Imagine you are working with a prospect and were able to move along your relationship with them enough to get them to bite. They want your network assessment!
Every time I (or my sales team in later years) received a request for a network assessment, the entire team got excited. Back when I had to convince someone of our value by demonstrating it in a network assessment, I knew that I only had so much rope to work with.
Nearly a quarter of the time, even after convincing some potential clients that we should follow the process and get a network assessment completed, they’d hesitate, delay, or completely reject the idea.
They did NOT want someone they did not yet trust walking onsite and working on their servers and computers. If you were in their shoes, would you?
So nearly a quarter of qualified leads ended up walking out the door simply because the network assessment process:
- Asking for admin credentials
- Reconfiguring parts of the cyber stack to allow our assessment tool to run
- Installing an agent on the network
was too big of an ask. In talking with some of our clients, the tools they were using completely shut down the network of a huge opportunity, killing a years-long relationship.
Over time, after working in hospital ransomware recovery for several years, I realized that our MSP assessment process was broken. It was broken to the point where the assessment alone could make or break the sale!
In re-engineering the process, we used to recover IT teams in hospitals, I developed a new process and assessment tool that is capable of avoiding those three big hairy problems above.
I even got back into contact with those prospects that earlier were completely untrusting of the network assessment sales process and was able to clearly explain why they should be interested in a penetration test. They understood what a pen test was (at least at a very high level), they knew risks around phishing and ransomware (something we can educate on by pointing to a plethora of news articles, even articles containing your target’s industry). All we had to do was connect the dots of making them aware that they were at risk—and didn’t even know where or how they were making it easy for attackers
Back to the old way of the network assessment…
I’d schedule one of my technicians to go on site and get as much information as I could. I could recall one instance where the tech told the office manager at a prospect site that he sure wouldn’t want to run the assessment tool on one of our actual clients! This technician said this AFTER we had practiced what to say in front of a client. After this experience, I was forced to have a salesperson AND a technician onsite for assessments (costing the company even more money per lead).
I then would spend hours working with the tech to get the report just right. All in, the assessment process alone cost me an investment of nearly an hour of my time reviewing hundreds of pages of reporting.
AND after all of that work compiling a detailed report with all of those findings, you’re stuck with some pretty lousy meetings…
Does this sound familiar?
Scenario 1: The decisionmakers delegate the meeting to someone else in the company. You go onsite, waste time prepping to find out that you’ll be reviewing all of these issues with someone with no authority! The decisionmaker doesn’t really care about what you’re selling—IT really isn’t something they’re even interested in! The assessment did NOT get them to realize how important their information is.
Scenario 2: You spend an hour deep-diving into several of the critical technical issues on their network. The owner or decisionmaker says they’ll think about it. They ask for your report and you hand it over. Their technical team later says they’ve fixed the issues. The failed to understand the urgency of the issues and your value as a security-centric MSP. They end up sticking to the solution they already have. We’d experience this nearly 20% of assessments. Most of the time I couldn’t believe the extent to which prospects did not want to act! Even when they had gaping holes—even when their backups weren’t working. Network assessments are extremely hard to communicate and boil down to terms that most C-level people understand.
They’ve been designed to make it easy for someone at least semi-technical to throw up all over the table with a lot of technical detail that most human beings could care less about (it took me years to realize this. I had thought detail underscored our proficiency).
Scenario 3: A good proportion of our other sales already new who we were and were vetted by clients or people in the community on the quality work we perform. The network assessment was only needed to demonstrate to them that we weren’t completely crazy. A lot of time and effort into another report that eventually ended up in a shredder somewhere.
What if there was an easier way?
For nearly 10 years of running network assessments, I had searched for a better way. A better way to communicate urgency. A better way to demonstrate vulnerability. An entirely better way for my MSP to focus on supporting and onboarding clients opposed to wasting precious time during our peak ticket hours running assessments.
Instead of wasting your tech’s time on running assessments, an admin, marketing manager, or salesperson were to completely generate a report that would sell your services without much work?
What if you were able to convince your prospects to simulate what would happen after a phishing event? How could they test whether their alarms and alerts were working? That their IT team was not asleep at the wheel? What if you could collect MORE relevant data than you had running an agent across the entire network? And what if none of this required you getting administrator credentials?
When I was devising the perfect way to assess the security of a network, these were all hot topic items for me and all points I would not negotiate on. What I realized is that selling with penetration testing is the new MSP 2.0. We can evaluate networks without incumbent IT departments knowing.
What I found is that the new MSP 2.0 sales process is the way successful MSPs are selling in 2021 and beyond. If you are interested in seeing how this works, sign up for a free cyber stack evaluation here. If you’re not quite ready, here’s a way you can evaluate your sales process to see how it stacks up.