Last night I went out to dinner. I’m an early-to-bed guy, which means I eat when restaurants are still serving happy hour menus. This was New Orleans, so happy hour still meant good food and strong opinions.
I was halfway through an appetizer when I overheard the restaurant owner prepping her team for the night.
I expected the usual. Smile more. Upsell drinks. Don’t screw it up.
Instead, she said something that stopped me mid-bite.
“Everyone needs at least three heartfelt recommendations from the menu.”
Not one. Three. Each from a different section. Each based on personal experience. I assumed that was it. Then she kept going.
“Okay, let’s hear them.”
One by one, the servers made their recommendations. She didn’t correct them. She didn’t jump in. She asked the rest of the team for feedback.
Turns out they do this every day. And every week, the recommendations change.
That’s when it hit me.
MSPs Have the Same Problem. And the Same Missed Opportunity.
You already know your team matters in the client journey.
Your engineers. Your support staff. Your project leads. They are the ones clients trust. They are the ones clients listen to. They are the ones clients ask real questions to when no salesperson is in the room.
They also know exactly what clients should be doing to be more secure.
Here’s the uncomfortable question. Have you ever asked them how they recommend your security solutions? Not your sales team. Your service team. The people who actually influence decisions.
Knowing the Answer Isn’t the Same as Recommending It
Most MSPs assume their team “knows” what to say. They know conditional access matters. They know incident response matters. They know cyber liability is a thing now.
But knowing is not recommending.
And recommending is a skill.
If you don’t practice it, it shows up under stress, during incidents, or worse, never at all.
That’s how you end up with clients saying, “No one ever told us we needed that.”
What About Cyber Liability Recommendations?
Now let’s make this more uncomfortable. Do your engineers know how to recommend reducing cyber liability? Not tools. Outcomes.
Do they know how to explain:
- Why incident response plans matter
- Why documentation matters
- Why “having the tool” is not the same as being protected
If not, that gap will show up at the worst possible moment. During a breach. During an insurance claim. During a lawsuit.
Think of Your Offerings Like a Menu
Here’s a simple framework that actually works.
Every technical team member should be able to make three recommendations.
One from each “section” of your menu.
- Security Controls
- What actually reduces the chance of an incident.
- Cyber Liability Defense
- What protects the client when an incident happens anyway.
- Cyber Leadership (vCSO)
- How decisions get made, documented, and reviewed over time.
If your support team can’t confidently recommend something from each of those sections, you don’t have a security program. You have tools and hope.
The Script You Can Use in Your Next Huddle
This doesn’t require a workshop. It doesn’t require slides. It requires discipline.
Here’s the exact script.
You say:
“Today, everyone needs three recommendations for a client you worked with this week.
One security recommendation. One cyber liability recommendation. One leadership or process recommendation.
No selling. No tech babble. Just explain it the way you would to a business owner.”
Then you listen. Do not correct immediately. Do not jump in with better wording.
Ask the team:
- Did that make sense?
- Would you trust that recommendation?
- What would you ask next?
That’s it. Do this once a week. Rotate the recommendations. Rotate the people. You will immediately hear where the gaps are.
Why This Matters More Than Ever
Your clients assume you are guiding them. If your team cannot clearly recommend the next step, the client assumes there isn’t one.
That assumption becomes dangerous during incidents. And liability doesn’t care how busy your team is or how good your intentions were. It cares what was recommended, what was documented, and what was practiced.
This Is About Practice, Not Pressure
The restaurant owner wasn’t yelling. She wasn’t threatening. She was practicing.
That’s the difference between hoping your team gets it right and knowing they will.
If you want better results, don’t push harder. Practice better. We’re doing it in our huddles. You probably should too.
