How to Counter the Infinite Game of Cybersecurity
“You’ll never have the right army to fight the bad guys because you’re always going to need more with different skills.”
The truth is the truth, and like the quote above indicates, there’s a never-ending battle happening right now between MSPs and “the bad guys” who haunt us and our clients with cyber threats on a daily basis. The ominous statement came from Bob Coppedge, the CEO of Simplex-IT, a Hudson, OH-based MSP, during an episode of “Sunny’s Silver Linings” podcast. Bob shared some great thought leadership for all MSPs who must contend with “the bad guys”.
“It’s [cybersecurity] an infinite game; it’s not going to go away,” Bob said. “The cybersecurity approach for 2021 is different than the one in 2022, and the approach in 2023 will be different, and so on. The solutions for each year will be different and this must be communicated effectively internally and externally.”
The bad guys (or bad ladies, to be politically correct) are financially motivated to create new threats. It’s an industry, and they are entrepreneurs who are building their businesses – just like us. But we’re trying to safeguard networks, they are breaking laws. The war – and it is a war! ― will be won by talent, tools, and training. Our small- to medium-sized clients have even less of a chance to hire good cybersecurity talent because they cannot support in-house core competencies. Most have one or two IT employees who cannot dedicate themselves to just one critical task. However, MSPs with bigger budgets and additional resources can have talent dedicated to cybersecurity, adding an extra layer of support that will be invaluable to those clients.
Although we do have bigger budgets than a small business, we can never compete with the enormous budgets of tech competitors like Amazon, Microsoft, and Google, who must also recruit tech engineers to fight online predators. So they will always lure top-tier candidates from us.
Because of the infinite war we’re waging, Bob said to survive we must …
- Always be hiring
- Always be training
- Always be providing resources
Here are some points he offered on recruiting and retaining top-tier cybersecurity talent. Begin by asking the candidate the following questions:
- What is their interest?
- What is their desire?
- What is their vision of success?
The answers will help determine if the cybersecurity candidate would prefer to be at a big tech company. If so, Bob said, “wish them luck and let them go.” If the candidate is open to a role in a smaller MSP, then clearly differentiate for the candidate the scale of opportunities at a large company versus a small MSP.
Inform them that, at an MSP, they will have an opportunity to be a part of all of the whole game and work on all aspects of IT. Yes there will be a security focus, but in order to truly win the battle, you need to understand the entire playing field, and in a small MSP, that’s the benefit. You will have the ability to be a part of the bigger whole in support, truly understanding the battle ground better, and working with internal and external resources to expand your knowledge. If the candidate doesn’t want to be a “cog in the wheel”, then the MSP opportunity will be very appealing to them as they will get more ownership of their responsibilities.
Bob recommended fighting against the stereotypes of a small MSP:
- It’s a small company
- They won’t pay for training
- You’ll work yourself to death
- You won’t be appreciated
- No vertical growth
As an MSP, be sure that those stereotypes aren’t defining your organization. Bob recommended consulting your state government for SMB resources that might be able to reimburse you for such investments as training because, with new cyber threats emerging daily, your team members must have the certifications and skills necessary to stay armed and ready.
You can also look into Build IT’s Communities of Practice, where we invest in the growth of your team by providing them with an MBA in MSP skills.
Click here to listen to the entire podcast.
Tag:Cybersecurity