Stride Live Webinar Recap with Jesse Miller
Is vCISO Right for Your MSP? How to Build a Sustainable Compliance Offering
For many MSPs, the demand for strategic compliance support is growing—but turning that demand into a meaningful, repeatable service is another story.
In our May 22 Stride Live session, we sat down with Jesse Miller, a longtime MSP and co-founder of PowerPSA, to talk about what it really takes to build and sell a vCISO (Virtual Chief Information Security Officer) service. From pricing to packaging to positioning, Jesse walked through what MSPs need to think about if they want compliance to become a sustainable revenue stream.
Clients Are Looking for a Different Kind of Support
Jesse described how many MSP clients—especially in regulated industries—are becoming more selective in how they approach cybersecurity. They’re no longer interested in being sold another product just because it’s new. What they want is context. Clarity. A consultative relationship that makes the strategy behind the solution clear.
This shift is creating space for MSPs to step into a more strategic role—especially for those with experience in compliance frameworks like HIPAA, NIST, or CMMC. When MSPs lead with education, transparency, and alignment to business outcomes, clients respond differently. They’re more invested. And they tend to stay longer.
For MSPs in Flat-Pricing Markets, Compliance Creates New Paths to Growth
Casey Seaborn of Stride raised a point that resonated with many MSPs: when you’re operating in a market where seat-based pricing has hit a ceiling, it’s tough to grow without simply adding more volume.
Compliance services offer a different route. Because unlike traditional MSP pricing models, vCISO support isn’t tied to endpoints or licenses. It’s tied to risk management, regulatory alignment, and long-term business planning. That positions the service as higher-value—and often higher-margin.
Jesse noted that compliance can also be a wedge into larger accounts. It opens doors for more consultative work, strengthens the case for premium pricing, and creates opportunities for recurring revenue outside the seat count.
Step One: Choose a Focus
If you’re serious about building out vCISO services, Jesse made one thing clear: you can’t do it for everyone.
He encouraged MSPs to get specific. Pick an industry. Learn its language. Build your offer around the compliance frameworks that matter most in that space.
Whether you focus on government contractors managing CMMC, or healthcare groups navigating HIPAA, the more aligned your services are with your audience, the more valuable—and repeatable—they become.
He also emphasized the importance of defining an Ideal Client Profile (ICP). Know what size businesses you serve best. Understand what kind of compliance pressure they’re facing. And tailor your messaging accordingly. That clarity helps with everything from service design to sales conversations.
Avoid Positioning Compliance as an Add-On
One of the most common mistakes Jesse sees is when MSPs treat compliance as a side offering. It shows up on the service list, but only after infrastructure, monitoring, or cybersecurity bundles.
That structure suggests it’s optional. And if a client doesn’t think they need it, they’ll move on before you’ve had the chance to explain why it matters.
Instead, Jesse recommends leading with compliance—especially when working with businesses that are in, or adjacent to, regulated industries. When you show how compliance impacts business continuity, vendor requirements, or client trust, the conversation changes. It becomes strategic. And it opens the door to longer-term partnerships.
If You’re Going to Offer vCISO, Treat It Like a Program
If you’re thinking about adding vCISO to your service list, don’t start by winging it. Jesse advised MSPs to treat vCISO like its own product—with structure, process, and clarity from the start.
He recommended defining:
- Scope of work: What’s included, what’s not, and where boundaries live
- Cadence: How often you’re meeting, what reviews or reports are delivered, and what expectations are set
- Roles: Who on your team is responsible for leading the engagement, and how clients are expected to participate
- Success metrics: What a “good” engagement looks like 6 or 12 months in
MSPs that package vCISO as a structured program—rather than a vague advisory service—are better equipped to sell it, deliver it, and scale it. It also sets the stage for premium pricing. And when it’s repeatable, it’s trainable—meaning you can build a team around it, not just a one-off offer.
Final Thoughts
Not every MSP is ready to build out vCISO services—and that’s okay. But for those with compliance experience or clients in regulated industries, it’s a path worth exploring.
Done well, vCISO services move your business from reactive IT support to trusted strategic partner. They deepen client relationships, support more resilient revenue, and position your firm for long-term growth.
🎥 Want to watch the full conversation?
Watch the full webinar on LinkedIn
About PowerPSA
PowerPSA is a consulting firm that helps MSPs and MSSPs launch, grow, and optimize their vCISO practices. From go-to-market strategies and security assessment design to curated policy templates and client-facing narratives, PowerPSA offers the tools and methodology MSPs need to build premium-margin vCISO programs that clients understand and trust.
To learn more, visit www.powerpsa.com
About Stride Services
Stride Services is a comprehensive financial partner for MSPs, providing outsourced bookkeeping, tax, and advisory services designed to improve clarity, support confident decision-making, and eliminate financial fire drills. Whether you need monthly accounting support or proactive tax guidance, Stride helps you stay on track and plan for what’s next.
To learn more, visit www.stride.services.