I got on a call today with two guys from a major Wall Street firm's cybersecurity division. They were presenting to one of my clients — a small business that pays me to make sure their security is handled. The big firm was there to pitch their services, and I was there to evaluate whether any of it was worth a damn.
It wasn't.
The Pitch Was a Time Machine
Within the first ten minutes, I knew exactly where this was going. The buzzwords came fast — "threat landscape," "defense in depth," "next-gen endpoint protection." The slides were polished. The delivery was rehearsed. And the tools they were proposing? I've been running them — or better versions of them — for years.
I'm not exaggerating. The stack they presented as their enterprise-grade cybersecurity offering is the same stack that literally every 10-person MSP in America deploys on day one. Endpoint detection. Email filtering. MFA. Vulnerability scanning. These aren't differentiators. These are table stakes. They have been table stakes since 2022.
But the way they talked about it, you'd think they invented the concept of monitoring a network.
The Condescension Was the Tell
Here's the part that really got me. One of the guys kept framing the conversation like my client was some helpless small business swimming with sharks, and his firm was the only life raft in sight. David versus Goliath. The little engine that could. Like the only way a small business could possibly be secure is if a Wall Street brand name swooped in to save them.
That framing tells you everything you need to know about how these firms operate. They don't sell capability. They sell fear and brand recognition. The pitch isn't "here's what we do better." It's "you're too small to do this yourself, so you need us." And they count on the client not knowing enough to challenge it.
The problem is, I was on the call. And I do know enough.
Where the Real Innovation Is Happening
While big cybersecurity firms are recycling the same slide decks and repackaging commodity tools under enterprise pricing, the actual innovation in this industry is happening at the edges. It's happening at small, lean operations that build instead of buy.
At SkyNet MTS, we run a Security Operations Center, or SOC, that monitors thousands of endpoints across our client base. We wrote our own detection rules. We built an AI-powered triage system that classifies alerts automatically — not with some vendor's canned machine learning model, but with an agentic pipeline we designed, tested, and iterate on weekly. Our SOC doesn't just flag things. It thinks. It triages. It takes action on verified threats while my team sleeps.
That's not a product we bought from a vendor. That's something we built because the vendors weren't good enough.
And we're not the only ones. Across the MSP industry, the sharpest operators are building custom automation, deploying open-source security tools, and using AI in ways that the big firms won't catch up to for years. The numbers back it up — over half of MSPs are now using AI for threat detection and prediction, and the ones doing it well are seeing 40 to 70 percent reductions in resolution times. That's not a vendor stat. That's operators solving problems faster than the enterprise world can schedule a meeting about them.
The Enterprise Tax
What you're really paying for with a big-name cybersecurity firm is the logo. The brand. The ability to tell your board or your insurance company that you hired a name they've heard of. And in some industries, that matters — I get it. Compliance theater is a real thing.
But if what you actually care about is whether your business is protected? The name on the invoice doesn't stop a breach. The work does. The monitoring does. The speed of response does. And increasingly, the firms with the biggest names are the slowest to respond, the last to innovate, and the most likely to hand you a stack of tools you could have bought yourself for a fraction of the price.
They're selling 2022 solutions at 2026 prices and hoping you don't notice.
Small Doesn't Mean Less Capable
There's a myth in this industry that bigger means better when it comes to security. More analysts, more tools, more offices, more certifications on the wall. And for a long time, that was true. Scale mattered when everything was manual.
But that equation has flipped. The operators who are building their own automation, writing their own detection logic, and running AI-assisted triage aren't constrained by headcount anymore. A five-person team with the right systems can monitor, detect, and respond faster than a 500-person team that's still pushing tickets through a queue.
I watched it happen on that call today. Two guys from a Wall Street firm, backed by presumably unlimited resources, pitched a security program that I could outperform with the infrastructure I already have running. Not because I'm smarter than them. Because I'm not weighed down by the same bureaucracy, the same vendor lock-in, and the same incentive to keep selling the same thing year after year.
The biggest firms in cybersecurity aren't the most capable anymore. They're just the most recognized. And if you're a business owner making decisions about who protects your data, your network, and your people — recognition isn't the metric that matters.
Results are. And the results are coming from the operators who build, not the brands that pitch.
If you want to understand how the vendor playbook works — and why it's so hard to leave once you're in — read The Vendor Lock-In Playbook. And if your current IT provider is part of the problem, Your IT Provider Isn't Slow Because They're Busy might sound familiar.