
I’m not suggesting you do that, but I’m just saying that that is something you gotta consider in the overall, picture is like, what is the actual impact on the business? If it you know, if it’s just like, okay. You know, some some company’s reputation is all they have. Right?
So it’s about protecting reputation. That usually will be propagated from the c suite down. Right? So the things that are important to them about business continuity so we can keep generating income and profit every day and, you know, calculate that out or our reputation.
So that really gives you guidance like on, you know, how you put that together and how you present it to them. But it starts with, again, a good discovery business conversation to say, what’s important to them? How do they measure it? And and that that in in turn will, you’ll arrive at what their risk tolerance is.
Yeah. That’s a great point. Hey, Samira. How much time how are we on time? Because I wanna make sure to get some of these questions, and I wanna make sure we finish up. How much time do we have left?
We’ve got about ten minutes left.
Okay. Perfect. Let’s go ahead and go to the the next slide.
I I think this one’s pretty obvious.
You know, if your cybersecurity is gonna drive you into larger opportunities. Right? So, again, everybody’s journey is a little bit different. You have to start somewhere.
Are you gonna start cybersecurity and then all of a sudden, magically, in one month, you’re gonna just start entering into these large enterprise opportunities? No. I mean, there’s things that go along with this. Right?
But start with your start with your target market. Start with what you know, and start those conversations simply. So I know one of the questions was, how do we how do we simply start some of these conversations? Right?
So, actually, if you go to the next slide, I like to do this. Again, Chad and I are on are on prospective client calls, you know, with these with these guys. Right? We’re we’re working opportunities, with the with the technology advisers, you know, probably three to six times a day.
Right? We’re we’re we’re we’re kinda working through these things. And so I like to keep things very simple because I wanna get the person on the other end talking. Right?
And so for me, I mean, these are two really, really simple, and then you might be like, duh. Obvious. But what we’re trying to do here is pose a question in a way that you can get somebody to open up and pour out. Right?
We’re trying to get people we’re trying to get someone on the other end to pour out. Doesn’t really matter who you are. So, I will generally ask, like, how do you handle IT network and security support? Again, being that we are an MSP and an MSSP, we’re looking for it, on all three fronts.
Right? So that is a core, those are core services and a core pillar for us. Right? So we’re gonna ask them, how are you doing that today, and how’s it going?
Right? So I leave it very open ended. Right?
You know, typical answers. Right?
Man, you know what? I I’ve I’ve got this internal team, but I’m you know, I hired this you know, I hired these two these two these two people and paid them a lot of money, and then we they got poached and somebody stole them from me. And I have to rehire and retrain and do it all over again, and I’m struggling. I don’t have an area of you know, I’m missing areas of expertise that I need, and I can’t figure out how to do that with my internal team.
Right? So they’ll go through all of those things. So when you ask the question, they’re gonna pour out on you and make sure that you’ve got a notetaker or you take really good notes because they’re gonna give you all the answers to the test. Right?
They’re gonna tell you where all their problems are, their pain points are. People want if they think that you’re listening and that you care, they’re gonna pour out on you, and they’re gonna give you this information by asking open ended questions. Right? So the prospective client clients are gonna do that.
And then the other really easy way to do that is to, try to align them with something you know is actionable. Right? You hear it all the time. So if you’re not comfortable with the compliance, areas like HIPAA, PCI DSS, CMMC, like, all the various compliance areas, at least know what they are and know which industries are tied to which regulations so that when you ask the question, you can have some level of intelligence that they’re gonna do it.
Right? So you know that if you’re dealing with a health care client, they’re gonna talk about HIPAA. Right? Then you wanna make sure that you work with a supplier that understands, and has certifications.
Right? So for us, we’re SOC two type two certified. We’re NIST eight hundred one seventy one. As far as alignment, we’re an ITIL shop.
So know your suppliers, know how they align, and know how they get into those things. Because as soon as this information is uncovered, you then have to turn to the TSD and or your supplier portfolio, and you have to figure out how you’re gonna go, solve these problems for the for the client. Right? And so some of them, you may ask them, what is your security posture?
They may say, what’s what is a security posture? Right? Then you know what you’re dealing with. You really have someone who doesn’t understand security, has no idea that they’re at risk.
There may be an opportunity there, or it may be someone where you might be like, oh gosh. I’m in trouble. This is gonna be a battle that I don’t know if I wanna go fight or not. Right?
So you also make those terminations.
And then the other would be, like, cyber insurance. Right? So if you’re you may not be regulated by a certain framework or certain compliance, but cyber’s but having cybersecurity insurance might be on the docket. So, you know, looking at a cyber defense matrix, understanding what’s in play, understanding what they’re gonna require.
And, again, having a supplier that understands what the customer is trying to accomplish, right, working with your your TSD resources, working with Telarus is going to help you guys better align so that these conversations make more sense. But, I I like these two. There’s obviously hundreds of questions you could ask in a discovery call. But if you’re uncomfortable and you’re just wanting to break the ice, I start with open ended questions like this, and it really gets the client talking and opening up and pouring out.
So, Samara and Trevor, if you guys wanna add to to what you see or hear based on some of this, you guys see this to be good openers, and do you guys have ones that you use?
No. I like these. I think they’re great openers, and, also, they’re not they’re open ended, so they leave the opportunity to respond. So I I like that.
There are some just pivoting here a little bit. I know we we are we are on time, but there’s a couple of questions in chat that are just amazing. So I just wanted to take a minute to answer that. One was around multi vendors.
So Wes was asking if a multi vendor is is okay to have in an environment. Right? And there’s a difference between multi vendor and vendor overload. Multi vendor is a great strategy for CSOs because that gives us a defense in-depth posture.
So instead of putting all our eggs in one basket, we can bring in the best of breed, the best of suite on technology out there and deploy it in our own environment, which is, you know, a a lot of folks do that. Right? The problem comes in is where, as a CISO, my team may not be trained or be, you know, be able to understand the new technology that I have deployed. Therefore, the need for an MSSP with an extension of bet bench becomes critical to my my company’s success in deploying security solutions.
And that’s where your MRR comes in is when you are elevating the deals from a license only model to selling managed services.
I hope that answers the question. Any do you guys have anything to add to that?
No. I I know we’ve got a couple slides on on Netrio and certainly wanna get to those. I saw a few people ask about what we do and how we do it and all those things. Do you think that’s a good good use of time, guys?
Real quick. I did wanna answer one of the questions I think that kinda leads into that. If someone says, hey. There’s a I’m working with a company that already has an MSP, MSSP engaged.
Like, am I shut out? Right? And I think you mentioned this earlier, Chris, on an opportunity that oftentimes we we start there with, like, okay. Well, you you know, does your regulation or your compliance require an annual pen test?
If so, you should probably be doing that by a a third party that doesn’t have any conflict of interest. Right? You don’t wanna use an MSSP that you already have to test against their own controls because, you know, there’s conflict of interest there than, you know, the Fox Garden in house. There’s people that say that, you know, that’s kind of outdated, you know, thought.
But I’d still say it, you know, if you’re getting a pen test, you should be rotating who’s doing that every year. So you’re getting different findings. You you know, not every pen test is the same. So start there, and that can be a toe into the gap or toe into that customer of, hey.
Maybe maybe that MSP isn’t doing exactly everything that you could be getting. Go back to that out that outcome conversation of what’s the outcome that you want from an MSP or an MSSP, and are you getting that expectation and that outcome?
And, if you’re not, it’s time for, you know, due diligence process, and we can help them.
Yeah. And, Trevor, just to add on to that, there a pen test is not a pen test is not a pen test. I mean, a lot of people, they say pen test, it’s a vulnerability scan or it could be an automated pen test. There is no substitute for an adversarial manual pen test.
I we do have a an example where we came in behind somebody who had annual pen test, and within hours, we own the environment. Right? So the their pen test didn’t show didn’t turn up anything, but we literally owned eighty, everything within a couple hours. So this that’s that’s a, you know, word of wisdom that it never hurts to have third party check.
I agree with Trevor. It’s it’s best practice. So that does get you in and get you into discussions and, you know, there are there’s obviously, you know, there’s a lot of differences in terms of MSPs, MSSPs, and all that. And they they may not have the capabilities.
There there may be gaps there as well. So definitely, good points, Trevor.
There’s one question. I think we’re we’re done with the content. We’re gonna move into the q and a part of our, training today, which is and I have got a question, from Robert Karski to Nettrio. How do you define your ideal customer profile today?
I think the I think the question was how do you define your ideal profile?
Yeah. So so for us, in particular, we we focus on the mid market small enterprise, so that’s two hundred to five thousand employees. And then our value proposition tends to be when there’s consolidation of of solutions. So if you’re looking for more of the one back to path.
Right? So if you’re looking for, if the client’s looking to build a, quote, unquote, partnership With a supplier, from a more holistic view, we tend to win the most. So we’re one of the very few in your in in the portfolio that is not only an MSP and an MSSP, but we have, connectivity aggregation, voice, app dev, professional services, smart hands. Right?
So we you know, there’s a lot of opportunities where we might be hitting six different practice areas in a single opportunity.
Right? So we compete in network as a service. We compete in service desk, security services, the ability to consolidate those, you know, put those on a single bill.
You know, there’s a there’s a lot of value proposition that goes there. And then we complement that with our unified Netrio Now platform. So being able to to give the the the the customer a single pane of glass to log in to to see all their tickets, all their dashboarding KPIs, analytics.
We we’ve got generative AI built into our platform so that we’re, you know, doing we’re we’re looking for sentiment. We’re looking for efficiencies within our within ourself to be able to do that. And then there’s a there’s a massive human capital overlay for for what we do from success managers to strategic advisers that come as part of the offering so we can really lean into things that are strategic and tactical, while all while handling that from a service delivery perspective and using our service delivery lead. So I would say those are the the big massive differentiators for us is being able to target clients that have, a lot of, problems in a lot of different areas or they’re looking for, again, to try to consolidate the the those relationships, into one or two suppliers, we typically win a lot, in those particular environments.
There’s a couple questions in here about, there was one a while back, actually, Chris, that was about how how would you do you have an example of a gripping, email subject line that you might use to get someone’s attention if you were talking about your solutions?
Oh gosh.
That’s a hard one.
I put you on the spot.
My gosh. Yeah. I put put you on the spot. A gripping one. Again, I like to I like to, back to the the simple questions.
You know, try to find doesn’t necessarily have to be about a technology or a technology thing. Try to focus a tagline that focus on is on a business outcome because, ultimately, that’s that’s what you’re trying to get to. Right? Technology is just you know, all the things we do are just enablers to get to a business outcome.
Right? So, you know, things like I always try to align myself with I always use the whiteboard analogy. If you go into someone’s office, they usually have their top ten objectives of whatever they are. No matter what their department is, they have them listed on their board.
Right? So you’re trying to find out what those are. But at the end of the day, you wanna know, every company has top top three business objectives. You should know what those are, and you should you should know how technology is gonna be an enabler to help solve those problems.
So if you align yourself with company pain, department pain, and if you can even get to personal pain for the individual you’re talking to on the other end, that’s where you’re gonna connect with people, and that’s where you’re gonna win. So I know that’s not exactly the what they were looking for, but I would focus on something that that was tied to a business objective if it were me.
Makes great sense. We’re getting a a go to mark a go to market question about direct sales versus, channel focus.
Yeah. So we are, as we acquire, we do have, we do have a handful of direct sales, that that make up our division, but we’re about eighty percent channel. And we do have some direct sellers within our given markets.
But the the primary focus of our our budget and our resources and our the things that we do are all are are tied to the TST community, and that’s and that’s not changing.
We can take these offline. So as far as how we handle conflict, all that, we’ll let’s we can focus on those. So, Wes, I’m happy to to talk to you offline if you wanna send me the email.
I I have to wrap us up because we’ve got another segment that we need to get to, but I did wanna thank you guys so much for taking this time to help us talk about, a possible step into a cross sell conversation about cybersecurity. I think it was very lively conversation.
Really, there are lots of questions, and you guys were right on point. Thank you so much for being here, Netreo, and thanks, Sumaira and Trevor, for leading us through the conversation.
Thank you, guys.
Thanks for having us.
Thanks for having us. Appreciate it.