A Vendor’s Experienced People are Key to a MSSP’s Success

Image suitable for illustration of a recruitment agency or talent acquisition. Abstract compass

This is the fourth and final article in a series that we have written for MSSP Alert under the banner: Tips for Assessing Your Vendor Opportunities as a MSSP.

Author: Michael O’Brien, regional VP – strategic routes to market, Fortinet.
Author: Michael O’Brien, regional VP – strategic routes to market, Fortinet.

In the first piece, we provided an overview with a concise list of the necessary “ingredients” for a MSSP’s recipe for success. Then we wrote more in-depth articles about the top two items on the list: the need for vendors to offer an integrate-able and integrated solution and provide a strong enablement program.

Now, we are going to take a deep dive into another key ingredient necessary for a successful MSSP-cybersecurity vendor partnership. That ingredient is “people.”

A cybersecurity vendor must have a roster of individuals with the appropriate experience and knowledge to help its MSSP partners reach their goals. In short, a vendor needs to have experts on their bench, skilled at helping MSSPs succeed. Before tying your organization’s success — and perhaps, survival — to a cybersecurity vendor, get complete and honest answers to the questions below.

How Well Does the Prospective Vendor Understand the MSSP Business?

The vendor you want to work with should surround you with people who really understand your business and have walked in your shoes. This includes access to sales engineers who understand your needs from an MSSP perspective. Sales engineers must know:

  • Your business objectives
  • The metrics you use
  • How you define success

Does the Vendor Follow Best Practices in Account Management?

This is where a good vendor’s offer development team comes into play. Working with vendors that use terms like “time-to-revenue,” “best practices,” and “offer lifecycle” will help you determine if they are just a product vendor or really the technology partner you want to do business with. These terms will provide visibility into whether the vendor views your interaction as the beginning of a relationship, or just an opportunity to sell you product.

When the vendor delivers a proposal, MSSPs should look for these terms:

  • Time-to-revenue
  • Best practices
  • Offer lifecycle

Is the Vendor an Account Manager or Trusted Business Advisor?

To be a trust business advisor, the vendor really needs to understand the market, and the direction that technology is going. The vendor must know what customers are looking for now — and in the future — ala Wayne Gretzky anticipating where is “the puck” going to be before the competition. And you will know that your vendor is in it for the long term when they help you use the partnership to wring out the most benefits possible.

A trusted advisor leverages organizations within an organization such as vertical markets; dedicated CISO organizations; vertical CISO individuals; research, vertically aligned information, documentations, etc. Clearly, you want to work with a business advisor as opposed to an account manager.

Everything a cybersecurity vendor offers a MSSP should layer up to them becoming your trusted advisor. Understanding of the market is perhaps the most important thing that a trusted advisor can do. They need to know not only the cybersecurity market but also the market(s) you and your organization are involved with.

Can the Vendor Help a MSSP Prepare for the Next Business Models to be an Early Mover in the Market?

The vendor provides a tremendous amount of value to a MSSP when their vendor understands the markets. MSSPs also need a vendor that will leverage everything they know to guide their partners into the business models that are going to put them in the right place at the right time in the market with the right opportunity.

Also, the vendor should make sure the financial underpinnings and offers that they develop — utility, utilization, and consumption models, etc. — are well suited to meet the MSSP’s objectives. For example, if the MSSP has a business model where they're trying to deliver an offer to the SMB market, it’s understandably there will be lower margins and most likely lower per site costs. A trusted business advisor/vendor should provide the MSSP with an SMB business delivery model that supports that lower revenue per site market.

The vendor should have an advocate for their partner within the vendor’s company. The advocacy for the MSSP could include everything from how to market the cybersecurity products to working with the vendor’s sales team to make sure that they understand the value that the partnership is bringing.

All too often from a sales perspective, vendors overlook the fact that sometimes the most difficult, complicated partners to work with are such because they are bringing the highest amount of value to the end user and its complicated business.

What Kind of People Does the Vendor Have on its Team?

Transferable skills and leverage-able experiences that the vendor’s team shares with its MSSP partners will build trust and provide the MSSP with valuable insights. Therefore, a vendor should have people on its team who were previously MSSPs themselves, so that when they walk through the door to meet a MSSP they will automatically have an understanding of what the MSSP is trying to do.

A vendor wants their account managers to be business advocates who leverage their own personal experiences and skills. The business advocate will understand what they're asking of the partner, and then act as a translator and bridge between his company (the vendor) and the MSSP.


MSSP that are pursuing both short-term and long-term success should consider all the tips we have offered in this and our previous three MSSP Alert articles.

Author Michael O’Brien is regional VP, strategic routes to market, at Fortinet. Read more Fortinet blogs hereRegularly contributed guest blogs are part of MSSP Alert’s sponsorship program.