Building a Profitable Security Services Offering

Security is the number one concern of business owners today. This isn’t surprising, with all of the hacks, breaches, data thefts, ransomware attacks and privacy violations that we hear about on a daily basis. And those are just the ones we know about – according to the Online Trust Alliance’s (OTA) “Cyber Incident & Breach Trends Report,” cybersecurity incidents nearly doubled from about 82,000 in 2016 to 160,000 or so in 2017.

But the report also notes that this number could easily be more than double that, as so many breaches are unreported.

The necessity to thwart these cybercriminals and protect critical business, financial, healthcare data and more has created a tremendous opportunity for IT service providers to evolve to meet this challenge and benefit from a continually growing revenue stream.

In this 5-part blog series and its companion webinars, I’ll dive deep into the topic of building a profitable security services offering and cover essential topics such as the services that comprise different levels of security offerings; as well as how to lead with security to prospect effectively and set appointments, and how to price, position and sell these services. And once sold, I’ll cover how to properly On-Board new clients and share a strategy to continue to realize healthy ongoing security project profits and exponentially growing recurring managed security services revenues on an ongoing basis.

Part 1: IT Security Services Sales Process Overview

I’m going to begin our 5-part journey to building a profitable security services offering a bit unconventionally by starting with an overview of the sales process. But why start there, you may ask? Wouldn’t it make more sense to describe what security services are, then move on to how to select, bundle and price these services, and then how to sell them?

Maybe. But here’s why I’m going to buck convention here. And it’s a really good reason – trust me. Ready? Here it is. It’s because this isn’t a new topic or opportunity, in fact I’ve been talking about security for years now, and why IT providers need to jump in with both feet and take advantage of this tremendous opportunity. Through SPC International, me and my team educate, train and help IT providers build and grow MSP, Cloud and Security practices, and guess what? There hasn’t been the gold rush stampede to adopt security that I would expect. Not even a rush, or rapid walk – at least not with the partners I deal with. It’s almost like I’m forcing some of them to do something they don’t want to do. Why is this?

I believe the answer is because selling security is perceived by many providers as being significantly different (read harder) than selling managed IT services or the cloud. Well, guess what? It’s not. Really. In fact, the opposite is true – it’s generally easier to set appointments and close security business than it is for just about any other technology service we deliver. I guarantee it. I’ve trained partners to do just that, and their outcomes support my position.

This is the reason I’m going to start this blog series with an overview of the sales and On-Boarding process and everyone’s role in it, in the hopes that once I’ve removed the mystery and FUD about selling security, I’ll inspire providers to more objectively evaluate this tremendous opportunity to serve their prospects and clients by addressing their security needs…before someone else does.

Ready? let’s dive right in. Register for Webinar #1:

The IT Security Sales Professional

In a mature managed IT services sales model, it is the sales professional’s responsibility to execute each of the 7 steps of the sales process: prospecting, warm-up, qualifying, presenting, overcoming objections, closing and follow-up. Once the sales professional has set the appointment and warmed up the prospect, they will qualify them for their security services offering, using consultative sales techniques, in order to identify active and latent needs and pain, and determine whether they can be addressed by the sales professional’s offering; and if so, confirm that the prospect can allocate the budget needed to solve these issues.

During this meeting, the sales professional will document the prospect’s needs, as well as their infrastructure by using a tool such as a Network Information Form, which will help guide the sales professional in asking all of the basic questions needed to qualify the prospect’s infrastructure at a high level. This data will be used later to develop a solution, price it and ultimately develop a proposal for services.

If the prospect is qualified, after the meeting the sales professional will update their PSA or sales CRM solution with the relevant meeting notes and documents and request an onsite network or technical assessment be conducted by a technical resource in order to gather the balance of the information needed to accurately scope and price a solution for the prospect.

The IT Security Onsite Engineer

The onsite engineer that is tasked to complete the follow-on network or technical assessment will use a variety of non-invasive tools to scan for any security vulnerabilities that may exist, and identify workstations, laptops and servers and their operating systems and patch levels, along with other network-attached devices such as routers, switches, firewalls, wireless access points, backup devices and more, as well as line of business applications and critical services. This important information is then appended to the information in the provider’s PSA or sales CRM solution and made ready for the sales engineer’s review.

The IT Security Sales Engineer

After reviewing all of the data for the opportunity, the sales engineer will meet with the sales professional and onsite technician to ask clarifying questions in order to get a complete understanding of the sales professional’s intent and the prospect’s environment in order to scope and price the appropriate solution and options and develop a sales proposal. In executing their role, the sales engineer will also meet with the project manager to confirm scheduling availability for the On-Boarding project kickoff meeting and service deployment and remediation scheduling for the new prospect, should the opportunity close, and incorporates this information into the proposal.

The tools the sales engineer will typically use to price and configure the solution and develop the proposal include a pricing calculator, a Statement of Work or SOW template and a proposal template. Once the proposal and SOW are ready, the sales engineer will again meet with the sales professional, onsite engineer and project manager to go over them in detail to ensure they meet with everyone’s approval. Once reviewed and approved, the tools and documents used to create the final proposal are then appended to the ticket in the PSA or sales CRM solution, now ready for the sales professional to leverage during the presentation phase of the sales process.

Note on Minimum Qualifying Infrastructure Standards

The IT Security Services provider may establish a required minimum operating state for a network environment to meet; in order to qualify for delivery of their services under a Service Level Agreement, or SLA, especially if they will be delivering ongoing Managed IT or Managed IT Security Services against an SLA. Criteria to qualify for these services typically includes a maximum age of equipment, specific operating system versions and patch levels, application licensing status, wireless and wired security and encryption protocols, a backup and/or disaster recovery solution and more. A client’s environment is brought up to these minimum standards by the MSP or MSSP prior to Go-Live, and any associated costs to do so are typically billed for outside of the flat-fee managed services agreement. All of this is documented in the final proposal to the client.

The Managed IT Security Sales Professional

Using the final proposal and prospect’s value information from prior meetings and discussions as a guide, the sales professional updates their standard sales PowerPoint template to customize it for the prospect and remind them of the need and pain they will eliminate and the security and peace of mind they will enjoy with their new IT Security services. The sales professional uses the PowerPoint and proposal to present to the prospect, overcome any objections and close the sale by having the proposal, Master Services Agreement or MSA and SOW authorized. In addition, arrangements to collect payment for services and the cost of bringing the client’s environment up to a minimum standard of service are made.

A Master Services Agreement, or MSA, is the agreement that contains most of legal terms that define the structure of the business relationship between the client and the provider. It speeds up and simplifies future transactions by being authorized only once by the client at the start of a business relationship, thereby reducing the size and complexity of future agreements or SOWs, thereby accelerating sales velocity. The Proposal, MSA and SOW comprise the 3 documents the prospect will authorize in order to become a new client for IT security services.

The IT Security Project Manager

Once the sale is closed, and in order to on-board a new IT security services client, the project manager conducts a kick-off meeting with them and explains the 3 phases of the On-Boarding process:

  • Provisioning, where the client’s environment is brought up to a minimum standard of service and the provider’s agents and systems are deployed for monitoring, alerting, patching and optimization
  • Training, where the client’s and provider’s staff are trained to request and deliver services upon Go-Live
  • Go-Live, where the provider’s services are held accountable against the SLA the client selected.

The provider’s On-Boarding process for a new client is comprehensive, to ensure the efficient, timely delivery of services against SLA upon Go-Live.

Up until service Go-Live, the provider typically provides service on a best-effort basis to the client and their users. Once service Go-Live is confirmed, the provider’s technical team are held accountable to the SLA the client selected.


I hope I’ve successfully impressed upon you the reality that the overall process for selling and On-Boarding clients for IT security services is no different than for any other service you sell and deliver to your clients.  Register for Webinar #1:

Next time on Building a Profitable Security Services Offering: Part 2: Security Services Features and Benefits.

Read More HERE