Historically, managed security service providers (MSSPs) have built their business as resellers of security products. The scope of “security services” would often be defined as follows: - Assess the environment - Select & implement a standard set of security products (most commonly from a list of partners or preferred vendors) - Monitor the implemented products and triage the alerts Essentially, the security service provider would rely on vendors to take care of their customer’s environment. While this reseller model is likely to continue its existence, two trends are shaping the future of security services. In the past decade, we have witnessed the emergence of technical cybersecurity consultancies — teams of security engineers, security architects, detection engineers, and others working to provide holistic security to their customers. The list of companies in this segment includes [Soteria](https://soteria.io/), [Recon Infosec](https://www.reconinfosec.com/), [TrustedSec](https://www.trustedsec.com/), [Binary Defense](https://www.binarydefense.com/), and [Black Hills Information Security](https://www.blackhillsinfosec.com/). This new kind of MSSPs, MDR (managed detection & response), and boutique security consultancies add value by tailoring the coverage to different environments and deploying technical talent to address security holistically, instead of implementing third-party vendors and relying on them to keep their customers safe. Recon Infosec even [works with channel partners](https://www.businesswire.com/news/home/20220607005245/en/Recon-InfoSec-Expands-Reach-And-Partner-Program-With-Channel-Partner-Portal-Launch) as resellers of their MDR service, creating a somewhat unique precedent (most commonly, channel partners sell security products, not security services). We are also seeing the emergence of subscription-based, transparent service providers such as [Nano Cyber Solutions](https://nanocybersolutions.com/) which offer holistic security services to SMBs. Unlike traditional service providers, the scope and pricing of these all-in-one managed cybersecurity subscriptions are entirely transparent. We anticipate that in the next decade, we will be seeing growth in the number of technologically fluent cybersecurity consultancies acting not as resellers, but as technical advisors that secure their customers. Subsequently, smaller companies that can’t do security on their own, will increasingly stop buying “magic” tools or building security teams. Instead, they will be getting services from experienced security service providers. While it is true that many companies will only change when they have a security event, the frequency and scale of cyber breaches will make businesses shift their thinking. ![[Pasted image 20240901091359.png]]