Insights and hopefully some humor from the front lines two years out of Stealth

It is hard to believe, but it's been two years since we exited stealth! And though our goal remains consistent: to help organizations achieve amazing security in an easy, cost-effective, and efficient model, what we see in the market from customers continues to evolve. So, I thought I would take a moment to jot down some thoughts on what we’re seeing in the market, lessons learned, what we’ve been up to over the past 12 months, and where things are heading. So, let’s get into it!

Good Lord, it's noisy out there.

Thousands of technology vendors, hundreds of MSPs, and MSSPs. The impact on customers and their desire to engage and understand is lower now than in years past. It's just so overwhelming. Lesson learned? Well, for us, we really try to respect a customer's time. Understand their needs quickly, get to our key value fast, and respect their time with how we engage.

A pox on all your houses!

I think because of the above noise, SMEs continue to be overwhelmed and underserved. It's a real problem. Anyone in the security industry knows that AV and a firewall won't protect an organization, but SMEs often think that is sufficient. 'Good enough' is not good enough, but we aren't doing a ‘good enough’ job of educating customers effectively. Due to this overwhelming lack of understanding, many SMEs don't want to engage with anyone. For us, I'm not sure we've solved this, but we are trying to use clearer and simple use cases of how security works holistically and why gaps matter. There is more work to be done here collectively.

Booooorrringggg….

Do you want to see someone's eyes glaze over? Bring up the topic: 'concept of security operations' and why it is important. Immediate buzzkill. The problem is that a massive number of breaches happen because companies don't have an operationalized security program. They haven't defined what that means, let alone can execute it daily.

Ironically, our largest customers and prospects get this, and we continue to see traction with them as they recognize that running a security program that is properly integrated is difficult, and that it is better to use a partner that can. How are we helping to solve this problem? Mainly with humor and acknowledging to the customer that we must discuss it, even if it's as boring as can be.

A cybersecurity program and cybersecurity insurance...not peas and carrots.

We spent a lot of time working with underwriters to reward our customers with affordable insurance coverage. Rich policies at a price point about 40% less than what customers are usually paying. We call it 'connecting your cybersecurity program to your insurance'... and drum roll... no one cares. OK, maybe a bit harsh. But we just don't see customers making an integrated decision on their security and insurance. And it appears it's because the models and buying cycles don't align.

For example, the CFO generally runs the insurance purchasing process but RARELY wants to get involved in the cybersecurity program decisions. That's left to the IT/Security staff. They want to do right by the company, of course, but the insurance costs and impacts are far removed from them (they rarely know the cost) and only impact them when they are run through the gauntlet for renewal. From our side, we are trying to get the C-level involved earlier and help with education. And so far, mixed results. I recently presented to one of our customers' Board of Directors, and they loved that the security program is properly integrated, connected with their cyber insurance, and allows for massive savings. If you get high enough, people get it.

Do we need more...FUD?

Fear, uncertainty, and doubt selling are out of vogue. With good reason, customers are tired of it. But there is another problem I've seen a lot more of in the past year. Customers who are very cavalier about being breached. It's shocking sometimes to hear customers say, 'Well, we seem pretty good, if it happens, it happens.' That's like saying, “I love getting my car towed. Super fun and an awesome and amazing way to spend hours of my evening and spend hard-earned cash.”

We recently detected and stopped an insider threat. The customer was beside themselves happy. The IP being siphoned off would have been a major problem. So, while we are not pivoting to full-on FUD mode, we are going to start collating these war stories and sharing them more broadly. Because it seems customers don't understand how amazingly unpleasant going through a breach is.

Phone a friend.

Partnering, ahh… the joy, and heartache. For us, we continue to have amazing partners, and our partnerships continue to grow. What's working: Partners that are close to their customers and who know that a random set of tools and 'Bob' manually reviewing security logs once a month isn't a security program. We have partners in the consulting space Surefire Cyber Inc. , insurance space Converge Insurance , and with MSPs that love our model, and the partnerships are great because we are so complimentary. But please, for the love of Yahweh, quit calling yourself an MSSP if you have a FortaSIEM and two dudes in Lubbock watching out for 'bad guys.' The customers and the industry will thank you.

So, what about us!?

Well, if you will indulge me for a few more minutes, I would like to list out a few answers to the most common question we get... what's different about SolCyber? Let me be the first to say, the world didn't need yet another MSSP. And though we get put in that bucket and offer services of that type, what we are doing is very different. We are a security program subscription. Complete with the tools, processes, and people to deliver a fully managed program. This flows from the commitment to bridging the gap between "good enough" security and a program that evolves and adapts to the ever-changing threat landscape. Here's how we differentiate ourselves from other managed security providers:

·?????? We eliminate countless hours spent on operationalizing a comprehensive security solution, such as managing vendors and legal contracts.

·?????? Our consolidated "Foundational Coverage" service passes on savings through a per-user subscription model.

·?????? We take on all the heavy lifting to help customers level up their security in just days, without the need for deep security expertise or paying for extensive security consulting.

·?????? We collaborate with best-of-breed technology vendors to ensure our Foundational Coverage addresses the entire kill-chain and seamlessly integrates all components.

·?????? We understand that building a security program is a complex undertaking, so we offer flexible solutions tailored to each organization's growth and maturity stage.

·?????? Our partnerships with Converge (Cyber Insurance Broking) and Surefire (Cyber Incident Response) further strengthen our ability to help organizations manage their risk effectively.

And lastly, I'm going to steal a quote from a customer.

“Before SolCyber, my tools and MSSP made me busier and less confident. The noise, alerts, inconsistencies, and my people having to try and be the putty holding everything together were untenable. SolCyber solves that.”