Interview: Brian Costello Named One of CRN’s 2022 Channel Chiefs

Cybersecurity is a complex, constantly changing industry, and if I’m being honest, its oversaturated marketplace contributes to what is already a confusing evaluation and buying process for organizations. Channel partnerships can help address some of the common frustrations, but to be successful, channel teams and leaders must have a deep understanding of the threat landscape, the diversity of roles and responsibilities among cybersecurity professionals, and the impact of technological changes. That’s why I was eager to hear from Brian Costello after CRN named him one of CRN’s 2022 Channel Chiefs.

How long have you been in the cybersecurity space?

I’ve spent 21 years of my professional career in cybersecurity. It’s been amazing to watch the evolution of the space over that period of time.  So much has changed since the early days that focused on protecting an organization's perimeter. The idea of the extended enterprise accelerated the adoption of technologies that moved almost everything to the digital world. Organizations now have a broader digital footprint that enables them to transact and interact  faster with more flexibility. Adversaries have also adapted to the new, expanded attack surface, finding ways to exploit these advances for financial gain, disruption, espionage and political agendas. That’s the thing about security — it’s constantly changing.

What industry changes are having the biggest impact on security?

For one thing, the convergence of cyber and physical security. Indicators of physical threats (both man made and environmental) are manifesting in the cyber world more than ever. It’s become critical for physical and cyber security teams to collaborate on protecting and predicting potential threats and risks to their personnel and infrastructure. Security responsibilities are proliferating throughout organizations — security teams aren’t the only ones invested in how the organization protects itself. 

Also, the traditional security perimeter has all but disappeared, leading the cyber and physical security community to ask how we extend our capabilities and become more proactive and comprehensive. We now have to protect people, brands and infrastructure both inside and outside of an organization's domain. Digital risk protection (DRP) and threat intelligence is helping address that proactivity. As the digital world expands, we have to become more predictive and take action to be several steps ahead to prevent exploitation when new threats develop.

Why are channel partnerships important for cybersecurity?

Cybersecurity partnerships have unique challenges when compared to something like Information Technology. IT paradigms don’t shift as often. It moves slower, taking a more industrial approach. Security challenges and technologies move quickly. Just look at how COVID-19 impacted digital adoption. Information is moving into spaces where organizations don’t own the infrastructure, have the visibility or technology to protect their people (both from a cyber and physical perspective) and their brands.

Forming partnerships with organizations whose access, visability, and technologies are complementary means we can optimize solutions that better meet the needs of our customers. 

Ultimately, these partnerships are about creating the right integrated ecosystems that solve problems in an efficient, comprehensive way. No one organization or technology can do this on it’s own. Developing the right channel partners helps to accomplish this. 

What does a good cybersecurity channel partnership look like?

The first priority should be making sure you have alignment with a potential partner. It’s not just making sure the products and services are a good fit — although that’s critical — if your processes, technologies, and go-to market strategies don’t align, then you risk wasting everyone’s time. We want to optimize the processes. We don’t want to create friction between partners, and we certainly don’t want to sell a product/service, only to learn it isn’t something that benefits the people we’ve engaged. 

The more candid and transparent you are on your go to market model up-front, the better chances you have to find the right partnerships (and avoid the wrong ones). We’ve built a program that helps partners understand up front our business model and where products and services fill a need in the market. We also focus on how we can enable them to understand our customers and the security value we add together.

Our strategy is to partner with resellers, service providers and technology partners that specialize in security. If we’re not aligned around security capabilities, it will be difficult to understand our customers' challenges and bring the right solutions to the table. If the partner works in DRP or intelligence, we want to understand how we complement each other and how to best align our approach to reach the right audience. We also consider partners who offer solutions that augment our capabilities. If we can enrich and enhance their products/services to add value with the customer, then it can be a great fit. 

Finally, we constantly evaluate when we need to shift products, technologies, or training to make sure we’re setting up our partners, and ultimately, our customers, to succeed.

What pitfalls can derail a successful channel partnership?

Misaligned go-to-market models and not setting expectations for mutual success up front. Partnerships have changed significantly over the past several years. The traditional approach doesn’t work in security. You can’t expect to build successful security partnerships by doing a quick pitch, sharing pricing, and presenting a demo. There simply is no security technology that sells itself. You must make sure a partner understands your use cases *before* you start talking technology. 

Signing up too many partners to manage and enable can also challenge a partnership program. The likelihood of success increases when the focus is on building strategic partnerships instead of relying on the “spray & pray” model. 

Finally, making messaging  too complicated can also derail success. Identify 2-3 use cases that resonate with a partner and their customers and prospects. It lays a foundation for mutual success and allows you to scale with your partner faster.

What has kept you in the cybersecurity space for over 21 years?

Cybersecurity is a challenging industry, but I can’t think of one that’s more fascinating. Things are always changing, and to outpace the adversary, we have to keep innovating and working together. We’re a mission-driven community, and protecting people and organizations from malicious threat actors is a goal worth working toward. 

Finally, if you were a professional athlete, what would your walkout music be? 

It's a toss-up between Van Halen’s Right Now and the Scorpions' Rock You Like a Hurricane!