10 Tips For Solution Providers Looking To Start A Cybersecurity Practice

Tips And Tricks

Security is one of the hottest areas for potential growth in the technology market right now, as high-profile breaches and threats are continuing to keep everyone on alert for the dangers lurking in cyberspace. Many solution providers are looking to jump in to capitalize on that growing opportunity. But the market is broad and it's often difficult to know where to start. As part of our annual Cybersecurity Week, CRN pulled together some top tips from security experts who gave some advice on where solution providers can start to look if they want to add a security practice to their businesses. Take a look at what they had to say.

10. Get Up To Speed

First and foremost, solution providers looking to get into security should get up to speed with the market, said Stephen Thomas, vice president of Americas channel sales at Mountain View, Calif.-based Symantec. That includes areas such as recent events, product trends and the vendor landscape. Knowing the landscape is a key part in becoming a trusted adviser for clients, Thomas said.

"Security has become an attractive growth market for partners," Thomas said. "For those looking to expand into a security practice, the first step is to take the time to learn about the threat landscape and real-world solutions, and determine where you'd like to specialize. The good news is that there are numerous resources and trainings available online to become more knowledgeable in the field."

9. Know Your Market

In order to decide what vendors to partner with and whom to hire, Chief Technology Officer Hugh Thompson of Blue Coat, Sunnyvale, Calif., said a solution provider should take a hard look at the target market and its needs. Finding that "sweet spot" includes evaluating vertical areas, company size, security maturity and more. From there, Thompson said, a partner can more realistically evaluate what types of solutions to bring to market and what types of services to offer.

8. Choose Your Vendors Carefully

There are hundreds of security vendors in the market -- more than 500 exhibited at this year's RSA Conference alone -- and it's a big decision for solution providers to decide where to place their bets. Blue Coat's Thompson suggested starting with a large, established vendor that can provide a wide array of solutions, and then adding startup technologies where it makes sense.

7. Take Advantage Of Vendor Offerings

Partners often aren't alone in the transition toward offering security solutions and services. Many vendor partners offer solutions to help partners make the move into the security market. Symantec's Thomas suggested that partners make sure they are taking advantage of all of the opportunities available to them through a vendor's partner program, as they don't want to leave money or assistance on the table.

"It's really important for partners and vendors to establish strong relationships. We take partner input very seriously and often incorporate it into our own programs," Thomas said.

6. Address The Board Of Directors

Security is increasingly becoming a board-level discussion, as executives realize the importance of security to the company's finances and reputation. Going forward, Lee Weiner, senior vice president of products and engineering at Boston-based Rapid7, said board members will be looking to move beyond contextual understanding and become educated on the technology and generally "smarter about security." That's an opportunity for solution providers to help provide that education if they are able to have those types of board-level conversations.

5. Invest In Cloud

Sebastian Rovira, senior director of business development and alliances at Santa Clara, Calif.-based Palerra, recommended that solution providers start early in investing in cloud-specific technologies and expertise. While those looking to become managed security service providers (MSSPs) often invest in the security side, Rovira said, the cloud is one very important area that often lags behind. He said MSSPs need to make sure they are up to date with the ins and outs of cloud provider nuances, including configurations, visibility controls and other security-related methods that might vary among providers.

"The value to the customer manifests in the ability of the MSSP to ensure these various cloud service provider improvements are being leveraged appropriately by the processes and tools they are managing for the protection of the enterprise," Rovira said.

4. Value Of Professional Services

Clients will not only need help with the technology, but also with determining policies, addressing compliance and helping work out their security strategies. Blue Coat's Thompson said there is a lot of money to be made for solution providers who are able to provide those types of professional services to their clients.

"That is a much, much needed service out in the community," Thompson said.

3. Don't Be A Generalist

You can't be everything to everyone in security, experts agreed. They suggested partners start with a few areas that are applicable to their client base that they could become experts in, and then expand slowly from there as it makes sense. That is a line of thinking that was reiterated at the Security University session at the XChange 2015 conference earlier this year in Washington, D.C.: Security, in particular, requires a specialist approach, as the stakes are high, because of the business-critical nature of the technology, according to Kevin McDonald, executive vice president and chief information security officer at Alvaka Networks, Irvine, Calif., and president and CISO at Noloki Cyber Defense, also based in Irvine.

2. Invest In Automation

Blue Coat's Thompson said another area solution providers can provide value around security is in building automation. Clients are inundated with security alerts, but need an expert or technology to help them sift through the noise.

"All of the companies that we talk to these days are looking for more automation in identifying the most important threats and attacks. They don't just want to buy a point product that comes in and lights up like a Christmas tree inside of the environment and tells them here are the 99 problems today, but you only have the power to look at two of them," Thompson said. "Automation is another very interesting way to get into this space."

1. Don't Miss Out

What's the biggest thing that solution providers need to know about getting into security? Don't miss out, said Blue Coat's Thompson.

"The [total addressable market] of security is not only very large, but also growing very quickly. It's growing faster than any other TAM that I know of inside the technology space," Thompson said. "It's such an exciting time to be in security." Total worldwide information security spending is expected to hit $75.4 billion by the end of the year, according to market research firm Gartner.

Thompson said many partners today are starting to offer security products, but he said the real opportunity that partners don't want to miss is to bring together products into solution sets that solve real client problems in a more mature, turnkey way.

"I think there's a huge opportunity out there for that," Thompson said.