Cybersecurity Growth Strategy For Regulated Businesses Today Scaling | Chris May from Advantage Technology

Rick: Pathmonk is the AI for website conversions. With increasing online competition, over 98% of website visitors don’t convert. The ability to successfully show you value proposition and support visitors in the buying journey separates you from the competition Online. Pathmonk qualifies and converse leads on your website by figuring out where they are in the buying journey and influencing them in key decision moments with relevant micro experiences like case studies, intro videos, and much more.

Stay relevant to your visitors and increase conversions by 50% by adding Pathmonk to your website in seconds. By letting the AI do all the work and increase conversions while you keep doing marketing as usual. Check us out on Pathmonk.com. Hey everybody. Welcome to today’s episode of Pathmonk Presents. Today we’re joined by Chris. He’s the VP of Security and Growth at Advantage Technology. Chris, welcome to the show.

Chris May: Thanks for having me. It’s good to be here.

Rick: Good to be here, Chris. I agree and people don’t know this, but it’s been a long time coming, so I’m glad to have you and I’m finally glad to do this.

Chris, why don’t we start with the basics and maybe we talk about Advantage Technology and also what’s the big idea behind it? And if you were explaining what you do to a friend over coffee, let’s say, how would you describe what the company’s about and what you do?

Chris May: Sure. So yeah, I’m the, as you said, vice President of security and Growth. I’ve been here over a decade. And Advantage Tech is an interesting thing to explain. We don’t quite fit the mold, which is good. I think, I was just explaining this to somebody last night at an event.

So we are what you would refer to as a Managed Security Services company. Right? And you hear about MSPs, managed service providers. We’re a managed security services provider, so there’s another S in there.

So as an MSSP, we have some very different capabilities. We’re positioned very differently than a managed service provider in general. We are security and technology solution engineers is what I like to tell people.

We focus on cybersecurity first. We think that’s the most important thing there is right now in your daily digital life and the digital landscape. But the ability to do that well means that we have to also provide other services, right? So IT and security are basically two separate missions and a lot of people don’t realize that, and we service both.

That’s why I say we’re solution engineers, so we’re providing high level solutions for security and for technology problems.

We also do the services of a traditional MSP, the managed service provider. We usually pick those up secondarily after we’re already doing security work.

I think what sets us apart: you have a lot of companies out there that are MSPs or calling themselves MSPs, and their model’s different, right? They use level one and level two engineers. They use a lot of young people, which there’s nothing wrong with. They use a lot of the cheaper talent.

We’re a business of 30-year security engineers and tech engineers and network engineers. Right now we have those younger folks as well, but if you look at the company, it’s run by principal engineers and that’s what we are.

We’re not business people just trying to run a technology company. We’re actually security engineers and technical engineers that are running this company.

And then our customer base goes from the largest customers are big healthcare systems—15, 20,000 employees, 40 locations, billion dollar a year in revenue. And then we also go to help the smallest.

We have a law firm that has three people that does very sensitive work for government, that also has big security concerns.

So I think to wrap it all up, I would say our customer base is very broad, but they all have one thing in common. They have serious compliance and security issues that they’re concerned about, and we can help deliver those outcomes in that area so they can continue to operate safely and securely.

Rick: That’s amazing. Thanks for the intro, by the way. And that’s really interesting. I’m sure also for our audience, it sounds like you have a roster of really experienced engineers that know what they’re doing and I’m sure that translates in the quality of your work and the support that you give to your clients.

You touched on that for a second just now, right? So the types of businesses you work with—are there any industries or verticals where you feel your services really shine at the moment? Or is it more maybe a specific type of business and a key problem that you help them solve, do you think? Or how does that work for you guys?

Chris May: That’s a great question. So we can work for any vertical, right? And we do—we work in every vertical you can imagine, because everybody uses tech.

But if you think about a few things—what are the newest clients that we see being added? What does that outreach look like?

Department of Defense contractors. So private businesses that work for the DOD because they have all these new CMMC certifications they have to meet, things like that.

Really anybody with security compliance concerns, right? Defense contractors, hospitals for HIPAA, banks because of all the federal banking regulations.

Law firms actually are one of our biggest markets because most people don’t realize, but the FBI calls them the soft underbelly of cyber crime, right?

Because law firms—guess what? Law firms have medical data, business data, trade secret data, patent data. They handle all the data, and so they’ve become a huge client for us, very important because they have many things that can affect the security of the businesses and the governments they work for.

And I think that’s where we’re seeing the most growth is people that thought they traditionally didn’t need cybersecurity. “Why would we need security? We’re not a tech business.” Those are the people that are sitting on all this really sensitive data.

And what we found out is the threat actors don’t really care what you do now. You’re just a bank account to them. This is just a financial crime carried out over the internet.

And so if you have a bank account and they can extort you, they’re coming after you.

But for years, our biggest three have been healthcare, legal, and finance, and then defense contractors. Obviously we’re in that space, but we’re starting to see now just—it doesn’t matter what you do, they’re coming after you.

Rick: Yeah, that’s a good point. Especially the one you made—if you have a bank account, we don’t care who you are, we’re coming for you. So they need people like you to help them with their security.

I’m curious, within these companies who’s actually reaching out to you? How do people discover you in that sense? And maybe on the growth side of things, if you can touch on the channels that have become your go-to for bringing in more of those people.

Chris May: So my title’s interesting. I love the growth side too. People don’t understand it. I get asked all the time, what does it mean to be vice president of security and growth?

If you look at what is the fastest growing thing in tech right now, cybersecurity obviously. And what I understand is we can’t grow a company effectively at all without securing it. If it’s not secure and somebody steals all your data, you have no company.

Believe it or not, the people I talk to the most every day are CEOs and CFOs and COOs.

It’s funny, a lot of times, so many organizations still don’t have a Chief information officer, a chief security officer, chief Technology Officer. So that stuff rolls up to who? Typically the CFO. I know it’s weird, but the CFO typically, if you don’t have that role, is over top of technology.

And so what we’ve seen lately is most of ours come from two ways. First of all, referrals are still king in some ways.

We love referrals because they already are reaching out to us based off somebody else’s recommendation. So they think somewhat highly of us, or they wouldn’t have called.

We really push for that organic referral—handshaking, networking events, make friends with people, they’re gonna bring you their friends—but that can only go so far. You need that digital reach.

So what we try to do in that digital reach is do the things that we would do in person: be able to present our story. People love stories.

I’m fortunate that not only am I a cybersecurity engineer, but I also have a graduate degree from Cornell in market analysis and marketing.

We can do security things all day, but if we can’t sell them, we can’t run a business. I got that degree about eight years ago because we were starting this security practice and somebody needed to go out and sell it.

Who better than the engineer that’s done it for 20 years at that time, but didn’t know how to market anything?

So we did a twofold thing. Over the last eight years, our web presence has morphed and developed unbelievably. At the same time we’ve developed how we’ve presented who we are.

We can’t just talk about technical ones and zeros all day because the people I mostly talk to are CEOs, CFOs, COOs. They don’t care about ones and zeros.

We flipped the conversation to show them that their growth can be hindered or escalated based on how they understand their risk posture.

We made our web presence—our blogs and everything—talk about what they understand.

The IT person understands the risk to advanced ransomware and extortion. The CEO doesn’t. The CEO understands: if we lose money, we go out of business.

So we worked with companies to redevelop our web presence.

We used to market to the tech person, but the tech person rarely gets on our website because they know what we do. We had to start marketing to the people that sign the checks and sign off on projects.

And the way you market to them is not with marketing. We had to start educating them.

We need educated buyers. If that buyer is not the person that understands your product, then you better teach them.

So we put ourselves to school on how to educate better. Our website is an education tool. It teaches you in common language what we do—not acronyms and crazy speak.

How did we pull that off? We brought in people that know the things we don’t know.

We’re engineers. We’re not branding people. But what we asked them to do is talk to our people and ask them their story: why are you here? What do you do this for? What is Advantage’s mission?

And what we found out was everybody here is on the same mission. And that’s what we tell now in the website and the stories.

We can all do tech. Why do we do it? Because from a place that’s poor, it’s hard to be from—Southern West Virginia. It’s going backwards. So we prop up that economy by providing hundreds of jobs in a place that’s poor and destitute.

If you look at two companies and you hear our mission and we do the same work as another whose mission is just to make more money, you’re gonna use us.

We learned you have to tell your story at a deeper level. It changed everything for us.

So if you look at our website, it’s storytelling. We’re telling the story of who we are.

Rick: That’s so good. Typically you find people with the tech background that are really knowledgeable, but don’t have the soft skills to sell that. And the other way around is true too.

I love that you went and got that degree out of necessity and were able to combine both worlds.

You touched on the website and the storytelling. I’m curious: how much of a role does your website play in all of this and bringing in new business at this point?

Chris May: It plays a much bigger part than I would’ve believed it ever would for a business of our nature.

You’re talking about a business that 10 years ago did, I don’t know, $3 million a year. We’ll say this year we’ll do over 40 million. And you can’t do that without pulling people in.

People say we’re driving people to the business, but instead we’re pulling them in.

A big part of that was looking at our web presence. I tell people in security: you have two locations—your physical business and your website. Your website is what most people are gonna see as your business location.

We put a lot more emphasis on that and found marketing and PR and branding companies that know it better than we do.

At Advantage, we tell our clients: we pay people that do the things we don’t know how to do well. We’re an IT and security company. Why would I run a big marketing department?

We ran marketing inside for years with one person and did okay, but we realized: we don’t know how to hire a marketing person properly.

I have a degree, but I’m not a marketing professional. I learned out of necessity.

When we brought in professionals, we saved time, money, and got better results.

The first thing they asked us wasn’t “what do you do?” That’s how I knew they were good. They asked: “why do you do this?”

They asked my people: “why do you do this?” over and over.

Then they helped us create blogs and content and we fact-checked it.

We needed people that understood AI, SEO, and how to get the message in front of customers.

We can have a great message, but if we can’t deliver it to someone’s screen, what are we doing? Nothing.

Now we see a drastic increase in incoming leads through the website.

And they helped us frame who our buyer is. We knew the companies, but we didn’t know who inside is the buyer persona.

We have a duality: I have to explain it deeply to technical folks—and then I have to explain it to the CFO/CEO in an entirely different way.

So the website has to educate and handhold. That’s what it does: a lot of free education. The better educated they are, the better the conversations, and we can fix problems faster.

Rick: Makes total sense.

As we go into the back half, Chris, would you be willing to do some rapid fire questions? Nothing crazy—more habits, what you like to do. Is that okay?

Chris May: Sure.

Rick: Sweet. In your role, what are the main three things you focus on day to day when you go to work?

Chris May: Number one is the security of ourselves and our clients. No question. That’s the first thing I scan for when I wake up. Is there anything that means the security of us or our clients could be affected?

Number two: is there anything affecting client satisfaction at that current moment? Those people are our bosses. They sign our checks.

Number three: if either of those are failing—security issue or dissatisfaction—then number three is go fix number one and number two.

My role has morphed. I don’t have to be hands-on keyboards fighting off threat actors every day.

A big part is making sure clients are okay with spending what they spend because of what we do.

And honestly, another focus is being there for my team. They have a hard job. It’s stressful. I’ve done it for 30 years.

My phone is always on. Always on for them.

So: security, client satisfaction, and supporting my team.

Rick: And focusing on your team too—that’s a lot.

Chris May: I can’t do this without a team. My largest security contract is almost a million dollars a year for a 19,000-person healthcare system doing a billion in revenue.

We’re securing the employees, the patients, the families, the surgery centers. We’re making sure people don’t die.

If we fail, people will die. And I take that very seriously every moment of my life.

Rick: That’s a fair point.

Maybe related, maybe not: if you had a magic wand and could fix one frustrating thing in your life with tech—security, marketing, whatever—what would it be?

Chris May: Misinformation. Just misinformation in general.

People don’t have any idea what they’re talking about a lot of times, and they’ll talk about it like they’re very proud they know.

I’ve done this 30 years. You don’t know what you think you know—you know what the internet told you.

And it leaks out everywhere. It’s propaganda.

People scream about AI data centers and then use AI all day. Facebook, Twitter, Instagram, Microsoft, Google—everything is AI.

They say: “I don’t use AI, I don’t want it in my backyard.” It’s the oldest argument of rich versus poor with a different label.

So yeah: misinformation in general, funneled through the internet, is maddening to me.

Rick: That’s a first on this podcast. Great answer.

Chris, thank you for being on the show. Last word: if someone forgets everything today, what’s the one thing they should remember about the work you guys are doing at Advantage Technology?

Chris May: Every business today needs a cybersecurity posture. All of you. You’re under attack because you have a bank account.

And it doesn’t cost what you think it does. It used to be expensive and unattainable except for large enterprises. It’s attainable now even for a company with five people.

Have the conversation. Ask questions. Find somebody you trust. Doesn’t have to be me.

Cybersecurity is the one thing that can shut your business down forever—and you can’t fix it after the fact. The differentiator is preparing ahead.

So remember: it’s for everybody, and it’s not as expensive as you thought.

Rick: Amazing. If someone wants to check you guys out and maybe they have cybersecurity needs, where can they go? Where can they find you?

Chris May: The two spots: first Advantage Tech—just Advantage Tech. That’s our website. We made it super easy for you.

My email is CMay at Advantage Tech.

Then find me on LinkedIn. I got about 13,000 followers. Somehow I got popular—I guess they like nerds.

And it’s just Chris May. You can go LinkedIn slash Chris May Cybersec, or just search Chris May.

Those are the three best ways to find us. We’ve got blogs, writeups. We’re always happy to talk.

Rick: Too easy. Chris, again, appreciate your insights and your knowledge. Maybe we do this again in 2026. In the meantime, I wish you a wonderful day, Chris. Thank you so much.

Chris May: Thanks, bud.

Rick: All right, bye everyone.