Powell previously was chief revenue officer at Corsica Technologies, a combination MSP and MSSP. Earlier, he held key roles at LogicMoniker, TekLinks and Claris Networks. A true MSP industry veteran, Powell has helped to drive many of the market’s various sales, revenue and business models for more than a decade.
Now, Powell has surfaced at Perch Security — which offers MDR and SOC services to MSPs. In an email interview with MSSP Alert, Powell described why he joined the company, and shared some of his key priorities in the new role.
MSSP Alert: What attracted you to Perch?
Powell: As you know, I joined Corsica Technologies 18 months ago and was having a great time over there. They have a great approach and their business model is really strong. What I realized over time is that I missed engaging the overall MSP community and doing what I can to help them improve. When I was at LogicMonitor (prior to Corsica), I had the chance to talk to a couple of hundred MSPs. I could leverage my experience from working at top MSPs to help them see the path forward for their MSP. That was really rewarding as so many MSPs are looking to improve and find the best path forward. When Perch reached out to me, I thought it seemed like a great opportunity to leverage my experience again helping MSPs. Perch has a great solution for MSPs that they can take advantage of without a lot of investment of people and time. And since so many MSPs are now trying to figure out the best path forward with security, I thought my experience and Perch’s platform could pair nicely to show MSPs a way forward with advanced security offerings.
MSSP Alert: Lots of cyber companies are now promoting managed threat detection and response services. What makes Perch unique as MSPs evaluate the landscape for partners?
Powell: You’ve seen a certain story play out over time in the MSP space where there is a market need and the option is an overpriced, over-engineered enterprise tool that isn’t really a good fit for the MSP space and has a licensing model that is in no way aligned to the MSP business model. That is true in the SIEM/SOC space. The only real options, which are non-starters for most MSPs, was to use a SIEM that was designed for enterprises and build out your own SOC. Some MSPs, like Corsica, where I just was, have the significant resources required to take that approach. A vast majority do not have those resources. Perch can fill that gap for those that want those capabilities without that expense. Perch provides an enterprise quality SIEM, but with a pricing model that is built for MSPs, and backs up that technology with a SOC. That way, the MSP can focus on their service delivery and Perch handles the heavy lifting for them. Also, because Perch is so focused on the MSP space, they have integrations to all the other MSP tools customers may have in their stack.
MSSP Alert: Where will you personally focus your time and efforts the first 90 days on the job at Perch?
Powell: I’ve been in this MSP space a long time working for some of the top MSPs over the years. I think with security, MSPs are asking themselves three questions-
How do I begin to add more MSSP services to my service options?
How does my sales team talk to clients about security when the first question the client asks is “aren’t you already doing that for me?”
Where does Perch fit into the cybersecurity software stack?
In my first 90 days, I want to equip our sales team to answer these three questions. MSPs are not at a loss of good ideas, every conference is full of them, they are short on easily actionable ideas. We don’t need to sell software, instead we need to help the MSP understand how to utilize Perch in their service delivery.
I plan on focusing on improving our MSP messaging and will also start to layer in reasonable and effective structure that will allow us to continue to scale our sales efforts as we grow.
MSSP Alert: As we push into Q4 and then 2021, how do you see your focus or priorities evolving at Perch?
Powell: Security, as you know, is ever evolving. Our sales and marketing must be rooted in education. If our clients don’t understand the security landscape and have a clear path forward, it makes it difficult for them to see where Perch fits into their mix. So, I want our team to be experts in equipping MSPs to not only become competent at MSSP, but to equip them to educate their own customers so they will act. From an overall business standpoint, Perch is in a great spot and is still in hyper-growth mode. We need to create systems and processes that allow us to enjoy repeatable and predictable results without stifling innovation. The good news is that Perch is a similar stage of growth as they were at LogicMonitor when I joined 4 years ago. They too had meteoric growth, so I have a strong understanding of what it takes organizationally to support and enable that type of growth.
MSSP Alert: As someone who has worked in and around the MSP space for more than two decades, do you think MSPs are finally starting to get a handle on risk mitigation strategies for their own businesses?
Powell: Wow. You know, I would REALLY like to answer yes to this. But, I can’t. Look, running an MSP is very, very hard. You are dealing with vendors, clients, support issues, new technologies, workflows that don’t scale…all these things. Finding the time to turn your attention to your internal systems and processes and ensure they are where they need to be is really hard. There isn’t a great standard to align to, so everyone thinks about it a little differently. I know some MSPs are using CMMC Level 3 as a standard and auditing their processes against that. But that is very time consuming and expensive. When you have scarce internal resources that have security expertise, it is hard to turn them internally (non-billable) when they are in demand with clients in revenue generating activities. So, as much as I would like to say they have finally figured this out, I can’t say they are addressing it like they should. They have a heightened awareness of the risk at their clients and are taking steps there, but I don’t have a good sense they are turning their attention inward to the degree necessary.
MSSP Alert: Let’s assume I run an MSP that already has some solid foundational services – say, RMM, data protection, endpoint security and patch management. What steps should I be taking to figure out my next potential steps in the security sector?
Powell: I read a few years ago about the “startup stack”. That’s the stack of software that most startup companies use. That’s been a helpful framework for me to think about security. Cybersecurity still has a lot of different tools that address certain aspects and risks. Instead of a Swiss Army Knife, there are a lot of purpose-built tools. The tools needed really depend on the client and their risk profile, compliance concerns, etc. It is up to the MSP to determine the right combination of tools in the “stack” needed for each client scenario. So, I would say that MSPs need to make sure that they have good relationships with a player in each part of the stack. And then, and this may sound harsh, but they have to teach their salespeople how to sell it. Look, MSPs have traditionally been really good operationally and most them really struggle with their sales approach. And now, the degree of difficulty just got higher in that their sales team needs to be able to sell security!! The next steps, in my opinion, for MSPs in the security sector is for them to figure out their stack and to train their salespeople to have effective conversations about security with clients.
MSSP Alert: Time for the final word. Anything else you want to cover?
Powell: I’m just really excited about engaging with a bunch of different MSPs and assisting them in figuring out the right security “raw materials” they need to have to make the right “finished good” to deliver to their clients. This is a great industry and I’m really thankful for the opportunity to continue to get to do fun and creative things in this space!