‘We need clients who understand and respect specifically what we’re bringing them because then the relationship builds. It’s not about the money anymore. It’s about the full package that we’re bringing to them,’ says Seth Kilander, founder and CEO of Ki Security & Compliance Group. 
Showcasing Infinite IT’s credentials, which include ones from Microsoft and the International Organization for Standardization (ISO), paves the way to talking about the solution provider’s value proposition, the ways it drives down costs and its capabilities in risk management.
“In our market, no one has our certifications,” Ussia (pictured second from right) told a crowd of vendors and solution providers Monday. “It is a major differentiator for us.”
[RELATED: Liability Defense, Not Just Compliance, Is A Winning Security Sales Play: Galactic Advisors CEO]
Ussia shared his experiences building a compliance practice and specializations as part of a panel held during the XChange NexGen 2025 conference, hosted by CRN parent The Channel Company. The show goes through Tuesday in Houston.
In answer to a question from moderator and CRN Senior Associate Editor CJ Fairfield (pictured far left), panelist Seth Kilander (pictured second left), founder and CEO of Denver-based Ki Security & Compliance Group—a member of CRN’s 2025 MSP500—told the crowd that it’s possible for generalist MSPs to build a vertical practice if they find that a variety of their customers are coming from an industry or, even better, a niche area of that industry.
His own business started out with a variety of regulated clients before building out a niche specialization helping private equity and investment advisers stay compliant with the U.S. Financial Industry Regulatory Authority (FINRA) and the U.S. Securities and Exchange Commission. Specializing also did not mean dropping longtime clients outside the specialty, Kilander said. But it’s improved his strategy for new customer acquisition.
When Ki Security competes for bids for business, the solution provider wins business even with higher prices than competitors because of the credentials it brings and how well it can tailor its programs to clients, he said. Regulated clients understand that a company without credentials can save them money in the short run but possibly cost them millions in fines later.
“We need clients who understand and respect specifically what we’re bringing them because then the relationship builds,” Kilander said. “It’s not about the money anymore. It’s about the full package that we’re bringing to them.”
Kilander also encouraged solution providers to select customers carefully. Customers unwilling to follow solution provider recommendations for security and compliance are a liability. And documenting that the client refused to adopt a certain tool or practice isn’t always enough to avoid a lawsuit or reputational damage.
“If a client is not willing to meet our best practices, which are higher than standard best practices, we tell them they have got so much time to either get on board or they have to find somebody else,” he said.
Tommy Vaughan (pictured far right), president of Lynchburg, Va.-based Central Technology Solutions, said that his solution provider started out catering more so to particular industry niches before making a shift offering compliance services to a variety of regulated industries, including government and health care.
He recommended that solution providers building compliance practices don’t necessarily focus on quarterly reviews and their toolset as the sales play. In his experience, business executives that don’t always attend the reviews and tools don’t get excited by the products the solution provider leverages or the volume of threats blocked.
Like Ussia, Vaughan tends to lead conversations with prospective customers talking about CTS’ compliance practice and seals the deal with comprehensive services from devices and maintenance to support, cloud products and phones. He’s found that competitors miss even basic compliance requirements for companies collecting credit card or patient information.
Compliance-focused solution providers should feel comfortable charging more for their services. CTS has reached a 24 percent EBITDA margin and is looking to reach 32 percent, Vaughan said. That money has helped pay and maintain a quality staff. And through winning customers with a comprehensive batch of services, CTS has maintained high customer retention rates.
“There’s a reason that you can buy Hershey Kisses in bulk, cheap, and Godiva Chocolates cost more and you get less,” Vaughan said. “We’re more Godiva Chocolates. But here’s why—there’s definitely a quality difference there.”
Ussia told the crowd that his compliance and specialization journey started with a client who needed help with Microsoft’s Supplier Security & Privacy Assurance Program. Learning SSPA turned out to be easier than Ussia thought, and Infinite went on to help other clients with it. The company went on to earn two ISO certifications and is working on a third, among other credentials.
“Customers don’t trust you if you don’t have it yourself,” he said. “It really helped us push our business to the next level.”
Infinite started out charging customers by the hour for achieving credentials themselves because he didn’t know how long it would take—offering a contract for a certain number of hours and then a renewal option once Infinite hit those hours. But eventually, for the industry clients who allow it, he shifted to per-seat pricing because the time taken became consistent.
Building compliance practices is less of a lift than solution providers think given that they already update client devices and servers, Ussia said. And then if the solution provider enjoys helping certain clients in particular—whether they are law firms or sports teams—that could mark the start of a specialization.
“That passion can translate into a differentiator in the market when you’re going and talking against [the] competition,” Ussia said.
Leave a Comment