This high-intensity tech training session focuses on defense in-depth cybersecurity strategy and how to leverage it for revenue generation. Led by Sumera Riaz from the advanced solutions VP team, along with CyberMax VP of Channel Tyler Smith and Field CISO Brian Zimmer, the session explains how defense in-depth evolved from military strategy to become the foundation of business digital protection. The presentation covers the integration of over 500 security solutions into a cohesive strategy, exploring concepts like imposing costs on attackers, implementing multiple security layers, and the importance of security operations. Key market insights include the dramatic growth in managed detection response adoption among mid-market companies (from 50% to expected 90% next year), driven by a critical talent shortage with only 0.08% unemployment in SOC talent. The session provides practical conversation starters for cybersecurity sales, emphasizing outcomes over products, and discusses compliance drivers like CMMC 2.0 and NIST controls. CyberMax positions itself as a channel-first partner targeting mid-market companies with 1,000-5,000 employees, offering global operations and comprehensive security services from threat detection to incident response.
Transcript is auto-generated.
So today’s high intensity tech training begins now where we are gonna talk about selling the stack, defense in-depth essentials. Defense in-depth started as a military strategy, and today, it’s the foundation of how businesses protect their digital world. In this three part series, you’ll learn why this matters, what it means to a company, and how to leverage it for revenue generation.
Leading today’s session is our one of our newest teammates, one of my newest teammates on the advanced solutions VP team, Sumera Riaz. Sumera, so great to see you. Thank you for coming. You’ve got some great guests here today as well from CyberMax VP of channel, Tyler Smith, and field CISO Brian Zimmer. Sumera, Tyler, Brian, welcome to the Tuesday call.
Thanks, Graeme. Thank you for that warm introduction, and hi, guys. Nice to be with you all today.
We’re gonna just dive right in, and it’s defense in-depth is actually one of my favorite topics to talk about because, as you know, I describe security as a diamond. Right? A diamond, especially a good A-class has so many different facets to it, but it’s that one thing. A lot like security.
Did you know that there’s over five hundred solutions out there today in security that you’re selling to your clients, that your clients are asking for, that our suppliers have to provide for your clients. There’s about as many acronyms out there, I’m sure, as you can gather for security. Do you ever wonder, like, how that all fits together? What it means?
What’s what is more important? Is one more important than the other?
And how they all really fit together? The answer is yes. They all do fit together. Every single one of the solutions out there today for security anchors back into a single strategy called defense in-depth. And that is where it will all make sense to you because that’s where all security solutions align into. And my friends from CyberMax, Tyler and Brian, are gonna dive in and take us layer by layer into the defense in-depth strategy. So, Tyler, Brian, I’m gonna let you introduce yourselves and take us through this defense in-depth today.
Thank you so much everyone for joining, and thanks to the Telarus team for having us. My name is Tyler Smith. I’m our VP of channel for CyberMax, and I manage our Telarus partnership nationally.
Based in Nashville, Tennessee and excited to talk today about not as much the technical piece, but more of that overall macro, what’s happening in the market, what we’re seeing in opportunities, some trends to follow.
So as we go through, we’re gonna share this deck with everyone after. So consider it kind of a framework to what we’re gonna talk about, but we want us to be interactive as possible. So we’re gonna keep an eye on the questions, etcetera, and take as much advantage of the time as we can. Brian, do you wanna kick it off from here?
Yeah. Thanks. Thanks, Sumera. Thanks to our friends at Telarus for having us on. Really, really appreciate it. So Brian Zimmer. I’m the channel and field CISO here at CyberMax.
I was previously CTO of another MDR provider, ran presales at a large integrator, developed a go to market for another large integrator, etcetera, etcetera. So based in Charlotte, North Carolina, been around a little bit in the information security space. It is literally the only field I’ve ever been in for twenty seven years coming up here in January.
Let’s roll to slide two. I’m gonna I’m gonna come at you fast here.
So let’s let’s get into some core concepts about defense in-depth. So cost.
Defense in-depth is about imposing cost on an attacker. So Sumera touched on it. What what are we talking about? What are the things that we can do that impose cost on our adversaries?
Governance risk and compliance. You you hear it a lot. GRC, endpoint network, application. When I say application, I mean application security.
So years ago, we we we went through the whole shift left movement. That’s what I’m talking about there. Data security. These are all controls that apply to specific elements of a network, and they are each their own thing.
Thus, they are the depth in defense and depth. Another one is security operations. So that’s something that we do here at CyberMax. So, you know, MSSP, the MSSP function, the managed detection response function.
I included the words integrating offense. What does that mean? Well, typically, we know that as pen testing, but but I like to call it offense. So can we do automated pen tests? Can we do manual pen test?
Can we integrate that into our security operations? And we do that in a way that gets us out of kind of that boring compliance game where we do it one one time per year? Let’s do it all the time, and let’s test our security operations as a control.
Next thing, resiliency. Do we have the ability to recover in the face of our adversary?
Can we sustain our operations in this in the vis a vis our adversary? I wanna I wanna close this slide with a couple points here. Number one, you may hear the phrase defenders need to be right all the time. Attackers need to be right once.
I strongly disagree with that. Look at all of these controls that we’re implementing. I’d also ask you to go back to the MITRE ATT CK framework. There are myriad controls.
There are myriad costs that we’re imposing on our attackers, and those matter.
So attackers have to be right a lot, and I’m gonna cover some interesting stuff on this next slide.
There are the last thing I’ll say so you stay on this slide. We’re cool.
The our ability to recover. Don’t assume that because customers or or operations operational environments have backup, that they’re able to recover. Those things have to be tested. That’s yet another control. That’s yet another cost that we can impose on our attackers. Alright.
Next slide, please. Alright.
Here’s the how and the why. So attackers have the advantage. They do. They have the drop on us every time, but let’s make it difficult.
You know your network. A customer knows his or her or their network. The attacker doesn’t. Now the attacker is getting a lot of feedback when a defender doesn’t, and that’s an entire hour long presentation that that people like myself have given.
Halvar Flake has talked about this for years.
But if we implement properly and intentionally our controls, we get a lot of signal, and those signals create noise. That noise is the attacker in our environment trick tripping our breach detection, our honey pots, our IDS, our IPS.
They’re throwing up flags that we’re seeing in our SIM.
That noise is bad for an attacker. That’s why the defense in-depth matters. Time, additionally. Time is really important. It is a cost.
Let’s make the attackers jump through hoops. The more hoops they jump through, the more we give ourselves the ability to detect them, the more noise that they’re generating.
Yes. Attackers are getting that feedback. The defenders are not. But but here’s the thing I’m gonna close on on this slide, and I hope this makes sense.
Even when an attacker gets to the so called crown jewels, even when they get to what they want, there are multiple steps after what we call the action on objectives. So here’s my closing comment on these two slides. Again, I came at you fast.
All is not lost even when an attacker is in your environment. They still have to go through a bunch of hoops to get to action on objectives. And then we, including us at CyberMax, can help you recover quickly and get operational.
Yeah. Well done, Brian. So we we wanna go to the next slide.
Yeah. And I just wanna add one thing to that. I I love what you said, Brian. And, you know, kinda to sum up the slides that you were just talking about.
So about ten years ago, you could draw a big circle around your entire environment and put a firewall there, and you were secure. Since then or maybe fifteen years ago, I guess ten years is too short of a time. Fifteen years ago, you could do that. But now you cannot do that anymore.
You, instead of drawing one big circle, you have to draw lots of little circles around all of your environments. If one of your defenses fails, there’s another one there to back it up. In the military, it’s called a defense in-depth strategy because you have your primary form of defense, then you have your secondary defense. If that fails, you have your tertiary, and then you have your emergency.
So you’ve got backup to a backup to a backup. And it translates into the cyber security world beautifully because that’s what we do as CSOs, as CIOs in a company when we’re guarding our company and guarding our employees, we create the same circles lots of little circles all around our environment because if our firewalls fail, our managed detection response will kick in. If that fails, you know, we have another a sore or an XDR will kick in. We have layer and layer after layer and after layer of defense set up so that the bad guys can’t penetrate through.
And that is the whole point of a defense in-depth strategy. All these solutions that you’re seeing on your screen right now, they fall under the big umbrella of defense in-depth.
So I’ll I’m That’s a great that’s a great point, Samir.
You look at like, to take that chronological history of what’s happened over the past ten to fifteen years, like you said, where it was at, you know, castle mentality, everything’s on prem. We could wrap one solution around it that effectively solves all the problems. A lot of what we’re looking at on the screen didn’t even exist. Like, the terms didn’t even exist.
And that evolving nature of what has become the the the reality of of a cybersecurity practice now is continuing to shape what we see around compliance like NIST and CMMC. And that compliance industry as a whole, if if if you’re on this call and you’re thinking, alright. I sell a lot of cyber now, but I wanna do more, or maybe I don’t participate in cyber as much as I want to, and I simply wanna take the customers I work with and expand across the org chart. The what’s driving that is a lot of compliance measures, compliance as a service in the market, all the acronyms that we’ve learned to live with is kinda acronym hell that’s come into the world.
That’s what’s driving the, you know, guiding light of how you’re building fundamental security posture. So if you think about what we’re looking at on the screen here, it’s really built around what a cyber insurance premium and checklist would look like. If you’re going through, again, that chronological history. Right?
Ten years ago, cyber insurance was a one page doc that you said, we’ve got firewalls. We’ve got email security. Here you go. Now we’re looking at fifteen, twenty page documents that not only are more tightly measured in terms of audit and integrity, but require a robust bundle of solutions to be able to accomplish it.
BYOD is driving that. Remote work is driving that. Shared networks are driving that. And it touches the OSI model from top to bottom.
And what we see as a fundamental way to start that conversation, we’re gonna touch on that a bit. Starting the conversation, growing opportunities, being able to drive CyberCells. What we see to be able to start that is going to prospects, customers, and saying, what we’re gonna share on this screen, just like we’re looking at, that we’re gonna share with the rest of the the the the attendees after this call, is we can start at a practical level and say, we don’t have to sell anything. Let’s just talk about what exists today in current state of affairs and what the goals are long term.
We know it’s probably gonna be phased. How do we accomplish that in due time?
And if if, Chandler, if we go to the next slide, we start to look at how we can position this. Right? And the key phrase at the bottom, cybersecurity is top of mind for all of your customers, your partners, and everyone that’s investing in some form of of technology. You look at what Gartner says.
Gartner talked about CSOs as as a role. Right? Chief security officers. Forty percent of CSOs have a legal or accounting background.
So they’re not necessarily a tech background. What does that mean? Why why is that important to talk about? Because we’ve perceived these decision makers and buyers and influencers across SMB mid market enterprises being these highly technical bits and bites decision makers. And, really, they’re looking at what kind of outcomes are they seeking. They’re looking at minimize minimizing risk, being able to limit exposure when it comes to what their threat landscape looks like. So something that that third pillar here, if we look at hackers continue to use more sophisticated techniques.
What is happening across how hackers are integrating their efforts into the market? It’s no longer, you know, a couple of people that are in a basement trying to hack into an Intuit QuickBooks account for a construction company down the road. These are robust, expansive organizations that have w two payrolls and HR departments. We’re talking about trillions of dollars of exposure in the market when it comes to cyber risk.
So we’re going against AI coming into the market that are creating tools that are more sophisticated with large language models every day going after exposure on the customer side, and we’re combating that. That’s what we’re thinking about every day. Our product team at CyberMax. How do we combat that?
How do we stay ahead of that? And regardless of if it’s SMB, mid market, or enterprise, the decisions are effectively the exact same. We wanna be ready for the future and battle tested for when something does happen, but also be able to maximize what our investment is now.
So, Chandler, if we go to the next slide, we start to think about, alright. What are, you know, what do these investments look like now, and what’s the primary driver of what’s happening? Security operations or SecOps, as you you’ll hear that often said, is is everything in and around technology investments that you’re gonna see in the future. It’s what you’re seeing baseline for budgets as we speak right now, q four going into twenty twenty six. And that’s email security, data center colocation. Quantum spending is gonna increase five percent, cloud security, endpoint security. But all of that wraps around the sec ops conversation, security operations, which has been molded into what were segmented teams in the past that now all share the same amount of responsibility.
So you could be a one hundred user company or one hundred employees. You could be a twenty thousand employee company. And a lot of those scrum meetings where they’re at the whiteboard and they’re talking about what do we need to do? What do we need to fix? What do need to patch?
They sound effectively the same. And what they’re looking for, if you’re looking at positioning cybersecurity, how do we participate more? What do we need to do to sharpen our sharpen the edge a little bit as a trusted adviser that can come in with a robust set of solutions? What they’re looking for on the customer side are the ability to not think about the products and solutions as a at a product level, but what is the experience to their team?
Their internal teams, are there is their life getting easier? Is it getting harder? Is it gonna be simple to integrate and work with this new product or vendor or service?
The answer to that always has to be it gets easier. So what are companies doing now? If we go to the next slide, Chandler, we start to think about reality of what we’re seeing in the market. And these are all data points that are visible on Google Chrome searches, and you can find these in the market.
We’re not trying to position anything that’s not that doesn’t have integrity. These are true facts. So right now, fifty percent of the market companies so call that one hundred employees to maybe two thousand employees. Let’s use that framework.
Fifty percent of mid market companies now are using managed detection response or SOC services. It’s the same effectively the same thing.
Next year, that number is expected to go to ninety percent. That’s per Gartner and Forrester, two of your leading industry insiders when it comes to data. So an almost doubling of mid market customers that are saying, we understand we can’t own this entirely in house.
We can’t continue to try to make this work and be protected as a company. We need to rely on partners and suppliers to be able to do this. Fifty to ninety percent increase. And you gotta keep in mind, seventy percent of the market GDP as a whole is mid market customers. Customers. We’re not talking about an SMB increase here. We’re talking about what is the majority of companies in the market, fifty to ninety percent.
What’s driving that? Like, what’s that key catalyst? The talent level is unsustainable.
Point zero eight percent unemployment rate for SOC talent. So network engineers, system engineers, security analysts, that category of talent. Companies can’t can’t not not only are they having trouble hiring them, they certainly cannot keep them.
What we focus on as a dedicated SOC provider is being able to retain that talent, continuously recruit that talent. Mid market companies are having so much difficulty with that. Samira, you guys probably see that all the time. That has to be one of the key indicators of how projects start.
Right? So you think about that capacity driving the market. The average size deal for a mid market customer when it comes to security operations in that sec ops category, forty almost forty five thousand MRR.
And these I I think it’s really important as as we look at this category of cybersecurity and that the the lift that it takes. Right? It’s more nuanced than traditional products or services that may be active in channel. We’ve built and assembled our entire team to be a channel first, partner first motion.
So every time we join a call, that first impression matters. We understand that. We’re treating these end user customer calls the same regardless of what the size and scope of the opportunity may be because they’re always so nuanced and vast. It may start with a professional services conversation around pentesting, kinda like Brian was talking about.
May get into GRC. Right? We have to companies have to rely on third party for GRC.
And then it evolves into that bigger SecOps focus and whatever capacity, that that may be. And as we look at, you know, those key pillars of how to start those conversations, what it means to, cross sell into these accounts that you’re already working with, not necessarily going after new logos. Chandler, we can go to the next slide for the reason that’s happening.
That social pressure across the c suite has never been higher than it is now for the entire organization to understand, adopt, and know how to manage cybersecurity efforts within a particular company. It’s never been higher. It’s only getting higher. A lot of that’s driven by the media.
We’ve got that as that’s an alibi that exists in reality. Right? The media is talking about it all the time. But if as you think about if, you know, if contact center connectivity has been your background, the the buying segments in those in those, organizations can be different than cyber.
Right? Maybe more the COO, etcetera. Now we’re looking at a shift into everyone has to worry about cybersecurity, not just the CIO or CSO or CTO maybe.
It’s the entire work truck.
Fifty percent of the deals that we work on involve someone else from the c suite participating in that deal in order for it to get across the finish line. May maybe the CIO is the technical champion out of the gates, but the CFO comes in at the halfway point, he or she helped drive that decision. The balance sheet is impacted by it regardless. So that audience expansion across the c suite and the leadership at mid market enterprise or SMB companies is only getting higher when it comes to that cybersecurity hygiene.
We can go to the next slide. Brian, you wanna talk a little bit about some of those opportunities and what we’re seeing?
Yeah. Here’s conversation starters, icebreakers, if you will.
What measures do you have in place? These are opportunities to ask, listen, learn, and then solve.
What do you have in place?
Hey. We’ve got some basic firewall. We’ve got a a SOC provider that we don’t particularly care for.
We’ve got two people in the SOC, and we’re not twenty four by seven. We need to go twenty four by seven, three sixty five. That was on one of Tyler’s previous slides. So what what do you have in place? Ask, listen, learn, solve.
Maybe there’s an opportunity that maybe they’re unhappy with their endpoint. Maybe they wanna go to a managed endpoint, which is something, you know, organizations like us offer.
Do you have in house an in house security team, or do you outsource it? That gets to who’s the incumbent? Are you happy with them? Is there a rip and replace opportunity?
Is there an opportunity to augment your in house security team? So we were working with the TA in South Carolina. The TA identified an opportunity where the the customer was eight eight to five. They needed somebody to stand with them, so we were able to help.
So that’s really behind, question number two. Do you have a team? Do they need help? Do they do you wanna outsource it?
What tools and services are you using for threat detection and response? So they’re gonna say, hey. I like CrowdStrike. I’m happy with CrowdStrike.
I like SentinelOne. I’m happy with SentinelOne. Or they’re gonna give you the opposite.
Then they’re gonna say, but or and the threat detection response is working great or it’s not. These are the door openers. What tools do you have? What services do you have?
How are you doing threat detection? And most importantly, response. So let’s hover over that for a second. A lot of organizations will say, we do MDR or we do incident response, but what they really are doing is alert forwarding.
What you’re looking for is somebody that’s gonna stand with you and respond to an incident all the way up to and including digital forensics incident response. Do I know what’s happened? Do I know what the blast radius is?
Is this attacker out of my network? Yes or no.
That’s what you want out of a response provider, and that’s a really important area to hover on as you work with prospects. Understand what does response mean to them and what do organizations like CyberMax, for example, bring to the table that helps them with response.
Man, what is this?
To touch that, just to jump in, we’ll keep it interactive.
I think that as you look at and we see it all the time. Right? As you look at the two pieces they’re really looking for customers are looking for answers on. They wanna make sure what they have works.
That’s number one. Like, is it really working? And then the second piece is how are they integrating that to ensure delivery from anything internal that they’re working on? That’s effectively, like, the two the framework of everything.
So if you think about visibility is number one they want. Is it working? Do we have full visibility on that? Secondly, have we overcomplicated it, or have we simplified it?
Every project that you’re gonna see around SecOps, in my opinion, tends to revolve around you probably see the exact same thing.
This visibility isn’t working. So we don’t we’re not having to get into the product piece. Right? We’re not having to talk about setting what EDR tool.
It’s effectively a process control effort around here’s what we have. Do we know that it’s working? If we have doubts around that, let’s test and measure it. If we if the executive summary and outcome of that test and measure demonstrates that it’s inflated, your tech stack may be inflated, there’s too many holes in the Swiss cheese stack that are allowing things not to be monitored or measured, that’s effectively the baseline of every SecOps project we’re ever gonna see.
Yeah. That you use that word, the the outcome word. And that’s that’s really what I think question number four helps drive. What are the challenges?
What are you looking to accomplish based on these concerns? Is it resiliency? Is it the ability to respond? Is it the ability to meet a checkbox with your cybersecurity or your cyber insurance?
What are those challenges and concerns? And focus on those outcomes, not the products, not the service providers, etcetera. And then, ultimately, you know, this is this is at the heart of SecOps. What’s the process for handling alerts and incidents?
What’s the flow? What’s the escalation? How do you contact everything from legal counsel to public to public relations to your insurance provider. How do you what is the point where you decide?
Do I need to do a forensic acquisition? Do I not? What’s the process? And if you feel like you need improvement, that’s where you say, I have the way, a way that I think can get you from either bad to good or good to great.
Yep. Excellent.
Yeah. Next slide.
Yeah. Next slide. And, Graeme, Sumera, we’re we’re gonna kinda close it out with this. Right?
You know, as a reminder, CyberMax partner first, channel only focused company. Here’s our deal registration info. As we share the slides after, there’ll be hyperlinks included, everything needed to be in to get in touch with our team. And if it feels appropriate to everyone here, we can open it up to q and a and make sure we review the chat history and answer anything needed.
Yeah. Sure. I can actually, thanks thanks, Tyler, Brian. Thank you for all your insights and valuable inputs. So as we look at twenty twenty six for cyber investments, in your opinion, what are the top compliance drivers that you’re seeing that are forecasted for twenty twenty six?
Brian, do you wanna take that, or do you want me to take it?
You start. Let me think on it for a second.
I mean, I think if you look at CMMC two dot o and what’s happening around that, that’s probably driving almost all of it. Right? And now you’re almost regard irregardless of if you’re just focused on Fed, government SLED, that that’s starting to impact what NIST controls are expanding to. You get over a hundred and twenty NIST controls now.
Anything identity centric is gonna become the focus point of how cybersecurity postures are gonna be measured going into twenty twenty six hour. So identity centric at a network level, an application level, an endpoint level, that’s where the biggest exposure is across the threat vulnerability landscape. Browser based domain attacks, everybody using SaaS creds, like work email to log in to applications, everything identity centric. So if there’s one topic we wanna expand on with our customers and prospects, how are they looking at that zero trust identity centric volume play across the entire stack, not just at an email security level.
So true. Yeah. What about, the increasing demand for, professional and commercial hygiene and cybersecurity awareness within companies? Do you think that we’re at an overall low, medium, high for for individuals, employees to be aware of cybersecurity and the threats that come in? And do you think the companies do need to ramp up? And is that an in for to into a company to sell security?
Brian, you want that one?
I think it’s an in for sure.
I think that cybersecurity, and we had this on one of our slides, is no longer well, we we have a place at the board with the board.
We have a much more elevated position than we did when I started my career when we were just enthusiasts and frankly kinda weirdos.
Present company company included for sure.
But I think we are far better and far more mature than what than we used to be. And this is me, the eternal cynic and pessimist. But we are better.
And when you approach customers and prospects these days, you will encounter a much more sophisticated and mature buyer who is much more aware of what they need to do with respect to those outcomes than even ten years ago.
So that’s a net positive, I think. Samara, I think I answered both parts of your question. Yes?
You did. Yeah. Thank you.
Yeah. That’s a rarity for me. Really appreciate the insight today. Just a couple of quick questions in the chat I wanted to hit on.
Tyler, Brian, jump in, whichever one of you guys wants to handle this. You guys have a sweet spot, like a a specific customer profile that you’re looking for, something that, you know, is an ideal CyberMax customer. We got that a couple of times in here. Something that you guys really feel like you excel at?
Yeah. I mean, I I think one thousand to five thousand employees is what we would say is, like, our framework. We’ve got customers that are as small as two hundred, users. We’ve got customers much for end of the six digit range.
Right? But the what we tend to see that mid market focus, one thousand to five thousand, users, and that’s that mid market approach. Right? Graeme and team, it’s like, hey.
They have a small IT staff. They’re still looking for high compliance measures that need to be met. But, yeah, like, one thousand, five thousand employees.
Perfect. And then last question to wrap us up here. Got a lot of folks. We got Portugal. We got the UK on the call here. Do you guys operate internationally worldwide, or are we, domestic only?
Worldwide. So we’ve got operations in Ireland. We see a lot in the EU.
Stock location, Brian, in Philippines, I believe, as well. So yeah. Yeah. So, yeah, international. And mid market customers expand to that capacity too. Right? We always think of mid market as local and domestic, but they absolutely have operations globally, and we support them.
That’s awesome. Well, guys, really appreciate it. Great session. Loved hearing about this one. I thought this a lot of great information.
As someone who knows a little about cybersecurity, but, you know, obviously, can always learn more. I I got a lot of insight out of this one. So really appreciate it. Hopefully, you guys can stick around a couple minutes to work the chat for, some of those outstanding questions in there.
And, of course, folks, if you missed some of the presentation, don’t forget it’s been recorded, and you can get it all from Telarus University. Sumera, Brian, Tyler, thank you so much. We appreciate you guys doing this today.