Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3

News & Articles

Return to ChannelPro Special Report Q1, 2024
February 8, 2024 | Stephen Lawton

5 Reasons Why Ethical Hackers Enhance MSPs’ Offerings

MSPs should consider adding these key capabilities to their existing staff.

As MSPs expand their portfolio of offerings, some are enhancing their cybersecurity capabilities with an interesting addition to their staff: ethical hackers.

These offensive hackers — sometimes called white-hat or red team hackers — differ from penetration testers already working for MSPs in several ways, including how they identify vulnerabilities, the tools and strategies they use to find threats, and what falls into their purview as a threat. 

Here are some reasons why an MSP should consider adding offensive hacking capabilities to their existing staff. 

Ethical Hacker Scope of Capabilities 

Shay Colson

Penetration testing often is a passiveprocess that finds security vulnerabilities in applications and systems or performs simulated cyberattacks on a company’s computer systems and networks.

Ethical hacking is more aggressive, actively challenging network security. An ethical hacker could even impersonate an enterprise’s business partner to determine if a company has a physical security vulnerability or supply-chain risk — something well beyond the standard remit of a pen tester.

“The value proposition of an MSP is aggregation, concentration, and correlation, and that makes them an attractive target,” said Shay Colson, managing partner of cyber diligence at Intentional Cybersecurity, formerly Coastal Cyber Risk Advisors. “The big piece is to have someone at the table when the MSP is making decisions from products and services to architecture and operations. That gives another perspective from either the threat actor, the hacker, or even just a general security perspective.”

Offensive Attack Mindset 

Gregory Hatcher

MSPs with offensive cybersecurity capabilities can offer far more expertise than an MSP with classically trained security engineers, said Gregory Hatcher, co-founder of White Knight Labs.

An engineer’s abilities and toolset paired with a red-team mindset provides proficiencies beyond that of most MSP staffers.

Offensive security training is invaluable for testing the on-site security controls of an MSP’s customers — and the MSP itself. The exercise could include social engineering of the client to test their computing resources, staff training, and physical security.

In-house Vs. 3rd-party Expertise

Peter Hefley

Having an offensive-focused engineer in the MSP’s Rolodex can be useful, according to Peter Hefley, associate director of attack and penetration at consulting firm Protiviti. This is especially helpful if an MSP’s cyber insurance policy requires third parties for forensics and other investigative tasks after a breach.

But there’s still value in having both forensics and red-team engineers on staff. An offensively trained engineer may be part of an MSP’s own incident-response team, but they likely will perform other tasks, such as ensuring the MSP is secure from third-party threats and red-team penetration testing adversary simulations.

SMBs — often law firms, CPAs, financial services organizations, healthcare providers, and other high-value targets — opt for MSPs because they rarely have their own cybersecurity staff. An MSP with offensive abilities provides added value by identifying privacy and security threats that pen testing cannot detect, Hefley said.

The Cyber Insurance Element

Patrick Shaw

An ethical hacker provides an MSP with the expertise to ensure their own network is secure enough for the MSP to qualify for cyber insurance. Many cyber insurance underwriters have higher standards for services providers who manage potentially hundreds of client accounts, since it’s a higher risk to the insurer than for a single company.

IT services providers also could use the ethical hacker’s skills to stress test clients’ networks to help them meet underwriter requirements for a new insurance policy or a renewal, expanding the MSP’s service offerings and revenue. 

It’s the Little Things that Count

Patrick Shaw, senior assessment manager at Dox Electronics, said it’s critical to maintain and update privileged accounts, particularly service accounts.

Too often, these are ignored, even though some likely have passwords 5 years or older, he noted. Compromised service accounts, like other seldom-monitored accounts, can lead to a breach that MSP security engineers often aren’t trained to identify.

Editor’s Note: If your MSP wants to monetize ethical hacking services, check out Certified Ethical Hacker Tyler Wrightson’s step-by-step guide on this topic.

Image: iStock

Return to ChannelPro Special Report Q1, 2024

Editor’s Choice

Introducing ChannelPro’s Top 20 MSPs for 2024

June 18, 2024 |

These companies lead the way in building up the IT channel, as well as ensuring that their clients run thriving businesses.

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

AI-as-a-Service Takes Shape for 3 MSPs

June 4, 2024 |

AvTek Solutions, LAN Infotech, and PCH Technologies share how they are working with the new AI-as-a-Service platform in their day-to-day business.

Related News & Articles

Growing the MSP

Explore ChannelPro


Reach Our Audience