The Cybersecurity Sales Professional
In a mature Cybersecurity sales model, it is the sales professional’s responsibility to execute each of the 7 steps of the sales process: prospecting, warm-up, qualifying, presenting, overcoming objections, closing and follow-up. Once the sales professional has set the appointment and warmed up the prospect, they will qualify them for their security services offering using consultative sales techniques in order to identify active and latent needs and pain, and determine whether they can be addressed by the sales professional’s Cybersecurity offering; and if so, confirm that the prospect can allocate the budget needed to solve these issues.
During this meeting, the sales professional will document the prospect’s needs, as well as their infrastructure by using a tool such as a Network Information Form, which will help guide the sales professional in asking all of the basic questions needed to qualify the prospect’s infrastructure at a high level. This data will be used later to develop a solution, price it and ultimately develop a proposal for Cybersecurity services.
If the prospect is qualified, after the meeting the sales professional will update their PSA or sales CRM solution with the relevant meeting notes and documents and request a security and/or technology assessment be conducted by a technical resource in order to gather the balance of the information needed to accurately scope and price a solution for the prospect.
The Cybersecurity Onsite Engineer
The onsite engineer that is tasked to complete the follow-on security or technology assessment will use a variety of non-invasive tools to scan for any security vulnerabilities that may exist; including Personally Identifiable Information (PII) and signs of security breaches or compromises, and identify workstations, laptops and servers and their operating systems and patch levels, along with other network-attached devices such as routers, switches, firewalls, wireless access points, backup devices and more, as well as line of business applications and critical services. They will also typically conduct Dark Web Scans to ascertain whether or not any of the company's privileged information has been involved in a breach and is being made available on the Dark Web for Cyber Criminals to exploit. This important information is then appended to the information in the provider’s PSA or sales CRM solution and made ready for the sales engineer’s review.
The Cybersecurity Sales Engineer
After reviewing all of the data for the opportunity, the sales engineer will meet with the sales professional and onsite technician to ask clarifying questions in order to get a complete understanding of the sales professional’s intent and the prospect’s environment in order to scope and price the appropriate solution and options and develop a sales proposal. In executing their role, the sales engineer will also meet with the project manager to confirm scheduling availability for the On-Boarding project kickoff meeting and service deployment and remediation scheduling for the new prospect; should the opportunity close, and incorporates this information into the proposal.
The tools the sales engineer will typically use to price and configure the solution and develop the proposal include a pricing calculator, a Master Services Agreement (MSA) template, a Statement of Work (SOW) template and a sales proposal template. Once the proposal, MSA and SOW are ready, the sales engineer will again meet with the sales professional, onsite engineer and project manager to go over them in detail to ensure they meet with everyone’s approval. Once reviewed and approved, the tools and documents used to create the final proposal are then appended to the ticket in the PSA or sales CRM solution, now ready for the sales professional to leverage during the presentation phase of the sales process.
A Master Services Agreement, or MSA, is the agreement that contains most of legal terms that define the structure of the business relationship between the client and the provider. It speeds up and simplifies future transactions by being authorized only once by the client at the start of a business relationship, thereby reducing the size and complexity of future agreements or SOWs, and accelerating sales velocity. The Proposal, MSA and SOW comprise the 3 documents the prospect will authorize in order to become a new client for IT security services.
A Note on Minimum Qualifying Infrastructure Standards
The Cybersecurity Services provider may establish a required minimum operating state for a network environment to meet; in order to qualify for delivery of their services under a Service Level Agreement, or SLA, especially if they will be delivering ongoing Managed Cybersecurity Services against an SLA. Criteria to qualify for these services typically include a maximum age of equipment, specific operating system versions and patch levels, application licensing status, wireless and wired security and encryption protocols, a backup and/or disaster recovery solution and more. A client’s environment is brought up to these minimum standards by the provider prior to Go-Live, and any associated costs to do so are typically billed for outside of the flat-fee Managed Cybersecurity Services Agreement. All of this is documented in the final proposal to the client.
The Cybersecurity Sales Professional
Using the final proposal and prospect’s value information from prior meetings and discussions as a guide, the sales professional updates their standard PowerPoint sales template to customize it for the prospect and remind them of the need they will address and pain they will eliminate, and the security and peace of mind they will enjoy with their new Cybersecurity services. The sales professional uses the PowerPoint and sales proposal to present to the prospect, overcome any objections and close the sale by having the proposal, Master Services Agreement and SOW authorized. In addition, arrangements to collect payment for services and the cost of bringing the client’s environment up to a minimum standard of service are made.
The Cybersecurity Project Manager
Once the sale is closed, and in order to on-board a new Cybersecurity services client, the project manager conducts a kick-off meeting with them and explains the 3 phases of the On-Boarding process:
- Provisioning, where the client’s environment is brought up to a minimum standard of service and the provider’s agents and systems are deployed for monitoring, alerting, patching and optimization
- Training, where the client’s and provider’s staff are trained to request and deliver services upon Go-Live
- Go-Live, where the provider and their services are held accountable against the SLA the client selected
The provider’s On-Boarding process for a new client is comprehensive, to ensure the efficient, timely delivery of services against SLA upon Go-Live.
Up until service Go-Live, the provider typically provides service on a best-effort basis to the client and their users. Once service Go-Live is established, the provider’s technical team are held accountable to the SLA the client selected.
I've worked with dozens of IT Providers and MSPs in launching new, or improving existing Cybersecurity Practices. From putting together your offering, bundling, pricing, marketing and selling profitable Cybersecurity services, let's explore how I can help you take advantage of this tremendous opportunity too!