Phin Security

Techniques for Selling Security Awareness Training

The content discusses effective strategies for selling security awareness training by emphasizing its unique visibility to end users, advising MSPs to focus on communicating the value and outcomes rather than technical details, avoiding jargon, and building trust-based client relationships instead of relying on fear-based tactics.

Welcome to Gone Phishing, a show diving into the cybersecurity threats that surround our highly connected lives. Every human is different, and every person has unique vulnerabilities that expose them to potentially successful social engineering. On this show, we'll discuss human vulnerability and how it relates to unique individuals.

Selling Security Awareness Training: Key Insights

The Unique Nature of Security Awareness Training

  • Security awareness training is often the only security tool that end users at a client organization are directly aware of, since they interact with it (e.g., taking training, receiving phishing simulations, generating certificates of completion).
  • This visibility can create both challenges and benefits. For example, everyone has an opinion on the tool being used, so MSPs may need to defend their choice to stakeholders. However, clear communication with stakeholders about why a particular tool was chosen can help mitigate issues.

Common Mistakes in Selling Cybersecurity Services

  1. 1.

    Selling Tools Instead of Value

    • Clients outsource IT and security to MSPs because they want expert guidance, not just a list of tools.
    • Focus on the value and outcomes provided by the tools, not the technical details. For example, instead of explaining how a firewall works, explain how it protects the organization from threats.
  2. 2.

    Ineffective Communication

    • Avoid using unnecessary acronyms and jargon. Many clients may not understand them and may be reluctant to ask questions for fear of appearing uninformed.
    • Strive to explain concepts in simple terms that anyone can understand. If you can't explain it to a child or someone outside the field, you may not understand it well enough yourself.
  3. 3.

    Using Fear, Uncertainty, and Doubt (FUD) as a Sales Tactic

    • While FUD can sometimes prompt action, building relationships based on positive outcomes and trust is more effective and sustainable.
    • Clients who buy out of fear may remain fearful, making the relationship less productive.

Effective Sales Approaches

  • Sell the Gap: Reference to the book "Gap Selling"—identify where the client is (point A), where they want to be (point B), and position your services as the bridge between the two.
  • Focus on Outcomes: Emphasize how your services solve the client's problems and deliver the results they care about.
  • Build Relationships: People buy from people they like. Be personable, helpful, and trustworthy. Avoid "slimy" or high-pressure tactics.

Communication Tips

  • Avoid acronyms and use language that matches the client's level of understanding.
  • Remember that as an MSP or cybersecurity professional, your depth of knowledge far exceeds that of most clients. Don't assume they know what you know.
  • Create a safe environment for clients to ask questions without feeling embarrassed.

Final Thoughts

  • The most important factor in sales is being someone clients like and trust.
  • Uplifting, encouraging, educational, and helpful attitudes foster better relationships and more successful sales.
  • If you have questions or want to discuss further, you can reach out to the host on LinkedIn or through the company website.

Once again, thank you for joining this episode of Gone Phishing.