At RSA Conference, Joe Pannone (Joey Pinz) sat down with John Hurley, Chief Revenue Officer at Optiv, for a conversation that went far beyond tools and into how cybersecurity actually works in the real world. What stood out wasn’t product talk—it was how Optiv approaches clients, complexity, and long-term success.
For MSPs, this is where the real opportunity lies. Not in adding more tech, but in changing how you think about delivering value.
Here are five strategic moves MSPs can take directly from Hurley’s approach.
1. Lead with the Business Problem—Not the Technology
Hurley made it clear: starting with your tech stack is the fastest way to lose credibility. Instead, conversations should begin with the client’s business challenge and what they’re trying to achieve.
He emphasized that leading with capabilities feels like selling, while leading with outcomes builds trust and opens the door to advisory conversations.
Why this matters to MSPs:
Most MSPs still default to pitching tools or services. That positions you as a vendor, not a partner. In cybersecurity—where stakes are high—clients want guidance, not a catalog.
How MSPs should act on this:
- Reframe discovery calls around business risk, not tools
- Train your team to ask: “What are you trying to protect or achieve?”
- Position security as a business enabler, not just a technical layer
2. Reduce Tool Sprawl—Don’t Add to It
One of the most practical insights: the average CISO is already managing 60–75 security tools.
Hurley stressed that clients are not looking for more technology—they’re looking for clarity, simplification, and better utilization of what they already have.
Why this matters to MSPs:
If your default answer is “add another tool,” you’re increasing complexity and reducing client confidence. The real value is in rationalization.
How MSPs should act on this:
- Audit client stacks before recommending anything new
- Focus on consolidation and integration strategies
Build services around optimization, not just procurement
3. Make Adoption the Definition of Success
Hurley reframed success in a powerful way: it’s not about selling the solution—it’s about whether the client actually uses it and gets value from it.
He repeatedly emphasized that adoption, utilization, and outcomes are what matter most—not the sale itself.
Why this matters to MSPs:
Many MSPs stop at deployment. That’s where risk begins. If clients aren’t fully using what they bought, you’re exposed—both from a security and relationship standpoint.
How MSPs should act on this:
- Build post-deployment success plans for every project
- Track usage, not just implementation
- Introduce regular “value realization” check-ins with clients
4. Operate as an Extension of the Client (Not Just a Provider)
Optiv doesn’t just advise—they deploy, manage, and even run full Security Operations Centers (SOCs) for clients.
This reflects a broader mindset: clients don’t just need recommendations—they need execution and ownership.
Why this matters to MSPs:
The MSPs that win are the ones that go deeper into operations. If you stop at advice, someone else will step in to manage it.
How MSPs should act on this:
- Expand into managed security services where possible
- Offer tiered support—from advisory to full operational ownership
- Position yourself as part of the client’s team, not an external vendor
5. Treat AI as a Human Problem First
Hurley’s take on AI was grounded: AI doesn’t create new problems—it amplifies existing human behaviors and mistakes.
That means securing AI starts with understanding how people work, where they fail, and how processes break down.
Why this matters to MSPs:
Many MSPs are rushing to “sell AI.” That’s the wrong move. Clients are still trying to understand how AI impacts risk.
How MSPs should act on this:
- Lead AI conversations around risk, governance, and use cases
- Help clients define a “safe path” to adoption
- Focus on process and behavior—not just AI tools
