HITT- Cybersecurity trends and AI integration- Mar 11, 2025
The video provides an insightful overview of current trends in cybersecurity, highlighting the increasing integration of AI and machine learning in threat detection. Speakers Jason Stein and Trevor Burnside discuss the significant rise in global cybersecurity spending, projected to reach $212 billion this year, and the growing importance of AI governance. As organizations become more comfortable with outsourcing cybersecurity functions, the role of CISOs is also evolving, with many boards forming dedicated cybersecurity committees. The conversation emphasizes the need for effective risk management and the alignment of cybersecurity initiatives with business goals, while also addressing the challenges of securing AI and IoT environments.
Transcript is auto-generated.
Well, today it’s an exciting glimpse into the cyber current trends and rapidly approaching future of cyber security. There’s rapid cyber security integration occurring with both AI and machine learning in threat detection, and a myriad of new privacy regulations in the mix as well. We’ll discuss these and a number of other developments, and of course, introduce you to a new Telarus resource to help make sense of it all. Here with details are Telarus VP of cybersecurity, Jason Stein, along with solution engineer, Trevor Burnside.
Jason, Trevor, welcome to the Tuesday call.
Graeme, thank you. Appreciate it.
Yeah. Thank you.
Very excited to have this, conversation tracked today. We wanna make sure that, you guys throw questions in the chat. Trevor and I were talking about as we were preparing for this, we wanted to showcase. We have so many great resources, and we’re very fortunate to have Jeff Hathcoat and Jason Kaufman and all these amazing engineers.
We wanted to showcase Trevor who recently got his degree in cybersecurity. Security. Pretty awesome. Congratulations, Trevor.
Yeah. Thanks. Appreciate it. Yeah. My graduate degree in cyber security, which it’s it’s kinda cool that we’re at a point, you know, in the industry where you can actually get the graduate degree, you know, in cybersecurity where, you know, a couple years ago, that wouldn’t have been a thing.
So That’s amazing.
So what we wanna do is we thought that this would be most useful for everybody on this call to really understand what are some of the amazing trends that your clients are talking about, what is Forbes, Gartner, Deloitte all saying that clients are looking to, really have conversations and adopt within their organizations for cybersecurity. So with that being said, let’s go to the next slide for me, Jojo.
Alright. So first, I love throwing statistics out. You know, the statistics are things that you can use in a conversation track. So, you know, last year, we saw that, organizations globally were spending somewhere close to a hundred and seventy five billion dollars.
We’ve seen a big increase, fifteen percent increase. It’s gonna hit two hundred and twelve billion this year. We’re gonna see that number really move up, hockey stick to the right, where we’re we should see it close to three hundred and fifty billion dollars.
So great opportunity for you to start focusing on cybersecurity. And as you’re gonna see, cybersecurity is really becoming part of every conversation, not just around cloud and, the network.
You know? So, Trevor, if if we look at what are some of the biggest trends that Gartner, Forbes, Deloitte, and even our own engineering, plus our marketing team did an incredible job putting together a trends report. The number one thing that all clients wanna talk to is artificial intelligence. You know, according to Gartner, this is gonna be a three hundred and fifty billion dollar entity. According to Deloitte, worldwide AI adoption is gonna hit seven hundred and fifty seven billion dollars. Absolutely staggering. So, Trevor, when you’re talking to clients, how often is artificial intelligence coming coming up in the conversation?
Yeah. I mean, almost all the time. Right? When it went into some degree or another, whether it’s a cybersecurity conversation or otherwise of, where are they looking to adopt AI?
What are they thinking from a trends perspective as far as, like, maybe maybe I can improve efficiency in this area of my business? I think it’s, you know, as times goes on, it’s kind of narrowed in scope, but people are finding very particular use cases for AI. But it it’s certainly no different in cybersecurity, where they can implement and where they have been asking about, who’s doing AI. You know, we actually lately have been seeing with our team of people are just googling cybersecurity AI and asking about, you know, the first thing that you can find of, you know, who does this.
Right? And and we can have to walk back that conversation and and bring it back to, you know, basics, how they got to there, and then kind of explore from there.
So it’s interesting. As we think about AI, the first thing I think about is, oh my goodness. They’re just gonna replace people. And according to this statistic, you know, eighty five million jobs are actually gonna be displaced.
But, you know, it’s not necessarily the case. We’ll be starting to get into the reason why organizations are adopting AI. What’s interesting though is AI governance has popped up. So you’re seeing governance, risk, and compliance, also called GRC, really becoming a huge talking point this year. We’re gonna go more granularly into that. But artificial intelligence governance was in the hundreds of millions last year. And overnight, we’re seeing that market size become almost seven billion dollars.
Only fifty five percent of organizations actually have a dedicated AI team, and only twelve percent, according to Gartner, have an AI governance framework in place. So let’s talk about that for a second. You know, it’s interesting because most organizations don’t have an AI person on staff because there’s just not enough of them.
Trevor, are we seeing AI governance become more of that conversation? Do clients have a framework, a road map, some type of guidance that they’re following, or are they really relying on Telarus, our engineering resources, and our suppliers to help them in this area?
Yeah. Yeah. No. Great questions. I I would say personally and across our team, we’re seeing a major uptake in it.
And for, trusted advisers, it can look or the conversation can start and look different ways. Right? It could be they’re asking about governance, GRC, DLP, all these kind of different, you know, talk points that kind of revolve around, the basics really of data classification, data governance.
Sometimes, you know, clients may be asking about DLP, but what they are really going after is, AI governance solution, because they are looking at how do I implement these things and keep it secure.
Love it. Go ahead and go to the next slide for me, Jojo.
So let’s talk about Gartner. So, you know, we obviously see our own trends. You know, when we looked at at what Gartner’s saying let’s let’s talk through this, Trevor. You know, there there’s a whole AI transformation.
There’s a tactical approach to it. You know, AI is really far ahead of where security is from from an AI perspective. We just don’t have enough security around it. How is this slide really pertaining to talking to clients around what their strategies look like?
Yeah. Yeah. No. It it’s, important, I think, because this this actually came from just the cybersecurity trends report overall. It this wasn’t an AI cybersecurity trends. Right?
But what Gartner is saying is that AI is becoming more and more important in just the overall landscape, and trend of of, what we’re looking at for twenty twenty five. And I think there’s a little bit, you know, when you get into the conversation as far as what’s the narrative being pushed with AI, if you look at it from a customer perspective, these are the type of reports and things that they’re looking at and they’re consuming. So, these are things we have to be, as trusted advisers, aware of, understand, and be able to talk to because these are these are what the clients are looking at and and wanna have conversations about.
So, I mean, you get into, like, the different kind of bubbles and things here. We could I don’t wanna spend a ton of time, but I think the tactical AI aspect is something interesting in that where that, you know, the the kind of intersection is. Because we’ve seen with AI, you know, coming out a lot of, you know, actually in the Gartner report, it also talks about how, some of these things didn’t meet expectations right away, or people are jumping in all the way in with AI and it can’t do everything. Right?
So that becomes more narrow. We’re trying to address certain use cases. So that’s where it gets tactical in the sense of, I I have a specific use case. I’m going to apply a specific tool or AI instance to address that.
Right? So you’re getting very, very, into the point solutions there. So I think that’s where we’re seeing right now, specifically in cybersecurity.
Yeah. So when you think about it, who wants to adopt AI? A lot of times, it’s it’s not necessarily the technical team that’s saying, hey. We need to move to AI.
AI has been part of the cybersecurity conversation for a long time, but it’s it’s board of directors, it’s senior leaders, it’s people in sales thinking that it’s gonna make an organization more efficient. And so then it’s being put on to the IT team to actually have to protect it, And we just don’t have a lot of that. We’re seeing the cybersecurity players all start to catch up, but there’s so many components of AI. As you’ll see when we get to the next slide, we’re starting to see a lot more adoption through across all of the advanced solutions. Jojo, go and go to the next slide for me.
So as we get more into statistics, you know, it’s interesting. Eighty percent of organizations are likely to outsource at least one or some of their cybersecurity functions. We didn’t see that in the past. You know, I think that a lot of organizations really were trying to hold their own, teams accountable.
They were trying to do it themselves. You know? And and a year ago, we saw sixty percent of organizations were starting to look at adopting some portion of their security. But if for everybody on this call, this is a huge statistic for us, is is if eighty percent of organizations are looking to outsource their cybersecurity or at least some function of it, they’re getting more comfortable with it.
You know, Trevor, is that what we’re seeing? Do you feel that organizations today versus two years ago when we were starting to talk about cybersecurity are getting to that comfort level?
Yeah. Absolutely. So, you know, even when we’re talking to cuss or, you know, organizations that typically in source or do it themselves and, you know, from security practices that end up looking kind of like a Frankenstein. Part of that is usually going to be outsourced now to whether that’s the SOC, whether that’s even just the security awareness program, you know, having a little bit of outside, you know, pen testing, gap awareness or gap assessments, things like that. There’s almost always something outsourced at this point.
Yeah. You know, it’s interesting because there’s so many organizations that try to do it themselves, but these attacks are getting more and more sophisticated.
And if your advanced security layers don’t pick up the attack, then it’s a new something new that’s malicious that no one’s ever seen before, most likely, and are novices really capable of being able to identify it, get rid of it, and get up back up to business as usual. And that’s the biggest challenge. So I think you’re gonna continue to see this trend.
But I think it’s huge for everybody on this call because now your clients are really becoming more acceptable of our TAs having that business conversation with them. Now, when you think about risk, risk is being driven down by the board. Governance risk compliance, we just talked about the risk aspect is really being driven by senior leaders. And so last year, forty percent.
This year, sixty percent of board of directors are putting together a cyber security committee to advise the board. Why? Because let’s face it. When you think about a board of directors or a CEO or a CFO, are they typically very technical?
No. But what happens is a CIO or a CSO comes in and uses three letter acronyms and steamrolls them and tells them that they’re great. And so the way it must be. Now what they want is a a team of people to come in and really identify where the risks to the organizations are.
What are the internal risks, the external risk, employee risks, third party vendor risks? What are the dollar amounts associated with each risk? And then how do we put dollar amounts? Now here’s what’s great.
Again, forty two percent of global risk management spending will be outsourced this year to a consulting firm. So one, if you have companies that have a board of directors, I wanna make sure that you start to ask, do you have a a committee that’s advising the board? No. According to Gartner, according to Forbes, most organizations are putting together that committee.
We would love to be a part of that committee or put the committee together for you. It can be you on this call along with some of our engineering resources. We’re happy to join. We can actually advise the board, and then you can get pushed down to the CIO and, you know, really have a great opportunity to get business that way.
Now when you think about security software, right, we saw we said it’s gonna be a two hundred and twelve billion dollar worldwide entity. Entity. The security software segment is gonna be a hundred billion.
Then the security services component, the managed services, typically, we’ve seen a lot of that in the cloud world.
Now we’re seeing more and more professional services, managed services in the security space, and that’s gonna be over eighty six billion dollars according to Gartner. Now cybersecurity spending is gonna be predicted to be on the rise. But what’s crazy is every year, we keep throwing more and more money at cybersecurity, yet global criminal activity in two thousand twenty three was eight trillion.
Then last year, it was nine trillion. Now this year, it’s projected to be ten trillion.
So according to Vinay, we were just talking put a great stat in the, the chat. We’re gonna see more and more criminal activity because the criminals are just getting that much better. And so it’s super hard to get their arms around it. They need to have a conversation more than ever, and it is a business conversation. Don’t overthink it. We have lots of training, lots of ways that we can help you pivot the conversation from, you know, selling network or selling CX to having that cybersecurity conversation. Next slide for me, Jojo.
So what does Deloitte say that CISOs are buying? So let’s talk about this. And then, Trevor, let’s talk about how this also, is similar to some of the questions you get. So eighteen states say that this is what they’re that that they’re leading with, aligned cybersecurity initiatives with those of the business. You know, before the business had its own initiatives, and they weren’t always aligned with cybersecurity. Now they’re getting more and more aligned.
Enterprise identity and access management, we’re seeing a lot of that. And, Trevor, we’re gonna talk about that on the next slide around, user behavior Mhmm. And then risk. You know, you just saw us talk about this.
Forbes says it. Gartner says it. Deloitte’s now saying risk assessments, risk evaluation, risk is being driven down by the board. Cloud.
Look at you seeing Kobe and I really align on cloud and cybersecurity. The platforms are getting more and more complex. There’s a lots of tools. We need to make sure we’re securing the cloud environment, the data, and everybody who accesses it.
You know, lot of different things here. Governance again, and then you’re seeing, you know, some different things around incident response. If you were to be compromised, you know, how do you then make sure you have the right things in place? So, Trevor, how does what Deloitte is saying align to what our engineers are getting asked for?
Yeah. Yeah. Great point. I would say when you look at this slide or you look at these stats, I think it goes, you know, from the top, very strategic down to more tactical and more, pointed solutions.
Right? So I think the conversations right now are still very strategic, especially when it comes to AI or, you know, you look at aligning cyber initiatives with those of the business. I mean, a lot of these things are being driven, from the bottom up rather than top down now. Right?
People that, you know, I wanna use chat GPT. I wanna use perplexity. I wanna use these things to to, improve my productivity as a worker, and then coming up with a strategy around that. And and how do we align, you know, our cybersecurity around what our business wants to do, what our users wanna do, what our employees are asking for.
And then, you know, going down, understanding the risk. I think, you know, to your point, you brought it up earlier about, when it comes to AI, when it comes in general on security, focusing on the conversation around risk is a business conversation, and it it can happen across, you know, different stakeholders. The IT director is gonna have, you know, when you ask them what’s their what’s their idea of risk or what’s their biggest risk, things like that, they’re gonna have a different, you know, response probably than a CEO, CFO. But all of those under you know, are gonna have what they consider their biggest risk point and something that we can attack, from a strategy, you know, a CEO, CFO.
They’re gonna be more focused on these top things as far as what is my risk? Do I understand it? Are we addressing it? Are we mitigating it, right, for risk assessments?
All the way down to, you know, you talk to the IT directors as far as, oh, email security is my risk point. Or, you know, they’re gonna be very tactical, but you can have that conversation really across, the stakeholders that you’re working with.
Great. Great, answer, Trevor. I love all that additional information.
Someone had asked in the chat about, does this pertain to SMB or enterprise?
It’s all organizations and segments, but this slide specifically is probably to the larger segment. Because if you have a CISO, you’re spending money for a CISO. Let’s face it. There’s just not enough CISOs out there.
So most organizations that can afford one are tend to be a little bit larger when it comes to this this slide specifically. But But the the statistics that we’ve been showing have been catered to, both SMB and large. Obviously, if if an organization has a board of directors, it’s large enough to have a board of directors. But don’t overthink and think that SMB clients don’t have a board because they do.
Some of them have taken money, and, there’s already a board of directors established.
Hans, we’re gonna get into, some of the things we’re doing from our university perspective, so we’ll hold on to that question. Jojo, let’s go to the next slide.
So what you know, Sam Sam Nelson uses this slide a lot, and I love it. So, you know, we were talking about if if AI is not gonna be replacing jobs, what is it used for? What are organizations looking to adopt it for? And here’s what we’re hearing according to, you know, some of these market trends and and research that we’ve seen is, one, productivity.
Two, increased improved customer experience. What’s customer experience? We’re getting into that CX world. Automation.
Improving automation, which we’ve seen in the cybersecurity world for some time. You know, some organizations wanna be more innovative. It’s great to use artificial intelligence, because it really helps us sound better. It helps us find things faster, which is huge.
Cost reduction, modernization, scalability, All of these are huge. But what does it say? Headcount reduction, only fifteen percent. So you believe eighty five million jobs are gonna be replaced, and yet it’s only fifteen percent of the reason why people are adopting it?
Trevor, when people are asking you and our engineering team about AI, what are they usually requesting? Why are they looking to implement AI?
Yeah. Yeah. And I I think I like I like this slide because almost never are we talking about reducing headcount. Right? That’s never the goal really when we when we get brought into these things.
Specifically, you look at, you know, customers that actually have security staff or cybersecurity staff, that they’re working with.
One of the major things that we’ve, you know, tackled in the last few years as far as burnout goes. Right? You look at all these stats, it feels like, you know, blue team or you can be a losing battle in the sense of, you know, I’ve just got all these alerts. I got all these things I have to respond to.
I have all these things I need to do. We don’t have enough people. You know, what happens on Saturday night when I have my kids’ basketball game. Right?
The the thing that AI has been doing or that we see from a productivity perspective in the AI space is reducing that burnout, taking out some of those, reducing false positives, reducing some of those alerting that, you know, are just burning out security analysts, especially in you know, that don’t have an outsourced SOC or don’t have outsourced, cybersecurity experts to help them with their day to day.
Awesome. I’m just typing in the chat. If anybody has any questions, please throw them in. Whatever will help you get more comfortable. We’re throwing a lot of different trends and statistics by you, things that you can use when you’re having business conversations. But, again, these are business conversations.
And and, you know, Wes, great point. You know, he said, you know, he has a company who’s just a billion dollars in annual revenue, and they have a CISO. So, you know, CISOs are getting more and more important. We talked to a lot of people who are going to school for cybersecurity, and they want that, but they don’t have the experience.
And so you’re gonna see more and more cybersecurity resources popping up, and a lot of CISO jobs are gonna get creative created. So let’s go to the next slide, Jojo. So some of you have seen this slide. We’ve used it.
So before, you know, we talked about Kobe and I really started to align and talk about if if you’re able to sell cloud, most likely, you’re able to sell cyber. If you’re able to position cyber, you’re most likely able to position cloud. Cyber and cloud really were starting to become one conversation just like contact center and unified communications was. But now look at what’s happening.
Securing all the advanced solutions is the goal and the pillar and the approach this year. We need to secure the cloud. We everyone’s accessing the cloud. Clients, customers, you know, their employees.
And then CX, let’s face it. You know, we we really are seeing, a huge adoption in a security conversation when it pertains to CX and AI. Mikey b and I were chatting, and he said that seventy five percent of all of his CX calls end up having AI as part of the conversation. And then cybersecurity, one hundred percent of the time that he’s having a CX or AI conversation, cybersecurity is becoming part of that.
And then Graeme, our master of ceremonies, it also with the advanced network and SD WAN has a huge burden to also secure that. And IoT is making a massive, uptick, and we’re seeing that really get huge adoption from clients. The IoT, the OT, we’re gonna get it in that here at the bottom. And how do we secure it?
So, you know, we talked a little bit about securing AI, and it’s very tough because we’re way ahead of the game when it comes to implementing AI versus having good security. Trevor, what are some of the things that we could even do today that will help secure AI? What are the products? What are the things that that our security suppliers are actually saying can can secure AI at least to get it started until we bridge the gap?
Yeah. Great question.
Multifaceted, of course. I’m just gonna answer it a couple ways.
I think we’re still waiting for the market to kind of catch up in the sense of, the availability that’s out there versus the actual protections that are in place of how do I use these tools, these, you know, open source LLMs or otherwise and use my data and still have it be protected.
Certainly, there’s options from, like, I think we’re seeing the market move towards privately or, LLMs being used within private tenants and private environments to make sure that that data is not exfiltrating.
But also, you know, on just the securing the AI side as far as, the actual, tools that are in place or security tools adopting AI to kinda catch up to, threats, right, AI threats as far as, you know, polymorphic malware, things like that.
You know, you look at CrowdStrike, you look at SentinelOne. You look at, you know, these major vendors, these OEMs in the cybersecurity space, all AI forward and AI heavy on the machine learning, to to keep up with it.
There’s some great demos that we’ve done.
Vertec did one with Halcyon. They walked through a live attack. We have, Cybermax has a great demo that they do. You know, there’s a lot of really good suppliers in our portfolio who do fantastic demos.
So if you’re a partner on this call and you wanna do a customer facing event, we can actually bring in some suppliers that can do live demos and show you what they’re doing to secure environment, secure AI, and help be more efficient. So let us know if that’s something that you need help with. Now GRC, you’ve heard us talk about a lot. Governance, risk, compliance.
We need to put the framework from the governance space, especially with AI. The risk, you’re seeing that board of directors, we need to identify risks. Compliance.
Compliance kinda took a year off. It’s it’s not that people didn’t need it, but it look at it. If no one’s gonna implement fines, then compliance isn’t really that important. You’ll spin the roulette wheel, hope it doesn’t fall on your number, and you call it a day.
But now there’s new regulations, new compliances that came out in January. A lot of organizations in health care and other areas are really struggling to get their arms around and get compliant. And now with CMMC, which is anybody who has a federal government contract or public sector contract, they could lose those. We have a lot of really good organizations, from Ariano to, Trustwave that can come in and really help secure government entities.
So make sure you’re you’re looking there. Now, board of directors, you know, someone just typed in the chat, Ken, that he’s already serving on a bunch of different boards. I’m telling you, the board of director strategy should go get on those boards and serve because there’s lots of opportunity there, and we can help you.
Let’s shift gears, Trevor. Threat hunting and detection.
What is it? Why is it important? Why is this a big initiative according to Forbes and Gartner? And why do clients really need threat hunting if they already have all these security measures in place?
Yeah. Well, I think, you know, anyone that we look at any stat online or actually with with cybersecurity MSSPs or otherwise, they’ll tell you EDR, MDR, or the EDR specifically, the tools, the technology isn’t going to stop a hundred percent of malware. There there’s, it just can’t the bay the way that it’s built, the way that it exists and the way that threats are developing. So threat hunting is actually, cybersecurity experts, analysts going into a client’s network, looking at what’s going on, checking for anomalies, checking for patterns, checking for potential breach or signs of breach that, potentially technology wouldn’t catch. So it it’s that human layer, that human effort, to go through and see, are we seeing anything that that you know, where our spidey senses start tingling? And we we wanna take a deeper look.
Jeff Hasco brought up a good point when we were chatting, to a group once, and he said, you know, look. We we you know, when’s the best time for somebody who’s living maliciously in an environment to attack, and it’s right before a merger happens or right before, you know, something takes place from an event standpoint because then all of a sudden this malicious stuff pops up and it can drive down the cost of an organization or really impede in in all of that going through.
So, threat hunting and detection, super huge. You know, we have great talking points and talk tracks for those of you who wanna position that. Let us know. We can help you there. Data protection. So we start to get into the cloud. Where’s the data hosted?
It’s usually hosted on prem or in a cloud environment. Sometimes it’s virtualized. That data is typically at rest. Sometimes it’s in motion.
We need to protect it. We need to protect the access of it, the tools, and make sure that nothing’s compromised there. Now IoT and OT, Graeme, who’s on this call can even attest that IoT and OT is becoming more of a regular conversation. We’re seeing that uptick.
Trevor, you know, before we’ve really struggled not having a ton of security in the IoT world. OT, we just had tenable. We just had a few options.
Now are we seeing more adoption here? Are we seeing more people request these solutions and securing it as well?
Yeah. I think, you know, even just this year, there’s actually been some major breaches where, IoT and OT were actually attack vectors, where they were able to take advantage of that because people weren’t securing, their their environments correctly. Right? We we sometimes we look a lot at the workstation. We look at our email, which we absolutely should, but there’s other, risk factors and risk areas, from a an attack surface perspective that we may not be addressing.
And that’s where these type of solutions come in to make sure that we’re mitigating all of those risk areas and those those, attack surfaces.
And, yeah, even this year, it’s becoming more I think we’re gonna see a lot more attacks, focused on these things because there it’s just not commonly looked at as much as other, vectors.
And, Graeme, you can attest to this too. Advanced network, I’m sure that everybody’s buying Advanced Network, twenty million dollars, and no one’s ever asking for security on the advanced network. Right, buddy?
Yeah. No. I mean, I think, obviously, that’s a great way to kinda get into this conversation. There’s so much going on in the network space.
You know, and and as I always say, right, advanced solutions require an advanced network as we’re putting all these other things in there, you know, to support CX or cloud or whatever it is. Gotta secure it. You have to secure all of it. There’s gotta be, gotta make sure that you’re protecting the data that is transported over that those connections. And, I mean, there’s a lot of opportunity, when you’re talking about those things.
I love it. And, you know, it’s interesting, Graeme, when we’re talking to a lot of the organizations that do SD WAN, they see that fifty percent of the customers still aren’t buying SASE. They’re still not putting ZTA, zero trust architecture.
Even though the organization can offer it, we still don’t have a hundred percent adoption for every company that invests in network.
I cannot believe that they’re not putting more security parameters in place. Right?
Yeah. I mean, that that SASE layer is really where that network meets those cybersecurity needs. And I think you as tech advisers have got a real opportunity there to help your customers understand where those two meet and how that SaaS play and that SaaS framework should be a part of that conversation. You know, Jason mentioned a couple of things.
Zero trust is a big one, obviously. There’s a lot of elements that go into that SaaSy component and, building that framework and helping your customer put that framework together is a huge opportunity for us as tech advisors to step in there and provide that knowledge and expertise that they’re looking for. I think one of the reasons we don’t see that adoption, Jason, is just there’s kind of a lack of understanding of of what it means and what it is. I mean, SaaSy is not necessarily a product that you buy.
Right? It’s more of a framework and you build components of it. Now there are, you know, suppliers within the portfolio that offer SaaS solutions, but helping your clients sort of understand that difference between the framework of SaaS and the elements that compose it, there’s real opportunity there for us as tech advisers.
Yeah. And I’ll say, Graeme, I I think you’re absolutely spot on. And with our team on the engineering side, you know, and helping, you know, teach and educate, trusted advisors, sometimes clients will ask about things. Right?
Zero trust or they’ll ask about elements of DLP or secure web gateway, right? That all of these things that are are components within SASE. And we can identify those opportunities when a client may not be asking for SASE, may not be asking for secure edge, but they could be hitting one or two points. And we say, okay, have you heard of this?
Let’s let’s let’s consider your Edge security and then take what you need, but also develop it into something that’s more comprehensive. So that’s that’s certainly the avenue that we go in a lot of those opportunities, with clients directly.
I love it. Thank you. There’s some great questions in the chat we’re gonna get to here in a few minutes. I wanna get to one more thing that’s coming up, and then I asked Trevor.
So, we have some great slides coming up that, are you’ll you’ll get to see some live examples that you can hopefully relate to. So UEBA, user behavior. You know, why is this becoming such a huge tuck point, Trevor? So first off, eighty eight percent of all breaches are still caused by humans.
Humans are still even though we have all these security measures in place, something’s getting through in email email security, clicks on something malicious. So let’s talk about there’s a couple different things. We have Pam, you know, privilege access management. We have identity and access management.
We have passwordless identity and access management with ECI and TrueYou.
Why is the UEBA conversation so important, Trevor? What can we do to help? And then how does somebody on this call initiate the conversation with UEBA?
Yeah. I I think it, you know, it starts with your typical, identity access management conversation, I’m, you know, basic principles there.
You look at, you know, the UEBA offerings now, which is actually, you know, analyzing user behavior analytics around that, a lot of those platforms are actually machine learning and AI driven because they’re taking a look and actually identifying anomalies with how people act. You know, something’s different with Trevor today. He doesn’t log in like this. He doesn’t do this.
Are my comp are my credentials compromised? There could be other things happening there, right, that we can take a look at those user behaviors and identify this is this is different than baseline, different than pattern of life.
There could be, you know, something going bump in the night with with his credentials.
Bump in the night. Love it. Alright. So I asked Trevor this I’m gonna give Kevin Zimmerman all the credit here. So I I asked Kevin Zimmerman, what’s one thing that you would love to see when we’re doing trainings, when we’re talking about how to position cybersecurity? He said, I would love the anatomy of a sale. So I asked Trevor next slide for me, Jojo.
Trevor, tell us about the anatomy of an opportunity.
You know? So he’s got two in a row. First off, I wanted to know, you know, what industry what were the KPIs? What were the issues that the customer was having?
What were the key performance indicators? You know, what kind of questions Trevor did you ask? And then, one, can you tell partners t TAs, how do you initiate a conversation? When should they bring in our engineering team?
You know, so then what suppliers did you end up saying that this was a good fit for? Who won the opportunity? And then when the initial conversation started, it was one or two point solutions. And how did it expand?
What did it end up becoming because of your conversation, because of the supplier you brought in? And then it’s kinda like what Kobe Phillips always says. It’s kinda like the painter that comes or somebody who comes to fix one thing in your house. And next thing you know, you start asking him, hey.
By the way, can you do drywall? Can you, do electrical? Can you do plumbing? And next thing you know, they’re doing everything.
So, Trevor, walk us through this specific opportunity.
Yeah. Yeah. Happy to. And I’ll I’ll be fairly, vague. Right? Just be due to sensitivity that this client did have a breach, that we were brought in post breach.
So, you know, we were the trusted advisor brought us in because their client said, hey. I need to improve my cybersecurity strategy, my cybersecurity, posture. That was literally it. Right?
So, call was fairly we didn’t really know what we were gonna get into.
So it was more just discovery talking through, you know, where are they at today. Turns out client had a they’re in the entertainment industry. They just had a previous breach. We’re getting out of it.
They ended up actually have they had were hit with ransomware.
They used a third party firm or broker to kind of get them through that. They ended up having to pay, to to get some of their data back. They didn’t get it all back. Some of it was corrupted.
They had a lot of issues.
The third party firm that they used did also the digital forensics side of it as well. They put in some tools, and then they got out of there. They didn’t have a retainer. So, you know, they spent, you know, hundreds of thousands of dollars upfront to help them broker this, get their data back, and then they were left kind of on their own. And so they came to the trusted adviser saying, I you know, what do I do now? I know I need to change some things.
So when we got on the call with that or after talking through that, it was like, okay. What tools did they put in place? Are you happy with it? Do you like it? Is it sufficient?
Going down some of those, you know, tracks as far as, like, what technology do they have? What was their capability actually managing that in house, which was zero? You know, it’s a small IT team.
The the organization that they chose to do the digital forensics chose this technology for them, so it wasn’t their choice. Right? They didn’t get a they didn’t have expertise in that. So then it turned into a conversation of, let’s bring in a vendor that can do that SOC for you because we look you look at your attack vector, you look at how you were breached. These things could have been solved or been prevented with an outsourced SOC, an MDR, and, you know, basic hygiene in some of these cases.
So we started talking about managed stock, and then it got down to, full MSSP services of I you know, I’m a there’s two people on the IT team. We don’t have the capabilities to address the alerts. We don’t have, you know, anybody that can actually look through logs and see what’s going on. We don’t have managed firewalls.
It turned into, essentially, you know, a full security platform that we brought in. We actually ended up you know, from a supplier perspective, eSentire Media, was a really good fit for this client, just based on their architecture, based on, you know, the technology that they had now that that third party consulting firm brought in. ECentire was actually able to take that, manage it to the end of the term, and then move them on to something else. That that’s the beauty of eCentire and some of our other NSSPs that are OEM agnostic, from a from a EDR platform perspective, SIM, where they can say, we’ll take we’ll meet you where you’re at today, and then we’ll make you even on something better when those contracts are up.
And, you wanna have that conversation.
So what level of, person were you talking to for this opportunity who was in the chat? Were you talking to CECO, a CTO, CIO, IT manager?
The organization was fairly small. We were talking to, the IT director who but they didn’t really have a CIO. He was the he was the decision maker. So we were talking to the guy who, you know, reported up to the CEO and and made those con the those recommendations.
Who signed the contract? CEO or was it did he have signing privileges?
He had signing privileges. Yeah. So we were working directly with the, with the decision maker there.
And How much is the monthly and how much did it grow to? Sorry. I cut you off there, buddy.
Oh, no problem. Ended up being around fifteen thousand, in just total services, like VC. So I have that listed there. We haven’t started that. I think that’s later on the line.
We talked about that because, you know, when you we got down all the way, you know, started very tactical what they needed all the way up to, okay, let’s address, you know, technology, people, process. And the process was also lacking. They didn’t have the policies in place. They didn’t have especially with all these changes.
Right? You have to update the policy. They didn’t have time to do that. They didn’t have the expertise to do that.
So we were able to kinda bundle that all together as a full solution, to to help them out.
Annual revenue would have been, what, a hundred and seventy thousand or so?
Yeah. And you look at how much they paid, one year for the remediation and for defer and for paying the the bad actors. I could actually pay the bad guys. Right?
Hundreds of thousands of dollars. So in in in essence, right, we were, you know, a multiple, like, a a from a from a cost perspective, we are much, much, much cheaper than a breach. And I think that’s the some things that we need to get across, you know, sometimes when you’re looking like that. That seems like an expensive contract.
Well, not nearly as expensive as a breach.
Let’s go to the next example and then, try and hit hit the talking points on this one. So finance customer?
Yeah. I’ll go fast on this one. So, a client actually and, again, a smaller firm. You know, people on the chat I know are saying, like, you know, what if they’re not, you know, giant companies? These are it’s a small firm.
His problem was he didn’t think they had the culture internally to you know, that that people are just gonna click on stuff and that even the c suite didn’t have the the, the discipline, I guess, potentially to to go through cybersecurity training, do all the awareness stuff, do that kind of things. So we were talking about our options within our portfolio for for security awareness training.
In those conversations, he actually had one of those weekends. Something happened. They had an incident, and, he got back to me. He said or he told us and the, the trust adviser and myself, I didn’t think it was gonna be that fast.
I didn’t think I was gonna need you guys this quickly. And it ended up being going from, hey. Know before, you know, just basic cyber awareness training, best ones for their organization, all the way up to, alright. Let’s bring in someone that can road map you, that can help you get to where you need to be, that can address your risk because you clearly don’t understand your risk.
You don’t have a good handle on it, and you need someone that can come in and help take the reins. And Thryv does a good job at that, actually. So Thryv made sense here.
You know, they’re they’re great at road mapping the future, taking a client where they are, and then bringing them to where they need to be.
Look how much it grew too. I mean, MDR, managed detection response, which is a SOC, email security, security awareness training. Again, it’s that that, contractor that comes in to fix one aspect of your house. So, revenue usually is pretty small on some of these customers, but think about it.
Fifteen thousand dollars a month is the price of one IT guy. And look at all the solution they’re getting. They’re getting a team of people. It’s so much better and so much more beneficial to get software and resources and bodies.
So very excited there. Jojo, next slide for me. So there’s a lot of really great things in Telarus University. There’s an outsmarting cybersecurity criminals cybercriminals guide that you can click on.
And and you can go to the website if you don’t feel comfortable scanning our super safe QR code that the security person said to click on.
With that being said, you know, definitely go into the LMS. To point earlier, we have one zero one, two zero one, three zero one trainings. We have sales training, technical training, lot of different ways that you can learn how to have a business conversation. I’m happy to jump on calls and do a deeper dive training along with our amazing engineering resources.
We also, can do in person customer events or virtual customer events. So with that being said, Graeme, what kind of questions do we have in the chat?
Yeah. Thanks so much, Jason and Trevor. That was a great presentation. You guys covered a ton of information in this, and I think we we definitely have some great questions here.
But, Jason, you know, you talked a little bit about Telarus University, the one zero one, two zero one, and three zero one path. Maybe touch a little bit on what we’ve got planned for the summit coming up. Very kinda similar track, right, that we’re looking at putting in place. Little teaser for what we’ve got in a slide ahead.
I love it. So, all the advanced solutions team really spent a lot of time, thanks to Heather Conway and and, our marketing team to put together different talk tracks around the different products. One zero one specifically, so, like, EDR. What is it? Endpoint detection response.
What does that mean? It’s software that goes on a computer that looks at anything with an IP address, and it looks for anomalies. And it looks for things that are going on that could be malicious. And then it identifies it, helps bring it up to the team, and then you eradicate it and get up to business as usual.
And we have a sales talk track and then a technical talk track. And then we go into another product, email security, security awareness training. So all of these in the back office are so good. Go into Telarus University and go access them.
I encourage you to make it a habit. The only way you learn about being able to talk to your friends about sports or politics or or cooking is to actually go and study that. Take time out of your busy schedule every morning when you’re looking at articles and go pick one security thing. Look at a breach.
There’s so many cool ways that you can, immerse yourself into that. And then to Graeme point, when we get to channel partner or to, not just channel partners, but to our partner summit this year, we are going to be doing a lot of one zero one, two zero one, three zero one so we can meet you where you’re at. If you’re new and you wanna just start talking about how do you pivot from talk talking about advanced network or CX into cyber, we’ll meet you there. But then we have three zero one talk tracks.
They’re gonna be very technical, very granular, and really meet a lot of you technical people that are on this call as well. So lot of really great things that and we’re getting the suppliers to put more incentives in place, more content in there, and I really think that it’s gonna be, great for everybody on this call.
Yeah. No. Good stuff we’ve got planned for you guys, to check out at the back office and then, of course, partner somewhat, which you will hear about shortly.
Stein, one one question here. We had a number of questions about starting the conversation with an SMB client. Right? I think you hit on some really cool points where you talked about how those products and services would be less than one IT guy. Maybe dive a little bit more into some of the techniques to, you know, bridge that gap between an SMB that may not have the budget to spend but is looking at doing some other stuff. How do you kinda bridge that gap, have that conversation?
Yeah. So first, great question, Graeme. The the mindset is, listen, when I’m talking to an enterprise customer, I I spoke to Carnegie Mellon. You guys have all heard of that.
I’ve met their head of cybersecurity, and I said, hey. How many are on your team? And I was expecting him to say ten. He said six hundred are on his cybersecurity team.
First off, I called him a hoarder and told him he can you do the job with four hundred people and spread those two hundred around to other places? But when you talk to an SMB client, there’s one person, maybe two. They got a guy as Jeff Hathcoat always says. They need help.
They need more resources. They don’t have budget to go hire more resources, so they have to outsource it. So what typically happens is they go get an outsourced MSP or MSSP to come in, and they help say, oh, we’re gonna secure you. The problem there is that a lot of MSPs or MSSPs only do certain things really well.
They don’t do everything. So they really struggle with being able to to bridge all the gaps that a client has. So first thing I like to say is, first off, how are you addressing cybersecurity today? What’s your biggest initiatives that you have for this year?
Do you outsource it to somebody? I would love to meet the person that you’re outsourcing it to or the team because maybe there’s some ways that we could work together. Maybe there’s things that they get asked for that they can’t fulfill and vice versa. We’d love to, you know, bring them into some of our smaller clients.
But with that being said, are they doing everything that they promised they would do for you? Are they fulfilling all of the things that you hope in a cybersecurity company that you want to align with, Or are there gaps that they just don’t do? Is there anything you would change about them? Anything that you would improve?
Well, those are areas that we could come in and probably help fill in some holes and be a resource for you. Anytime you have initiatives that you want a soundboard, judgment free, I have twenty engineers you can bounce tech off of. Anytime, they’re not gonna try and sell you anything. They’ll just be a resource.
That is so refreshing all the way up to the senior enterprise whenever we have that conversation. They usually say everyone’s always trying to sell me. I love that you just wanna be a resource, and that’s how we get most of our business. Trevor, anything you wanna add there?
No. Yeah. You’re right on. I mean, the conversation is gonna start with what are you doing to protect your network? I personally like to, in conversation with clients and customers, go back to that risk, you know, as keep it at a a business conversation. And we can go you know, I can go technical as much as the whoever I’m talking to wants to go.
But addressing the conversation on what’s the outcomes that they need, because everyone that you talk to, it doesn’t matter who you talk to, are going to be looking for an outcome. So focusing on what those outcomes are, and then how do I get to it with whatever technology that I need to, and work backwards, in that sense where I don’t have to sell. I’m not trying to go in and sell email security. I’m not trying to go in and sell any type of point solution. And typically, if I don’t do that, that opportunity is gonna grow because I’m gonna focus on the outcome, and it’s gonna be more than just email security. It’s gonna be let’s address, an area of risk or an area of your practice that you’re lacking rather than know these point solutions.
Yeah, guys. Great stuff. Thank you so much. Excellent content today. Trevor, Jason, we do have some more questions in the chat.
Unfortunately, we won’t have time to get to them all today as a group, but Jason and Trevor are gonna be around for a couple minutes here as we wrap up. So if you have a few questions, put them in the chat. Jason and Trevor will try and answer those. Guys, thanks a ton.
That was an awesome job. Really appreciate it.
Folk we’ll see you next time.