How to Get Started Selling Managed Security Services

The cybersecurity market is expected to grow to over $230 billion by 2022 according to a report published by Markets and Markets. That means MSPs have a big opportunity to carve out their piece of the pie if they choose to do so. Several high profile security breaches have helped retain the topic at top priority for every size business. Many MSPs have taken their AV and malware services and rolled them into a broader security offering. However, some MSPs have remained on the sidelines wondering how to get started. If that is by choice because your service portfolio does not mesh well with security, that is fine. This article aims advice toward those MSPs who are considering adding security services and could benefit from a few tips to finally get started.

Find Your Niche

Do not try to be all thing to all people. That means you need to determine what you do well today and walk away from the rest. Do not jeopardize your credibility by adding a plethora of services just because security is a hot topic. Do you have expertise in one of the following?
  • Network security
  • Cloud services security
  •  Large-scale data center security
  •  Mobile device security
  • Data protection/encryption
Consider what services you already offer. Do you have experts in VPN, firewall, AV or end-user security education? If so, these are great places to start and then expand as a service to your clients. For example, you may already offer VPN or firewall services to a small business, but how can you ease their concerns as they move more applications to the cloud? The success of your pitch often hinges on your ability to ease their concerns. Offering cloud services might be enough to bring them on board. The key is to match your expertise with their need.

Solve a Problem

Sure, solving problems sounds rather obvious. However, a lot of smaller companies do not believe they have a security problem until it is too late. It is similar to selling earthquake or flood insurance; you need the policy before disaster strikes. Sharing stories or white papers about the recent ransomware attacks are fair game, but consider solving an existing problem many companies have today: compliance. Compliance mandates are hitting all sectors of business, not just financial and healthcare markets. You might start your sales pitch by offering to review compliance issues faced by the customer. Your security offering may be to take over all compliance services for the company. How much would a company be willing to pay knowing someone else is taking care of all compliance procedures as well as handling all documentation of those same policies? Compliance is merely one example of an issue many businesses are facing today. Other examples include BYOD and consumer privacy initiatives.

Take an Honest Approach

Do not fall into the trap of over-promising on security. Claiming to solve 100% of security threats is not realistic nor is it an honest approach to building a client relationship. No piece of hardware, software, or expert can effectively solve every security threat before it causes damage, but the best experts know how to appropriately react in a manner that calms the customer and works to mitigate the problem. You should not need to scare your clients into action. Providing a realistic evaluation of their situation should be enough to elicit action, even if they do not choose your solution. If the customer requires expertise outside your wheelhouse, consider partnering with someone who possesses the knowledge your customer needs. Nothing is more critical to your business than your reputation.

Learn to Adapt

Cyber-criminals stick to the same tactics until they stop working. You must take a similar approach to your security offerings. This means continuing your staff’s education in security matters, attending conferences with your peers, and keeping abreast of new hardware and software approaches to security. Keeping your staff’s skills current is paramount to your ability to adapt to your customer’s changing needs. As your client’s business grows, so do their security needs and risks, and they are counting on you to be the expert who guides them to safety.


Selling security as a service requires technology, process, and people. The opportunities are there for the MSPs who are prepared. Figure out what you do well, and then consider how your skills and expertise can be applied to security services in that area. Work with your client to assess their priorities, and determine if there is overlap with your skills. Sometimes it is a matter of just getting started, especially if you have already build a tight bond with the client.