Nihil Morjaria - Scaling Human Risk Management at usecure

Show Notes

In this episode of Partnerships Unraveled, we sit down with Nihil Morjaria, Chief Revenue Officer at usecure — a UK-based cybersecurity vendor that has built its go-to-market strategy around managed service providers (MSPs) and distribution partners. Nihil unpacks how usecure pivoted from a direct sales model to becoming a channel-first organization, scaling to over 1,800 billing partners without compromising depth of enablement. From rebuilding their product and licensing model for MSP scalability to embedding automation and self-serve onboarding technology, Nihil shares a playbook that’s turned strategic alignment into measurable growth.

Channel professionals will gain a blueprint for what it really means to build a partner-centric organization. Nihil dives into the key elements that make vendors channel-friendly from flexible billing and multi-tenancy to product simplicity and marketing enablement. He also highlights one of today’s most overlooked growth opportunities: compliance-as-a-service. Offering practical advice and real-world frameworks, this episode is a must-listen for anyone looking to evolve faster and scale smarter in the channel.

Tune in for a refreshing, hands-on perspective on GTM transformation, MSP enablement at scale, and the growing importance of human risk management in evolving compliance needs.

_________________________

Learn more about Channext 👇

https://channext.com/

Watch on YouTube ►

https://www.youtube.com/@channext

#channelmarketing #channelpartners

Chapters

• 0:06: Welcome And Guest Intro
• 0:28: What USecure Does
• 2:28: Why Human Risk Gets Neglected
• 2:28: Guest Background And Role
• 3:27: Pivot To Channel-First
• 4:35: Learning The Channel And Early Mistakes
• 9:20: What MSPs Want From Vendors
• 11:18: Scaling To 1,800 Partners
• 13:39: Culture Of Being Truly Channel-First
• 14:41: Landing The Pax8 Partnership
• 16:22: Compliance As A Growth Path For MSPs
• 19:34: Starting Simple With Policy Management
• 21:36: Closing And Next Guest Nomination

Transcript

SPEAKER_00: 0:06

Welcome back to Partnerships Underworld, the podcast where we understand the mysteries of channel and partnerships on a weekly basis. My name is Efe, and I'm very excited to announce our special guest, Nihil. Nihil, how are you doing?

SPEAKER_01: 0:19

Hi, Efe. Yeah, I'm very well, thank you. And um yeah, thanks for having me on the podcast for I really appreciate it. Thanks for agreeing to join us.

SPEAKER_00: 0:26

Uh really excited for the for this episode. Maybe for the uninitiated, you could give us uh uh an introduction and tell us a little bit more about USecure.

SPEAKER_01: 0:36

Yeah, of course, yeah. So uh USecure are a we're a vendor that focuses on human risk. So we're in the security space, we focus on channel growth, our main route of expansion is through distribution and through managed service providers. Our product is all focused on human risk. So a lot of security is naturally around infrastructure, around the technologies that we put around our clients, and that is absolutely fundamental. Our focus, though, is on supplementing that with the people. You know, every organization has people in common. It's often the people that are a little bit neglected when it comes to security processes. So our goal is to understand our clients' employees' risk, understand them as individual people, and then use human risk management to empower those people. So to train them on security best practices, to test them with phishing attacks, to monitor the dark web, and also to deploy key company policies to them. So uh, in short, what we do is all around understanding the employee and their cybersecurity risk and then giving MSPs a scalable way to reduce that risk.

SPEAKER_00: 1:40

I think it's one of the most neglected parts of the uh security. I think it's might also be the weakest chain for a lot of organizations out there.

SPEAKER_01: 1:49

Yeah, it's it's one of those where people have looked into how to how to resolve it previously. And we've all done training before where it's often really tedious and it's a bit of a tick box. And realistically, six months later, we're not really employing any of the training best practices we were told to because it hasn't been reinforced and it wasn't really that engaging in the first place. It's a really common theme. We're seeing a lot of organizations now realize that they can't keep on putting off getting something engaging in place for their staff members. It's just a near universal factor when it comes to compliance and when it comes to cyber instance. So we're seeing that shift now with people prioritizing it a lot more.

SPEAKER_00: 2:28

And for the audience, Nihil, it will be great to have a bit of an introduction, uh, a personal introduction as well. Who are you? What are you responsible at USecure? Maybe a bit of your background as well.

SPEAKER_01: 2:38

Yeah, of course, yeah. So um, I'm the chief revenue officer at USecure. So I oversee our commercial department. It's essentially my responsibility to make sure that our distribution managers, our account managers, our customer success team, our sales development reps, that we have the right processes in place to make sure that we can help our partners to grow. We collaborate with our MSPs, we like to work very closely with them, work strategically with them. A lot of that comes down to the process that we have in place to make sure that we can understand them and collaborate rather than just transact with the channel. Um, so I've been at USecure for almost seven years now. Um, I've done every sales role there is to do. So I've built up a good amount of experience into how human risk is viewed in the channel and how our partners can scale with it. But it's an incredibly fast-moving industry. So there's always new things to be picking up on as well.

SPEAKER_00: 3:27

So you've been at USecure for seven years, and currently your goal to market is very channel, very MSP driven. But I remember you mentioned that on the early days at USecure, that wasn't the case. I think about six years ago, you pivoted hard to a channel-first model. I'm curious to understand what triggered that shift and what were the early signals that you were getting that confirmed that this was the right move to make.

SPEAKER_01: 3:52

Sure. So um what triggered the shift? So I guess uh up until that point, we were going direct to end customers. We didn't have a channel model, we didn't have any MSPs, resellers, distributors. Um, we were growing at a good rate, but at the same time, we were competing in a hyper competitive market. Um, there were a lot of vendors, particularly those based in the US, that maybe had a little bit of a head start, had some funding backing to them that allowed them to grow incredibly quickly. And we found ourselves coming up in those competitive situations with organizations who just had a lot more resource than we did. Um, whilst we competed well with them, we had a few USPs that helped to differentiate. It ended up becoming a situation where we realized that there was an undertapped market. Um, we were looking at ways to differentiate. We were seeing a lot of um a lot of growth in the channel, we were seeing a lot of distributors that were starting to really gain traction. And it helped us to realize that when we did a bit of market research, that there wasn't really too many vendors that were truly built for MSPs that were doing at that point, it was just security awareness training and simulated phishing. But we always wanted to go beyond just those two. So we incorporated the dotted monitoring and the policy management. It was just from looking at the market and I guess realizing that there weren't as many established core players in the space who were genuinely built for the channel. So we decided if we rebuild it and rebuild the products, rebuild our licensing model and fully commit to the channel, then that's a lot of green space that we could then fit into essentially.

SPEAKER_00: 5:21

And you personally don't come from a channel background. So uh previous trolls you didn't manage channel, this was something that you had to learn and upskill. Uh, I mean, you scare is doing quite well currently, and you also got listed on pack side as well, which we'll come back to later. So you were doing some things correctly. I'm curious to hear how was that experience from you uh upskilling, getting the getting to learn how channel works, and what were the mistakes that you did uh early on uh that you would advise others to avoid?

SPEAKER_01: 5:55

Uh yeah, so we we did basically start from scratch. Um I hadn't sold in the channel beforehand, so understanding the ecosystem and the bits of value that got added with each component of it, it obviously took a little bit of time to truly understand it and understand to leverage each of those points. Um the channel is a bit cliche, but it's a very good community. So there are a lot of resources around. There are um there's a lot of openness between MSPs. So you so I I use a lot of things like uh like G2, like MSP Geek, like Reddit, um just to try and get first hand um, I guess, experience about what MSPs look for, what they tend to struggle with, what they like about vendors, even those that weren't in our space, but the sort of recurring things that those vendors were doing well, that meant MSPs would evangelize about them and then the community would snowball. Um we also use things like GTIA or CompT as it was known then. Um so going to their events, going to the sessions in the day, not just participating in the vendor hall, but actually going to sessions that were designed for MSPs. And that would help us to understand, again, just essentially get in their get in their headspace and understand what MSPs actually care about in practice, again, what they look for, what concerns they have, and how they're looking to evolve. By doing a lot of that, that really helped us to essentially um yeah, and understand who we're trying to work with. And we were very conscious that before we launch a channel model, that we should spend time properly understanding it and properly building uh a model, both from a licensing perspective and from a functionality perspective, that would demonstrate to partners that we actually have taken the time to build this. You have to make certain concessions in terms of things like flexible billing. You know, before we had the channel, it was always upfront contracts, and that gave us that um that confirmation, that stability in that way. Um, flipping to go to monthly billing, because that's what the channel expects was obviously a bit of a risk, but it's making that concession to think, okay, but if we if we go to them with that model, they will pick up that we have understood what the channel cares about and adapted to it, and ultimately we'll then help them to scale. Um in terms of mistakes. So whilst we were conscious at first that we need to have the right resources to help these partners to grow, I think we maybe underestimated just how stretched a lot of MSPs are. Um so one of the things that we did at first was we built some sales and marketing guidance, but it wasn't anywhere near as um as clear as it should have been to help them on a path to say, if you have a prospect, here's how you can build the data, because obviously in data security is so important, particularly with human risk, data to justify why their client should move now. Um, so we thought that having a dedicated account manager and an automated platform would be enough for them to scale. It wasn't quite the case. So we uh built a sales prospecting tool. We looked at what data points our partners want to gather on their clients to again build the business case, justify the need for proactive humorous management. And we then um built a tool that essentially guides them on that process and builds a white-labeled report. That was a bit of a turning point where again we could then go to MSPs and use it as another bit of proof that we have taken the time to understand their challenges and built something designed for them. Um that really helped to scale things out for us as well.

SPEAKER_00: 9:14

To me, it sounds like you really did your research, you really dive deep into these MSP committees. You mentioned like looking at G2, Reddit, you went, you talked about going to these uh GTIA events. Uh and I that must have given you an edge in terms of understanding what does what do the MSPs really want or what do the MSPs really hate about other vendors, about your competitors. Um maybe can you unpack a little bit about like what were the recurring themes that you were hearing from these MSPs in terms of what were their recurring pain points?

SPEAKER_01: 9:48

Yeah, it's um it's part of the reason why we took our time before launching it. Again, out like as you've uh asked, our model wasn't perfect and it it still has things that we try to obviously evolve. But I think one of the clear things was vendors trying to hedge their bets and apply a direct model to the channel. So I mentioned the monthly billing earlier, for example. Um, vendors not moving away from an annualized billing model, not moving away from uh minimum purchase amounts, trying to sort of just have their cake and eat it too by trying to tap into the channel, but then also have licensing uh that isn't necessarily built for them, not having multi-tenancy. Um, those were the main things really. And when we first started speaking to partners, the elements that we could tell they were latching onto. It was the having a licensing model that was truly adapted to them. Um one thing that helped us was that with our product, it was always designed for automation. Even when we were just doing direct business to business, we still wanted to make the product as lightweight as possible, which naturally just made it suited to the channel. Um, but we yeah, essentially rebuilt the products with that in mind. We wanted to retain the automation, but do things like multi-tenancy, give us capability for flexible billing. And we knew that if we were, if we could present them with a genuine model that was purpose-built and a program, they'd appreciate that effort and those concessions. It's almost like a short-term gamble for long-term growth if we can uh get the right partners on board and scale with them.

SPEAKER_00: 11:18

And you currently have 1800 billing partners, and you only have quite a few number of account managers, a handful of account managers. So you have that's a really good ratio. I'm curious to hear what's your playbook for enabling that kind of scale without sacrificing uh partner success and enablement.

SPEAKER_01: 11:39

Uh well, uh our product team did a great job with building a platform that um is is a huge driver with the automation. We've we bought the product ourselves in-house, all the content ourselves in-house, and that gives us full control over how we develop the product. And such a recurring thing as we look to develop new features and new modules is how we can incorporate more powerful functionality without sacrificing that automation. Um, so by virtue of being able to have a product that is designed to run itself, we don't need account managers to necessarily handhold the partners. We spend so much time um focusing on training our partners to get on a path of like repeatable, scalable sales and onboarding. We're very hands-on with them. We work very closely with them. But we also understand that an MSP doesn't want to have to speak to us every time they've got a new customer. They, the whole point is to be able to them to be able to scale out the product as quickly as possible. So we focus a lot on getting the foundation right, um, setting up the MSP to be able to run with it and have a repeatable process. And then we can instead then, instead of having to catch up with them every time they have a prospect, we instead catch up with them quarterly. We support them rather than needing to handhold. Um, what also helps is that our marketing team have built a ton of resources. The knowledge base is huge. Um, so we can build onboarding guides for them, for example. So if an MSP has a new customer, we'll build a bespoke guide that they understand every time they have a new customer, how that specific MSP would like their tech team to set them up. So it's essentially having the right level of resource that we can support them and that every single partner has a dedicated account manager who understands them as an MSP, but also having a product and the marketing around it that essentially means they don't, it's not a technical, technical sale. It's not a complicated product to set up. So that allows them to essentially run with it and just need maintenance rather than um that sort of close hand holding that they might need elsewhere.

SPEAKER_00: 13:34

Well, then shut up to your product and marketing teams, I guess. So making your life a lot easier. Definitely. Yeah, definitely. To me, it also sounds like it's because there's this executive level channel um priority at UseSecure that's also you can bring all the teams together and everything is geared towards like making that partner experience as seamless as possible. Everything's automated, everything is designed for the partners. I think a lot of companies may use channel first as a slogan, but I think very few companies actually um kind of live it, and to me it sounds like you're really living that.

SPEAKER_01: 14:11

Yeah, it's um it's one of the things that our our CEO did, to be fair. He he was the one that led the pivots being channel focused and made it very clear at the start that this is something which everything has to be aligned with because if you don't have the the marketing support to be able to help those MSPs be able to scale, then the each element of the company has to be aligned and sort of working towards that purpose of making it as channel friendly as possible. Otherwise, you then have those those big gaps that are quite hard to plug elsewhere. Yeah.

SPEAKER_00: 14:40

Well, that's how it's supposed to be. And um, I mentioned this before, but you currently also have a really strong partnership with PECSAID. Uh, getting a partnership with PegSate from a vendor standpoint is quite challenging. I know they have a long uh line of vendors trying to get in. Curious to hear what did you do differently to really stand out and um initiate that partnership with them?

SPEAKER_01: 15:03

Yeah, it um it still took it still took a long time. Yeah, it's um I guess it's part of the reason why people like working with them is that they take the time to vet their vendors and make sure it's the right one for their ecosystem. Um, I think for us, it helped that there weren't too many security awareness or humorous vendors in the marketplace already. Um a couple, but it meant that it wasn't as saturated as maybe some other um security products are. Um it helped that we didn't have to make any real adaptations to our products. Like we already had an API um set up we'd already integrated with other distributors' marketplaces, for example. Um so we already had the sort of technical infrastructure to integrate with their marketplace, which really helped. Um another big bonus was um again, going back to our marketing team, was that we had a lot of our own partner knowledge base setup. So um Packs 8 asked for a lot of resources. They really want to make sure that their reps can answer questions and can add support and can add that value themselves, which is again part of the reason why their MSPs work so closely with them. We already had um a big library of distributor and MSP training resources that got us 80% in the way there. So it just meant that we could just add little gaps, but also tweak things to make them more relevant to PAX 8. And that helped us really to get things going a lot quicker.

SPEAKER_00: 16:22

Um, and one thing we talked before in the in the preparation call, you talked about the compliance as a major opportunity for MSPs. Can you elaborate about this a little bit? Why do you think that MSPs are hesitant to go after this opportunity?

SPEAKER_01: 16:38

Uh compliance is a complex thing and not the most exciting thing. Um, so I think a lot of people avoid it because it can be a headache. It can be complex. Uh, some partners I know are concerned about whether it brings liability towards them if they start getting involved in compliance. Um I think ultimately compliance isn't going anywhere. Um it's only getting more prominent. There are more legislation seemingly released every quarter, every month, and they're global. Um what we're seeing is, as with a lot of things, technological trends, societal trains evolve incredibly quickly, and then compliance catches up a few years later. And again, it's a bit of a buzzword, but we all know how AI is evolving everything in security. It's essentially becoming a bit of a catalyst for more legislation to be released, and therefore it's just becoming more regimented and regulated than ever before. So, again, it's it's not going anywhere. Um, I think there's a statistic that we talk about where it's, I think it's 86% of small to medium businesses feel they need external help with compliance. So we have to think they're going to look somewhere, they're eventually going to put their hands in their pocket to get this headache away from them. And where would they look? It makes complete sense when it comes to IT security that they would look at their MSP that's already providing their infrastructure, their security wedge training. Um, so it makes sense. A lot of the uh talk of things like the PAX8 events are about the next evolution of managed service providers and finding different undertapped markets or undertapped um technologies or sectors within security that um could help to initiate a new phase of growth. IT compliance is only growing, it's uh becoming more and more prominent to SMBs. This isn't just something that's relevant to our mid-market enterprise companies, it is relevant to the vast majority of organizations. So the smart MSPs are using that to evolve. Um compliance as a service is something which is growing, where they'll have a bundle, a dedicated package, uh where they'll have a certain few select products involved in there. They'll wrap around services around it, like QBRs, like um compliance health checks, for example. And they will essentially have a set package that guides that client through compliance. That's uh a really forward-thinking and a really modern way of going about it. It's a brilliant model if they have the resources to do it. But even just incorporating it into their messaging and QBRs is a start. Um, again, compliance can be very complex. Human risk is something which is mentioned in basically every security legislation that comes out now or framework. So human risk can be a very tangible, easy to understand physical thing that people can latch on to that can help MSPs to begin that evolution in compliance rather than getting stuck into the more technically technically complex areas of it. Human risk is something which is put on the same footing, but is arguably a bit easier to explain and to um to engage with your clients with to then again start that evolution into compliance.

SPEAKER_00: 19:43

So there's a huge opportunity. You said 86% of SMBs that sounds like a big market to go after, and I feel like there's a as you said, a lot of MSPs are hesitant uh to go after it. But I also we've been talking about it before as well. I think there's a huge opportunity, and as you said, I feel like the uh the legislations, the regulations are just getting stricter and stricter, and the the customers are starting to feel like more and more lost and they need more help from MSPs.

SPEAKER_01: 20:10

It's it's also just it's just starting. I think a lot of people, when they think about frameworks, it's easy to spend a lot of time deliberating about which ones to follow, for example, which ones to really start to hone in on for your clients. Um, but it's better to just start and evolve and yes, have a plan. But um to actually begin that evolution, you need to have a starting point. Um, so our policy management tool, we find a lot of our partners use that as their catalyst to become more compliance focused because we have policies on things like email usage or AI usage or password construction guidelines, um, incident response policies, things which people should have in place, which they should be communicating to their staff members and tracking when they actually view and agree to that document. Our document management tool helps them to do that. It a lot of our partners create like a security bundle where they'll have four or five key processes, key policies, and they'll just deploy it to every client. It's not an incredibly complex cell, it's not an overly complicated thing. It has utility across basically every bit of compliance and legislation and frameworks. Um, and the product is designed to do it for you. All the templates are in there. But it's a really easy way to start talking about compliance and start building compliance-based services into your offering. So we we found that document management tool is yeah, a really impactful way to get going in the domain.

SPEAKER_00: 21:32

Perfect. Well, and before I let you go, I have one last question for you, Nihil. That is, we always ask our guests to invite the next guest on the podcast. Who do you think we should have next?

SPEAKER_01: 21:43

Um, that's a good question. So uh he probably won't thank me for putting him forward because he's always doing things like podcasts and uh GTI events and that kind of thing. But someone that's been very helpful uh for us is Ian Groves, uh who's the MD at Start Tech. Um, really involved in the channel, really understands the evolution and where the channel is going and where MSPs are going. Um, so yeah, probably someone that you'll see at GTI events and that kind of thing. But um yeah, someone who I think has a very good handle on the channel and where it's going. So we definitely recommend him.

SPEAKER_00: 22:16

Perfect. Thanks for a suggestion and also thank you for the great talk. Ian, if you're listening, I'm going to reach out to you. Uh let's connect soon. Thanks for tuning in. Thank you.