046: [Author Interview] "Cyber Growth: Mastering Growth Strategies for Scaling Your Cybersecurity Business"with Arron Bennett

Show Notes

In this episode, I welcome Arron Bennet, author of the book "Cyber Growth: Mastering Growth Strategies for Scaling Your Cybersecurity Business." This book presents an essential guide for cybersecurity companies eager to enhance their growth and profitability with unmatched efficiency.

Arron's Inspiring Journey:

• From Down Under to Top Entrepreneur: Originating from Australia, his journey is nothing short of remarkable. Initially diving into the world of business with Bennett Financials as a side hustle, he transformed it into a leading consultancy, proving his entrepreneurial prowess.
• Evolution of Bennett Financials: What began as a bookkeeping service evolved into a comprehensive suite offering tax planning, preparation, and CFO services, underscoring Arron's strategic adaptability and vision.

Diving Deep into "Cyber Growth":

• Why Cybersecurity?: The book's was inspired by Arron's own experiences and the realization that cybersecurity firms consistently encountered similar growth challenges. This led to a focus on developing a specialized growth blueprint for this niche market.
• Impactful Conferences & Real-Life Success Stories: He shares exhilarating moments from speaking engagements, including a notable cybersecurity conference in Phoenix, highlighting the book's resonance within the industry.

Key Insights & Strategies:

• Revolutionizing the CFO Role: Arron introduces a modern take on the CFO's role in cybersecurity businesses, emphasizing strategic planning and comprehensive data analysis to steer growth.
• Custom-Tailored KPIs: The book meticulously outlines vital KPIs for cybersecurity businesses of varying sizes, offering clear, actionable insights for scalable success.
• Employee Compensation & Engagement: He delves into innovative strategies for incentivizing employees, fostering a culture of ownership, and significantly reducing churn.

Towards a Lucrative Exit:

• Exit Planning Excellence: Arron shares exhilarating success stories, including guiding companies to 25X multiples, showcasing the power of strategic financial planning and execution.

About our Guest:

Arron Bennet is the CEO of Bennett Financials and author of the book "Cyber Growth: Mastering Growth Strategies for Scaling Your Cybersecurity Business."

You can learn more about his work at:
Arron's LinkedIn
https://www.bennettfinancials.com


About Your Host:  Paul G. McManus is an accomplished author and expert in helping financial professionals grow their businesses. With over eight years of experience working exclusively with financial professionals, Paul has helped his clients generate tens of millions of dollars in fees and commissions.

Support the Show.

Chapters

• 0:05: CFO in Cybersecurity Businesses
• 6:32: Cybersecurity Company KPIs and Scaling
• 15:20: Employee Incentives for Revenue Growth
• 18:49: Cybersecurity Business Growth Strategies

Transcript

Speaker 1: 0:05

Good to see you, aaron. Congratulations on the new book Cyber Growth Master in Growth Strategies for Scaling your Cyber Security Business.

Speaker 2: 0:13

Thanks, it was an interesting undertaking. I've not ever done anything like this before.

Speaker 1: 0:17

I'm excited to talk to you about it today. We're going to dive deep into the book. Tell us a little bit about yourself. Who is Aaron Bennett? How did you get from where you started to where you are today?

Speaker 2: 0:28

I have extensive background in business development, helping companies grow. I was in Australia originally, that's where the accent's from. I fell into Bennett Financials. It was a side hustle originally. I made it my main hustle, like a lot of entrepreneurs. Then over time we started as a bookkeeping company. Then over time we started adding on different services from tax planning, tax prep. Then we found that we needed to add on CFO services to help companies grow. We started to see a lot of industry trends and see a lot of companies making the same mistakes again and again. We built models and built strategies around that. Over time we developed a methodology, so to speak, to help cybersecurity companies not only grow but grow extremely profitably and then be able to exit for large multiples traditionally above what you would find in the industry today.

Speaker 1: 1:21

Why cybersecurity businesses? What led you down this path?

Speaker 2: 1:25

I'm a cautionary tale, so to speak. Originally we cast a wide net because I came into Bennett Financials from losing a position at a 401k company as a compliance officer. I fell into this side of things. It was really just to go out and get as many clients as possible and not listen to the experts. What I ended up finding is we started to get cybersecurity companies and MSPs IT service companies fairly regularly. We had exceptional success in being able to grow these companies. Over time, it just naturally developed into a position of, hey, we should just service these companies and really double down. Then, once we did that, we were able to start speaking at conferences. We were able to create strategic partnerships and then continue to get that success and get some really big exits under our belt.

Speaker 1: 2:18

Just to show how powerful this book and this subject matter is. This topic is. Just recently you had a chance to go and speak at a cybersecurity conference. Tell us about this conference that you just went to.

Speaker 2: 2:31

We got invited to a group out in Phoenix to talk at an MSP conference. There was a few hundred companies there. One of the main takeaways we got and we spoke directly to the book. It was a three and a half hour session. They were actually turning people away at the door because there were so many people trying to come in and see this and we didn't have enough table space. That's always a good sign that what we're speaking to is very impactful. Once we'd finished the event there, I was there for the next three days just talking to people. We were able to have people come up to us and basically say to us it felt like you were talking directly to me, you understand the problems that happen within our companies, and that's exactly where I have my problem right at this point. We were able to generate a lot of interests, not only in the book but in our methodology that helps companies not scale but also then look at it from a profitable mindset as well as looking at things such as efficiency, structures around employees, those types of things.

Speaker 1: 3:31

What is that so resonating about the message of this book?

Speaker 2: 3:35

The main thing is, a lot of people out there look at it as all or nothing within their books. What I've tried to do within this book is look at it more as a sliding scale. We can pinpoint the problem. Then from there we're able to say hey, you don't have to say you've got revenue per employee extremely low you don't have to go out and immediately raise all your prices for all of your customers.

Speaker 2: 3:59

It's more of a balancing act. It's hey, let's go out and get a couple of customers and then we'll go out and we'll raise our price on one customer, two or three or four or whatever it may be, to make up the same amount of revenue. So if that customer leaves, it doesn't negatively impact your top line. A lot of the books out there speak to you've got to go all in, you've got to do all these types of things. We're trying to take into consideration that a business owner can make decisions and is potentially fearful of making the wrong decision. I've had coaches and consultants and people that I've worked with and we pay a lot of money every year to be part of these larger entities and these larger groups, because everyone should be in masterminds and those types of things. My experience is I'm generally not going to do that. I'm going to do more of a sliding scale and I've tried to put that into this book of sliding scale over time.

Speaker 2: 4:52

This hits add up over time to equal something huge. So that's what we've got, the mentality that we've taken. So then you don't fall back into bad habits later down the track. You continue to do the things that you need to do to get from where you are today to where you want to be.

Speaker 1: 5:05

In your book you talk a lot about the evolving role of the chief financial officer. The way that you talk about a CFO and their role in a cybersecurity business is quite different and unique, as broadly or narrowly as you want. What is the role of a CFO in today's modern cybersecurity business?

Speaker 2: 5:23

Historically, cfos the guardians of cash flow and assets. They are risk managers and that role is still holding true today. But there's also a more evolved version of the CFO since COVID came in. That has got to change very quickly in the business landscape.

Speaker 2: 5:44

So I always like to use like a nautical reference for this one. So the CFO is really the captain of the ship they're driving and then they tell the guiding person, like the navigator is what I'm looking for, the navigator where they want to go, and it's the CFO's role and job and responsibility to map it out based on the data within the company Work with the chief revenue officer or whoever's handling the sales, work with the marketing team, work with the operations and gather all the data from the necessary places and then go all right to do what you're looking to do. This is what's got to happen, and they map out from where they are now to where they want to go, and then it's the CEO's role to go in and make sure that the vision is articulated to the rest of the company and move the company in the right direction.

Speaker 1: 6:32

One of the topics that you dive deep into the book in is the concept of key performance indicators, or KPIs, and what I love about how you do it is that you talk about it not just from one-size business, but you have different metrics. So if you're at this size of cybersecurity business, or if you're at this size or this size and you get very clear instruction really in terms of what those KPIs are that people need to be measuring in order to scale successfully, can you tell us a little bit what are some of the key KPIs that a person should be thinking about and maybe even relate it to the size of the company?

Speaker 2: 7:09

So the biggest thing to look at with any cybersecurity company and MSP is that and not just those, but any company that's a service-based business is really going to be employees. One of the primary drivers of any business is going to be your revenue per employee. You need to understand that. The metric or the ratio you want to use is one employee per $20,833 a month, or $1,250,000 for a company, up to about $1.5 to $2 million. The minute that you need support staff, and so you've got a ton of VCsos here's a good one, you've got a lot of those and then you need to start bringing in operational people or admins or people to manage calendars, whatever it may be we need to start moving and shifting from that $1,250,000 mark to $300,000 to $400,000, because those support staff aren't necessarily working on a revenue stream, so they're not actually directly related to the clients. They're supporting everyone else, so everyone else needs to rise up and take more workload to be able to support these staff, and then you get that average over time.

Speaker 2: 8:23

Same with middle management as you get to the $3 million to $4 million round, you may need some middle management, and so, as you bring those middle managers in, they have to manage more revenue to be able to support the middle management side. And then you can get that $1,000 to $30,000 or $1,000 to $35,000 over time. But we really are dialing in on these different metrics and then understanding the front of your fund is the next piece of the problem, or lifetime value to customer acquisition costs. So we know how much lifetime value we're getting out of someone and we also know how much cash or how much it costs us to get that customer. Then, if we've got a three to one ratio, we know we're moving in the right direction. And then we just start stacking it up over time and we see what's going to work best and we see that customer acquisition cost over time come down.

Speaker 1: 9:13

When you're consulting or working with cybersecurity owners, do you find that they have these numbers dialed in before they start talking with you? Just part of my question is I know myself as a business owner that was part of the magic of working with you is that I'm not just helping you publish the book, but I'm like sitting there taking notes and it was refreshing because, just from my own experience, the more specific targets you have, the easier it is to make decisions. Just tell us a little bit from the your experience in working with people what you see in terms of where they start in terms of maybe lack of awareness potentially and where you help them get to as a result of just whether it's your services, consulting or anything else.

Speaker 2: 9:54

So a lot of the time when we come into a company, a cybersecurity company, the first thing that we look at is that revenue per employee, because that tells us a lot. It's a leading indicator, so to speak.

Speaker 1: 10:04

So when we look at it, it's hey, your revenue per employee is.

Speaker 2: 10:08

We did one recently. It was, and I'm like okay, it needs to be 20,833. They're like Aaron, there's absolutely no way I can do that. That would mean that our clients would have to manage XYZ amount of clients Immediately. When an owner says that to me, I know we've got a pricing and packaging problem. That's then the lagging indicator.

Speaker 2: 10:27

So we can then go back and we can reverse engineer things from there. And then we can be like okay, how many clients can a customer adequately work on? They'll tell us 10, 15, whatever it may be, but say it's 10,. Then we know that our average order value needs to be $2083 a month and that person can manage 10. And now we're hitting the magic number. And so then we can go back through our customer base. As we get new clients what I was speaking to earlier we can then bring them on at this new rate, whatever it may be. And then we can go to our existing clients and say your average order value right now is 1000. And we're getting these new clients on at 2083. We go out to two clients and we tell them that their new price is 2083. Your revenue stays the same. You do less work and you probably need less employees, because that was the problem in the first place. Our average order value was off, our pricing and production, like our pricing and packaging was off, and then we can flow it forward from there and then we can dial in the rest of the numbers.

Speaker 2: 11:29

It's just understanding the very first thing that we have to track so that we can get some quick wins on the board so that they don't change back into old behaviors, and then making sure that we can continue to get those wins as we go forward, and then making sure that if they aren't doing it, we have an easy way to do it and we've got spreadsheets all built out, all those types of things.

Speaker 2: 11:50

Then we make one person responsible for it Because, to be fair, I don't like tracking my metrics either. I have a VA who's an employee doing all of that for me, so then they fill in the blanks for me and I can follow it into the future and I check it every day and making sure that we're moving in the right direction our lead flow, sales, our marketing, all of those types of things. And he updates all of that data daily so I can watch what's happening in real time, because the business owner has more things to do than just follow the metrics. So that's where we come in, when we help people is. It may not be us filling it in daily, it may be monthly, but we're able to fill that data in for them to make life easier as they scale.

Speaker 1: 12:29

I know during our discussions in writing the book, one of the concepts you talked about tell me the right phrasing that essentially, for every position or responsibility, you want to have three people. Why is it important in terms of a strategy for a business owner to, I would say, be able to scale their business?

Speaker 2: 12:44

So one of the biggest things that we have in companies even my own is relationship dependencies. So relationship dependencies are key employees, key vendors, key customers even and so it could be shareholders. If you have multiple owners in a business, one of the things that we need to be mindful of is, if one of those key employees leaves, how detrimental it could be to the company, and so I've seen key employees leave time and time again who don't have what we call golden handcuffs in the industry, like what's going to keep them there for the long term, whether it be stock options or whatever it may be. But if you lose that employee, it costs you the time and money it got you to get that employee to that level. So what you need to do is you need to take that person's knowledge and you need to be able to train people underneath them to be able to do their job.

Speaker 2: 13:38

Now, behind this premise of the book is we're looking to scale a company to be able to exit for a larger multiple.

Speaker 2: 13:44

To do that, you need to get rid of a lot of these relationship dependencies.

Speaker 2: 13:49

So if you train in threes and everyone's able to do everyone else's jobs and we're small businesses, so it's easier in small businesses because employees wear many hats anyway.

Speaker 2: 14:00

We can then build it into the culture early in the company and then multiple people can step up into that role. So if that person gets sick for six months, we got two people able to do that person's role and they can split responsibilities, which is going to be easier because they've probably got a lot of work on their plate anyway. So it's just being able to have people step up into those roles. So if you do potentially sell and that person leaves and devalues the company, it's not a problem. You've got these people coming up, stepping in and they can take it. And then you bring a person in underneath them to train. So it's always good to just have that trifecta, so to speak, where you're able to train people across multiple levels. And then it's also good for you because once you've got employees doing it, you can do it with your own people and they can start taking more of your work on, which deals with another dependency, which is own dependency.

Speaker 1: 14:46

The next topic is employee compensation. We want to hire good people, we want to keep good people. We don't want to overpay for good people. This definitely can become a profitability issue as well as a growth issue. I know that you talk a lot about this in your books. Talk to us about employee compensation. What's the right mindset? What are the right strategies?

Speaker 2: 15:06

We're looking for the dealer to always win. I like Vegas, so I speak to Vegas a little bit. I like going for the shows and the food more than the gambling, but everyone knows the term the house always wins. So incentivize employees in this industry. It should be. If we've got an employee managing 20,833 a month, how do we incentivize them to take on more roles and more responsibilities so that we can go from 20,000 to 30,000, to 35 or 40, whatever it may be, depending upon the employee?

Speaker 2: 15:37

The easiest way is to give them a piece of the revenue, give them access to larger bonuses, whether you pay them out quarterly, half yearly, annually I like annually, because then you know that you're not really going to have employee churn for the year. Then, when they do fall off, it's generally going to be around January. You already know in December go out and start running ads, because inevitably you have employee churn in January and that's just to be expected. That's completely fine. What we structure in a lot of companies is that model exactly Up to $20,833, that's your salary. Everything above that. You get 10 cents in the dollar for every customer that you're servicing. They have these ways to get 10, 15, $20,000 as bonuses for the end of the year and that, right before Christmas, makes their year.

Speaker 2: 16:28

It's also a tax plane because we know if we're highly profitable and we're looking for 30-40 percent and we go out and we spend a couple of $100,000, now their income has gone down. But then we move things in the right direction there and you do tax planning as well, which gets it even further. But then everyone wins and everyone's able to then take more ownership of their client base. It lowers churn, which is another really important metric in these types of companies. Lowers churn. And then everyone's taking responsibility for the clients that they're servicing. And then you get these rock stars that manage 50 to $60,000 at revenue. But you don't have to go out and get three employees because that one employee is managing that much revenue. And then you have a different problem and they may not be servicing the clients as good as they should. And then you've got to have elective book traction, then you've got to have employee scorecards and those types of things to make sure that the churn rate for them isn't too high, because that's the next problem we face there.

Speaker 1: 17:24

The next problem is how do you address client or customer churn, how do you incentivize employees and structures and whatnot, so that you're measuring that and you're optimizing that approach?

Speaker 2: 17:37

Just making sure that if they have these report cards, so to speak, where they have a churn rate above a certain level and you can determine that whether it's 10 percent or 20 percent, generally speaking, you want to look at your own churn rate for when you were managing clients and if it's 10 percent a year or 20 percent a year, that's what you set as the ground level churn rate that you're going to accept from your employees.

Speaker 2: 18:03

And then you watch it and you're doing your utilization tracking of hey, this person lost this much in clientele and this much revenue and this is what their churn rate is. And so you make it a double-edged sword like all right, you need to manage more revenue to get access to the bonus. However, there's much percentage of that money and then on the back end, if your churn rate is too high or your client complaints are too high, then we're going to deduct certain amounts of that bonus. So then we're incentivizing them on both fronts. It's like manage more money, do a good job, make sure that your client focused and customer service is really good, and then you're able to get the client really happy. It drives referral behaviors because the clients are happy and they're going through more customers. Your way All just flows together.

Speaker 1: 18:49

I think for the ultimate goal and part of the book is you're helping cybersecurity business owners scale their company. To what end right? So talk to us about exit planning or the sale, and maybe even share a story or two about some real-life experiences where you've helped a cybersecurity business sell their company for a significant multiple.

Speaker 2: 19:11

We have two that are really the feather in our cap where we were able to get a 25X multiple. They worked with us from a very small. One of them worked from us from a really small amount of money all the way up to $700,000 to $800,000 a month over a two and a half year period. So we were able to scale that company. But behind the scenes, we have different things to think about. So we have customer satisfaction, we have market control, we have growth performance, we have relationship dependencies, we have owner dependencies, and the very first one is the waste financial and cash performance. So we were able to mitigate a lot of the problems that investors look for in these two companies, and so the one that we grew from $20,000 a month to $800,000 a month was a really good one, because we were able to implement strategically, one after the other, through each of the areas, these tips and tricks, so to speak, where we were able to come in and say, hey, you need to go and you need to hire two people or you need to cross-train your existing staff to be able to do this key employees role, because if this person leaves or an investor comes in and you ever want to sell it. They're going to see that and they're going to lower the value. Or hey, 25% of your revenue is made up by five customers. We need to diversify more and we need to get more of these smaller customers at our lower to mid tier to ensure that we can mitigate this risk. Over time, this pop pool will expand, this will contract and we're making it into a good, reliable financial cash business, and so we were able to do that over time, and we had an investor come in very early that wanted to purchase it and we could show that this thing was 40% profitability and it just made a lot of sense for them to come in and make a large offer on this company, and we were able to get that.

Speaker 2: 20:59

Now the other one was a $7 million company.

Speaker 2: 21:02

They had been approached three times for this company and they were getting a one X multiple of revenue each time. So we were able to come in and we identified the mid-tier problems, which were they had relationship dependencies and they had owner dependencies. We mitigated all of those. They started speaking to brokers once we'd mitigated those and put some golden handcuffs in place, and then they were able to get a 25x multiple as well, simply by getting rid of those problems on the back end. They already had the finances, like the revenue growth, they had predictable profits, they had all of that really dialed in. But they didn't have those two last pieces of the puzzle on the relationship and the owner Soon. As we got rid of those, we were able to get a 25x because all of the front of the house and the financials looked amazing on paper and so they looked the same way back when those people were making a 1x offer. But instead we were able to go out and get a very large offer out of this and then get to the deal.

Speaker 1: 21:59

Can you put some specific numbers or just help the listener without any privacy concerns? Who is a number that represents?

Speaker 2: 22:07

So we went from a $1 million on the very first one the $20,000 to about $8 million a month. We went from a $1 million EBITDA margin or number to $25.5. And then we went from a $2 million bottom line or EBITDA to a $50 million offer and so it was still a $2 million but they got offered $7 million, which they did offer revenue at that time and when we helped negotiate the deal we went on EBITDA and so we were able to get that 25x multiple of EBITDA. So if we calculate that out, it's a $2 million company. So it would have been about a 3.5 valuation on EBITDA.

Speaker 2: 22:46

If we reverse engineered from that, it's just identifying where the gaps are in the business to be able to make those changes and then negotiating the deal on the back end. So the buyer understands hey, these people know what they're doing and then being like the finances and cash and we don't have these existing problems and just showing them how this company acts and how sophisticated it is and that they won't have to buy a job or buy a company that's going to fail because we've seen this consistent revenue growth and consistent profit growth and everything just falls to the bottom line. So if we can show that financial picture and then get rid of the owner, get rid of the relationship dependencies. It generally goes extremely well, especially in high growth industries like cybersecurity, it services.

Speaker 1: 23:28

So shifting gears slightly. The book is crafted where it can be read by someone in, I want to say, an hour or so. So that was a strategic design so that someone can really, at a high level, understand the concepts, get some takeaways, but then, to the day for someone, you're going to have your do-it-yourselfers and you're going to have your people that want help and if you can produce the kind of results that you're talking about, I think most business owners myself included, I'm not even the cybersecurity business owners I need to hire Aaron Talk to us a little bit just about how your company, bennett Financials, works with clients. What are some of those different ways that you work with cybersecurity business owners?

Speaker 2: 24:03

We want to come in and take ownership of the finances, so that's the very first thing. So we come in, we work with existing bookkeeping teams. We work with existing tax teams as necessary. You can do the bookkeeping if the client needs it, because if the books are wrong, every decision we make from there as well. So we always work either with the existing team or we bring it in house ourselves.

Speaker 2: 24:27

Then we like to take that ownership on where we're working strategically with the business owner, making sure the finances are there and then being able to help grow the one, the owner's financial literacy, but also be able to grow the company and show them. This is where we are today, this is where you want to be, and these are all the guide posts that we need to go through to get to that. And then just being able to work one on one with the owner and or the other C-suite teams and having those relationships. Because if I'm the finance team and I'm the CFO, I know that there's inevitably going to be problems between me and the marketing team or the sales team, because they're trying to get as much through the door as possible from revenue and I'm making sure that I can build them.

Speaker 2: 25:13

It's becoming like making sure that we've got those relationships with other people in the company if necessary, or it could be that the business owner is the main person that does chief marketing, chief sales and chief operations and then making sure that we're there to scale with them so that we can work one on one and help them grow from where they are today. It may be million dollars, it may be five million dollars, maybe ten million dollars, but going towards that goal of whatever is their dream basically.

Speaker 1: 25:39

I've enjoyed working with you on the book. I've enjoyed this interview. Is there any question that I haven't asked you that just to kind of encapsulate this or even just any final words or takeaways that you want? What's the one thing that you want a cybersecurity business owner listening to this to take away from either your book or just this conversation that we're having today?

Speaker 2: 25:57

I would say just start with the small things, because a lot of the time people when they come in with the KPIs or the metrics and those types of things, it feels a little bit scary at the beginning. I did it for the first time in my business because I didn't start this way. I just started throwing money where I needed to go and I was putting out fires and I learned over time. But just start, look at the problem. Don't hide from the finances. Just look at your numbers and be like I have this much revenue, I have this many employees, and divide it and look at it and instead of being like there's absolutely no way, ask how can I? Because sometimes it's just looking at it from that lens and being like all right, this is where I am today. In the next 12 months, I want to be here and take those baby steps of what you're looking for, month over month, because it's sometimes just as easy as that.

Speaker 1: 26:45

For someone who's listening, and if they don't already have a copy of the book, where can they go to get a copy of the book? And if someone's interested in learning more about you or reaching out to you, where should they go to do that?

Speaker 2: 26:58

The book's on Amazon, so you can get it from there. And research cyber growth and it will come up. As for working with us, you can go to wwwVenantFinancialscom and there's a contact form right there, so if you ever want to book a call with us, we can have a conversation from there.

Speaker 1: 27:13

Okay, perfect. Thank you so much for your time today. I appreciate it All right, thank you.