Its new subsidiary, Obviam, complements its existing IT division and its core business.
If starting an IT business is not for the faint-hearted office technology dealer, launching a separate cybersecurity business is even more daunting. However, that hasn’t stopped Modern Office Methods (MOM) from doing that earlier this year when it established a new subsidiary, Obviam, whose services include consulting, assessments, detection, and monitoring.
With multiple years of experience in the IT and cybersecurity business, Keith Johnson, executive vice president, leads Obviam. A team of six, including Johnson, has driven this endeavor since January 2024. Three of the six are cybersecurity sellers who work with their counterparts in Modern Office Method’s Optimized IT group and its core imaging business to find opportunities with existing clients and prospects. Obviam’s security specialists also augment MOM’s and Optimized IT’s security generalists and work closely with MOM’s major account team.
Modern Office Method’s Optimized IT group has security offerings in its stack, but Obviam’s differentiator is that it can supplement those with a virtual chief information security officer (vCISO), that can include services for customers with compliance requirements who need help tightening their controls and creating policies to prepare for security audits. Obviam can also perform assessments around governance, risk, and compliance (GRC) to help determine an organization’s vulnerability and risk posture.
Target Customers
Obviam’s go-to-market strategy focuses on larger mid-market enterprise accounts and SMBs with compliance and regulatory needs. Modern Office Methods has large health care, finance, and manufacturing customer bases, obvious candidates for Obviam’s services. According to Johnson, Obviam’s biggest strength is its ability to educate. “I’m not about going in and pitching a platform or a product; I’d rather educate a customer, get an understanding of where they are, and see if there’s a gap that we can help bolster,” said Johnson.
This education process starts internally and includes one-pagers on cybersecurity, marketing materials, and webinars. “This whole dealer network is unique to me,” acknowledged Johnson. “It’s very nuanced, relationship-based, and customer service-focused, which I like. Security is like a salad to the meat and potatoes that Modern Office Methods has always done. Internally, we want to train Modern Office Method’s reps to have strategic conversations around security, which is different for them. They’re not used to the salad. It’s okay, that’s why we’re here. Oftentimes, sellers will shut down when they get their first objection. The goal is for them not to go it alone.”
So far, the reception from Modern Office Method’s customer base to Obviam’s services has been positive. During a pilot program earlier this year, the company contacted customers to find out if they were interested in speaking with a cybersecurity expert to learn more about cybersecurity threats and the company’s offerings. This resulted in a 75% hit rate and some early deals even before Obviam’s website was live.
“What I’m selling is our ability, from a knowledge perspective, to execute a task for customers,” explained Johnson about Obviam’s services. “We’re illuminating their security gaps. We can quickly size up a customer regarding where they may have a need or a gap. It goes beyond an elevator pitch.”
Added Johnson, “It dives into, ‘Do you follow any regulatory or compliance issues? Have you had a recent assessment done? Were there items in the assessment that you had to address? If so, would you mind sharing those that you feel are going to take you longer to accomplish? If you did fix something, was it truly fixed?’ In this case, many of our contracts or agreements would be to provide solid recommendations and verify them. We found that to be a good win for both sides.”
The Cyberthreat Landscape
Johnson revealed that external exposure to threat actors is the top problem when asked to generalize where customers and prospects are most vulnerable, followed by security awareness training. Third is making sure that everyone in the organization understands the company’s incident response plan.
“Many people don’t know who to contact if something bad happens,” observed Johnson. “Having your incident response plan as part of your security and awareness training is key. If you don’t put those together, you’re missing a big piece because incidents will come, but we must ensure everyone’s bought into the plan.”
For customers who don’t have an incident response policy, the Obviam team can help customers craft one, or if they have one, assess it and do a review. “From there, we would look at it and understand what they are doing to test it, then ultimately culminating in a table talk exercise once a year to go through all different scenarios and make sure that they play out inside their incident response plan,” explained Johnson.
No matter the size of the company, Johnson maintains that businesses must understand their risk posture. That means how much risk do they have, and do they possess something that someone else would want? “Oftentimes, small businesses are fooled that nobody would want them or bother them, but in reality, they’re low-hanging fruit for threat actors,” emphasized Johnson.
“If we can help a customer understand what data they have and how risky they are, we can put things in place to help them. Customers, I’ll be honest with you, they just don’t have the time or the resources that the threat actors have, so companies like us exist in order to fill the gap.”
According to Johnson, the biggest gap in the industry right now is around third-party risk management. “It’s not you, it’s who you’re doing business with and if they’ve been vetted,” he said. Obviam’s vCISO analyzes and vets third parties and their risk from threat actors. One of the highest-profile examples was the Target breach when it was compromised through its HVAC vendor. “If we can look and understand lessons from the past to help us bolster customers today, we’re in a good position with the people we have on staff to help customers around risk, governance, and compliance,” said Johnson.
Measuring Cybersecurity Success
Johnson is clearly pleased with how things are going less than four months after MOM’s new subsidiary was established. Early success is a great motivator.
Asked what it will take to maintain this success, Johnson replied, “My primary mission and the team’s primary mission is to help our customers grow in confidence. If I’m measured only by one thing, obviously, financials are important, and we want Modern Office Methods to be successful, but to me, it’s more about the confidence of the brand. Obviam, stands on its own, so does Optimize IT, and so does MOM, to a certain extent, but if I’m doing my job right, I’m increasing the confidence of our customers, ultimately protecting our brand. And if I protect our brand, we’ll be successful.”
