XChange SLED Panel: In-House Expertise, Consultative Approach Vital To Landing Security Deals

Solution providers looking to capture public sector security business must have staff members who have the expertise and patience to break down the threat landscape and regulatory environment for customers, according to XChange SLED panelists.

Channel partners will enjoy the most success selling security to C-suite leaders by staying away from specific products and instead taking customers through the actual process of defending their network, said George Pashardis, regional vice president of sales for ePlus Technology. Pashardis moderated a solution provider panel at the event in Atlanta, hosted by CRN parent The Channel Company.

"One of the challenges is explaining security to anybody," Paul Karch, founder and chairman of Deerfield Beach, Fla.-based Gardant Global, told more than 100 solution providers Wednesday. "You need to turn their world around and become their consultant, not their friend."

[Related: XChange SLED Speaker: Broadband, Lower-Need Districts Faring Better Under New Erate Rules]

id
unit-1659132512259
type
Sponsored post

Regardless of the money involved, Karch urged solution providers to engage in a consultative sales process, walking them through the long-term process and opening their eyes up to applicable regulations.

Specifically, partners must make CEO and chief information officers aware of the legal implications of a security breach, particularly as it relates to the violation of privacy rights, according to Carmine Taglialatela, principal and founder of Delaplane, Va.-based Oak Hill Farm Group.

"I don’t care who says they have it covered," Taglialatela said. "You don't have it covered."

Channel partners should also bring someone on staff with sufficient background and certifications to be seen as credible in the eyes of a chief information security officer, or CISO, Karch said.

"A CISO won't listen to a media guy," Karch said. "A CISO will listen to a guy who's like a CISO."

Solution providers should also be aware of the political bind CISOs find themselves in after a security breach when they can be desperately clinging to their jobs. Taglialatela said CISOs are often afraid that if outsiders come in, they will lose control over their own domain.

One step that would help reduce political pressure on CISOs, Karch said, would be to have them reporting directly to the governor or CEO rather than the CIO.

"A CISO should work outside the CIO's office, because who is going to call their boss on this thing knowing that they are going to get fired?" Karch said.

Finally, Karch pushed partners in attendance to aggressively recruit new cybersecurity personnel and do everything in their power to hold on to the security experts already on staff, as they are never lacking for new clients or billable hours. Taglialatela cautioned, though, that this is easier said than done.

"To bring people in, it's a war against the private industry because they're paying these people so much more money," Taglialatela said.

The educational process around ransomware and other security threats is vital when dealing with younger or less experienced leaders, who might not think an attack will happen to them, said Jim Perrier, president of New Orleans-based Universal Data Inc.

Older and more seasoned CISOs, though, are typically more aware of the threats and more fearful of what will happen in the event of a successful attack, according to Perrier.

"The CISO is worried about his job more than anything else," Perrier said.