ThreatCaptain Teaches C-Suite About Cybersecurity So MSPs Don’t Have To

‘Leadership is looking at cybersecurity as a cost center, and they don't really understand it as a business risk. And security and IT teams don’t really know how to talk executive language,’ says Brad Powell, co-founder and captain of revenue of ThreatCaptain.

As MSPs struggle to stress the importance of cybersecurity to leadership teams, a customized learning training program can be just the key.

ThreatCaptain claims it can help MSPs offer more comprehensive services and training to their end clients to help bridge the knowledge gap and improve overall security posture and protect against cybersecurity threats, the company says.

When 39-year-old Brad Powell, and co-founder Adam Anderson, started cybersecurity awareness training company Hook Security in August 2018, they ran into another challenge.

“We do about 98 percent of a company's security training,” Powell, co-founder and “captain of revenue” at ThreatCaptain, told CRN. “The two percent that we began to see that needed a little bit of a different approach of training and development was the C-suite, even their board, and then security and IT admins.”

Through that need, ThreatCaptain was born.

“We are a cybersecurity leadership development company and we are going to market working with MSPs that offer this as a professional service,” he said. “Leadership is looking at cybersecurity as a cost center, and they don't really understand it as a business risk. And security and IT teams don’t really know how to talk executive language.”

Through a six-week remote or on-site engagement program, Greenville, South Carolina-based ThreatCaptain looks at a business’ policies and procedures as well as the business continuity plan. It then comes up with a scorecard for them on where the business can improve and even runs through a breach scenario.

At the end of a scenario, the ThreatCaptain team shows the business the gaps that they have but then says, “Here's a service that your MSP offers that you need to implement immediately.”

This week, ThreatCaptain unveiled its RedPill Partner Program to empower MSPs and MSSPs to strengthen their security services and effectively communicate the importance of cybersecurity as a business risk to their clients' C-Suite executives. The RedPill proprietary tool gives the organization a cost analysis of what their costs would be if they were breached.

“It’s really hard because we’re working with the culture of an organization, and a lot of leadership has egos,” he said. “Then you have security teams that are very introverted in some ways and are scared to talk about budgets. When we're dealing with leadership we’re saying, ‘Here's a new thing about cybersecurity as a business risk.’ For the security team we’re saying, ‘Here’s how you need to be talking about it to your team to get the budgets to get the things that you need.’”

Brian Daughhetree, founder and president of Greenville, South Carolina-based MSP ANC Group Inc, recently held a ThreatCaptain roundtable at one of his clients and said the diversity in perspectives became invaluable during the exercise.

“It was particularly enlightening to observe how different roles within our organization perceive cybersecurity differently,” he told CRN. “Our technical team sees it as a meticulous and evolving discipline, constantly adapting to emerging threats. Non-technical team members, on the other hand, view cybersecurity as a crucial safeguard ensuring the integrity and confidentiality of sensitive information.”

CRN spoke further with Powell about ThreatCaptain and how its service is moving the cybersecurity needle forward for all.

When I talk to MSPs, one of their biggest struggles is educating their end users on cybersecurity. So basically you're just taking this off their shoulders.

Yes, we are. This is something that insurance is beginning to really batten down the hatches on. Have they gone through their policies and your procedures every year? This checks that box. We go through their policies, their procedures…what do you have, what do you not have and help the MSP tell their customer, ‘If you're breached tomorrow, this is going to cover you.’ With our tool, we can show costs going down if they have everything in place. If we get everything implemented, we'll go from $4.5 million to $45,000, that's what it could cost the company if they’re breached.

What is the biggest misconception executives have about cybersecurity?

It's a cost center. It's a risk that they cannot justify as a business expense. I think 2024 and beyond is the year that leadership needs to level up. Security teams need to level up when it comes to talking about this and having a business acumen. All these regulations and cyber insurance…the hatches are coming down. As a security person, you have to really start thinking, ‘How do I construe and convey this to leadership?’

Talk to me about the RedPill Partner Program.

For an annual fee we provide a free roundtable for your first customer of your choice. We also offer a roundtable for the MSP and give them a certification of completion, which helps them to realize where they might need some upskill. It also includes the cost analysis breach report that every customer in the program will receive. We offer sales and marketing support as well and we pay the MSP a 30 percent commission on every roundtable they sign up.

What does the rest of 2024 look like for ThreatCaptain?

The rest of the year we’re focusing on building out our cost analysis tool, which is fully functional but we just want to make some improvements to it. The rest of this year is really focused on proving this out with MSPs that this is a viable service that a lot of them already offer. It’s using this as a way to help MSPs really start becoming a trusted adviser in cybersecurity with their customers through these roundtables. In 2025 and 2026 the product does involve some AI, some policy building and business continuity plans.

What do you think is lacking in the education part of cybersecurity?

There's so many competitors and everyone's kind of doing education a little bit different when it comes to cybersecurity. One thing about cybersecurity is it's boring to most people, and it's over most people's heads. [We try to make] cybersecurity memorable and fun and engaging. One of the things that we're incorporating throughout ThreatCaptain is to make it, I don't want to use the word gamify, but really making it a fun journey.

As a millennial, how do you operate your businesses differently than older generations?

From being a part of some of the older generation organizations, culture is just a huge deal. For me, it’s really having purpose every day. I wake up and have a true mission for what we're building. I wake up with the same mission and goals as these other great people that know way more than I do. I want to be surrounded by them. So for me, it starts with culture and people that I love working with but that grow together.

How do you think your go-to-market strategy is different than those of other generations?

We have a short attention span. Once I'm set and ready to go, I'm not scared to fumble around on it, show vulnerability and to think that maybe I am naive to think that I can go do this. But you’ve got to start somewhere. Learning on the go has made things grow. There's no time to shoot around on this, let's just go do it.

Why should MSPs partner with ThreatCaptain?

MSPs should consider partnering with ThreatCaptain if they are looking to a be a trusted advisor in cybersecurity, if they want to understand how to align their customers together– their leadership team and security teams and if they want to be able to add in a new service that's unique that's going to set them apart.