Listen to this Post

Introduction:
The average Managed Service Provider (MSP) spends approximately $23,000 to acquire a single client, yet a $15–30 box of donuts is now being deployed as a precision prospecting tool to bypass “no soliciting” signs and gatekeeper defenses. At GTIA ChannelCon 2026, industry veterans Michael Bakaic and Amy Slater are rolling out a live, hands-on workshop that replaces cold calling with a human-first, in-person approach built around the “Cyber Score Hook”. This article deconstructs the five-step Donut Method field playbook and the cybersecurity assessment framework that turns a casual office visit into a data-led sales conversation.
Learning Objectives:
- Master the five-step Donut Method for in-person MSP prospecting, from geographic market mapping to handling gatekeeper objections.
- Understand how to deploy the Cyber Score as a non-salesy lead-in that creates urgency and uncovers IT pain points.
- Learn to integrate offline “donut drops” with digital reconnaissance tools like Lead Hunter and dark web breach tracking.
- Develop a repeatable outbound lead generation system that lowers customer acquisition cost (CAC) and builds a qualified pipeline.
You Should Know:
- The Donut Method: A Five-Step Field Playbook for MSP Prospecting
The Donut Method is not a gimmick; it is a structured, repeatable process designed to get MSPs face-to-face with decision-makers and gatekeepers. According to Iceberg Cyber’s field playbook, the average MSP spends roughly $23,000 to acquire a single client through traditional digital channels. A box of donuts costs between $15 and $30 and gets you past the “no soliciting” sign, face-to-face with a gatekeeper, and one conversation away from reconnaissance you cannot get from a LinkedIn sequence. The method is built on the principle of reciprocity: a small, unexpected gift builds enough rapport for the recipient to engage with you.
Step-by-Step Guide:
Step 1: Map Your Market on Google My Maps
Open Google My Maps and search for your target vertical — attorneys, CPAs, dental offices, or any sector that fits your ideal client profile (ICP). Pin every result within your defined territory. Google’s geolocation data is the best free source for this, and you will end up with a visual map of every prospect in your area. Save each pin so you can plan efficient driving routes later. This is the reconnaissance phase that ensures you are not wasting time on irrelevant businesses.
Step 2: Filter with Lead Hunter
Head to leadhunter.icebergcyber.com. Plug in your city and target vertical. Lead Hunter will pull a full list — for example, 311 engineering companies in Chicago. Not all of them are your targets. Filter by employee count, check websites, and narrow down to the 20 you actually want to visit. These are the ones that fit your Dream 200 criteria: right size, right vertical, and likely in or near a Buying Window. This filtering step is critical for ensuring your time and donut investment yield the highest possible return.
Step 3: Buy Donuts, Practice the Script, and Walk In
The script is short on purpose. You are talking to a receptionist who was in the middle of something when you walked in. Speak slowly and be ready to repeat yourself. Here is the framework:
“Hi, my name’s [your name]. I work at [your IT company]. We love helping
with their IT. I wanted to come by, introduce myself, and make sure you're having a great day — so I brought you some donuts." </blockquote> Do not overthink it. The donuts are a gift of reciprocity that builds enough rapport for the person to engage with you. This opener is deliberately non-salesy; it positions you as a helpful neighbor rather than a pushy vendor. <h2 style="color: yellow;">Step 4: Handle the Four Gatekeeper Responses</h2> Every walk-in produces one of four responses. Know them in advance so nothing catches you off guard: <ul> <li>"That's so nice — would you like to talk to the office manager?" Say yes. Repeat the same script to the office manager. You just moved one layer deeper.</li> <li>"Do you have a card? I'll give it to my boss." Hand over the card. You are now in the building's memory. Follow up in three days.</li> <li>"This is perfect timing — we just had an issue." This is the jackpot, and it happens more often than you would expect. Transition directly to the Cyber Score.</li> <li>"Cool, thanks for stopping by." Worst case. You have still made a face-to-face impression. Log the visit as Recon in your Central Dashboard and schedule a follow-up touch.</li> </ul> <h2 style="color: yellow;">Step 5: Pivot to the Cyber Score Lead-In</h2> The donuts get people to open up. Once they are engaged, deliver the Cyber Score in front of them. Walk them through the findings — breached credentials, exposed emails — and let the evidence speak. Frame every finding as easy to fix. This is where rapport turns into a data-led conversation, and a data-led conversation is where pipeline starts. <ol> <li>The Cyber Score Hook: Turning Vulnerability Data into a Sales Conversation</li> </ol> The Cyber Score is a single number (0–100) that reflects an organisation's overall cybersecurity posture. It is simple, easy to understand, and perfect for those "so… how secure are we?" conversations. For MSPs, the Cyber Score combines internal insights and external data, including dark web breach intelligence, to show clients their security postures and ways to improve them. The score is not meant to tell an organization whether their cybersecurity passes or fails a test; instead, it creates a score that MSPs can use to assess their client's security capabilities, focus on remediation, and then track progress over time. <h2 style="color: yellow;">Step-by-Step Guide to Deploying the Cyber Score:</h2> <ol> <li>Create a Cyber Score Campaign: Dedicate a campaign to a group of prospects you are targeting. Use Lead Hunter to identify your Dream 200 and run a Cyber Score assessment on their domains.</li> <li>Monitor for Breaches: Use dark web monitoring tools to track whether any of your prospects' domains have exposed credentials or breached data. This is the "hook" that creates urgency.</li> <li>Prepare the Report: Generate a simple, one-page Cyber Score report that highlights the key findings. Keep it visual and easy to digest. Do not overwhelm the prospect with technical jargon.</li> <li>Deliver in Person: When you do a donut drop and get a positive gatekeeper response, deliver the Cyber Score report in front of them. Walk them through the findings and frame each vulnerability as an easy fix.</li> <li>Follow Up: If you do not get an immediate meeting, follow up within three days. Reference the Cyber Score and offer to do a full, no-obligation assessment.</p></li> <li><p>Technical Reconnaissance: Tools and Commands for MSP Prospecting</p></li> </ol> <p>Beyond the donuts and scripts, successful MSP prospecting requires technical reconnaissance. Here are verified commands and tools to gather intelligence on your prospects before you walk in the door. <h2 style="color: yellow;">Linux / macOS Reconnaissance Commands:</h2> [bash] DNS reconnaissance - find all subdomains for a target domain dig example.com ANY +noall +answer or use dnsrecon for more comprehensive enumeration dnsrecon -d example.com -t std WHOIS lookup to find domain ownership and expiration whois example.com Check for open ports and services on a prospect's public IP nmap -sV -p- -T4 192.168.1.1 Check if a domain has SPF, DKIM, and DMARC records (email security posture) dig example.com TXT | grep -E "spf|dkim|dmarc" Find breached credentials using haveibeenpwned API (command line) curl -s "https://haveibeenpwned.com/api/v3/breachedaccount/[email protected]" \ -H "hibp-api-key: YOUR_API_KEY"Windows PowerShell Reconnaissance Commands:
DNS resolution and reverse lookup Resolve-DnsName example.com Resolve-DnsName 192.168.1.1 -Type PTR Test network connectivity and trace route Test-Connection example.com -Count 4 Test-1etConnection example.com -Port 443 tracert example.com Check SSL/TLS certificate details Invoke-WebRequest -Uri https://example.com | Select-Object -ExpandProperty Headers Check for open ports using Test-1etConnection 1..1024 | ForEach-Object { Test-1etConnection example.com -Port $_ -WarningAction SilentlyContinue }Tool Configurations for MSP Prospecting:
- Lead Hunter (leadhunter.icebergcyber.com): Input your city and vertical to generate a filtered list of prospects. Export the list to CSV for CRM import.
- Google My Maps: Create a custom map with pins for each prospect. Color-code by status (e.g., green = visited, yellow = follow-up needed, red = not interested).
- CRM Integration: Log every donut drop as a “paid touch” (~$40 per visit) and record the gatekeeper’s response, recon data, and next steps.
4. API Security and Cloud Hardening for MSPs
While the Donut Method focuses on outbound sales, MSPs must also ensure their own infrastructure is secure when handling prospect data. Here are essential API security and cloud hardening practices.
API Security Best Practices:
- Use API Keys with Least Privilege: Never use a root API key for automation. Create service accounts with scoped permissions.
- Implement Rate Limiting: Protect your APIs from brute-force attacks by implementing rate limiting (e.g., 100 requests per minute per IP).
- Validate Input: Always validate and sanitize input to prevent injection attacks. Use parameterized queries for database interactions.
- Encrypt Data in Transit: Enforce TLS 1.2 or higher for all API communications. Disable weak cipher suites.
- Log and Monitor: Enable detailed logging for all API calls. Use a SIEM tool to monitor for anomalous activity.
Cloud Hardening Checklist (AWS/Azure/GCP):
- Enable Multi-Factor Authentication (MFA) for all user accounts.
- Restrict inbound traffic to only necessary ports and IP ranges using Security Groups / Network Security Groups.
- Enable VPC Flow Logs / NSG Flow Logs to monitor network traffic.
- Regularly rotate access keys and secrets using a secrets manager (e.g., AWS Secrets Manager, Azure Key Vault).
- Enable automatic patching for all virtual machines.
- Use Infrastructure as Code (IaC) tools like Terraform or CloudFormation to enforce security policies consistently.
5. Vulnerability Exploitation and Mitigation: The MSP’s Role
When you deliver a Cyber Score to a prospect, you are effectively showing them their vulnerabilities. Understanding how these vulnerabilities are exploited — and how to mitigate them — is essential for closing the deal.
Common Attack Vectors and Mitigations:
| Attack Vector | Exploitation Technique | Mitigation Strategy |
| : | : | : |
| Phishing | Social engineering via email to steal credentials | Deploy email filtering, MFA, and security awareness training |
| Weak Passwords | Brute-force or credential stuffing attacks | Enforce password policies and implement MFA |
| Unpatched Software | Exploitation of known CVEs (e.g., Log4j, EternalBlue) | Automated patch management and vulnerability scanning |
| Misconfigured S3 Buckets | Public exposure of sensitive data | Regular cloud security audits and access control reviews |
| Ransomware | Encrypting files and demanding payment | Regular backups (3-2-1 rule), endpoint detection and response (EDR) |Sample Vulnerability Scan Command (Linux):
Use nmap to scan for common vulnerabilities nmap --script vuln -p 80,443,22,3389 example.com Use OpenVAS for a comprehensive vulnerability assessment gvm-cli socket --socketpath /var/run/gvmd.sock --gmp-username admin --gmp-password password \ socket --xml "<create_task><name>Scan Prospect</name><target id='TARGET_ID'/></create_task>"What Undercode Say:
- Donuts Are a Data-Led Conversation Starter, Not a Bribe: The donut is the icebreaker; the Cyber Score is the conversation. Without the data, you are just another salesperson. With the data, you are a trusted advisor.
- Offline + Online = Unfair Advantage: Most MSPs rely solely on digital outreach. The Donut Method adds a physical layer that digital-only competitors cannot replicate. It is not about replacing LinkedIn; it is about filling the gaps where emails go unanswered.
Analysis: The Donut Method represents a fundamental shift in MSP sales strategy. In an era where inboxes are flooded and spam filters are aggressive, in-person prospecting cuts through the noise. The Cyber Score adds a layer of technical credibility that transforms a casual visit into a high-value consultation. Michael Bakaic’s background at Iceberg Cyber — using cybersecurity as a lead magnet — is the perfect fusion of technical expertise and sales acumen. The workshop at GTIA ChannelCon 2026 is not just about donuts; it is about equipping MSPs with a repeatable, measurable system that lowers customer acquisition costs and builds genuine relationships. The key takeaway is that cybersecurity is no longer just a service to sell; it is the primary vehicle for starting conversations and closing deals.
Prediction:
- +1 The Donut Method will become a standard playbook for MSPs, reducing client acquisition costs by 30–50% as more firms adopt offline, human-first prospecting.
- +1 Cyber Score assessments will become the industry norm for MSP lead generation, with vendors building integrated tools that automate breach detection and reporting.
- -1 MSPs that fail to adopt a proactive, outbound lead generation strategy will struggle to compete, as digital advertising costs continue to rise and organic reach declines.
- +1 GTIA ChannelCon 2026 will see a surge in attendance from MSPs seeking practical, hands-on sales training, signaling a broader industry shift toward relationship-driven business development.
- -1 The increasing reliance on Cyber Scores may lead to “score fatigue” among prospects, requiring MSPs to differentiate their assessments with unique, actionable insights.
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by ThousandsIT/Security Reporter URL:
Reported By: Techeducation Futuretechleaders – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeTesting & Stay Tuned:


