MSP Buyers Guide For Security Awareness Training In 2024

Banner Image: MSP Buyers Guide For Security Awareness Training
Author profile photo
Sebastian Salla Published: June 01, 2024

Regardless of whether you're a veteran Managed Service Provider (MSP) who has been offering security awareness training for years or whether you're looking to onboard your first customers, there are common challenges that need to be addressed before you can scale and market your managed service.

In this blog, we'll outline what these challenges are, how to address them, and finally, the best practices every MSP should follow to maximize value for their customers while creating a sustainable business.

Jump To 3 Best Practices That Will Make Your Service Profitable

5 Challenges That Every MSP Needs To Overcome

MSPs face five common challenges when attempting to offer or scale their managed security awareness training service.

Image depicting the 5 challenges all MSPs face

Challenge #1: Creating A Unified User Experience

As an MSP, you're likely leveraging a dozen or more different tools, technologies, and products at any given time.

Whenever the end customer is involved, making the user experience as friendly and recognizable as possible is critical. The end-customer employees likely don't know which tools or products you're using, and if they receive emails or notifications appearing to come from them, they'll often be mistaken for phishing or spam.

Challenge #2: Reducing Management Overheads

Needing to create a new login for every customer or manually configuring each customer tenant in isolation is unsustainable and prone to human error.

Because of this, dedicated MSP dashboards and tooling become an absolute necessity. You need to not only manage all your customers from a single account, but you also need to be able to manage customers from a unified dashboard and seamlessly switch between customer tenants in a low-friction manner.

Challenge #3: Delivering An Outcome Instead Of A Service

Customers do not want you to deliver a service; they want you to deliver an outcome. The outcome could be remaining secure from cyber threats, remaining compliant with regulatory or cybersecurity frameworks, or any number of other things.

Before positioning a managed security awareness training service, you need to ensure your service is flexible and capable of influencing customer requirements so you can meet their intended outcome.

Challenge #4: Finding Prospective Customers

Security awareness training is still a new concept to many small and medium businesses. Because of this, you often need to prove value before these customers are willing to commit to longer-term contracts.

The difficulty is that these customers don't necessarily know what that value looks like, so the onus is on you to learn enough about their needs to make a business case.

Challenge #5: Balancing Affordability And Profitability

Being an MSP is like being in a constant three-way tug-of-war. Your software providers, on one end, are always trying to find new ways to increase their revenue. Your customers, on the other end, are always trying to find new ways to decrease their managed service contract costs. And then you, as the MSP, are stuck in the middle, trying to please all parties while remaining profitable.

8 Capabilities That Reduce Friction & Complexity

Before partnering with a training software provider, it's absolutely critical that you ensure these eight capabilities are addressed.

Image depicting the 8 platform capabilities MSPs require

Capability #1: Platform White-Labeling

Offering a white-labeled security awareness training service helps to:

  • Create A Unified User Experience: Users won't need to familiarize themselves with new logos, banners, or domains. Instead, they're welcomed by the same branding that they know and trust - your own.
  • Promote Brand Awareness: Every user becomes a potential brand ambassador. By constantly seeing your own branding and logos, users will be well-positioned to recommend your service through word of mouth.
  • Solidify Your Pricing Strategy: There's nothing worse than a customer trying to haggle on price by finding out the retail price of the software you use to provide a service. Worse yet, they may even try to purchase directly from the software provider if they don't perceive the managed service to deliver enough value.

When it comes to white-labeling, there are three key criteria to evaluate. Can you use your own domain? Can you use your own logos and branding? Can you modify the color themes displayed to users?

Capability #2: Self-Service Customer Onboarding

Having the ability to create and terminate customer tenants dynamically is a key component of removing friction from the customer prospecting and sales process.

Each newly created tenant should operate within a free tier subscription, allowing you to run free evaluations for prospective customers. If a customer decides to proceed, then they can be upgraded or have the tenant terminated. This removes friction from the customer acquisition process, which ultimately results in more converting customers.

Capability #3: Master & Subordinate Tenant Synchronization

A master and subordinate tenant architecture helps to significantly reduce management overheads because you can make a change in one place, and seamlessly synchronize that change across all subordinate customer tenants.

If your managed security awareness training service scales beyond a handful of customers, this capability quickly goes from a nice-to-have to an absolute necessity. Synchronization features should include custom training content, custom email notifications, and white-labeled branding.

Capability #4: Flexible Subscription Options

Whether you're looking to onboard your first customer or actively managing a dozen, you'll have different needs when it comes to subscriptions from your training software provider.

For example, with a dozen customers, it makes sense to have a single large subscription that allows you to allocate licenses dynamically on a customer-by-customer basis. However, suppose you only have one or two customers. In that case, you'll likely want to manage each customer subscription separately because your needs can heavily fluctuate if you lose or gain even a single customer.

  • Single Master Subscription: Ideal for larger MSPs who already have an established managed service where month-to-month needs don't fluctuate heavily. The advantage of this subscription model is that you can take advantage of high volumetric discounting.
  • Individual Tenant Subscriptions: Ideal for smaller MSPs who are looking to create a new service offering or only have a handful of customers. The advantage of this subscription model is that you can directly tie individual subscriptions to individual customers.

The key takeaway is to consider whether the subscription model of your preferred training software provider works for you based on your current stage in the managed service lifecycle.

Capability #5: White-Labeled Marketing Collateral

Customer acquisition is by far the most difficult aspect of establishing a managed service. Pricing strategies help you with finalizing deals, and good customer support helps with retaining customers, but how do you get customers to notice you in the first place?

The answer is marketing collateral and public tooling that provides a call to action. You'll want to ensure your software training provider has white-labeled tools and marketing material that complement the service you offer. This will help you gain exposure and give you something to offer in an elevator pitch situation.

Free Resources

Free Posters and Training Guides

Looking for an instant security awareness engagement boost? We've got you covered.

See the full range of free content

Capability #6: Automation & Machine Learning

A key aspect of being able to turn a marketable service into a profitable one is how efficiently you can provide the service. When it comes to security awareness training, the most time-consuming aspect is the initial setup. From that point, it becomes a case of providing monthly or quarterly reports, with incremental changes here and there, to ensure the content delivered is up-to-date and aligned with emerging threats.

As part of this, your training software provider should facilitate:

  • Recurring Campaigns: Including the automated assignment and delivery of new training content on a predetermined delivery schedule (e.g., every month, quarter, or year).
  • ML-Guided Learning: Ensuring learners receive the most suitable training content based on where they're at in their learner journey. For example, assigning beginner-level training to new employees progressively increases to more difficult or complex topics as a learner's knowledge progresses.

Capability #7: Integrated Training, Phishing & Dark Web Monitoring

Phishing, training, and dark web monitoring are all capabilities that go hand in hand with human risk management. This involves using various indicators to determine a fluid risk level for a given employee.

Instead of integrating and consolidating data from several different products, it's much easier to simply use a single platform, which will ultimately reduce complexity and save you both time and money.

Capability #8: Customizable Training Content

Training software providers typically cater to the masses. This is good because it means they're typically quite flexible, but the downside is that their out-of-the-box training content may not hit the mark for your customers. For example, suppose your customers operate in a specific industry or geographic region or speak multiple languages. In that case, you'll want to ensure the training content can be modified to suit your needs.

Not every software training provider offers strong customization options, so it's important to analyze their content and determine if it suits your needs.

3 Best Practices That Will Make Your Service Profitable

In this section, we'll cover three best practices designed to help MSPs create a profitable and scalable managed security awareness training service.

Image depicting the 3 best practices that will make an MSPs service profitable

Best Practice #1: Reduce Complexity For Your Team

The goal of reducing complexity is to make it so you can artificially inflate otherwise Junior-level employees into Seniors. The best way to do this is to create a repeatable playbook that applies to various circumstances.

How Does CanIPhish Help?

We've created a white-labeled training program generator and a quick start guide that partners can use each time they're onboarding a new customer. Both of these complement each other. The program generator helps to align you with your customer's objectives, and the quick start guide helps you to ensure technical prerequisites have been met.

Free Tools

Free Security Awareness Program Generator

Is your organization taking the right steps to avoid a cybersecurity breach? Create your free tailored program today.

Generate your program

Best Practice #2: Obtain Partner Pricing From Your Software Provider

As an MSP, you should always receive a discount from software providers. The reason is simple - you act as an aggregator who also shields the software provider from direct customer inquiries. This is a win for the software provider because it means they'll receive fewer support queries, and naturally, you, as the MSP, should be rewarded for this.

MSP discounts typically vary based on the type of software platform being used and the number of employees managed across all your customers.

How Does CanIPhish Help?

By joining the CanIPhish partner program, you obtain various pricing-related benefits, including perpetual free tier evaluation subscriptions, free access to platform white-labeling, custom discount codes, and much more.

Take a look at the CanIPhish Partner Datasheet!

Image depicting a file with a checklist

Best Practice #3: Clearly Define Service Level Objectives

This is all about managing expectations. There's nothing worse than a customer who has a never-ending laundry list of requirements that seemingly come out of thin air. As an MSP, you're particularly vulnerable in these types of situations because you're naturally geared to want to help the customer, but at the end of the day, your time is money.

By clearly defining what you're providing, you can hold both yourself and the customer to the agreed-upon outcomes. If there are any proposed changes to this, you're then well-placed to renegotiate managed service contract costs.

How Does CanIPhish Help?

As part of delivering our own platform, we've created a Subscription & Service Level Agreement. This agreement can be used as a template for establishing your own managed service agreement.


Using the information provided in this blog, you'll put yourself a step ahead of the competition by creating a managed service that's efficient, effective, and, most importantly, profitable!

If you're looking for a software training provider to partner with, CanIPhish is the one for you. We've built a self-service platform designed to make it easy for MSPs. Don't just take our word for it; create your free account and try our platform!

Frequently Asked Questions

As A Small MSP, Can I Compete With Large MSPs Who Provide Security Awareness Training?

Yes! The dirty secret of large MSPs is that they're slow to change and overpriced. As a small, nimble provider, you can differentiate yourself in various ways, whether through the training content delivered, the managed services provided, or the pricing you charge.

Do I Need To Be An Expert In Security Awareness Training To Offer It As A Managed Service?

No. The whole idea of partnering with a training software provider is that they do all the technical heavy lifting that requires deep expertise. They should also provide you with a variety of marketing tools and best practices that you can provide to customers, seamlessly making you an expert, regardless of prior experience.

Avatar profile photo
Written by

Sebastian Salla

A Security Professional who loves all things related to Cloud and Email Security.