Managed Security (MSSP) Selling — 60-Min Training

👁 0 views📖 2,079 words⏱ 9 min read5/29/2026

Direct Answer

The Risk-and-SLA Managed Security Sale is a 60-minute training for MSSP (managed security service provider) sales reps who sell managed detection and response, SOC-as-a-service, and 24/7 monitoring to mid-market and enterprise businesses. It replaces fear-mongering and threat-of-the-week selling with a disciplined ritual: open on the buyer's measurable risk and compliance obligations, build a written in-house-versus-managed cost and coverage case, anchor the proposal to a hard SLA (detection and response times), and structure a multi-year managed relationship.
Built on CompTIA managed-services frameworks, the NIST Cybersecurity Framework, and the MEDDIC qualification model, this session teaches reps to sell risk reduction, coverage, and response time — never FUD.

Section 1 — Why MSSP Reps Lose Deals (and Trust) (5 min)

Open with the hard truth on the whiteboard. A business does not buy managed security because you scared them with a breach headline. They buy it because they can't staff a 24/7 SOC, their cyber insurance and compliance demand monitoring they don't have, and one missed alert at 3 a.m.

Could cost them $200,000+ in incident response and downtime. Reps who lead with fear lose to the rep who leads with quantified risk and a hard SLA.

Set the frame:

The old pitch: Cite the scariest breach in the news, imply they're next, push a tool, lose to "we'll think about it."
The new pitch: Anchor on measurable risk and compliance gaps, model in-house vs managed cost and coverage, commit to a detection-and-response SLA.
The committee: Security decisions involve IT leadership, the security owner (or vCISO), finance, and sometimes the board or cyber-insurer — multiple buyers, real scrutiny.

Read the CompTIA managed-services principle aloud: *"You sell an outcome under SLA, not a product under a license."* And the firm rule for this team: no FUD. Quantified risk persuades; fear erodes trust.

Section 2 — The Risk-and-Coverage Discovery Brief (15 min)

Before any proposal, the rep completes a written discovery brief with the buyer's IT and security owner. No brief, no proposal. Walk the room through the verbatim template — have each rep fill it out for a real opportunity right now.

Verbatim Risk-and-Coverage Discovery Brief (rep fills out with the buyer's IT owner):

Business: [Company] — [Industry] — [Employee count] — [Endpoints and servers in scope]
Compliance drivers: [HIPAA, PCI DSS, SOC 2, CMMC, cyber-insurance requirements]
Current coverage: [Who watches alerts today] — [Hours covered] — [Gap: nights, weekends, holidays?]
The risk in dollars: [Estimated incident cost] x [likelihood] — [Insurance deductible and premium]
Detection and response today: [Current mean time to detect and respond, if known] — [Last incident]
In-house reality: [Cost to hire and retain a 24/7 SOC team] — [Tooling they own already]
The committee: [IT lead] / [Security owner or vCISO] / [Finance] / [Insurance or compliance contact]

Coach reps on the "quantify, don't terrify" rule — every risk converts to a number the buyer can defend to finance. *"You currently have zero coverage from 6 p.m. Friday to 8 a.m. Monday — that's 62 unmonitored hours a week, and most ransomware detonates on weekends."* That's a fact, not a scare tactic.

Show the bad example: *"Companies like yours get breached every day — you could be next."* That's FUD, and a serious buyer tunes it out. Coverage gaps and dollar-denominated risk are value.

flowchart TD A[Rep Completes Risk Discovery Brief] --> B{Coverage Gaps and Risk Quantified?} B -->|No| C[Stop: No Proposal Yet, Get the Facts] B -->|Yes| D[Map Gaps to Compliance Requirements] D --> E[Model In-House SOC vs Managed Cost] E --> F[Map the Buying Committee] F --> G{SLA Requirements Defined?} G -->|Yes| H[Propose Multi-Year Managed Agreement] G -->|No| I[Run a Risk Assessment Engagement First] H --> J[Present Risk and SLA Case to Committee] I --> J

Section 3 — The No-FUD Qualification Discipline (10 min)

A deal built on fear churns at the first renewal. Drill the qualification rules.

Lead with facts, not headlines. Use the buyer's own coverage gaps and NIST CSF maturity, not the news cycle.
Map to a framework. Tie every gap to NIST CSF functions — Identify, Protect, Detect, Respond, Recover — so the buyer sees structure, not pressure.
Quantify the in-house alternative honestly. A real 24/7 SOC needs 5-6 analysts; price it fairly so the managed case stands on its own.
Confirm the compliance obligation is real. HIPAA, PCI DSS, CMMC, or cyber-insurer requirements should drive the urgency — not your quota.
Define the SLA they actually need. Mean time to detect and respond targets must match their risk tolerance, not your default tier.

The one exception: if there is an active incident, drop the sales process and route them to incident response immediately — credibility in a crisis earns the relationship.

What to NEVER say to a security buyer (read these aloud, slowly):

"You could get breached any day now" (textbook FUD; serious buyers and CISOs immediately distrust it).
"We'll stop all attacks" (no one stops everything; over-promising guarantees a churned, angry customer).
"Your current setup is a disaster" (insulting the IT owner who built it loses your internal champion).
"Compliance is basically just checking a box" (trivializing their obligation signals you don't understand their world).
"Our AI catches everything automatically" (hand-waving the human SOC and tuning undersells the actual service).
"Just sign the multi-year and we'll figure out the SLA later" (the SLA IS the product; deferring it kills trust and the deal).

The CompTIA managed-services standard is blunt: *"Trust is the entire product. One overstated claim costs you the renewal and the referral."*

Section 4 — The In-House-vs-Managed Close Script (10 min)

Security buyers commit to a relationship under SLA, not a tool. Bundle the coverage, the SLA, the compliance support, and the multi-year term into one proposal. Use the verbatim script.

Verbatim In-House-vs-Managed Script (rep delivers these exact words):

Rep: "Let's put both options on one page. To match what we provide, an in-house 24/7 SOC needs 5 to 6 analysts, the SIEM and EDR tooling, and the tuning — that's roughly [in-house annual cost] and a 6-month hiring runway you don't have."
[Slide the comparison worksheet across. Stay quiet while finance reads.]
Rep: "Our managed service covers all of it for [managed annual cost], live in 30 days, with a hard SLA: [X-minute] mean time to detect, [Y-minute] mean time to respond, 24/7/365."
[Pause. Let IT and finance do the math. Do not fill the silence.]
Rep: "It closes your weekend coverage gap, satisfies your [HIPAA or PCI] monitoring requirement, and gives your insurer the evidence they want — for a fraction of building it yourself."
Rep: "We can onboard before your audit deadline if we paper the agreement this month. Want me to lock the onboarding slot?"

Do NOT:

Sell the tool and leave the SLA, compliance support, and reporting as afterthoughts. One agreement, one SLA, one page.
Pitch only IT. Get finance in the room for the in-house-vs-managed math and the insurer or compliance owner for the requirement.
Promise to "stop everything." Promise a measurable SLA you can deliver and report on monthly.
Skip the detection and response time numbers. The SLA is the product; the term means nothing without it.

Section 5 — The In-House-vs-Managed Math (15 min)

This is where reps win on economics, not emotion. Build the math on the whiteboard.

flowchart TD A[Quantify Coverage Hours Needed] --> B[Price a Real In-House 24/7 SOC] B --> C[Add SIEM EDR Tooling and Tuning Cost] C --> D[Estimate Breach Cost Times Likelihood] D --> E[Compare Managed Annual Cost and SLA] E --> F[Add Compliance and Insurance Value] F --> G{Managed TCO and Risk Reduction Wins?} G -->|Yes| H[Present Multi-Year Agreement to Committee] G -->|No| I[Right-Size Scope or Coverage Tier]

The math (for a 250-employee mid-market business, ~600 endpoints):

In-house 24/7 SOC: 5 analysts at ~$110,000 loaded = $550,000, plus SIEM/EDR tooling $120,000, plus management = ~$700,000/year and a 6-month hiring runway.
Managed MDR + SOC service: ~$144,000/year ($12,000/month), live in 30 days, with a 15-minute MTTD / 30-minute MTTR SLA, 24/7/365.
Risk side: average incident response and downtime for this size runs $200,000+; closing the 62-hour weekend gap measurably cuts dwell time and likelihood.
Net: managed delivers comparable coverage at roughly 20% of the in-house cost, immediately, with compliance evidence the cyber-insurer rewards with better terms.

Pull finance and the insurer into the math early — finance owns the build-vs-buy comparison, and the cyber-insurer often *requires* MDR or discounts the premium for it. Both make your case for you.

Common security objections (rehearse the comebacks):

*"We already have a firewall and antivirus."* — Those are Protect controls; you have a gap in Detect and Respond. Map it to NIST CSF and show the unmonitored hours — prevention without 24/7 detection is a blind spot.
*"We're thinking about building our own team."* — Walk the $700K and 6-month runway honestly. Most mid-market firms can't hire or retain 5-6 SOC analysts; managed gets you covered in 30 days.
*"This feels like a lot of money for something that might not happen."* — Reframe to expected cost: incident likelihood times impact, plus the insurance and compliance value. It's risk management with a measurable SLA, not insurance against a maybe.

Have every rep build an in-house-vs-managed comparison worksheet for a live opportunity before they leave the room.

Section 6 — Commitments and Close (5 min)

Each rep leaves with three written commitments, taped to the monitor:

My top 5 active opportunities get a completed Risk-and-Coverage Discovery Brief with quantified gaps by Friday.
Every proposal I write leads with a measurable SLA (MTTD and MTTR) and an in-house-vs-managed cost comparison — never a breach headline.
I never sell with FUD. I map gaps to NIST CSF, quantify risk in dollars, and bring finance and the insurer into the room.

Close by reading the CompTIA managed-services standard aloud: *"Sell the outcome under SLA, earn the trust, and the multi-year relationship renews itself."*

Then pin the no-FUD risk-assessment template in the team Slack and assign each rep their first three discovery briefs.

FAQ

Q1: How do I create urgency without using fear? A: Use facts the buyer can verify: their coverage gaps (unmonitored hours), an upcoming compliance audit or insurance renewal deadline, and their current mean time to detect. Quantified, framework-mapped risk creates real urgency; FUD creates distrust and gets you tuned out.

Q2: The prospect says they'll just build their own SOC. How do I respond? A: Walk the real numbers honestly — 5-6 analysts at ~$700K/year plus tooling plus a 6-month hiring runway, in a market where SOC talent is scarce and burns out fast. Managed gets them covered in 30 days at a fraction of the cost.

Respect the option; let the math decide.

Q3: They already have a firewall, antivirus, and an IT team. Why do they need an MSSP? A: Those cover Protect in the NIST CSF; the gap is Detect and Respond around the clock. An IT team that sleeps isn't a SOC. Show the unmonitored nights and weekends — that's where modern ransomware detonates.

Q4: Who actually signs off on a managed security deal? A: Typically a committee: IT leadership, the security owner or vCISO, finance (for the build-vs-buy math), and often the cyber-insurer or compliance officer whose requirements drive it. Map all of them; finance and the insurer frequently make your case for you.

Q5: How important is the SLA in the proposal? A: It is the product. Mean time to detect (MTTD) and mean time to respond (MTTR), plus coverage hours and reporting cadence, are what the buyer is actually purchasing. Never defer the SLA to "later" — a managed service without a hard SLA is just a tool with a login.

Q6: How is selling managed security different from selling a security product? A: A product is a one-time license; managed security is an ongoing relationship under SLA that the customer trusts with their environment 24/7. You sell coverage, response time, and trust — and you protect every one of those, because one overstated claim costs the renewal and the referral.

Sources

CompTIA, *Managed Services and MSP/MSSP Frameworks and Trustmark Resources*, comptia.org, 2024-2025.
NIST, *Cybersecurity Framework (CSF) 2.0*, National Institute of Standards and Technology, 2024.
Jack Napoli and the MEDDIC Group, *MEDDIC Sales Qualification Framework*, 2023.
IBM Security and Ponemon Institute, *Cost of a Data Breach Report*, ibm.com, 2024.
SANS Institute, *Security Operations Center (SOC) Survey and Staffing Guidance*, sans.org, 2024.
Verizon, *Data Breach Investigations Report (DBIR)*, verizon.com, 2024.
Neil Rackham, *SPIN Selling*, McGraw-Hill, 1988.
Mike Weinberg, *New Sales. Simplified.*, AMACOM, 2013.

Keep reading

Download:

### Direct Answer

> **The Risk-and-SLA Managed Security Sale** is a 60-minute training for **MSSP** (managed security service provider) sales reps who sell managed detection and response, **SOC**-as-a-service, and 24/7 monitoring to mid-market and enterprise businesses. It replaces fear-mongering and threat-of-the-week selling with a disciplined ritual: open on the buyer's **measurable risk and compliance obligations**, build a written **in-house-versus-managed** cost and coverage case, anchor the proposal to a hard **SLA** (detection and response times), and structure a multi-year managed relationship. Built on **CompTIA** managed-services frameworks, the **NIST Cybersecurity Framework**, and the **MEDDIC** qualification model, this session teaches reps to sell **risk reduction, coverage, and response time** — never FUD.

---

## Section 1 — Why MSSP Reps Lose Deals (and Trust) (5 min)

Open with the hard truth on the whiteboard. A business does not buy managed security because you scared them with a breach headline. They buy it because they can't staff a **24/7 SOC**, their **cyber insurance and compliance** demand monitoring they don't have, and one missed alert at 3 a.m. Could cost them **$200,000+** in incident response and downtime. Reps who lead with **fear** lose to the rep who leads with **quantified risk and a hard SLA**.

Set the frame:

- **The old pitch:** Cite the scariest breach in the news, imply they're next, push a tool, lose to "we'll think about it."
- **The new pitch:** Anchor on **measurable risk and compliance gaps**, model **in-house vs managed cost and coverage**, commit to a **detection-and-response SLA**.
- **The committee:** Security decisions involve **IT leadership, the security owner (or vCISO), finance, and sometimes the board or cyber-insurer** — multiple buyers, real scrutiny.

Read the **CompTIA** managed-services principle aloud: *"You sell an outcome under SLA, not a product under a license."* And the firm rule for this team: **no FUD.** Quantified risk persuades; fear erodes trust.

---

## Section 2 — The Risk-and-Coverage Discovery Brief (15 min)

Before any proposal, the rep completes a written discovery brief with the buyer's IT and security owner. **No brief, no proposal.** Walk the room through the verbatim template — have each rep fill it out for a real opportunity right now.

**Verbatim Risk-and-Coverage Discovery Brief (rep fills out with the buyer's IT owner):**

> 1. **Business:** [Company] — [Industry] — [Employee count] — [Endpoints and servers in scope]
> 2. **Compliance drivers:** [HIPAA, PCI DSS, SOC 2, CMMC, cyber-insurance requirements]
> 3. **Current coverage:** [Who watches alerts today] — [Hours covered] — [Gap: nights, weekends, holidays?]
> 4. **The risk in dollars:** [Estimated incident cost] x [likelihood] — [Insurance deductible and premium]
> 5. **Detection and response today:** [Current mean time to detect and respond, if known] — [Last incident]
> 6. **In-house reality:** [Cost to hire and retain a 24/7 SOC team] — [Tooling they own already]
> 7. **The committee:** [IT lead] / [Security owner or vCISO] / [Finance] / [Insurance or compliance contact]

Coach reps on the **"quantify, don't terrify" rule** — every risk converts to a **number** the buyer can defend to finance. *"You currently have zero coverage from 6 p.m. Friday to 8 a.m. Monday — that's **62 unmonitored hours a week**, and most ransomware detonates on weekends."* That's a fact, not a scare tactic.

Show the bad example: *"Companies like yours get breached every day — you could be next."* That's FUD, and a serious buyer tunes it out. **Coverage gaps and dollar-denominated risk are value.**

```mermaid
flowchart TD
    A[Rep Completes Risk Discovery Brief] --> B{Coverage Gaps and Risk Quantified?}
    B -->|No| C[Stop: No Proposal Yet, Get the Facts]
    B -->|Yes| D[Map Gaps to Compliance Requirements]
    D --> E[Model In-House SOC vs Managed Cost]
    E --> F[Map the Buying Committee]
    F --> G{SLA Requirements Defined?}
    G -->|Yes| H[Propose Multi-Year Managed Agreement]
    G -->|No| I[Run a Risk Assessment Engagement First]
    H --> J[Present Risk and SLA Case to Committee]
    I --> J
```

---

## Section 3 — The No-FUD Qualification Discipline (10 min)

A deal built on fear churns at the first renewal. Drill the qualification rules.

- **Lead with facts, not headlines.** Use the buyer's own coverage gaps and **NIST CSF** maturity, not the news cycle.
- **Map to a framework.** Tie every gap to **NIST CSF** functions — Identify, Protect, Detect, Respond, Recover — so the buyer sees structure, not pressure.
- **Quantify the in-house alternative honestly.** A real 24/7 SOC needs **5-6 analysts**; price it fairly so the managed case stands on its own.
- **Confirm the compliance obligation is real.** **HIPAA, PCI DSS, CMMC**, or cyber-insurer requirements should drive the urgency — not your quota.
- **Define the SLA they actually need.** Mean time to detect and respond targets must match their risk tolerance, not your default tier.

The **one exception:** if there is an **active incident**, drop the sales process and route them to incident response immediately — credibility in a crisis earns the relationship.

**What to NEVER say to a security buyer** (read these aloud, slowly):

- **"You could get breached any day now"** (textbook FUD; serious buyers and CISOs immediately distrust it).
- **"We'll stop all attacks"** (no one stops everything; over-promising guarantees a churned, angry customer).
- **"Your current setup is a disaster"** (insulting the IT owner who built it loses your internal champion).
- **"Compliance is basically just checking a box"** (trivializing their obligation signals you don't understand their world).
- **"Our AI catches everything automatically"** (hand-waving the human SOC and tuning undersells the actual service).
- **"Just sign the multi-year and we'll figure out the SLA later"** (the SLA IS the product; deferring it kills trust and the deal).

The **CompTIA** managed-services standard is blunt: *"Trust is the entire product. One overstated claim costs you the renewal and the referral."*

---

## Section 4 — The In-House-vs-Managed Close Script (10 min)

Security buyers commit to a **relationship under SLA**, not a tool. Bundle the **coverage, the SLA, the compliance support, and the multi-year term** into one proposal. Use the verbatim script.

**Verbatim In-House-vs-Managed Script (rep delivers these exact words):**

> **Rep:** "Let's put both options on one page. To match what we provide, an in-house 24/7 SOC needs 5 to 6 analysts, the SIEM and EDR tooling, and the tuning — that's roughly [in-house annual cost] and a 6-month hiring runway you don't have."
>
> **[Slide the comparison worksheet across. Stay quiet while finance reads.]**
>
> **Rep:** "Our managed service covers all of it for [managed annual cost], live in 30 days, with a hard SLA: [X-minute] mean time to detect, [Y-minute] mean time to respond, 24/7/365."
>
> **[Pause. Let IT and finance do the math. Do not fill the silence.]**
>
> **Rep:** "It closes your weekend coverage gap, satisfies your [HIPAA or PCI] monitoring requirement, and gives your insurer the evidence they want — for a fraction of building it yourself."
>
> **Rep:** "We can onboard before your audit deadline if we paper the agreement this month. Want me to lock the onboarding slot?"

**Do NOT:**

- Sell the tool and leave the SLA, compliance support, and reporting as afterthoughts. **One agreement, one SLA, one page.**
- Pitch only IT. Get **finance** in the room for the in-house-vs-managed math and the **insurer or compliance owner** for the requirement.
- Promise to "stop everything." Promise a **measurable SLA** you can deliver and report on monthly.
- Skip the **detection and response time** numbers. The SLA is the product; the term means nothing without it.

---

## Section 5 — The In-House-vs-Managed Math (15 min)

This is where reps win on economics, not emotion. Build the math on the whiteboard.

```mermaid
flowchart TD
    A[Quantify Coverage Hours Needed] --> B[Price a Real In-House 24/7 SOC]
    B --> C[Add SIEM EDR Tooling and Tuning Cost]
    C --> D[Estimate Breach Cost Times Likelihood]
    D --> E[Compare Managed Annual Cost and SLA]
    E --> F[Add Compliance and Insurance Value]
    F --> G{Managed TCO and Risk Reduction Wins?}
    G -->|Yes| H[Present Multi-Year Agreement to Committee]
    G -->|No| I[Right-Size Scope or Coverage Tier]
```

**The math** (for a 250-employee mid-market business, ~600 endpoints):

- In-house 24/7 SOC: **5 analysts** at ~**$110,000** loaded = **$550,000**, plus **SIEM/EDR** tooling **$120,000**, plus management = ~**$700,000/year** and a 6-month hiring runway.
- Managed MDR + SOC service: ~**$144,000/year** ($12,000/month), live in **30 days**, with a **15-minute MTTD / 30-minute MTTR** SLA, 24/7/365.
- Risk side: average incident response and downtime for this size runs **$200,000+**; closing the **62-hour weekend gap** measurably cuts dwell time and likelihood.
- Net: managed delivers comparable coverage at roughly **20% of the in-house cost**, immediately, with compliance evidence the **cyber-insurer** rewards with better terms.

**Pull finance and the insurer into the math early** — finance owns the build-vs-buy comparison, and the **cyber-insurer** often *requires* MDR or discounts the premium for it. Both make your case for you.

**Common security objections** (rehearse the comebacks):

- *"We already have a firewall and antivirus."* — Those are **Protect** controls; you have a gap in **Detect and Respond**. Map it to **NIST CSF** and show the unmonitored hours — prevention without 24/7 detection is a blind spot.
- *"We're thinking about building our own team."* — Walk the **$700K and 6-month runway** honestly. Most mid-market firms can't hire or retain 5-6 SOC analysts; managed gets you covered in 30 days.
- *"This feels like a lot of money for something that might not happen."* — Reframe to **expected cost**: incident likelihood times impact, plus the **insurance and compliance** value. It's risk management with a measurable SLA, not insurance against a maybe.

Have every rep build an **in-house-vs-managed comparison worksheet** for a live opportunity before they leave the room.

---

## Section 6 — Commitments and Close (5 min)

Each rep leaves with three written commitments, taped to the monitor:

- **My top 5 active opportunities** get a completed Risk-and-Coverage Discovery Brief with quantified gaps by Friday.
- **Every proposal I write** leads with a **measurable SLA** (MTTD and MTTR) and an **in-house-vs-managed** cost comparison — never a breach headline.
- **I never sell with FUD.** I map gaps to **NIST CSF**, quantify risk in dollars, and bring finance and the insurer into the room.

Close by reading the **CompTIA** managed-services standard aloud: *"Sell the outcome under SLA, earn the trust, and the multi-year relationship renews itself."*

Then pin the no-FUD risk-assessment template in the team Slack and assign each rep their first three discovery briefs.

---

## FAQ

**Q1: How do I create urgency without using fear?**
A: Use facts the buyer can verify: their **coverage gaps** (unmonitored hours), an upcoming **compliance audit or insurance renewal deadline**, and their current mean time to detect. Quantified, framework-mapped risk creates real urgency; FUD creates distrust and gets you tuned out.

**Q2: The prospect says they'll just build their own SOC. How do I respond?**
A: Walk the real numbers honestly — **5-6 analysts at ~$700K/year** plus tooling plus a 6-month hiring runway, in a market where SOC talent is scarce and burns out fast. Managed gets them covered in 30 days at a fraction of the cost. Respect the option; let the math decide.

**Q3: They already have a firewall, antivirus, and an IT team. Why do they need an MSSP?**
A: Those cover **Protect** in the **NIST CSF**; the gap is **Detect and Respond** around the clock. An IT team that sleeps isn't a SOC. Show the unmonitored nights and weekends — that's where modern ransomware detonates.

**Q4: Who actually signs off on a managed security deal?**
A: Typically a committee: **IT leadership**, the **security owner or vCISO**, **finance** (for the build-vs-buy math), and often the **cyber-insurer or compliance officer** whose requirements drive it. Map all of them; finance and the insurer frequently make your case for you.

**Q5: How important is the SLA in the proposal?**
A: It is the product. **Mean time to detect (MTTD)** and **mean time to respond (MTTR)**, plus coverage hours and reporting cadence, are what the buyer is actually purchasing. Never defer the SLA to "later" — a managed service without a hard SLA is just a tool with a login.

**Q6: How is selling managed security different from selling a security product?**
A: A product is a one-time license; managed security is an ongoing **relationship under SLA** that the customer trusts with their environment 24/7. You sell **coverage, response time, and trust** — and you protect every one of those, because one overstated claim costs the renewal and the referral.

---

## Sources

1. CompTIA, *Managed Services and MSP/MSSP Frameworks and Trustmark Resources*, comptia.org, 2024-2025.
2. NIST, *Cybersecurity Framework (CSF) 2.0*, National Institute of Standards and Technology, 2024.
3. Jack Napoli and the MEDDIC Group, *MEDDIC Sales Qualification Framework*, 2023.
4. IBM Security and Ponemon Institute, *Cost of a Data Breach Report*, ibm.com, 2024.
5. SANS Institute, *Security Operations Center (SOC) Survey and Staffing Guidance*, sans.org, 2024.
6. Verizon, *Data Breach Investigations Report (DBIR)*, verizon.com, 2024.
7. Neil Rackham, *SPIN Selling*, McGraw-Hill, 1988.
8. Mike Weinberg, *New Sales. Simplified.*, AMACOM, 2013.

Was this helpful?

Related in the library