Building an MSSP Team

Managed service providers (MSPs) looking to enter the security space face a difficult task: They need to establish a completely new team in addition to existing personnel. And those resources require different skill sets from traditional IT services. So how should MSPs go about building a security practice and establishing a managed security services provider (MSSP) team?

Here are five tips for building a security team for your MSP.

Also see the Top MSSP Tools and Cybersecurity Vendors

No Double Duties

The first thing to learn about building an MSSP team is simple—it takes a discrete MSSP team. In other words, don’t attempt to dump security duties on personnel currently running other MSP services or people well-trained in IT but not in security. It won’t work.

“The expertise required to deliver security services is different than the traditional monitoring of a network or IT infrastructure,” said Scott Barlow, vice president of Global MSP and Cloud Alliances at Sophos. “Analyzing indicators of compromise, working to automate what they can, and conducting a forensic investigation to detect a threat and remediate is a different DNA.

“Providing the best security outcomes requires specialization and focus that is difficult to achieve consistently if personnel are splitting time between traditional MSP tasks and delivering security services.”

Also read: Five Reasons Why Your MSP Should NOT Become an MSSP

Expect Poaching

Once you establish a cadre of good security resources, hold on tight. Headhunters will always be sniffing around the periphery, hoping to lure them away. Others will decide they want a dream job at Google or some other high-profile destination.

If you can assemble the team, be sure to pay them well, give them plenty of benefits, and give them a career path and training that fits with their long-term aspirations. To do otherwise is likely to result in people not sticking around more than a year or two. If you can’t keep security hires longer than that, it may be more bother than it is worth to keep on attempting to attract them.

“Finding and retaining team members dedicated to security is a challenge everywhere,” said Barlow.

But don’t take it too personally when they leave. Getting a reputation as a great place to get trained and started on a security career is a very good reputation to have.

Also read: How MSPs and MSSPs Can Attract Talent Despite IT Skills Shortage

Support Your Team With Automation

The very best personnel will become jaded quickly if they are not supported with automation tools that can mitigate manual workloads and give them time to work on more important tasks. Nobody wants to be immersed in manual processes or to be part of a disorganized mess that requires constant firefighting and endless emergencies at all times of the day and night.

“Your most sensitive resource is the time of your skilled resources,” said Alexandre Blanc, strategic and security advisor at VARS. “Therefore, business processes must be highly efficient, involving a lot of automation, so they don’t waste time on tasks that are not helping the business and delivering value to the customer.”

For example, it is important to acquire the necessary tools such as security information and event management (SIEM) software that can collect large amounts of event data. This will save immense amounts of time. And tune your SIEM and other tools so your teams gets only the alerts that matter – burying them in alerts that don’t matter is in no one’s interest.

Also read: Hyperautomation Could Dramatically Boost MSSP Profitability

Establish a Security Culture

An area that is easy to miss is the creation of an in-house security culture. This is trickier than it sounds. Just as the physical security team of an office building has a very different mindset to the technicians and administrators that inhabit the premises, IT security often has differing opinions compared to other IT personnel related to infrastructure and management.

IT personnel are used to being flanked by security staff who bug them about adding security safeguards to their code, set policy, and police compliance. General IT staff rarely possess the right mindset.

Such a culture needs to be created. It often starts at the top, potentially with a top security executive who can hire others with security mindsets to help instill the right culture in the team.

“You can’t build a security team if there isn’t a security culture at the very first,” said Blanc. “I don’t mean security certification, although such certs are critical. I mean privacy and security must be part of the core of the team culture.”

Also see 7 Major Mistakes that MSSPs Make

Build an SOC

Once you have hired a security executive that can build the right culture, the next move might be to establish a working security operations center (SOC). This may not be needed for relatively light security services. But beyond that, it is a necessity. The security exec can begin hiring or training people to be part of the SOC. And must be allowed to build that culture gradually.

“MSPs need to provide proactive security monitoring, detection, and response as part of their overall services,” said Chris Crellin, senior director of product management at Barracuda MSP. “That means MSPs will need to expand their existing service delivery to include an SOC.”

He offers tips in setting one up:

  • Build a team of security analysts and technicians along with the tools necessary to detect and respond to security threats.
  • Create procedures and processes for intrusion detection and remediation.
  • Provide around-the-clock staffing.
  • Gain a deep understanding of industry regulations and compliance.
  • Price services at a level clients can support

“It’s not just about the MSP investing and creating the service in-house that would make the transformation to MSSP a success, but simply the ability to deliver the detection and remediation service to their clients, regardless of whether they are doing it in-house or subscribing to the services offered by a vendor,” said Crellin.

For more on the managed security services business, see:

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including eSecurity Planet, ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

RELATED ARTICLES

Must Read