As I continue to BLOG on my views of security and our approach to running a cyber security business, I want to make a renewed commitment to you all in that I will continue to be as transparent as possible (no, I will not discuss what clients we have tested and who had the worst results). This means, I may sometimes go against one of my previous recommendations and take a new stance or update what I had previously discussed. I don't want you to think of this as indecisiveness, rather it represents a maturity and modification of previous thoughts or views. The downsides of being stuck in your ways is a topic for another time (or a different BLOG by someone who knows what they are talking about).
Behind the Scenes of a Ethical Reseller
There are very few hardware, software, and cloud applications in the security space that remain and stay relevant. There are a lot of products that have terrific features one year, and then become irrelevant the next. A great example of this was our previous relationship with SonicWALL. This firewall brand was very good, until the day it wasn't. They developed issues with their intrusion prevention system to the point we were able to bypass it in our testing. And then they started to sacrifice security for speed, which is the equivalent of removing security checkpoints at the airport. Their product could technically outperform the competitor in terms of speed, but with a minimal accuracy rate in terms of preventing cyber risks. The product has never returned to meet our standards and remains off our recommend list.
As a security reseller, we have a regular testing process for cyber products. Some of these products make it through the process and end up on our line card. The majority die an early death in the lab, not meeting the standards for one reason or another.
Sometimes one product from a vendor is great and another one is terrible. That is what happened in a story I will tell shortly. Just because you love one thing doesn't mean you have to love it all from a company, doing that is just ignorant.
And just because we may start recommending an additional product in a category does not mean we think the other product is worse. Sometimes we just need options inside of one category.
Just because a product makes it to our line card does not mean it achieves tenure, just the opposite. Each product continues to be evaluated and tested, and often they become irrelevant or insecure overtime.
This is something that sets us apart from our competitors. We don't just focus on one company. We do not engage in a lot of vendor events designed to secure our loyalty (although my wife loves free dinners and trips). We really work to make sure we are bringing you the most relevant recommendations, often at the expense of being liked.
The Cost of Not Wearing a Jersey
There is a real cost as a reseller to not wearing a jersey. The cost comes in the form of profitability and expenses. By not picking one product and sticking with it means that the business has to dedicate resources to testing and training on changing products regularly. This is a real cost that we have to absorb on an ongoing basis. We can't bring a product to market without knowing its benefits and limitations (try installing wireless mesh without testing security).
There is also a relational cost. Manufacturers like you to be loyal and they want every deal you have pending. They reward this loyalty. When you hold them accountable some of them go away completely or take it out in other ways. Here is an example.
At the beginning of the year we dropped our recommendation on a wireless manufacturer. A couple of months later we had that vendor misbehave pretty badly as a result in the form of a Vice President of that manufacturer. This gentleman went to one of our clients and told them he didn't think we were capable of a particular wireless project they were considering with us and he told them we didn't have the talent to assist him. When this news came back to us, which it always does, we got their management involved and got them to deal with this particular individual. We let them know that this was not called for and just because we did not recommend their wireless product does not mean that we are incapable of a wireless install at the level necessary for this project. Further, his behavior could affect our relationship with them with the products we still loved. The vendor apologized, but the damage was done in the clients eyes. This is a real example of the petty selfishness that exists in this field if you don't kiss the rings.
Advocating for Clients
We are our clients advocates. This means we are more concerned with making recommendations based on capabilities than with what vendor we love. The vendor that lost our wireless recommendation can fix their products and we will recommend them again. But until then they will not get our endorsement.
Being a traditional reseller is simple. Sell a vendor product and they send you leads. Sell more than anyone else and they will send you more leads. Stop selling their products and the leads will stop. How is that a business model? What control do we have if the products start to suck?
If I am a Ford dealership I need to rely on Ford to make great cars. My success as a dealership is partially tied to how desirable the product is and the quality of the cars the manufacturer makes. The dealership has no control over the quality of the product or the types of cars they make. So in this world scenario, I am really just an order taker. I can compete against other Ford dealers, but that is it. I can't control the entire process or what people will want to buy. My only goal is to be the best order taker.
The good news is, I am not in the car sales business. I did not start this business to just be an order taker. Taking orders is easy, but it is does not build value. I started this business to provide real value. I started this business to make sure the products our clients use is secure and properly installed.
When it comes to what products we recommend, know this. My philosophy is question everything. Assume it is insecure and test the hell out of it.
I hope we will forever earn your trust and I sincerely appreciate your business. I have worked with some amazing clients over the years and I appreciate all of you. I will always maintain a culture of holding manufacturers accountable to do what they say and maintain security.