HITT – How To Turn AI Adoption Into Security Conversations That Position You as a Trusted Adviser

I’m excited to introduce our cybersecurity leaders today because they’re gonna show you guys how to turn every AI adoption, cloud migration, and digital transformation into a security conversation that positions you as the trusted adviser your clients cannot live without. Joining us, we have Sumera Riaz, our VP of cybersecurity and Trevor Burnside, solution architect for cybersecurity. Together, they’re gonna be here to hand you the framework, that turns security from a compliance checkbox into a growth engine for your practice. So, Sumera and Trevor, thank you for being here, and I will hand it over to you.

Thanks, Cassandra. Thank you for that warm introduction, and hi, guys. So great to be with you guys again. Trevor, how’s it going for you this morning?

Yeah. Good to be back. I feel like we were just here, but, time flies apparently.

Yes. Well, you’re having fun. Hey. Have you did you hear about that blind man who went bungee jumping?

It’s all over the No.

Well, guys, he loved it, but it scared the heck out of his dog. That was a joke, by the way. So people waking up, come on, guys. Stay with me here.

Chandler, can you go back a slide? I think I went too fast.

Dad joke for the win. I know. I love that joke. Well, the reason I said that joke is because that is the life of a CISO. We we’re this poor little dog that you see on your screen, that was my life for over ten years.

I’m I was a service dog to a lot of happy blind people who love bungee jumping off a bridge. So because human beings, have a you know, they, create more risk, right, in an environment. They click first. They usually don’t think about it.

Bringing their own tools, shadow IT, unapproved apps, and it’s all for good reason. They wanna make their lives, more convenient. They wanna get to their work done faster. All understandable, but it does create a risk in our security world and of course then sharing is caring.

They love sharing passwords and client data and personal emails, sensitive files, all of that makes for this poor little dog extremely scared every day. So it is a risk. And the reason and you’re probably thinking why is she telling us all this right now? The reason I wanna share this with you is because I want you guys to get into the mind of a CISO.

So here’s what happens. Right? So I’ve been on the other side of the table when I was pitched to by wonderful vendors with awesome and beautiful solutions, and I bought them. And it was one of the biggest mistakes I’ve made because it wasn’t a fit for my environment.

So I’ve been there to where on the other side of the table from you guys even to you know, for buying solutions. And what happens is to a CISO, when we do this long enough with with suppliers and buying the wrong solutions for our companies, we become really jaded. So part of, you know, going into and I’ve heard from many of you that, hey. It’s a little uncomfortable, that conversation, or it’s, you know, it’s high risk, high stakes.

You’re absolutely right. It is. Because you’re going in front of a person who is skeptical, guarded, jaded, but there is a way in, and that’s that is what I wanna leave you with, today, Trevor and I do. It is that power of perspective.

Right? Because when you’re in that mindset, when you understand their mindset, it’s gonna create empathy. And empathy, guys, that is a powerful tool to have in your toolkit. It is, because empathy creates a new perspective.

New perspective gets you in conversations that you wouldn’t normally.

You’re going there to help a person like this portal service dog out of its misery and say, hey. I’ve got stuff that can derisk your environment. I’ve got stuff that can lessen the risk in your environment, and you’re leading in to help them. You’re leading in to serve, not to sell. So I’m gonna try to help shift that mindset a little bit, get you in bigger security deals, and hopefully grow your book of business.

So with that, we move to the next slide.

Starting with outcomes instead of technology. So I love responsible selling. Right? So I think a lot of times when we lead with outcomes, the reactiveness kind of kicks in for all of us. But I think we elevate our minds to from reactive, let’s go to responsible selling, where we’re actually listening to the client first and then bringing the advice, the clarity to the table that is so needed in their in their world.

Trevor, will you add something to that? Yeah.

I think from, like to me, this slide’s important, this is the the value of the channel.

And, you know, there’s a lot of people probably on the call who said, like, you know, I never sold security or I have sold security, but, you know, it wasn’t it’s not something I focus on. I’m kind of still you know, I’ve got some trepidation about it. I’m not completely confident in some of these solutions. That’s all fine.

I think focusing on the value of the channel is where you’re going to resonate still. I whether that’s, you know, UCaaS, CCaaS, whatever the technology is. Today, we’re gonna be talking about security, but focusing on the the value that the channel brings to decision makers. And today, we’re gonna be talking about the CISO, obviously, or IT decision makers.

Sometimes that’s the IT director. Right? If they don’t really have a CISO, that’s pretty common.

Framing the conversation, one, around them, what’s important to them, what’s important to their business, and building that relationship to understand what makes them what governs their business, what’s gonna change, or what, determines how they, you know, purchase technology, what are their buying decisions, all those things is where the channel shines and where we see it win over and over and over again compared to direct sales or or other different channels is building that relationship, getting to know the business, and then making tailored recommended solutions that are gonna be a fit for them. If we like, it says, number one, delay solution talk. A lot of us are technologists. Right? We we love the technology. We wanna go right into it.

I fall victim to that sometimes myself if I see something cool, and I just I wanna talk to people about it and tell them, oh, this is I wanna show you how good this is gonna be for your business. We can’t have that conversation about how those things are gonna fix the business if we don’t know the problems, we don’t know the buying decision, the the culture that that business has.

Because sometimes we’ve been where we’ll lose deals because we don’t understand the whole picture, and we skip that part. Right? We go straight to the technology, and we lose the deal. And we think, how did we lose this deal? Well, it turns out there’s other things affecting that buying decision we may not have known about, and so we skip that step. So delay the solution talk, get to know the business, understand what’s driving them.

I would add, Trevor, get to know the business and get to know the person. That is what whom you’re selling to, right, is is that person. And when you can get into their minds and when you can see world through their eyes, I think that road map then becomes pretty clear.

And then yeah. Absolutely. And and then to the point number three, frame problems before products. Too many times that you mentioned actually with CSOs, right, or or even really anyone in in IT is getting pitched all the time.

Basically, you know, solutions looking for problems, like getting told, hey. You’ve got this problem.

We can the channel is really good at changing that narrative of understanding the problems that the business has that they’ve already identified and then bringing a solution to it, not the other way around.

Exactly.

We go to the, so what what we, to kinda sum up this this conversation real quick, we wanna start with risk. Right? Because that is if there was no risk, there will be no security. So it kinda goes hand in hand. And the way we enter into a conversation to your point, Sherry, great question there. You know, security conversations are difficult to begin because a lot of times because we’re looking at a solution and then going into the problem. But if we go relationally and go with the risk, most of you guys on the call today, you guys own your own businesses.

What keeps you up at night? It’s losing the business. Right? Losing the revenue. What happens if, god forbid, if x y zed were to happen?

That is exactly what keeps CSOs up at night too. What what happens if somebody breaks into my environment? What if I don’t have control over any of our systems anymore? How many people will be laid off work?

Like, that is a reality. They are living every single day, and that that’s a relational thing. That’s where empathy comes in. You guys the thing is you guys already know it.

I’m just I’m just gonna bring to the surface the hidden talents you already have so you can go in and score these conversations. And, of course, use us as your buffer. Like, if you are nervous in one of the conversations, get with us. We’ll we’ll go with you.

We, love to join, you know, forces with you and and do it together. So let’s go to the next slide where we’re gonna talk about some risk. Right? So the rise of shadow AI and unmanaged agents.

So you’ve got two things going against a security leader at this time. You’ve got human beings that are, you know, acting all crazy, which they always do.

And then you’ve got the shadow AI part, the unmanned agents that are now creating almost doubling or tripling that risks that already existed, which is which is a nightmare for for any security leader. Eighty percent is according to UpGuard in, twenty twenty five, last year’s stats, eighty percent of unapproved AI use. Wow. I mean, if that doesn’t wake up somebody, like, you know, that that’s a lot. That’s the attack surface expanding by eighty percent.

Thirty eight percent sensitive data shared. How many companies today are are out of compliance and don’t even know it until they get a notice from the SEC saying, hey. By the way, look at what we found. Now you owe us a gazillion dollars.

So it’s it’s so critical. Data leakage, data protection today is, you know, is critical. Right? Average breach cost, six hundred and seventy thousand.

So these numbers have just come in. They’re coming in hot. It takes about one quarter to get, these stats from the year before. So IBM, of course, always top of the game with the numbers.

Last year’s final numbers are an average breach was six hundred and seventy thousand dollars. That’s one breach at six hundred and seventy thousand dollars. Most small businesses would not survive that. They will not come back alive after they’ve gone through something like that.

So your jobs is is more critical now than ever before because you are you’re you’re the good news bearers who can go in and tell them, hey. We’ve got we’ve got solutions to help. We’ve got solutions to help derisk your environment. Just give us a conversation.

Right? And then sixty percent sixty three percent, no AI policy. And by the way, the coolest thing I like about these numbers, I know they look bad. The coolest thing is this is exactly the revenue builder.

This is the revenue streams that we’re looking for. The numbers are bad, but our solutions are good. And we can provide help and and get them aligned with the good suppliers who are gonna lessen some of these risks.

Back to your your point, Sumera, though, about, you know, CSOs, you know, watching people jumping, you know, bungee jumping. They’re and this is I mean, we’ve talked a lot about this before. The industry is talking about this.

CSOs and and IT directors are facing more pressure on both sides than they were happy for, which is the actual end users, right, which is why we have so much unapproved AI use because, you know, people see this new cool AI thing that makes my job easier. I’m gonna use it even though our accept lease policy says we can only use Copilot or something. Right? Or none maybe nothing at all.

Or they don’t even have a policy and people are just going for it. The other side of that point is, hey. The CEO, the the the board, the the board of directors are pushing the company to adopt AI to be faster, to be leaner, to, you know, do all those things. And the CSOs and the IT, the security leaders are caught in the middle of trying to basically stop the holes from like, plug all these holes, right, of of data leakage and then also appease, you know, the the powers that be to adopt this stuff.

So it’s it’s a really tough time right now, and I think you guys are in a great position to help.

It is. And I and that’s notwithstanding the skeptical CSO. I was, reading a book, and it was, James Monroe, actually. It was one of our presidents.

He said preparation of war is a stimulus for suspicion. And I’m like, yeah. It is because CSOs every day are preparing for war. That is what we do, and that makes them obviously very suspicious people, as I’m sure you guys have, encountered.

So our job, Trevor and I and the security team at Telarus, our job is to help you overcome that roadblock and obstacle and take real help to CSOs who need it most right now.

So if we go to the next slide, please.

Not all AI is created equal. We’re gonna I know you guys are probably sick of hearing about AI. We’re like, everywhere we go, it’s AI risk. But this is just hang in there with us for a little bit because this, I think, you will find very interesting and very, complementary to what you’re already learning in other practice areas.

So not there are three main ways that AI is sold in the channel today in the world today, actually, not just channel. There’s three ways the three uses of AIs, three mainstreams. Generative, that’s creating content. Agentic AI, that is automating.

And then AI agents where the it’s like an AI worker in your environment, in the client environment. And all three of these are different tool sets, different mindsets, and three very different outcomes. And each of these comes with a with its own set of risks. And if you know which one your client is going to purchase, you can then position the right conversation at the right time.

And in the room of, like, you know, in the room of complexity, you can you can command that room and walk out with clarity and a deal. So if we go to the next slide, please.

So this is I know it’s a lot of content on one page, but I wanted to give you all just a high level of what what do workflows look like under each of these. Generative AI, agentic AI, and then this is an actual AI worker in a in a company.

So three three tools, three risks, one conversation. And like I said, understanding the difference can help you help the CSO make a very cost save a very costly mistake. So I’m not gonna read through all of this, obviously. This is for you to kinda look at, peruse through different different workflows for each of these.

What I will highlight here are the risks that are associated in each of these environments. If we can go to the next slide for that thank you. Know the risks and ask the right questions. So for generative AI and agentic and AI agents, I’ve there’s three bullets under each of these.

So, for generative, let’s start there. Data leakage from prompts, sensitive data and outputs, model misuse, or hallucination. So the risk is the risk, what could go wrong? Trevor, what would you if you were an adviser going in and your client is looking at buying generative AI, what would you where where would you start?

What would you ask?

I know I’m giving you a cheap question down here. But how would you start that conversation?

Well, I think part of, you know, why why it’s helpful to look at the risk and to consider, you know, what could go wrong is you’re getting in that mindset of of the actual buyer or especially on the CISO side. One of, you know, hey. I’m going to pitch a solution, and that could not you know, that could be across technology portfolio. That could be, again, UC, CC that’s using generative AI to do certain things.

And a lot of times, you’re talking to buyer that says, this is great, and then it goes to the the CSO or security arm to do a vendor evaluation, and then you get blocked. Right? Because we haven’t addressed the risk. So I think addressing the risk upfront is helpful.

You’re gonna get over that, you know, the initial, I guess, security wet blanket of, hey. There’s too much risk here.

So a lot of these things that we can from a prospect or a sales perspective in the in the portfolio already address a lot of these things. They they address prompt injection. They address where you they can filter out sensitive input, you know, sensitive data, see Social Security numbers, you know, things that shouldn’t be in an LLM. A lot of the solutions that we have in the portfolio can actually filter that stuff out and address those risks.

So, there is a, to me, the generative AI scenario is you can have those tools. You can you get the benefit of using a generative AI, and in our portfolio, have the guardrails in place that address a lot of the risk areas that you don’t get if you just go sometimes straight to an LLN. Or you’re you’re relying on them to basically, they say, we’re not gonna use your data for for training. You know, you you’re basically taking the face value that that’s true.

Right? But, obviously, we’ve seen some class action lawsuits that may or may not always be the case. So using some of the platforms that we have in our portfolio, can address those risk areas and overcome those and be able to, you know, take advantage of the benefits of of the generative AI.

Also, to to what’s the adviser question, a lot of these companies are already using an OpenAI or a Claude or something like that directly. And and, you know, an enterprise agreement with or an enterprise account with Claude gives you a lot of benefits.

With some of the solutions in the portfolio, you get additional guardrails like I’m talking about. You get additional visibility.

And depending on how those companies are built, like Ping and I talked about, before we get into the conversation about the the technology, how are they gonna use the technology? How is that you know, how many remote users do they have? Are people even going on a corporate network? Because if they’re not, we gotta talk about the different ways that we gotta address the risk because the profile changes.

Exactly. Exactly. And then some questions at the bottom to get you guys started is, what if the agent makes a bad decision? How do you how do you, mister mister client, know when an AI goes rogue?

What what, solutions do you have in place to to highlight that? Right? So different ways to ask similar questions. Like Trevor said, the main, issues right now for risk that exist, whether it’s cloud, edge, AI, whatever new technology comes out, there’s always gonna be risks introduced into the landscape.

And the the what’s at stake is always gonna be the same.

One is data. That those are the crown jewels for any company. And then the second one is a complete total takeover and shutdown of the entire IT environment. Those two are gonna be the most important things no matter what technology comes to comes into the world. So if we can solve for data and, the this complete environment lockdown, those are solutions that your clients are looking for today. And we’re gonna get into that in just a minute. If we can go to the next slide, please.

Customer reality. This is what you got this is what your clients are struggling with today. Vendor overload. Lots of you’ve already seen it in your, in your clients today is they have multiple line items of licenses that they’re buying different I mean, I one of the I was at a client call last week.

They had over a hundred and twenty five vendors for just for security on an Excel, and they’re like, we don’t even know who we’re paying and why we’re paying them. And that’s kinda where the and that’s a good conversation. Right? That’s where it starts to bring clarity into their complex worlds.

Expertise gaps. They don’t have an internal team or a very small internal team. And even if they do have good security folks that they have trained, it’s such a revolving door in the practitioner’s world because they’re everybody’s always looking for good security people. So chances are those folks will be poached in no time.

So, positioning a managed services provider is key here, especially that will, gap that expert, hole that they have currently. Compliance pressures. You guys know that compliant pressure are compliances are changing every day. The thing that’s happening, guys, is the laws of the land are not able to keep up with the innovations of man.

That is why compliance becomes the necessary lever at this point to regulate things. Until the laws catch up to the innovation, we’re gonna be in this, gray area. And compliance is all all companies have to rely upon because compliance is that, hey. I trust you are following this compliance measure so that we can do business with you because you are following that. So it becomes that handshake of trust until the laws catch up, unfortunately.

That and that’s why it’s so important for companies to be compliant. Insurance requirements are going up.

When two years ago when I was a CISO, insurance when you file a claim with insurance, a lot of times, they didn’t come back and audit your environment to see they’ll actually cover you. They just took your word for it. Yeah. You’ve got thirteen controls that are required. We’ll, you know, we’ll we’ll accept your claim.

Not anymore. Insurance companies are not going back when a company files a claim, and they are actually auditing the company to make sure all the thirteen controls are in place or else they’re they will, decline that claim. So that is, you know, in one way, it’s good because it encourages the companies to do better, to to make more budget for security. And on the other hand, it’s tough too because if there’s a company out there who might have missed a couple of days, whose MFA might have been down or, you know, IAM may not have been working properly, they their their claim won’t be covered. So it’s it’s kind of a catch twenty two for companies right now.

And then paralysis, I see a lot of this, and I’ve seen it even in my own life.

Paralysis of analysis analysis of pro what however that goes.

It’s you don’t know where to start. And the way we get to that point is because we have so many things going on at the same time, we just we have so so much to do on our checklist. We don’t know which one is where where do we start? Where, you know, where’s the best place to start?

And that’s when you guys are so critical. When I, you know, when I when I tell you, like, where have you guys been all my life? I mean it because it’s it’s very difficult to go it alone for security leaders out there. They need somebody they can trust, and you guys are in the right position to do so.

Lack of visibility, probably the most important, one out of all six of these because you can’t secure what you can’t see. Your CISO has gotta be able to see it in order to in order to create defenses against it. Right? Otherwise, it’s all theoretical.

In theory, every one of us who has been a security leader, we all have our battle plans, and they change from week to week. We have to be agile. We have to be able to move with given the global pan global pandemics, wars, threats that are coming in. Our battle plans will change every day every week.

So but visibility is what we need in order to create the plans that we know are gonna hold and work. So and that is you bring in we have such great MSSPs in within managed service security providers within our portfolio that bring that visibility into your CSOs environment so they can have a single pane of glass and say, okay. This is where my network is today. This is what my endpoints look like.

This is weak. This is where I need to beef up my defenses so that I can stand on the day of battle.

Next slide, please.

I was just gonna say real quick.

Kinda harping back to what I said earlier. Those those questions or asking questions around those pain points is where the channel, like, excels. This is where we win when we see the advisers get involved and find out in the business what’s going on. All of those things that those pain points, we I talk about those ad nauseam with customers every week.

No one is is exactly perfect when it comes to security. There’s always something that we that’s on the horizon they have to go after. A new compliance, you know, where we’ve got a vendor review. Now we’ve got too many vendors.

We gotta reduce our vendors. Now we’re getting Microsoft e five. Do we do we have too much gap? Like, we need to make you know, we have less budget this year.

There’s always something to talk about, and it’s always a business conversation that’s gonna get us in the door to to to win, really.

Too many times I’m seeing emails of, like, you don’t have enough people on your security team. Well, that may not be reality. Maybe somebody’s fully staffed, but they don’t know what’s coming or they’ve got they don’t have visibility east west in the network, and they they’re not sure where their data’s moving or how it’s moving.

So that’s why I think the channel’s positioned really ideally when it comes to security sales and why we’re seeing a lot of wins lately.

Awesome point. Thank you.

How to start the conversations? I know we’ve got a five minute timer going.

Cass is giving me the angry eyes. So the four questions that you see on your screen, where can you start the conversation? Again, these are situational conversations. These are not actually going into technology discovery.

This is just an icebreaker and opener on, hey. Who are you? Where you’ve been? Where you headed?

Though, these are the type of con these are the type of questions you wanna know. And then you listen for the answer, and that’s gonna guide you to the next question you wanna ask. And, Jay, I love your response in in chat.

If you’re not a security expert, don’t don’t worry about being one because you’ve got the Telarus team who will go in with you and answer those questions. You be the CEO in the conversation. You bring the right people together, and let’s let us do the magic for you and take and take that deal to the next level. Right?

And you have like, I wanna harp on our engineering team because it’s the greatest in the business, over four hundred certifications. Trevor is one of them. I mean, it’s such a great depth and width of knowledge that for you guys to tap into.

And then, of course, our, next slide, please.

Our Telarus AI practice, I would be remiss not to mention this. Each practice area, we specialize for AI within our own swim lanes. So you’ve got, you know, next slide, please.

Here, you’ll see each area with the providers that are actually leaning in with AI, whether it’s a data protection to, data posture security management solution, or if it’s a SOC that has AI built into it, in the cybersecurity column here, each of the providers listed lean in with AI. Because Trevor said it beautifully the other day, in the near future, even in the now, AI can’t be without security, and security cannot be without AI. And these guys right here, they get it. They have AI built into their solutions so you can have AI battling AI. Right?

And then I think I’ll

Go ahead.

Something else that’s important. You know, obviously, we have cybersecurity, you know, is gonna be our focus and the vendors that that have security solutions built around AI into their defensive platforms and things like that. But a lot of these other vendors that we have in different areas include security in part of their practice of how they deploy AI. So Chris dot ai, for example, an agentic platform that’s already has guardrails built in that customers can take advantage of.

So there’s there’s a lot of security built into a lot of these different platforms. Front being one, for example, that we’re gonna talk about later today that while they may may not be a security vendor per se, they address a lot of the risk areas that we’ve been talking about when it comes to these different AI platforms. And in suggesting those, they have security built in to address the risk that your customers are facing. And rather than the build versus buy model, a lot of these options are going to have solutions that are gonna address that.

So I just wanted to call that out.

Thanks, Trev. And then last slide is, the Telarus advantage is what we talked about just a minute ago. Hundred percent vendor agnostic, got expert access to our SE team. We’ll do the heavy lifting.

Business outcome guided, we start with risk. We start with the business and then align to what matters most. And then, of course, we have a complete ecosystem. So any technology solution that that exists out in the world today, you can find it right here at Telarus.

And with that, questions or CAS do we wanna go and, talk about upfront?

Well, first and foremost, really great presentation, and I would never give you angry eyes. I love when you and Trevor are on. Absolutely.

No. Thank you for giving the advisers, I would say, more confidence, and frameworks can lead these critical conversations.

I definitely saw a lot of practical guidance that turns security from what someone had mentioned from a sale based on fear into a natural business discussion. Right? Like, it is something that’s so important for folks nowadays too.

Yeah. No. Absolutely wonderful job. If folks do have more questions, please feel free to reach out to Sumera as well as to Trevor. You know that our teammates are always here for you guys.