I recently attended a cybersecurity conference for MSPs in Tampa, FL called Right of Boom. It reminded me a little bit like Schnizzfest, in the sense that it was the result of grassroots efforts, and everybody felt connected by a common purpose.
The idea for this event began more than 18 months ago when Andrew Morgan approached me and Wes Spencer with an idea to start a cybersecurity podcast called The CyberCall. Our goal at the time was to raise the cybersecurity poverty level for MSPs.
The first week of the podcast, we probably had less than 100 listeners. Fast-forward to today, there are more than 4,000 subscribers to The CyberCall. The podcast has also reached more than 10,000 MSPs. To be honest, I don’t think we realized the impact of The CyberCall until we got to Right of Boom and saw how people reacted (I eventually lost track of how many people asked for selfies!) We’ve come a long way — that’s for sure.
The CyberCall community has attracted some great people, many of whom joined us at Right of Boom. Many MSPs and industry thought leaders attended the event, including Sounil Yu, author of “Cyber Defense Matrix,”.
Even though Right of Boom showed me how much progress MSPs have made on the security front, there’s still a long way to go. I learned that we need to have common terminology as an industry to communicate with customers and team members. Most of all, MSPs need to be able to communicate cyber risk to each customer in a simple and non-technical way.
At the event, I moderated a panel of two MSPs, both of which had been breached. It was an eye-opening experience for me and many of the people in the room. If you sat in the room for an hour and listened to the two MSPs talk through their experiences of having each one of their customers breached, you would change your talk track with your customers today.
The two MSPs discussed the math problems that were created by having to deal with so many customers, users, and servers at same time; the misalignment in expectations they had with many of their customers; and all the things they wish they would have done, planned, or documented for themselves and their customers.
Both of these MSPs now charge their customers a lot more — and the good news? Their customers are happy to pay, even the customers that pushed back on them in terms of spending before being breached.
I now have a deeper understanding of how hard “Right of Boom” competence is, so much of detect, respond and recover is people in process. This is the main challenge that you need to make progress on this year. Use the Cyber Defense Matrix, and order Sounil Yu’s book explaining it. It’s a great way to have your team and your customers visualize cybersecurity risk in a clearer way. If your customers care about how much you charge them, they don’t understand their risks — and that’s on you.
This is the year we need to get our arms around these concepts. To be clear, we’re not cybersecurity firms. Our role with our customers’ security is going to change over time as technology advances. Cybersecurity needs to be a part of our offering, delivery, and process. Just like the other things we do for customers.
Our primary role has always been to understand our customers’ businesses, reduce their risks, and help them capitalize on opportunities. This has not and will not change.