HITT – From Disruptions to Dollars: Turning Cybersecurity Challenges Into Revenue Opportunities

Welcome back. Sumera Riaz, our VP of cybersecurity and Trevor Burnside, solution architect for cybersecurity. Welcome back, guys. Super happy to have you here again. I’m gonna go ahead and just let you take it away.

Thanks. Thanks, Cass. So glad to be here with you guys today. We are, live from San Francisco.

Trevor and I are at the RSA conference this week. So very excited to meet all the cool security suppliers, up and coming ones, and, of course, we’ll report back here to you guys so you can also be in the know. Today, we’re gonna dive into one of my favorite, talk tracks, teaching tracks. It’s called from disruptions to dollars.

It’s how you take today’s disruptions in tech the technology world and turn them into a book of business for you.

So with that, if we dive in, Chandler, to the overview of our security practice again, you know, it’s a great reminder to have once a month. We bring you the slide to show you that we, at Telarus are, you know, well versed in across securing all solutions across the board, all practice areas, whether it’s, identity access management or offensive security. Hey. You know, our security posture is great in the defensive, but what about the offensive? We’ve got that too. We’ve got security and, with AI powered socks, data protection, GRC, governance, compliance, and, of course, it’s all doesn’t amount to much without an actual strategy.

So we have, you know, across the board, we’ve got you covered. If you go to the next one slide, please. So this is kinda I wanna land here just for a moment. How you get paid with security deals.

So a lot of times, when I, when I am either, teaching at Beyond the Solutions or one on one with the advisers, they usually ask, so how in security, how do you get paid? What are the different ways that we can, build revenue in security? So like the other towers, there are three ways you can. Monthly recurring revenue, which we all know and love.

Those are any managed services solution. So all or any managed services, MSP, MSSPs, those will all get you MRR monthly recurring revenue. And then there’s nonrecurring cost. Right?

That’s a onetime payment. That is, a great question, Wes. Does Meraki pay MRR? So anything that is, a managed it’s a service.

So let’s say you get Cisco Meraki’s, and then they’re gonna charge a monthly fee. That’s that recurring revenue. That’s gonna be your month MRR. But if it’s just a one time hardware or a software purchase, that’s usually just a one time, one time NRC cost, nonrecurring revenue.

So that’s like your pen test, v scans, compliance assessments, VCs of services, any onetime services. And, of course, like, you can always check with the supplier to say, hey. Is this gonna be an MRR monthly, or is it gonna be a onetime? And sometimes that can also be, sorted out between between you and the supplier as well.

And then, of course, lastly is licenses or OEMs. A lot of enterprise level purchase, companies purchase the licenses, and that’s usually a one time. But it can I’ve seen it be MRR as well because, when I used to buy Splunk in my previous life, it was, almost two million dollars a year. So we would make four quarterly payments as a company.

Sometimes it can be turned into MRR. Again, that’ll be between you and the supplier. They what you guys can work out. Usually, licenses and OEMs are low profit margins, but it’s a great foot in the door.

I I think a a good reason why we wanna show this slide is sometimes there’s a misconception that if if we don’t have managed services to it, we can’t get paid in the channel. I hear that, you know, quite often, right, of, oh, my customer wants to go with CrowdStrike Falcon Complete, which is the all inclusive offering that CrowdStrike offers for MDR and and using their own internal SOC. And, I said, great. Yeah.

We can do that. And, like Was actually just two weeks ago. They’re like, what? We can get paid on CrowdStrike Falcon Complete?

Yes. We can we can just do CrowdStrike Falcon Complete. If you’ve got a a customer who’s very cyber mature, they know what they want, and, they’re not gonna you know, they don’t wanna muddy the waters in any way or anything like that, we can still help there. So don’t don’t turn those away.

There is a way we can win on those type of things.

Yep. Exactly. Thanks, Jeff.

If you go to the next slide, Chandler.

Thank you.

So with that said, a great question, Trevor, in our in our chat is how can I get an SKU list of services for the security practice? What a great question.

You know what? We are gonna work on that to getting it to you. That’s a great point to note if you make a note of that, Trev. Yeah. Yeah. What we’re working on right now is getting you a segmentation from small business, midsize, and enterprise level in which suppliers cater to those industries and those verticals.

But the SKU list would be a great, that’s a great idea. Thanks, Chris Phillips from Texas City.

Yeah. I I think I don’t wanna give too much away for it could be a great segment into what’s gonna come after us talking about Telarus Labs. Because I think we’ll we’ll do you one better than just a list. But Yeah. I’ll let I don’t wanna steal anyone’s thunder, but, we are certainly working towards things like that to make it easier to know who does what.

Yes. And, your second question there, Chris, you can get the list of MSP, MSSPs.

Right. You’ll learn that right after our segment is done. Nate and Max are gonna come up and show you all kinds of goodness in our in, in the labs. So, yes, don’t wanna steal their hunter thunder.

Okay. So let’s kick it off with outcomes. Right? So we have, when you start with technology let’s say you’re in a in a room with a client and the conversation is going great, and then all of a sudden, technology comes up or, you know, the different products and OEMs come up and pricing comes up, end of that conversation will be very limited.

But if you’re in a room with a client and you start off with a strategy or start off with high level business outcomes, that conversation, there’s will be endless possibilities there. Right? Because you’re not pigeonholing into a into a technology set right away. So with this, Trevor, would you like to kinda go over this slide with us?

Yeah.

Yeah. Well, I think, when we talk about security, it falls into a lot of different buckets. And oftentimes, you can be you can be talking obviously to a CEO, you know, a CSO, of course, sometimes a CFO. You you can have a cyber conversation with a lot of different folks that you know, depending on how organizations are set up and and who they have or or specifically who they don’t have on their team.

Right? It it could be someone who’s managing risk, but not necessarily a cyber person, but they’ve gotta talk about risk. So focusing on the outcomes really allows you to to tailor that conversation to what they wanna talk about and what they see as their risk and be able to talk in terms of that mean something to them, like a CFO. The risk conversation, I guess, goes across, you know, all disciplines.

Right? Everyone under can understand risk, how to avoid risk. They may not get into, like, the nitty gritty of, like, how are we gonna mitigate this specific cyber risk. Right?

We but we don’t have to get to that, when we’re talking, you know, high level outcomes. It could be we’re looking to outsource our cybersecurity to reduce our, you know, internal risk, and that can start a lot of, conversation that way about which way are we gonna go. We can look at more of a managed solution instead of just those point solutions that we were kinda talking about earlier, to really give them an outcome that they’re looking for.

Exactly. Yep. So we start with, you know, start with business, business first, business impact first, risk first, and then leading into, the solutions and technology. Awesome. Thanks, Tra. If we go to the next slide, please.

So here’s, where you know, from disruptors to dollars. So what is a disruptor? Right?

What is a what are the disrupt Trevor, go ahead and you kick it off for us. So disruptors are if you were to simply put it in in nontechnical terms, what would be a disruptor that’s in your life today?

Well, I think disruptor is something that comes in and and changes the status quo. Like, changes how we’ve always done things or makes us reframe how we look at a a problem set. And and, again, the, you know, disruptors have to be technology. That could be anything.

Right? Of, Hey. A new car comes out on the market. Right? And, like, EV charging car.

Right? And it starts it’s a disruptor because, now it’s adding competition. It’s it’s changing our infrastructure. Do we have new gas stations that have to now have, you know, charging stations?

You know, it changes, the status quo.

And whenever that occurs, really, in any industry or any place, it adds complexity and also adds opportunity and decision making, right, of, know, what does the future look like? Do we stay with the status quo? Do we adapt? Do we you know, is it too risky to move?

Is it are we taking too much risk not moving, right, or not adapting? So a disruptor is, you know, really good from a channel perspective. We’ve we’ve done this a couple times. Right?

The cloud was a disruptor. You look at UCaaS back in day was a disruptor, and still kind of handy, right, in in some industries Where there’s these waves that come that trusted advisers are able to take advantage of and help, one, reduce the noise, reduce the complexity for their customers, offer clarity, and give solutions to to, you know, what what’s, I guess, changing in the status quo?

Yeah. So simply put, it changes how we operate. It changes how we live day to day. And just a great example recently, I I shared this in in the last BTS too.

My son is eleven, Ethan. You’ll hear me use him as a an example a lot of times in in my teaching tracks because he teaches me so much all the time. He came home the other day, and he needed help with his math. Right?

So it’s seven PM. I’m trying to figure out and then his math doesn’t look like math from my day from sixth grade. It’s it’s it looks completely different. And I’m like, let’s just do it on the calculator.

And he’s like, no, mom. I have to show how I work the solution.

So and I I can’t figure out what he’s doing. So I call his teacher, and, you know, we can text her and call her. She’s great. So miss McFarlane, I’m like, hey.

I’m trying to help Ethan with his math homework. It looks nothing like my my homework. You know? It looks nothing like my math homework when I was in sixth grade.

And she’s like, oh, Sumera, it’s called the new math. And I’m like, what the hell is a new math? What happened to the old math? Like, where did where did the old the whole world is built on old math.

So it’s, that was a disruptor for me because it’s you know, I’m not used to not used to the new math. Like, is two plus two still four? You know? So it’s it it was it was one of those moments. Of course, you know, the it it’s more about, I guess, really teaching the kids how to solve the problem than just coming up to the right answer.

It’s ridiculous. Yeah.

Anyhow That’s a good that’s a good point too. So back to, you know, the stories. I was trying to, last week, trying to explain to one of my kids what in flight radio was, like, in a in a airplane. And it was the concept was so foreign to them.

They they they couldn’t even, understand. Like, there’s a radio, and it’s on an airplane, and everyone’s listening to the radio on the air. Like, why don’t you just watch your iPads? And we’re like, you know, we didn’t have iPad.

We we didn’t have screens. And they’re like, we had telephones that were in the back of the headrest. Like, telephone? Like, I’m yeah.

This isn’t I’m not helping at all.

But No.

Exact but that’s the point.

It’s like any of these Completely disrupted the whole industry on on all those things.

Right?

Totally. It totally did.

It’s, it’s pretty interesting. So how do we take times like that, and how do we turn that into, revenue, money in our pocket? Well, with a with the the arrival of AI and cloud in especially in the IT world, it is a lot simpler than you would think because what happens when AI came to the scene is it expanded our attack surface. So now where you have humans doing, you know, all the, work that agentic AIs are now doing.

Right? And it’s our security solutions for the last three decades are built on machine learning, identifying human behavior. We have battle tested solutions, and we can detect human anomalies, but our solutions were not battle tested to detect AI anomaly yet. Right?

So you deploy a GenTech AI in an environment and, you know, god forbid, it gets taken over by a a threat actor. How do you differentiate a normal agentic AI functionality than that one that has been hijacked? There isn’t a solution yet for that. People are still working on it.

So all these, all all this, what it does is expands our entire tax surface. And that gets CSOs and security leaders really nervous because now they are entering into a space they don’t know yet. There are no solutions for it. How do you protect something you cannot see?

So that opens up a whole conversation into what can I do better in my environment today to secure my company and my employees? Right now, the best that we have to offer the whole globally, any solution is defense in-depth. You have to layer your defenses. So if one defense fails, there’s another one under it just to just to, you know, gap bridge that gap.

But that is gonna continue until we get solid solutions in the market. What that means for us as sellers of the security solutions, it is revenue. It is money in our pocket because that is exactly what we are trying to sell is good health good solutions that are holistic, that will help companies protect themselves, that will level up their security posture. And this is the time that that happens.

It’s because of these disruptors that are in the industry.

So the some ways the disruptors affect us is they drive growth. They’re not bad. They’re good disruptors. Cloud allowed us to scale.

I could spin up a server for in two weeks before cloud came into play. With cloud, I could spin it up in eight minutes and now probably, like, four. So it’s, it helps us to scale faster. It helps us the speed from, the speed to market is is like, it cuts that time down in less than half.

So it helps us to make money. It helps us to save money. It changes how works get how work gets done. Right?

It opens budgets. But at the same time, it also expands the risk. And that’s the that’s the way in for a security opportunity. Anytime, all the time.

The disruptors will always expose you risks, and risks is what’s drives spending. Any board meeting I’ve ever been in, guys, the first thing we ever talk about on our list is what are the risks that are associated today, for our company, financial risks, IT risks, external risks. So we that’s kinda where every board meeting starts. And that’s that’s where you guys are so critical as advisers because I know I keep saying that, but majority of the companies out there, they don’t know you exist.

And I know that once they do, they it’s gonna be you know, your phone won’t stop ringing because of the value that you bring. You bring agnostic, risk averse, help, vendor vendor intelligence into a a situation where a CISO doesn’t have time to go vet solutions. You’re bringing them that help that is so critically needed.

And it’s yeah. So trust me what I tell you that the conversations that you’re willing to offer to security leaders, it’s you’re gonna have clients for life with that. So, Tara, anything

Yeah. Another thing I think, you know, we we’ll talk probably about this a little bit more and something I harp on all the time is that, cybersecurity sales, especially, is built on trust, and that’s something that you can’t manufacture. You can’t just take somebody out to a dinner and and all of a sudden they trust you. Right? The the the value that trusted advisers have in the cybersecurity space, I think, is unparalleled, really, and and compared to these other disciplines because it requires trust for someone to buy something from you that’s going to physically protect their their cost their company from From an existential threat. Right?

And for someone to put their trust in you and to and to take your advice and buy something from you that protects them, it’s different than just a UCaaS sale, and they and they change a UCaaS vendor or or things like that. It’s not necessarily as transactional, and it relies on trust.

And that’s why I think trusted advisers that have these long term relationships with customers that have fostered that trust for years and years and years, the the

The only thing stopping you from selling cybersecurity is just asking questions. Yeah. Because you have built up that trust, you earned a spot at that place already to be able to do it. And customers right now are they’re gonna be asking about these things.

Just back to existential threat. The the thing with AI, in some cases, in some industries that you might have customers in, like BPOs or things like that, they’re looking at AI as an existential threat to their organization of we have to adopt. We have to stay relevant. If we don’t, we may get left behind.

We may get completely, you know, lose market share. So that some are looking at this, like, we have to adopt AI, but how do we do it safely? We gotta move fast. We can’t just move fast and break things, though, because if we lose all of our customer data in the process, it you know, the the risk is too great.

But the risk to not move is also too great. So there it’s a it’s a rock and a hard place for a lot of industries right now, and that’s where you guys can shine.

Yep. And exactly. And most companies, they will move before they have to sign up from the CSO. So it’s the CSOs are usually, like, running to catch up.

Right? Because that’s unfortunately, that’s kinda how it goes. A new technology comes out, company adopts it, and we they train our our the people on it, the employees on it, and then they get hacked because of the new technology. And then it’s raised to the to the nearest store to buy whatever they need to to gap that.

But if if, we can if we can start having conversations ahead of time so they can save so much grief, later on.

So yep. Great point, Trev. Shneur, if we can go to the next slide, please.

So disruptors are security sales catalysts. Right? That is, they are they’re a great way to spark those conversations. We’ll arm you with stats, education, what you need to open the door, have the conversation.

And, again, if you need us to come with you into that conversation, we’d be glad to do it. You’ve you know, if you’ve been with Telarus for any time now, you know, we have a great engineering team, great group of guys, well certified. Trevor’s one of them. He has masters in sorry to put you on the spot, but he’s got a master’s in security, a CSS fee.

Just, you know, amazing at his, at his trade. So I, you know, invite you guys. Pull us into conversations. We can truly help you and, gain you that that wallet share with, with the security opportunities.

So every disruption is, creates new attack surfaces and new opportunities. Right? So AI expansion, I was shocked at the at this number when I when I looked it up. Again, sources are at the bottom. You guys are more than welcome to, you know, check those out.

AI x hundred a thousand twenty five percent rise in AI related vulnerabilities just in last year.

That’s a lot. That is like, I’ve not seen a four digit number in vulnerabilities ever.

In a single year. Right?

Yeah. In a year, in twelve months. Wow. That is insane. And I wonder what that’s gonna look like, how that’s gonna translate into attacks. And not all by the way, all the cyber attacks last year, only some of them have gotten reported so far. We’ll get a full report by August of twenty twenty six.

Everybody SEC filings, public filings will come out of last year’s attacks. How many were actually how many companies were attacked globally? The cost of crime would that look like for twenty twenty five? So I’m anxious to see that, especially with this number that we’re looking at today.

Right?

One thing I wanna point out that’s and and I’m probably skipping some some of these little widget boxes here. But the supply chain risk, I’ve seen more opportunity around what we’d call third party risk management in than I in the last six months than I’ve probably seen in in years.

I think I’ve got a couple theories on why that is, but one is, like, you look at the amount of breaches that are occurring through a third party.

And the one we always reference back to years and years ago, which seems, you know, so so long ago now is Target. Right? They got breached by their HVAC vendor, had had an a p had a a VPN into their corporate network and was able to be exposed completely.

That’s still a a big risk area. Right? Like, all the when you’re doing business with third party, you give them access, a VPN, or some type of connectivity into your network, you’re giving them a way in. And if they aren’t as security focused of an organization as you are, they can have, you know, poor data hygiene, poor cyber hygiene, however you wanna talk about that. And it can affect you. And so we’re seeing, you know, a significant portion of breaches are occurring through third party access.

Something I talk about all the time when I’m actually talking to directly with clients of, like, who which vendors do you have that have access to your environment? And some people are like, we don’t even know. We’ve got dozens and dozens of vendors. Right?

We don’t know who who still has their VPN. Like, you gotta be monitoring your VPN access. You gotta be making sure that it’s up to date, that you’re patching your your firewalls, your VPNs, and that the people that have access still need it. You know?

You can’t kill those VPNs if they don’t need you. You don’t work with that business anymore. You’d be surprised how many people still have VPNs open for companies they don’t no longer do business with. So Yeah.

It’s probably getting too deep, but the I would say the the disruptor part of third party risk management is, hey. As an organization, we’re looking to adopt AI. We see the risks. We’re going through the proper channels and the proper ways to mitigate all that risk.

Not everybody is doing that to the same level of of efficiency, right, or I would say capability. So if you’re working with organizations that are moving fast and breaking things and they have a VPN into your access, oh, and by the way, they’re using AI now, and that AI now has access to that VPN that you gave them, it it just impact increases the risk. And then so, that conversation right now is very, very relevant of how do we reduce our third party risk, how do we make sure we’re vetting our our third party vendors that we have. All of those, we have we have multiple solutions in our portfolio that can address these specific areas.

So if you have clients asking about it, please let us know. We can help.

Yep. And, John had a John King, had a great question in chat is, how can we estimate the cost of lost time and money? How can we start that conversation? I’m gonna it’s lost time, money, and revenue.

I’m gonna put in a formula in chat for you guys that I usually use. I’ve used that in past my own company just to figure out our number. What’s that point of no return number? Right?

How much can I afford to lose and still stay alive in the business? Or on the flip side, how much revenue can a breach cost me? I’ll put that formula in the chat for you guys. It’s again, it’s high level.

Your clients’ numbers will, of course, be limp you know, based on their whatever their shares are, whatever their, revenue is. But you can plug and play with that. And if you need any additional help, you guys, if you don’t have my email address, I’ll put it put that in chat too. So you just reach out to me, and I can help you through it.

But, yeah, cloud adoption, compliance pressures, that those are huge. Right? So as we adopted, as we went to cloud from on prem where we could see and touch and feel our perimeter, our perimeter all of a sudden became invisible. And now I’m gonna take this a step further from cloud adoption.

Now we are in at the age of edge computing, not just cloud adoption. So back in the day, for those of you on the call, if you remember, we when we had a parameter, right, we had a DMZ set up where everything outside the DMZ, it would could be used externally, anything that was inside the DMZ that was on lockdown. We had data centers. We had server rooms.

We knew, who’s going in, who’s coming out. And now with with the advance of technology, we took all that, and we we made it invisible. Right? We made it virtual, which is good because that, speed to scale is is apparent in that in that model.

But now from there, now we’re going to an edge compute where we’re the edge is actually, you know, kinda where your company the further ends of your company is the edge. Right? And I’m sure there’s a better way to say it. But the edge compute is is gets a little tricky because we we might have deployed identity access management that can monitor humans, but edge compute doesn’t, fall under identity access.

It is device based, not human based. So now not only do we have AI agents we have to monitor, now it’s a device based, model, I guess you could call it, that is sitting on the edge. So that really muddies the waters. What do you don’t you think, Trevor?

Like, that gets hard to track is, once Yeah. Once that enters the scene.

Well, you said something earlier today that I wanna talk about. One of the reasons I think why we’re, you know, why we spend time at RSA, why we why we go to security, you know, industry events like this, one is to help kind of cut through some of that noise of what’s going on, but two, also find solutions for gaps that we see And and know exist. One being agentic identity access management. Right?

Identity access management, like you were saying, built around how humans operate. I’m I’m doing a task. I have access to a system. I get authenticate.

I do what I’m doing. I move on to something else, but I’m I’m it’s built on authentication and how humans operate. And when you look at how identity access management systems are built, they don’t address a lot of the risks that agentic AI can introduce, which is API access into a lot of different systems that may or may not go through identity access. Hey.

You’re authorized. You’re in. Right? But what can I do when I’m in there? Also, you look at what we would call, and maybe this is getting a little bit deeper, but, hey, for the people on the call that wanna wanna get deeper into this, something that we would call a confused deputy attack, which is, hey.

I’m I’m not trying to access. You know, I’m I’m an AI agent. I’m trying to access a system I don’t have access to. But I have access to a ton of other systems in the network, and I know which systems actually do have access to that direct maybe active directory or a super secret database.

I, as the as the agentic AI, don’t have access to it, but I can send an authorization code to a system that does have access to it. And that system right now can’t determine if if it can’t distinguish between an authorized request or a mount like, a malicious request from an AI agent. So Yeah. That’s what a a confused deputy is, which is essentially escalating privilege through through a a separate system that does have access to to something that maybe I don’t have access to. There’s there’s hidden risks like that, I guess, I would say, when you get deeper into things that, we’re looking for solutions for and the industry is coming up with them, and we’re, you know, here actually trying to make sure that we have those things in our portfolio for you guys.

Yeah.

Chris had a great question. Isn’t that covered under ZTNA? ZTNA is built on human identity here. So it’ll be a little bit different for, AgenTeq AI, obviously, that to track that because because AgenTeq AI is deployed systematically into, a company.

So if you tell AgenTeq AI, hey. I need you to accomplish these five tasks for me, that AgenTic AI will then go to deploy go to perform those tasks for you on your behalf. But if they need to, get different credentials to do it, if they need to, you know, maneuver some systems in order to do it, it’s it’s not gonna be an anomaly because it’s doing the job you set it to do. And that’s that’s kind of the scary part right now for everyone in the security world is how do we detect that?

How do we put better guardrails around it?

So more to come on that. And, so for this slide, I think we covered this. You guys know the be behavioral economics of security buying. New technology, a new disruptor comes out.

We wanna go ahead and deploy it. Employees get trained on it. Bad guys figure out how to hack it. And then we look for a tech adviser because we need security solutions to to help stop that bleeding.

Chandler, if you go to the slide the next one for us, please.

So how do we start the conversation?

Right? Where do we go? How do we start? If you’re in a room with with your, clients, what what do you say? So, Trevor, take us through these questions, and I’m gonna put the formula I promised you guys in the chat.

Yeah. I think Chris Phillips in the chat said something about this earlier. I was just gonna wait till we got to this slide. My favorite question here is the one in the top left, which is, when was the last time reviewed your security strategy?

And the reason I like this is is it it talks to all levels of of security maturity with organizations. Some that are very mature are still going to accept this this question. Right? It’s not it’s not a bad question even if you have an ongoing strategy.

And if you are kind of a start up or a new organization, this is a great question to ask them to get them to think, hey. We haven’t done this yet. We haven’t really you know, we we talked about active directory. We talked about SSO.

And, but that’s kind of the way as far as we got usually as from what I see, is is just the identity access management layer if they’ve gotten there. So it’s a great conversation starter, and it it comes away with next step or it comes away with action items. If you’re working with very mature organizations, the they should be reviewing their strategy ongoing. It should be an ongoing process in what in what we call risk management.

Right? Ongoing of, hey. These systems are changing. We’re looking to do this. We’re looking to do this.

Looking at the risk and then mitigating that risk. And so to do that, sometimes they’re using existing tools. Sometimes they don’t have the tools in their stack to be able to mitigate the risk sufficiently, and they’re looking to buy or add or or things like that.

Also, it adds, there’s another one that I think it kind of plays on it too of, like, you know, when’s the last time you reviewed the your security stack? Like, sometimes and that if they’re very mature organizations, that’s what we see they’re doing ongoing a lot of, hey. I’ve got this specific tool. We’re using CrowdStrike.

We’re using SentinelOne. We’re using, you know, Darktrace. We’re using whatever. Right? And renewal’s coming up in a couple months.

We wanna go to the market and see if this is the best solution for us, especially, you know, if they’ve had it for a year and everything in the last year has changed. Everyone’s got new products. Everyone’s got this new AI widget that they’ve added to their stack.

You know, when they go through review of that due diligence, due care process of a contract saying that, you know, do we wanna spend another two hundred thousand dollars with this vendor or not? We can certainly inject there and say, yeah. Let’s let’s help. Let’s make sure it’s still the right fit, or let’s look at the market and see what else is out there now. Maybe we can help reduce costs. Maybe we can mitigate more risk than than what your current strategy or your current stack is doing.

But all of that kinda goes back to just that simple conversation of are you what’s the last time you reviewed your security strategy? Is there anything in your security strategy that is up for renewal that you’re reviewing we can plug in there?

Yep. I like the the one that you, talked about last week was when we’re in conversations, clients have already, looked at purchasing a certain product or they’re looking at, hey. I already got DRADA licensing. Right?

And if the if we would have had this conversation with them two weeks ago and said, hey. By the way, do you have any security needs? Anything you’re looking at today that we could have, we we could have, oh, have that piece of that, that contract. Right?

Yeah. Absolutely.

So often, we just don’t ask.

Yeah. And I think, even for you know, you look at some of these other ones like, where do you feel confident today?

Even I was talking to I was actually in Detroit a week or two ago at a CISO summit, and there are CISOs in very large organizations that have all the budget in the world or at least you think all the budget. Right?

Protecting some very large networks. And there’s things they still don’t feel confident about that they’re looking to shore up, and they’re looking to to fine tune or get better, mitigate a little bit better.

There’s always something that you you know, when you ask those questions, there’s a way that we can come in and help advise and help, that process and reduce the complexity and let them know about some of the vendors we have that they may not know about.

Yep.

Very good. Thanks, Treb. Guys, I put the formula I often use in chat, for if you guys need it. And if you have any other questions again, I’m just gonna put my you guys have my email. I’m gonna put it in chat again. If anybody has any questions or needs me to take them through it, glad to help.

Wonderful.

Well, hey, guys. I think you’ve done a fantastic job today. You’ve really been really great about also answering questions. There is one question because I, of course, love your outcomes first approach. We’ve been talking a lot over the last couple weeks about, like, MEDDPIC and how we kind of go through, like, those out based questions for for our advisers who naturally default kind of into talking tools or suppliers. What is the first type of mind shift like, the mindset that you want them to shift into, or what should they do, or how should they shift their mindset to stop thinking product and thinking more about those out based questions?

Perfect. A great question. So it all security always starts with risk. Right? Because you need security solutions to minimize your risk in the company.

Those are great questions to start with. One of my favorite questions is, how are you doing on your security strategy? A lot of times, actually, a hundred percent of the time, a CSO or security leader will write down a security plan, and they file it away because that’s your first hundred days. You gotta have a plan.

You make a plan, and then you never revisit it because all the crap you gotta deal with day after day. So that is that plan is like a work of love, and we never go back to it because there’s just not enough time. That’s our vision for how we want our practice to be ran. But if you go in and ask for, hey.

What about your security plan? Like, you know, your security strategy, when was the last time, you you looked at it? Or is it possible we can if we can look at it again today? I can look at it with you.

So those those things, that will attract a CISO to open up and have those conversations because they know that you’re there to help them guide them through, guide them through their the, you know, the the technicalities and the the new solutions that they just don’t have the time to vet.

Awesome. Wonderful. Well, you guys, thank you so much. And just so you know, Sumera, I went ahead and posted your formula in the chat.

It just went to panelists, so I wanna make sure everyone got a chance to see it. Okay. And then I also for anybody who doesn’t have her email address, I went ahead and and posted that into chat too. So if you need to ask questions or you guys have, any anything you wanna privately talk to Sumera or Trevor about, you can absolutely contact her.

So thank you guys again so much.

I hate to see you guys go because I love having you on, but we are gonna be transitioning into our next spot. Thank you again, Sumera.

Thank you again, Trevor, for being on the call.