You’re a Managed Service Provider (MSP) or account executive for an infosec technology organization. Everywhere you look there’s a hot new trend or strategy that tells you how you should marketing and sell cybersecurity solutions. This oversaturation of suggestions leads to confusion which makes your execution strategy a disaster.
We spoke with Chris Wiser, a former executive MSP and current marketing agency CEO, about his proven method for executing a synergized marketing and sales strategy for cybersecurity that will fill up your pipeline.
Marketing and Sales Analyst
Matt: Thanks for joining me today, Chris. I always like to start out interviews by introducing you to our audience.
Chris Wiser is the CEO of The Wiser Agency, a marketing and sales consulting agency whose mission is to “help entrepreneurs build their businesses through systems and processes for a profitable exit.”
His agency has a special focus on educating Information Technology and Cybersecurity Managed Service Providers create inbound leads through social media advertising.
Chris has extensive experience with MSPs as the former CEO of TechSquad IT, an MSP firm based out of the greater Milwaukee area. He was the CEO of that organization for 10 years prior to him selling the company in 2015.
Chris was also featured in a full-length documentary in 2013 that was produced and directed by Nick Nanton titled The IT Guy. The documentary shared Chris’ unique way of working with his clients and how he helps them solve their corporate issues. Well-regarded business owners who have worked with him in the past are quoted saying, “[His] way may not be the easiest way or the cheapest way, but it’s always the right way.”
Chris: Hey! What’s up Matt? How are you doing, sir?
Matt: I’m doing great! Let’s hop right into it. Chris, the quote I mentioned in your introduction is from someone you’ve worked with while in Milwaukee.
Can you elaborate on what he meant by that? What steps do you take when working with clients to ensure your way is right?
Chris: Sure. In my coaching agency, we’ve found that this is actually a pretty big problem among IT. Maybe it’s a human problem, I don’t know, but it’s definitely an “IT guy” problem. Often times MSP’s are afraid to give bad news to a prospect, deal with money adversity or other types of issues. When this happens, they’ll take the path of least resistance versus the right path.
So let’s role-play here a little bit. Let’s say you or I were going to the doctor. In that scenario, you don’t want the path of least resistance. You want the right path because you’re going to an expert to get their opinion. Sometimes it’s not the easiest, most fun, or the cheapest. But it’s the right way.
That’s what I try to do as an IT professional. I instill that mindset into my coaching clients today. The way that an expert drives you may not be the cheapest or easiest but it’s the proper path.
That path may also move over time, that’s a factor as well. We’re in mid-2019 right now but if we rewind a year, look at how much the cybersecurity landscape has changed. The right path is going to evolve which shows that you need to consistently meet with your clients, put important things in front of them and make strategic discussions.
Compare that versus leaving them on the agreement they were on before and never change it with a “set it and forget it” mentality.
The guy who said that quote in your question was a general manager at a large lumber firm which ended up being my largest client when I sold my company. They were very price averse in the beginning but slowly moved towards taking my recommendations because oftentimes I gave them the “why” behind my strategy.
Matt: That doctor analogy makes a lot of sense because you wouldn’t want to skip out on any treatment. Why would you do the same to a business?
Chris: A lot of times the recommendation I use to my coaching clients now is, “What’s the budget limitation on having a child with cancer?” They don’t get three cheapest quotes. There’s no budget for that, it’s whatever it takes to fix the problem.
That’s how you have to relay important information to your clients and it’s up to you to show them that path.
Matt: To some folks, the part of that quote that may stick out to them the most and maybe even make them a little apprehensive is that your way may not be the cheapest.
Obviously, this interview’s centered around how to sell cybersecurity. On your LinkedIn profile and website, you mention the importance of marketing, social media advertising, SEO, and content.
Each of those segments requires not only a large time investment but they may also require monetary investment as well.
To those folks who are apprehensive about investing in marketing for their cybersecurity organization, how do you convince them that all of their investments are worth it?
Chris: The biggest factor is that the company needs to be mentally invested to execute. There’s an old quote that states, “The fish rots from the head down.” Think about how relevant that is in business. A lot of times a company takes on the culture or mindset of the top executive or owner.
So it’s so important that number one, the head person believes that they’re building a sales organization. That’s a critical piece. I have multiple people that I work with right now where the CEO isn’t invested and they continue to struggle.
I understand the executives who say that they’re “tech”, I get it, I was “tech” I started as “engineer guy” originally. But I believe that you can solve any problem with cash flow. That saying is so important that it’s on the banner message of my Youtube channel. You have to believe and migrate yourself into a sales and lead generation centric leader.
Number two, from a monetary investment side I would recommend at least investing in lead generation and appointment booking systems.
As an example, at the beginning of my current organization, I was the lead generator and solo closer. As I put more lead generation systems up I started to max out my personal pipeline and could hand it off to another closer.
Learning lead generation strategies is one of the most important things and that’s where you should invest your money first. When you pair lead generation strategies with replicable systems and processes you easily drive leads to a closer.
Most MSPs make a mistake when they hire a salesperson and expect them to generate all of the leads and close them at the same time. That’s not easy to do. This isn’t like other businesses where leads are walking into the door. There has to be prospecting, nurturing and other pieces that go along with the sales process.
That’s a long way around that question but those are all important pieces.
Matt: Right, and of course I can certainly appreciate everything that’s involved with and required from a marketing standpoint as well, considering my role here at Etactics.
But there’s a lot of strategizing that goes into it, especially if you want it done correctly.
What’s your strategy for marketing cybersecurity? Does the strategy change based on the MSP you’re working with?
Chris:There's a couple of different factors to this.
One of the strategies that we started with initially was reaching out to existing clients.
Most MSPs that we work with have a pretty decently-sized existing client-base that they haven’t touched. So we focus on helping MSPs market and sell to them. We have a Quarterly Business Review (QBR) process that we give them. It’s complete with templates, documents along with a full stack of cybersecurity solutions.
Etactics happens to be one of those tools that we use and recommend, thanks by the way. We push them to go to their client-base first to reach some of that low-hanging fruit to get cashflow started right away.
We then start to evolve and educate them. If you think five to ten years back, the number one lead generation strategy that most business-to-business (B2B) firms used was direct mail. Well, that’s getting harder to do with response rates now below 1%.
Do we utilize a lot of social strategizing and cold communications via email, LinkedIn, and phone calls. As we get leads into the pipeline we nurture them with emails and social posts on both LinkedIn and Facebook. We also make sure that we constantly surround these leads with different content strategies so that they always see our brand.
Yes, folks, your clients are on Facebook. I know the majority think that their clients are not on Facebook. They’re there, you’re just not talking to them. I get 98% of my B2B clients on Facebook from my IT Professionals group. The other 2% are from trade shows. I spend very little money on trade shows because they're super expensive, but we sometimes target those directly.
There’s no better time to be an MSP. People are terrified of all the vulnerabilities but the bottom line is that they do two main things…
Weed out the crap. Kind of almost like a natural selection. We run into this almost every day now where an MSP gets breached and then their clients get attacked.
It makes MSP’s more relevant than we’ve ever been. Never have we had a scenario where we could walk into a 500 person firm and offer cybersecurity services that they can’t do internally. Think about that. They would have to hire a massive staff to be able to do that internally while we as MSPs and MSSPs can do all of that now.
There’s a lot of big opportunities out there but it all comes back to the phrase I started with a couple minutes ago, the execution factor.
Matt: Right, and I couldn’t help but notice that you mentioned social media in your response. As you and I both know, it continues to grow in popularity daily
In fact, a recent study by Smart Insights states that the number of social media users worldwide is up 9% from 2018.
Although that’s great from a potential standpoint, it also means that there’s an increase in the saturation of content that’s shared on each platform.
This, in turn, makes it harder for companies to get noticed organically by their target demographic.
From a content perspective, what are some cybersecurity marketing trends you’re seeing that MSPs can take advantage of right now to instantly increase their social media presence?
Chris: So there’s a couple of things that go with that. Most MSP’s aren’t doing social media unless they’re my clients. While there’s an increase in the saturation of overall content, almost nobody is doing it in the MSP landscape. This means you have the opportunity to educate your clients a lot. I would talk to and educate them 99% of the time. When they have a problem and know that you exist, they will come to you.
You need to educate them not on your products and services but rather on the pains that you solve. Give them a solution to their pain points. Don’t worry about the sales part because they’re going to get breached. That’s going to happen. We know without question that everybody that’s out there is going to get hit sooner rather than later. So you need to make sure that you’re in their top of mind.
Video is key.
You might be thinking, “Oh but Chris I’m not good on video.” You’ll get better over time. I’m decent on video now. Matt, you’re good on video. But we didn’t just wake up one day and be like, “oh we’re good on video.” It takes practice, time, and consistency. You can’t be terrified of it.
If you’re not pushing yourself to be uncomfortable in your business you’re never going to grow.
I use a lot of analogies when I talk. I used the doctor one a few minutes ago, so let’s think about a personal trainer one now.
Let’s say we haven’t worked out in a few months and we go to work out. What’s the next day like? It’s the most uncomfortable, miserable thing ever because you’re sore and can barely walk.
That’s how this has to be. You have to push yourself to an uncomfortable level where you don’t know what to do. When you push yourself to places you’ve never been it’ll be easier to get in front of people.
Video is really important, you should have a Youtube channel. Your channel should have a ton of “How-To” content on it. All of that information is out there.
As people watch your videos you should have Youtube Ads, Facebook Ads, and LinkedIn Ads. All of these different things surround potential prospects with your brand.
We teach how to do all of this in my coaching environment but think about how much of a differentiation that is from everybody else in the IT industry.
Matt: Exactly, we’ve all heard the saying, “If you don’t change anything nothing will change.”
After an MSP starts implementing your strategies on social media, how long does it take before they start to generate traction? What are your recommendations for tracking results?
Chris: Number one, the reason why we go after the QBR’s first and try to push cybersecurity on existing clients is that they’re low hanging fruit.
We have a client who’s been with us for 60 days as of now. He added $20,000 of recurring revenue within the first 40 of those days by using that process and pitching cybersecurity. We taught him what to do. He didn’t even touch cybersecurity 60 days ago and now he’s generating $20,000 in recurring on 36-month agreements.
Remember I said earlier, “Cash flow solves every problem.” Now he can hire multiple closers and different marketing avenues because of his new, immediate cash influx.
Traditional marketing takes a long time. It takes proper execution, consistency, and persistence. It could take anywhere between 30 and 180 days to see any traction. But if you’re consistent you’ll see results over time.
It’s like my gym analogy from earlier. If I work out one day it won’t make any difference. But if we challenged each other to work out every day and eat right, what are we going to look like after 6 months? We know the answer but how many people do it? That’s a whole different story.
That’s the same thing with marketing and MSPs, how many do what what they need to? Very few. So anywhere from one month to six months to see results. You’ll end up seeing some results right away but if you don’t master your strategy and delegate the execution you’re going to see a slow drop-off. It’s hard to do it consistently so you have to make sure you bring in team members, build processes, and even outsource if necessary.
I believe in insourcing everything, that’s what my team and I do so that’s my recommendation across the board.
Matt: Great, you did mention advertising in your answer previously. Everyone says that they’re so busy so adding Facebook Ads or other Pay-Per-Click (PPC) campaigns to their plate might seem like a daunting task.
What are your recommendations for a cybersecurity MSP who’s just now starting to venture into the social media and online paid advertising space? Are there any classes or certifications you recommend them taking?
Chris: Classes are tough because everything is constantly changing these days. The one thing that we all have in common is that we’re all mostly self-taught. I want to say that’s true with almost everyone that works with me.
If you think about the MSP industry as a whole, how many of them went to a class or a four-year college and popped out as a Managed Service Provider? Almost nobody, I don’t think that’s a real thing.
We’re all self-taught, self-learning people. It’s all about immersing yourself in the technology. None of it is mind-bending stuff. It’s way harder to set up a Windows 2016 server or a firewall than it is to do anything we do. You have to be willing to take the risk and work on it. Youtube also has a massive amount of helpful information.
I do train MSPs on how to market themselves through courses. I have multiple courses that teach…
Facebook Ads for beginners
Youtube Ads for IT (coming Q4 of 2019
We put all of this stuff in front of people to help them out but the bottom line is that if you don’t make a plan, execute it, and immerse yourself within the software you’ll struggle.
Figure it out yourself
Master your strategy
Surround yourself with sales-thinking people
That last one is the biggest aspect that differentiates my firm. We’re not a marketing implementation firm, we don’t just hand you leads. We teach you how to fish.
We had a coaching call recently where we walked through a brand-new IT and MSP cold email campaign that we set up and tested for results right in front of our clients. It was pretty cool stuff.
Matt: Let’s say an MSP has paid their dues and are at that point where they start to generate a consistent stream of inbound leads. At this point, you could consider them an influencer.
How can this MSP leverage their status and more importantly continue to grow their audience?
Chris: I’d say the most important thing to do in that scenario is to continue to stay in the public eye.
To have this interview right now, did I come to you, Matt? No, you came to me.
As you start to become an influencer in a community, that’s what happens. You get yourself in videos, you become more comfortable with it, people start to see your face and recognize your name. People start to say, “Oh, this person here? He’s an influencer in the space.” They’ll come to you.
In the early stages, I had 3 speaking gigs. Now I don't want to say that I had to beg but I definitely had to ask to speak and promise not to sell.
In 2019 I have 27 speaking gigs and three-quarters of them I’m paid to do. That shows you that if you never get yourself out there and set those initial starting blocks, you won’t be successful.
A lot of what vendors do, especially at bigger MSP shows like Kaseya Connect, pay to be on stage and speak. They pay anywhere better $10,000 - $100,000 to be on stage for whatever keynote they want.
Here are a couple of golden nuggets for everyone. Target associations in your communities and send them cold messages that say, “Hey, I’m a cybersecurity expert and I’d like to speak to your organization about how to hack your business.” That’s a great script that just came right off the top of my head.
Target associations like professional insurance. We used to do IT for a professional insurance agent association in Wisconsin with my Milwaukee-based MSP. I spoke to their user convention multiple times. I’ve also talked to the Wisconsin State Bar Association.
Talk to people, send them emails. What’s the worst that could happen? They say no? Big deal.
Get out there and ask. Public speaking is going to be your next best thing. Eventually, the media will take note.
One of the reasons why I got booked on that documentary you mentioned in my introduction was because I was known as the “IT Guy” by all of the local news stations in Milwaukee. This goes back all the way to 2013 - 2014, right when the Target breach happened. That was one of the first of it’s kind and when it happened all of the news stations in Milwaukee called me. They all asked if I could come in and talk about the breach during their evening news slots. This happened because they all knew who I was.
Doing something like that is the next level, upper-echelon stuff. I got national recognition from that which led to the Bio Channel reaching out to me. That was the channel that broadcast the documentary. That’s really where things started to take off.</p>
But if I wasn’t consistently doing the groundwork for the three or four years before that none of it would've happened.
Matt: Right, people need to get over the social anxiety that comes with reaching out.
Chris: Think about all of the major leaders out there. I was looking at the internet this morning on articles about Jeff Bezos. He was a one-man show when Amazon first launched and would speak at small events.
You have to be in that same mindset because if you look at him now he’s at a different level than all of us. But you have to be that person.
At no point are you above public speaking events.
Matt: Generating leads through inbound and influencer marketing is one part, but moving them through the sales funnel is an entirely different aspect.
What are some of your favorite strategies to use when selling cybersecurity? When you’re selling a cybersecurity solution, what do you focus on the most when talking to prospects?
Chris: Going back to a couple of things I mentioned a little bit earlier. Number one, selling to the pain you solve. Solve an organization’s pain points through an actual cybersecurity assessment.
I also recommend going to your existing clients and offering a free assessment. Upsell them naturally, it’s easy because you’re already doing services for them. Selling to your existing clients is also great practice, it’ll help you build your “internal ammo.”
For new prospects, find their pain points through an assessment.
If they have an IT staff or existing MSP, ask them if they know the last time they had an independent, third-party cybersecurity assessment. These are easy and helps them look at themselves from the inside out. They could say that they’re doing great but when’s the last time they looked at their cybersecurity? It’s a great way to walk in the door and get prospects.
You should also have a dedicated sales process, which is something I teach during my coaching program. It has to be process-based and system-based, you can’t winging it every time. It also has to be scalable.
If you’re driving leads to your team and they’re processing it the right way, it becomes a numbers game that you can almost predict.
For example, “if we drive 40 leads in the pipeline this month we’re going to have seven closes.” That’s when business becomes fun because you’ll know how many deals will come your way.
Matt: Right. As we know, cybersecurity shifts quickly. When a shift in the industry occurs companies need to adjust their strategies or risk being left behind and exposed. To stay up-to-date with these shifts, these companies need to invest more money.
How can you sell cybersecurity to organizations whose biggest concern is budgeting?
Chris: Well, I think we should go back to that “my child has cancer” analogy. What’s the budget for that? There is none. Is it planned? No.
You have to make sure that you’re planting the seed that there are issues.
Every company, from a two user shop to the Department of Defense has vulnerabilities. The biggest breaches we see happen to the biggest companies because they’re the biggest targets. It’s important that you sell on the pain you solve.
People make decisions based on emotion. Just like the analogy. That is an emotional decision, it’s “whatever it takes, we’ll get it done.” If you show enough pain and potential issues during your assessment process, that’s where your product comes into play as the solution.
When do people have emotions tied to business? When it’s financially related.
So you have to use the tools that are a part of your package.
That’s why I’m a huge fan of Etactics and some of your partner products. They create emotion because it shows the numbers.
For example, when a CTO sees a prediction like, “If you get this particular breach you’re going to have $225,000 of liability and other outlying costs. Here’s what’s going to be covered by insurance and here’s what isn't.”
That scenario changes mindsets and budgets.
What the MSP and MSSP industry has to do is change the mindset of “IT as a convenience.”
We have to push prospects.
Let’s relate it to insurance. Is health or business insurance a convenience for any organization? Do they need it? What’s the ROI on it? Zero until they have a problem.
We‘re at a point where cybersecurity and managed security services can show an ROI because a breach is going to happen and we can prevent it.
You have to change the mindset of the people across the table. That change comes through processes, systems, and putting proper assessment pieces in place to show real numbers that generate emotion.
That’s what leads to a change in the budget.
Another great example is all of the cities and public institutions getting breached and hacked. Their standard practice was always, “We’re going to do an RFP and get a minimum of three quotes.” Well when they get those quotes, what do they do? Take the lowest one because it fits within their budget. That standard strategy is currently getting thrown out the window because it’s the source to the issues they’re facing today.
We provided a public entity’s marketing campaign and to get them as a client we sent them a message that said, “Are you doing your RFP process the traditional way? You’re going to get hacked. If you’re doing things based on money alone, you're going to have a massive problem.”
You have to change the behaviors of the end-users to make things happen.
Matt: Awesome. Chris thank you for squeezing some time in for today’s interview.
Before we sign off, is there anything you’d else you’d like to mention about The Wiser Agency or selling cybersecurity?
Chris: Sure, you’ve heard me talk a lot about my coaching and different services throughout this interview. We use Etactics as a part of that and various other products as well.
With my coaching services, we show you a different mindset. Selling cybersecurity is a different world. I’d love to have anyone sign-up for that, our URL is www.7figureMSP.com. Our goal is to help all of our clients add seven figures to their business this year.