The Ring of Security: Understanding the Intersection of People, Process & Technology

Episode Summary

On this episode of the Syncronized podcast, host Brandon Garcin and Bryant Tow, Chief Security Officer at Leapfrog Services, discuss the often overlooked aspects of cybersecurity. Many businesses view cybersecurity as simply having the right tools. Bryant argues this is a flawed approach. True security requires a holistic strategy — the “ring of security” — encompassing people, processes, technology, and governance. He emphasizes that neglecting governance is often the root cause of major security breaches, citing the Equifax breach as a prime example.

Bryant highlights the importance of MSPs understanding and communicating this broader perspective to clients, who often mistakenly believe existing IT services cover comprehensive security. This presents an opportunity for MSPs to offer higher-margin security services focused on governance, including training and policies tailored to each organization.

Finally, Bryant discusses the need for clear communication about risk, especially with C-suite executives. This requires moving beyond technical jargon and focusing on potential financial impact and material loss. He advocates for a shared understanding of security across the organization, leading to better buy-in and improved outcomes.

Guest-at-a-Glance

💡 Name: Bryant Tow 

💡What they do: Chief Security Officer

💡Company: Leapfrog Services

💡Noteworthy: Bryant is the author of five books on different technologies and has worked with law enforcement.

💡 Where to find them: LinkedIn

Key Insights

Moving Beyond Transactional Sales to Partnership-Based Relationships

MSP sales require patience and relationship-building rather than quick transactions. The most successful MSPs position themselves as strategic partners who understand both technology and business needs. Develop specialized offerings that serve as entry points for deeper relationships, allowing prospects to experience your capabilities without full commitment. This approach builds trust gradually while demonstrating your specific strengths. For established clients, don’t mistake silence for disengagement—quiet clients are often your most profitable ones because they’ve invested in proper infrastructure. Regular value demonstrations keep these relationships strong.

Cross-Functional Alignment Prevents Costly Misalignments

Technical team involvement in sales conversations prevents overpromising and creates unified service delivery. Engineers provide expertise that builds prospect confidence while ensuring what’s promised can actually be delivered. This collaboration eliminates the “lobbing it over the fence” problem where sales closes deals that operations struggles to fulfill. Regular processes involving all stakeholders before proposals go out create shared ownership of opportunities. Beyond improving service delivery, celebrating new clients as team achievements rather than sales victories fosters organizational unity. The trust built within your organization directly impacts your ability to build trust with clients.

Finding Your Ideal Customer Profile Drives Sustainable Growth

Technical team involvement in sales conversations prevents overpromising and creates unified service delivery. Engineers provide expertise that builds prospect confidence while ensuring what’s promised can actually be delivered. This collaboration eliminates the “lobbing it over the fence” problem where sales closes deals that operations struggles to fulfill. Regular processes involving all stakeholders before proposals go out create shared ownership of opportunities. Beyond improving service delivery, celebrating new clients as team achievements rather than sales victories fosters organizational unity. The trust built within your organization directly impacts your ability to build trust with clients.

Listener Takeaways

The Inception of the Ring of Security

Bryant explains the origin of his “ring of security” concept, emphasizing that it arose from analyzing the root causes of security breaches. He observed that often the underlying issue wasn’t a technology failure, but a failure in governance. He uses the five whys methodology to illustrate how digging deeper into incidents reveals governance gaps as the primary culprit. This led him to develop the ring of security model, which emphasizes a holistic view encompassing people, processes, technology, and facilities. He argues cybersecurity professionals should focus on these elements, not just the technical tools.

“When you really get into the root cause of any of these headline breaches, when you go through the five whys methodology, it was always something that came back to governance. It came back to people that caused the technology to fail.”

The MSP Opportunity in Security

Bryant discusses the opportunity for Managed Service Providers (MSPs) in the security space. He explains that many MSPs excel at technology implementation and support but lack the expertise to offer comprehensive security services. He suggests that this presents a significant opportunity for MSPs to differentiate themselves and increase revenue. He highlights how Leapfrog Services, an MSP he joined, had a strong technical foundation but lacked the virtual Chief Security Officer (vCSO) perspective that he brought to the table. This allowed them to expand their offerings and better serve client needs.

“Leapfrog is world-class technology. The security stack is very solid. But they didn’t have the ability to do anything that we do from a vCSO perspective.”

The Challenge of Communicating Security to Different Audiences

Bryant notes the challenges of communicating security concepts to both technical and business audiences. He emphasizes the importance of tailoring communication to resonate with each group. Technologists often focus on technical metrics, while business leaders prioritize business continuity and risk. He explains how the concept of disaster recovery is perceived differently by each group, further illustrating the communication gap. Bridging this gap is crucial for aligning security strategies with overall business objectives.

“If you say the word ‘disaster recovery’ to a technologist, and you say the word ‘disaster recovery’ to a business person, those are two completely different things. A technologist is going to measure their disaster recovery in the number of nines. The business person is going to want to know, ‘How do we continue to operate our business without the technology?”

The Importance of Right-Sizing Security Programs

Bryant stresses the need for right-sizing security programs to fit each organization’s unique needs and resources. Implementing an enterprise-grade security model for a smaller company is neither feasible nor necessary. He emphasizes the importance of scalability and tailoring solutions to be the right size. He also points out that while commonalities exist around measurement and maturity, the specific policies and documentation should align with the organization’s size and complexity.

“They’re not going to drop a hundred thousand dollars on it. It’s not viable, nor is it necessary, so having the ability to scale the solutions so that they are, in fact, the right size. I have clients where our written information security policies are 160 or 70 pages worth, and I have other clients that are like 50.”

Syncronized is the MSP podcast that drives MSP growth, from startup to scale-up. In each episode, we dive into the topics that matter most to IT providers, such as automation, AI, service delivery and profitability. Join us as we engage with experts and gain hands-on insights and practical advice you can directly apply to propel your business forward.

Share

• Share on Facebook
• Share on X
• Email this Page