Advanced Software (return to the home page)

From rigid to responsive: evolving MSSP customer engagement strategies

The MSSP market is evolving from rigid, prescriptive models to responsive, collaborative approaches that align with clients' unique needs. By creating tailored measurement portfolios and defining joint KPIs, MSSPs and clients can track progress, foster transparency, and adapt strategies as threats and priorities shift. This dynamic, data-driven partnership ensures continuous improvement and shared success. OneAdvanced champions this approach, offering flexible, proactive cybersecurity support for lasting value.

by Matthew CracknellPublished on 29 May 2025 4 minute read

The Managed Security Service Provider (MSSP) market is thriving, driven by organisations’ growing need for flexible, proactive, and tailored security support.  

A UK Government publication, titled “Research on UK managed service providers” echoed this, naming cybersecurity as a key driver of growth.  

I’ve seen first-hand how traditional “point-and-shoot” consultancy models, while valuable, can sometimes feel detached from the unique challenges each client faces.  

But how can OneAdvanced Managed Cybersecurity Services partner more closely with customers by aligning on shared goals, applying blended standards thoughtfully, and measuring success in transparent, practical ways? 

Building a shared measurement language 

Security frameworks like NIST, ISO, and MITRE are valuable tools, but they’re starting points, not endpoints. And at worst, by themselves, they can feel prescriptive, and not suitable to convey and understand the complex needs of a business and its security. Instead, MSSPs and clients benefit when they: 

1. Collaborate to develop a measurement portfolio 

A measurement portfolio is a tailored blend of controls, principles, and benchmarks, drawn from multiple frameworks like NIST, ISO, and MITRE, that MSSPs and clients collaboratively select to assess the effectiveness of their security relationship. Its purpose is to create a shared, flexible foundation for evaluating progress, risks, and maturity in a way that aligns with the client’s unique needs and business context. To build an effective measurement portfolio:  

  • Draw selectively from NIST’s cybersecurity lifecycle, ISO’s management-system rigor, and MITRE’s adversary-centric view. 
  • Agree in advance which controls and outcomes matter most to the business. 

 2. Define clear, joint KPIs 

Joint KPIs are specific, agreed metrics that both the client and us use to track the health, performance, and improvement of their security efforts over time. These indicators foster accountability, transparency, and alignment by making success measurable and visible to both parties. To define and manage joint KPIs effectively: 

  • Examples: mean time to detect/respond, percentage of controls validated, or maturity-score improvement over time. 
  • Track these metrics in an open dashboard or scorecard that both teams update and reference. 

By cherry picking parts of frameworks, formed from business requirements, into a client-specific “melting pot”, both supplier and customer speak the same language, focus on the right controls, and measure progress together. 

Turning rigid to responsive 

Once a tailored measurement portfolio is in place, it shouldn’t sit still. Just as the threat landscape and business priorities evolve, so too must the strategies, controls, and collaborative actions that support them. The portfolio should become a living foundation, that is continuously refined to improve coverage, increase maturity, and maintain alignment. This shift from “implement and forget” to “adapt and advance” is where real-world maturity is developed.  

1. Build a rolling roadmap anchored in the measurement portfolio 

Use the portfolio to identify and prioritise areas for enhancement, such as:  

  • Expanding telemetry coverage
  • Improving detection logic
  • Developing automated response / remediation tooling
  • Integrating specific risk domains like third-party access 

Plan out, and track short-term wins, mid-term upgrades, and long-term milestones.  

2. Refine with data-driven retrospectives 

At each phase, use measurement outputs, like time-to-contain, false-positive rates, or coverage against MITRE techniques - to reflect on what’s working and what needs recalibration. 

Adapt the measurement portfolio and KPIs accordingly, ensuring it continues to serve as a relevant benchmark for both the client’s risk posture and our performance.

3. Showcase shared progress and success 

Highlight and celebrate proactive achievements, as and when short-mid-long-term goals are achieved.  

Use these moments not just as proof of value, but as motivation to keep advancing the partnership and the maturity roadmap. 

This commitment to continuous iteration over one-time implementation ensures that the relationship remains aligned, effective, and resilient, ready to adapt as both the business and threat landscape change. 

Conclusion 

Partnering with OneAdvanced for our Managed Cybersecurity Services means you gain a trusted ally dedicated to your organisation’s security. By shifting from rigid, prescriptive engagements toward a responsive, measurement-driven, and collaborative model, we can unlock far greater value for our customers. Security is a journey, not a checkbox - contact us today to learn how we can help you.  

About the author

Matthew Cracknell

Head of Security Operations

Share