Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube
Jason Kaufman and Trevor Burnside discuss a successful upsell case study on their podcast ‘Inside the Win’. The opportunity began as a basic Exchange Server 2008 to Microsoft 365 migration for a client with an analytical CEO who demanded a flawless transition. Trevor leveraged this email migration conversation to identify cybersecurity gaps by asking simple questions about email security and endpoint protection. The discovery revealed the client lacked proper endpoint protection and 24/7 SOC monitoring, creating significant risk exposure. By educating the client about these vulnerabilities and available solutions, Trevor helped build a business case for comprehensive managed security services. The engagement ultimately expanded from a one-time professional services project to include ongoing managed services with ECI as the partner, resulting in nearly $8,000 monthly recurring revenue on a three-year contract. The episode demonstrates how trusted advisors can naturally pivot from infrastructure discussions to cybersecurity opportunities by asking the right questions.
Video Transcript
Transcript is auto-generated.
Welcome to Inside the Win. We’ll break down real world wins, showing you exactly how strategic partnership with our experts empowers you to tackle your most ambitious opportunities with confidence. Let’s jump in.
Hey, everybody. Welcome to another episode of Inside the Win. My name is Jason Kaufman, principal solutions architect. And here with me, I have Trevor Burnside, cybersecurity solutions architect, an expert in all things cyber.
Today, we wanna discuss a win that was a great upsell opportunity where Trevor started, you know, being brought into the conversation talking about upgrading an exchange server on prem from two thousand eight, you know, that EOLed for a very long time into Microsoft three sixty five migration that had to have a ton of white glove experience with it. Trevor was able to not only do that, but extend it into a cybersecurity conversation. Trevor, I’d love to kind of turn it over to you here. Can you give us a little background on that cybersecurity opportunity and how it migrated from well, double use the term migrate from Exchange to cybersecurity.
I would say something that a lot of trusted advisors ask me about is how do we start that cybersecurity conversation? I think this is a good example of that. There’s a lot more people getting involved in that managed services and the Microsoft discussion that can easily pivot into a security conversation. And a lot of those things go hand in hand. And in fact, I think if you’re doing your job as a trusted adviser, you should be asking some of these questions of your clients.
So in this situation, there was actually a client who’s using end of life email exchange, right, Microsoft, and they needed to migrate. They knew they had to go to Office three sixty five for all the benefits of the cloud platform, but it had to be flawless. The CEO was a very analytical person that if they were missing an email from, you know, a decade ago, the CIO was telling me they would know about it, and it was gonna be bad. So it had to be perfect, this migration or this this, you know, change.
And so we brought in a white glove partner to be able to do this. But in that conversation, we were asking about the other gaps that they had as far as, okay, with moving to Microsoft, what else could we take advantage of? What about the security stack?
What about the the benefits to Microsoft Defender for Endpoint, Microsoft Sentinel, some of these things that they could take advantage of?
Real quick. You don’t want me interrupting there. So, like, how did you initially start that conversation? Like, I know you got into some of the different tool sets that Microsoft uses on the security side, but, you know, you’re talking about an email migration. Like, if I’m a trusted adviser, know, what are some, like, three immediate questions I can ask to start penetrating this conversation?
Not having to be an expert in cybersecurity, but you asked some very easy questions, it sounds like. What what were they?
Well, one of the first ones, right, when you look at cyber or threats to organizations is email. Right? A lot of phishing emails come and a lot of people click on emails they shouldn’t be. So if we’re talking about an email migration, okay, we can absolutely do that. What are you doing for email security? How are you protecting your organization and your people so that if they click something, what happens?
And it’s a very easy conversation from an email to go into mitigations of how are we gonna protect ourselves. And then if and when something happens, what do we do about it, or what’s going to occur? And because of those questions, really, of, like, okay. When someone clicks, what happens?
We found out they didn’t have endpoint protection. They didn’t have twenty four seven SOC monitoring. So really realistically, they didn’t know what was gonna happen. They didn’t know what their blast radius would be if someone were to click.
Hopefully, they would be able to contain it with their identity, but they weren’t really sure. And because of that, we were able to expand into a lot of managed security service through that MSP that we were using to do the migration to Microsoft Office three sixty five.
Were they accepting of those gaps, or was it more of, like, you had to explain that not having email security if somebody clicks on something, you know, humans being, you know, what is it, over ninety percent of all the start of all breaches now and then, you know, not having endpoint security and we start getting the telemetry conversation? Like, were they accepting and kind of already understanding that there were gaps there, or was that something you had to explain to them that, you know, this this could be a real issue?
The CIO that we were working with knew that there were gaps there and understood those gaps, but I think highlighting those from an outside coming in helps, you know, internal people make that business case with leadership of, hey. Someone else from a third party came in, looked at our environment, and identified risk areas that we aren’t mitigating correctly today.
And because of that, we were able to help them build a business case of you need twenty four seven a security operations center taking a look at your environment. You need to be able to detect when something when someone clicks on something that they shouldn’t and be able to contain that and be able to remediate so that you can continue on and reduce that blast radius of an incident.
Us being able to educate what’s available out there and how affordable it could be based on their budget ended up being what won that opportunity.
Okay. And I know you kind of teased us a little bit with an MSSP came in and did all this stuff. So share us a little bit about your insights. Like, I’m in the mind of Trevor, you know, big brain Trevor, you know, who would you immediately thought of as you know, who’s gonna do that white glove support that can expand in here and get into the cybersecurity stack? Who all did you bring in, or did you land on one, and who ultimately won the deal?
Yeah. Because they were focusing on that my Microsoft migration and really focusing on leveraging the the new tool sets that they were gonna have going to Office three sixty five, it was a natural kind of idea to think, okay. How much could we use in Microsoft security stack?
They did have existing security stacks, that’s kind of what I take when I when I do these discovery calls is what’s existing today, what’s not going to change, what is new and what is going to change, and then how can we marry those together with a vendor that can support existing as well as enable future growth, right? And that they can grow into a provider, grow into a partnership that can really help them, you know, use what they’ve got as well as implement the new effective security posture. So taking those both into account, you know, from an endpoint protection, from email protection, you know, cloud security posture, you know, all those things, asking those questions about what’s current today, what’s staying is vital to make sure we’re getting the right vendor in.
Okay, so let’s talk about vendors. Did a ton of due diligence, ton of discovery, you did a great job mapping out the risk and some of the technical solutions that could come in and be play there. Who who all from a provider side? So let’s take our supplier list, and we’re going to start thinking like thinking like Trevor. We’re going to coin that term and probably get a trademark. Think like Trevor TLT.
Who would you who’d you bring into that conversation, and ultimately which supplier won that deal?
So it was actually our friends at ECI that ended up winning that opportunity because of their extensive Microsoft capability.
One, they were able to meet the customer where they were and then grow into their security practice and be able to add on as as time went.
So they’re a great partner when it comes to the managed services. They’re also a excellent partner on the managed security services.
Really, we’re able to bring that complete partnership to the customer. Certainly, we talk about, you know, potentially, people may want to have a different MSP versus their MSSP, and in in some ways, there’s some value there. In other ways, though, it makes a lot of sense to have someone that can take a look at the whole situation, especially in a migration, and get someone to the outcome that they’re looking for and be able to understand their environment and not have any gaps, between the MSP and the MSSP. So because of that, ECI was a good fit in this opportunity.
Okay. Awesome. And then, so just to kind of summarize everything up, you know, what started as a smaller prod I mean, sounds like it’s a decent project at least, but a smaller project, one time ProServe engagement, one time commission to the partner of migrating from a legacy exchange server, obviously multiple iterations to get from there to MS three sixty five. And then did you extend it into a managed services contract, or was it just a bigger ProServe contract just by having one conversation?
It was it was a few contracts actually. So I included professional services as well as managed services with ongoing MSP support and MSSP support. So it ended up being about just under eight thousand MRR on a three year term, which I don’t think anyone’s gonna turn away, you know, just on the actual managed security services. And then certainly the professional services one time engagement was was significant, but it was able to get the customer where they needed to be and, really a great opportunity that, you know, is gonna be billing for the next couple years.
That’s awesome. You know, turning a small ProServ engagement into not only a larger ProServ engagement, but also managed services for eight thousand dollars a month. You know easy win, just by pulling in Telarus engineering. So thank you Trevor. I’d like to thank you for coming on and talking about Inside the Win. Again cybersecurity needs pull in Trevor, Solutions Architect at Telarus, Sales Engineering. Have a great day everybody.