651 Overcoming MSP Security Sales Challenges with HighGround.io

(0:02 - 1:06)
The podcast you are about to hear is a vendor profile episode for PitchIT, an annual startup competition and accelerator program organized by IT Nation, a ConnectWise community. This year, 26 companies from 7 different countries have been selected to participate. Companies go through a 16-week business transformation course led by industry experts and ConnectWise leaders. 

After the 16 weeks, each company will be required to complete a virtual pitch. From that, judges will select three finalists to present their pitch live at IT Nation Connect in November. The first place winner receives $70,000, second place winner receives $30,000, third place a set of steak knives. 

This episode is presented by Thread, last year's PitchIT winner. Thread's mission is to help IT service providers deliver service magic. Visit them at ITBusinessPodcast.com slash Thread.

(1:15 - 5:18)
Hello, friends. Uncle Marv here with another episode of the IT Business Podcast, the show for IT professionals everywhere where we try to help you run your business better, smarter, and faster. And we are continuing with the vendor spotlight shows that we are doing with relation to IT Nation PitchIT. 

And when you heard the description earlier with me and Shawn Lardo, you know that it's a 16-week incubator course and most vendors understand that and have either watched it or seen it. But today, I have somebody new to the PitchIT scene, but they are not new to being an IT provider. Mark Lamb is the founder and CEO of HighGround.io, a cybersecurity platform designed to help us understand and reduce our cyber risks. 

Mark, welcome to the show. Thank you for having me. All right. 

So, I'll go ahead and ask the softball question. What is HighGround.io in its simplest form? Yeah. So, HighGround is a cybersecurity sales tool for MSPs. 

So, help them to help their customers understand what they're spending on technology, often how little of that goes on cybersecurity and where they need to invest and why. Okay. So, this sounds a little different than some of the others that we've heard about where they're usually giving us, you know, the ways that we can help our customers write out their checklist and stuff like that. 

In terms of the sales tool, what type of format or how do we use it? Is it something that ties into other tools? Is it a standalone? Yeah. So, typically you would integrate your PSA, so like connect, manage and others. And we would pull down the spend that the client has with us as the MSP and map that across all the main areas of technology spend that a business would have. 

For example, support, cybersecurity, backup, 365 connectivity, so on and so forth. And we display that in a really graphical way so that the customer can visualize that. Similarly, we allow the MSP then to map the customer's posture really quickly because you don't want to spend a lot of time on that. 

Do that quickly and get to that place of understanding, you know, as fast as possible. Right. So, from what I understand looking at your website briefly, some of the key features talk about helping organizations measure, manage and communicate their cybersecurity posture. 

So, it sounds like you're helping organizations get kind of like a cyber score to some degree. Does that sound right? Yeah. We have three primary metrics that we help them understand that with. 

We have the cyber score, which is like that universal metric of your security posture. We also have the resilience score, which is, you know, should the dreaded thing happen and you have a cyber-attack, how ready are you to be able to respond to that, recover from that and get back operational and not put you out of business. And then we also map it, we map both of those across the NIST cybersecurity framework. 

So, we've got a really nice visual on the NIST framework, the radar chart on the NIST cybersecurity framework. And that really helps customers understand the spread because KPIs are useful, but, you know, anything that's two-dimensional, like zero to 100, whilst it has a value, it doesn't really help explain the breadth of security because there's countless ways to get to a particular number. And so, we help, we actually map it around the framework to be able to say, you know, you're really good at protection, but you're not good at detection.

(5:19 - 6:09)
You're very good at identifying risks, but you're not very good at being able to recover from an incident. And that customers really find that helpful because it's just simple and that's what they needed to be if they're going to understand it. Sounds good. 

So, the dashboard is obviously nice. Now, this doesn't sound like it's a one-time assessment. You're not going in and just, you know, doing the sale. 

There's obviously the opportunity for some ongoing stuff after the fact. So, what do you guys do when that happens? You know, the sales made, how do you keep them? Yeah. So, I mean, High Ground is designed to be used with your existing clients, right? So, there's kind of paying homage to the fact that as MSPs, we work for clients over extended periods of time and cybersecurity will continually be an agenda item that we're going to discuss.

(6:09 - 8:34)
You know, business reviews or ad hoc conversations about, you know, we need this or some providers asked us to provide that. And also, of course, MSPs are not just providing cybersecurity, they're providing all manner of products and services. And so, it's a great big jumbled up mess, isn't it? Us as MSPs talking to customers about all the things they need. 

And so, that's why we don't just talk about security because we can't really just talk about security without talking about everything else. And I often joke about, you know, we go into a customer with a very clear agenda and mind ourselves as the MSP. And sometimes that is to try and get, you know, the security thing over the line and get the customer to buy it. 

And we come out with a list of 10 other things we didn't intend to go for in the first place if we didn't even talk about cybersecurity. And that's just the nature of the beast. Right. 

So, it doesn't make sense in the customer's mind. So, you turn up and talk to me about security and think that we can talk about, you know, Sally who's upset because her ticket didn't get answered in time and the bill that it didn't expect or the issues that we're maybe having with the provider. So, we try to make sure that we're having a holistic discussion and conversation while security is the central pillar to that. 

Right. Now, Mark, it sounds like you have come to this from years of experience. So, I need to ask in terms of your history and background, I know that you come out of the MSP world but tell us a little bit about that world and what led you to do High Ground.io. Yeah. 

So, we actually are an MSP in Scotland. But to give you an idea of our size and scale, this is our 15th year. So, we're not brand new. 

I was technical director from the beginning. In the last two, three years, I've actually transitioned into the CEO role. An idea of our size, two and a half thousand seats, approximately three and a half million US in revenue. 

And we started dealing with this problem because we were, you know, back in 2015, 2016, there was a real stint of customers getting hit with ransomware. And it's hard to think back that far now. But, you know, that was a real issue.

(8:34 - 8:58)
At that time, we were thinking we really need to up our game and improve. And we built our stack probably ahead of most MSPs building their security stack. And it just, it was really underwhelming. 

Nobody wanted to buy it. And we think, what is the problem here? Because as MSPs, when we speak to customers, they often take your advice. I'm not saying they do everything you tell them to do, but they often take your advice when security was different.

(8:58 - 9:06)
And so that's where we really drilled into that. Why is that a problem? It's a lack of understanding and the complexity. And that's really what drove us to create it.

(9:07 - 9:15)
But yeah, I still live it every day. Still have the same conversations that MSPs are having. I still go to QBRs with clients and still deal with the frustrations.

(9:15 - 9:31)
I'm not saying we're perfect by any manner, but yeah, I'm very much living the reality. Right. So there had to be other vendors, other tools that you saw that were trying to do what you guys wanted.

(9:31 - 9:48)
So obviously there was something that made what you're doing unique. What is the secret sauce, I guess, to ask? I think it's that point that we are an MSP. We're a live, active MSP.

(9:49 - 10:02)
Experiencing this problem and nobody is really addressing the problem. Nobody's really addressing the sales problem, but there's more and more product coming onto the market all the time. And there's more and more competition in any given sector.

(10:03 - 10:41)
And yet, despite however much money is spent by large vendors on helping MSPs with sales enablement, it's really just not having the desired outcome that we're looking for. I think if someone fundamentally solves the sales problem, we're not going to make any major progress as an industry. And so why we come at it from a unique point of view, why we are not just buying another product off the shelf, is that there is no product that we've seen certainly that comes at it from the MSP's perspective, what it's like to sit at those meetings and experience that issue.

(10:41 - 11:10)
But with a focus on security, the closest thing to what we're doing, and a lot of people compare us to VCIO tools, and I can definitely see why people make that connection. But VCIO tools are obviously focused on overall strategy and making improvements overall, but they're not really drilling down into the security part of it. So we're taking that deeper and deeper and trying to help MSPs solve the challenges that come with that.

(11:11 - 11:50)
A lot of them are just really unsure of how to build a security stack, how to have the conversation, and how to take the customer on that journey. So yeah, a long answer to a short question. That's okay. 

I actually had another thought, and I obviously didn't prepare you for this, but my question is going to be, we are taught to come in with a set of tools or solutions and tell the customer, you need these. And the closest thing we had before was to do a risk assessment and say, well, you're falling short here. These tools will fit that bill and solve that problem for you.

(11:51 - 12:39)
Does HighGround.io help with that? I mean, are you providing us with a recommendation for tools? Do you have a tool set built into HighGround that will solve that? Exactly what's the next step? So we were kind of like, think of that as like 1.0, we were like 2.0. So it's revolutionary in the respect that for all the risk assessments I have ever done with clients, because we did that to a customer, I could spend a week just writing the report, and the customer opens and reads the front and back page, reads the two-page executive summary, and they're done because that's all they really want to know. Right. And no amount of red text and no amount of stern words really change that.

(12:39 - 13:07)
So that's a large part of where we come from with the product, is trying to get away from that, because it's also not good for the MSP. It's very time consuming, and it’s ultimately utterly demoralizing to put that amount of effort and the customer still doesn't get it. So yeah, I would say it's a revolution in that respect, that we've been there, we've done that, throw that out the window and start again, because it doesn't work.

(13:09 - 13:28)
Well, that definitely sounds like the frustrations that we've gone through. I know I've gone through it, spending all that time, and they just take a quick look and say yes or no based on things that we didn't even talk about. And so trying to address that should be great.

(13:29 - 13:55)
Mark, let me ask you one other question, technically not related to your program there, but as I understand it, you are not just new to PitchIT, you're kind of new altogether with High Ground.io, correct? Yeah, yeah. And we only just launched it just a few short weeks ago. So new to the vendor world, new to PitchIT, new to all of this.

(13:56 - 14:16)
So it sounds like you are going to have a fun summer getting ready for this. Now, are you going to be out on the road at any of the conferences, at IT Nations or anything like that? I won't be at IT Nations Secure. My business partner will be though, so I think this will be airing after PitchIT, so I'll be able to find him.

(14:16 - 14:29)
But yeah, we'll be there, we'll be there presenting. And yeah, I've been to the European events over the last few weeks and will continue to do so. And hopefully I'm going to be out there at IT Nation in November as well.

(14:29 - 14:34)
All right. Well, I will be looking for you. I will be there and trying to find all the PitchIT participants.

(14:34 - 14:57)
And I wish you luck on the road to Orlando, which is what we call the trip down PitchIT Lane to the IT Connect in November. But good luck. And folks, all the links will be in the show notes, both for Mark, if you want to contact him and to head over to highground.io and check them out.

(14:58 - 15:27)
Mark, before we go, any last words that you want to leave with an impression of highground.io? Yeah, I would just say that if you're looking to increase your security sales, if you want to have better security conversations with your customers, or you just want to benchmark what you're doing and get yourself a sense check, then check it out. You can sign up for a free trial at highground.io and reach out to me on LinkedIn or by email or any way you wish. I'd be happy to speak to you and show you the product.

(15:27 - 15:42)
Thank you for listening. All right. Thank you for coming on, Mark. 

We'll be seeing you soon. Ladies and gentlemen, thank you for checking out this episode and downloading this Vendor Spotlight. We'll be back with much more, and we'll see you out there on the road.

(15:42 - 15:47)
And until next time, Holla!