From The Editor | December 19, 2018

Client Security Training: Partnership Drives The Opportunity

Matt Pillar

By Matt Pillar, chief editor

UPS Malware Removed By Security Team

In a sweeping interview for Channel Executive Magazine, seasoned IT executive and SRC Technologies President and CEO BJ Havlik shared the wisdom behind his new-solution onboarding philosophy. In doing so, he zeroed in directly on the relatively new client IT security training opportunity.

Havlik is an exemplary resource on the topic because, when he founded his business back in 2008, its launch was inspired by a simple premise: “no” would never be a satisfactory response to a client request.

When SRC encounters a business performance related IT issue that’s not quite in its wheelhouse, it’s faced with the same dilemma any channel partner is. Do you onboard that technology and figure out how to integrate it, sell it, and become certified in it? Do you find a third party partner to take the project? Or, do you just say no? For Havlik and SRC, it’s never the latter. “If it’s a technology that’s adjacent to or aligns with one of ours, and if it has broader market appeal than a single account, we will more than likely take it on,” he says. For instance, about two years ago, SRC recognized that a number of its managed services clients’ employees were clicking on things they shouldn’t be clicking on. Recognizing the opportunity, SRC discovered KnowBe4 and its security training technology. The MSP subsequently became resellers of the vendor’s product, giving SRC the opportunity to provide additional value that ties right in with its “business performance, not IT” sales and marketing angle (read more on that in the next issue of Channel Executive).

“The primary consideration for me, from a new service selection standpoint, is to listen to the engineers on our team. They’re out there engaging our clients, they know the tech environments we serve and where the client gaps are, what they don’t have that we offer and what we don’t have that they need,” says Havlik.  If we think we can sell to those needs at a good margin and we can take on the investment required to get up to speed, we onboard.” Havlik doesn’t assume that getting up to speed will always happen quickly. He says it was a solid 18 months after onboarding IT service management tools from Cherwell before his company felt confident enough with the technology to support it to client expectations. “That took time, but it was still a good decision that’s led to a lot of new business in bigger markets than we were previously in,” he says.

In plenty of other cases, SRC the outsourcer is an outsourcer itself. “We meet clients who need things like application development or Web development help, for instance, and that’s clearly out of our space. For those clients, we turn to companies that we’ve worked with and have confidence in, typically with no formal agreement, but with whom we exchange leads,” says Havlik.

For its latest solution set addition, SRC is capitalizing on the relatively new demand for security training. For that, Havlik subscribes to the human firewall concept. “By now, it should be fairly standard knowledge that the weakest elements in IT security are client employees,” he says. “Having a password policy that creates a password so complex that it can only be remembered if it’s written down is crazy. Catchphrases should take over. My Dog Has Red Spots On His Head is super easy to remember, but no one’s going to guess it. Training that educates and reinforces these concepts is critical, and there’s a market for it.”

Havlik has chosen to address this through the provision of training on mechanisms and rules that enable diligence and reinforce good, sound security practices. Programs from KnowBe4 fulfill a large part of the offering, which is backed up by penetration testing via SRC’s partnership with Synack. Through Synack’s program, 25 to 30 ‘ethical’ hackers are unleashed to break into SRC client IT environments. Havlik likes the approach better than automated penetration testing. “Software-based penetration testing is useful, but computer programs don’t leverage the creativity that humans can,” he says. “They can’t think on the fly and collaborate the way a team of professional hackers do.”

SRC says acceptance of security awareness training is growing. “IT security threats keep evolving, and so must IT security. That’s only going to happen if the people using it are engaged and looking for gaps and issues.”