**Editor’s Note: This session preview originally posted ahead of the scheduled Channel Partners Conference & Expo in March. After the world’s largest channel event was postponed due to COVID-19, we repurposed this session for Channel Partners Virtual, Sept. 8-10. Tech Data’s Alex Ryals will present this program, Tuesday, Sept. 9, at 3 p.m. ET.**

As cybercrime is a looming threat for most customers today, is the channel prepared to help them?

The key to taking advantage of this opportunity is building and maintaining an effective cybersecurity practice. But where do you start?

During his presentation, titled “Stairway to Security Revenue – A Step-by-Step Guide to Building a Security Practice,” at Channel Partners Virtual, Alex Ryals, Tech Data‘s vice president of security solutions, will provide a vendor-neutral, step-by-step plan to build a cybersecurity practice.

Tech Data’s Alex Ryals

He will address selecting the right areas of security on which to focus, picking the right providers to partner with and building a strategy around professional and managed security services. The opportunity is tremendous for partners who take thoughtful and intentional action to build a plan.

In this Q&A from January with Channel Partners, Ryals gives a sneak peek of the information he plans to share with attendees.

Channel Partners: Have the components of a successful security practice evolved along with changes in technology and cyberattack strategies? If so, how?

Alex Ryals: The components of a successful security practice have certainly evolved over time as the complexity of the attacks has increased. In the past, it may have been good enough to have a strong perimeter firewall and a good antivirus solution on your laptop, but the edge of the network is no longer the router/gateway in your data center. It is IoT devices all around us, mobile phones, laptops, etc. A security practice today must include more than just hardware and software, but also services to assist customers with penetration testing, vulnerability assessments and even incident response. This isn’t to say that all partners have to deliver this themselves, but they do need to have a partnership with someone who can deliver these types of solutions.

CP: How do you best begin the process of building a security practice?

AR: The first step in building a security practice is to hire a solid security leader who will have the expertise and bandwidth to complete the other steps in the process, which generally include selecting the areas of security to invest in [endpoint, cloud, IoT, identity and access management (IAM), etc.], the vendors to partner with, the services to provide (professional and managed), the marketing strategy to tell your customers about your offerings and the financial tracking to identify success. A solid security practice is generally a combination of selling services to assist customers in identifying weaknesses in their cyber posture and managed services to manage/monitor that infrastructure, as well as technology to feed those managed services.

CP: What are some of the common mistakes made when building a security practice?

AR: I have noticed many partners invest heavily in building a security practice, but not compensating their sales team to sell it. The best practice is to identify and invest in …

…areas of security which your sales team is comfortable selling.  For instance, if you invest in IAM and security information and event management (SIEM) solutions, but your sales team only knows how to sell network equipment and storage, it will be hard to get your security practice off the ground. Maybe instead you should focus on network security and data security, which would align better with your sales skills. Otherwise you are swimming upstream.

CP: How do you know if your security practice is effective?

AR: You know you have an effective security practice in several ways. First, your sales team will be able to pitch your solutions without the crutch of your security leaders or the presales team. Second, your customers start calling you when they encounter a cybersecurity incident. That means your brand messaging is working. Third, you know you are successful when you achieve your financial targets and have a healthy monthly recurring revenue stream from security solutions.

CP: What do you hope attendees learn and can make use of from your session?

AR: I’m hoping that partners walk away from my session emboldened with starting a security practice if they don’t have one, or advancing their practice to the next level with an investment in a new type of managed service or area of security. Sometimes the fastest way to get to the other side of the lake is just to jump in and start swimming.