The Donut That’s Outperforming Your Entire MSP Sales Stack – Here’s How + Video

By /

Listen to this Post

Featured Image

Introduction:

In an era where MSPs are drowning in automated email sequences, AI-powered cold outreach, and expensive ad campaigns, the most effective lead generation tactic might just be a $9 box of donuts and a human conversation. At GTIA ChannelCon 2026, Michael Bakaic of Iceberg Cyber and Amy Slater of Innovative Events unveiled “The Donut Drop: Live MSP Lead Gen Workshop” – a two-hour hands-on session built around one deceptively simple idea: show up human, start real conversations, and walk out with qualified prospects. This isn’t theory; it’s a repeatable, field-tested methodology that turns in-person visits into documented reconnaissance on your dream prospects.

Learning Objectives:

  • Master the Door Opener script that disarms gatekeepers and converts cold walks-ins into warm conversations
  • Deploy the Cyber Score Hook to create urgency and pivot from rapport to data-led security discussions
  • Execute Recon Questions that uncover IT intel unavailable through digital outreach channels
  • Implement a hybrid sales-security workflow that combines human-to-human engagement with technical validation

You Should Know:

  1. The Donut Method: A Field-Tested Five-Step Prospecting Playbook

The average MSP spends roughly $23,000 to acquire a single client. A box of donuts costs $15–30 and gets you past the “no soliciting” sign, face-to-face with a gatekeeper, and one conversation away from reconnaissance you cannot get from a LinkedIn sequence. The Donut Method isn’t a replacement for your digital outreach – it’s the in-person layer that fills the gaps where emails go unanswered and connection requests sit pending.

Step 1: Map Your Market on Google My Maps
Open Google My Maps and search for your target vertical – attorneys, CPAs, dental offices, or whatever fits your Dream 200 criteria. Pin every result. Google’s geolocation data is the best free source for this, and you’ll end up with a visual map of every prospect in your territory. Save each pin so you can plan driving routes later.

Step 2: Filter with Lead Hunter

Head to leadhunter.icebergcyber.com. Plug in your city and vertical. Lead Hunter will pull the full list – for example, 311 engineering companies in Chicago. Not all of them are your targets. Filter by employee count, check websites, and narrow to the 20 you actually want to visit. These are the ones that fit your Dream 200 criteria: right size, right vertical, likely in or near a Buying Window.

Step 3: Buy Donuts, Practice the Script, and Walk In
The script is short on purpose. You’re talking to a receptionist who was in the middle of something when you walked in. Speak slowly. Be ready to repeat yourself. Here’s the framework:

“Hi, my name’s [your name]. I work at [your IT company]. We love helping 

 with their IT. I wanted to come by, introduce myself, and make sure you're having a great day – so I brought you some donuts."
</blockquote>

That's the opener. Don't overthink it. The donuts are a gift of reciprocity that builds enough rapport for the person to engage with you.

<h2 style="color: yellow;">Step 4: Handle the Four Gatekeeper Responses</h2>

Every walk-in produces one of four responses. Know them in advance so nothing catches you off guard:

<ul>
<li>"That's so nice – would you like to talk to the office manager?" – Say yes. Repeat the same script to the office manager. You just moved one layer deeper.</li>
<li>"Do you have a card? I'll give it to my boss." – Hand over the card. You're now in the building's memory. Follow up in three days.</li>
<li>"This is perfect timing – we just had an issue." – This is the jackpot, and it happens more often than you'd expect. Transition directly to the Cyber Score.</li>
<li>"Cool, thanks for stopping by." – Worst case. You've still made a face-to-face impression. Log the visit as Recon in your Central Dashboard and schedule a follow-up touch.</li>
</ul>

<h2 style="color: yellow;">Step 5: Pivot to the Cyber Score Lead-In</h2>

The donuts get people to open up. Once they're engaged, deliver the Cyber Score in front of them. Walk them through the findings – breached credentials, exposed emails – and let the evidence speak. Frame every finding as easy to fix. This is where rapport turns into a data-led conversation, and a data-led conversation is where pipeline starts.

<ol>
<li>The Cyber Score: Turning Security Intelligence into a Lead Magnet</li>
</ol>

Michael Bakaic's Iceberg Cyber has generated over 10 million Cyber Scores, simplifying cybersecurity for MSPs worldwide. The Cyber Score is a security analytics tool that evaluates an organization's security posture by assessing current configurations, user behaviors, and adopted controls. Prospects can complete it in seconds by entering their domain name.

The Cyber Score serves as the perfect bridge between the donut drop and a technical conversation. Once you've built rapport, you deliver the score in front of the prospect, walk them through the findings – breached credentials, exposed emails – and let the evidence speak. This transforms a casual conversation into a data-led security discussion that positions your MSP as the solution provider.

<h2 style="color: yellow;">Technical Integration: Automating Cyber Score Delivery</h2>

To operationalize this at scale, MSPs can integrate Cyber Score data into their CRM and ticketing systems. Here's a basic PowerShell script to pull security assessment data and log it for follow-up:

[bash]
 Cyber Score Data Integration Script
 Purpose: Pull security assessment data and log to CRM

$domain = Read-Host "Enter client domain"
$apiKey = "YOUR_API_KEY"
$endpoint = "https://api.icebergcyber.com/score"

$headers = @{
"Authorization" = "Bearer $apiKey"
"Content-Type" = "application/json"
}

$body = @{
domain = $domain
} | ConvertTo-Json

try {
$response = Invoke-RestMethod -Uri $endpoint -Method Post -Headers $headers -Body $body
Write-Host "Cyber Score retrieved for $domain" -ForegroundColor Green
Write-Host "Score: $($response.score)" -ForegroundColor Yellow
Write-Host "Breached Credentials: $($response.breachedCount)" -ForegroundColor Red

Log to CSV for follow-up
$logEntry = [bash]@{
Domain = $domain
Score = $response.score
BreachedCount = $response.breachedCount
Date = Get-Date
Status = "Follow-up Required"
}
$logEntry | Export-Csv -Path "cyberscore_log.csv" -Append -1oTypeInformation
}
catch {
Write-Host "Error: $_" -ForegroundColor Red
}
  1. MSP Security Hardening: The Technical Backbone of Credible Security Conversations

When you walk into a prospect’s office with a Cyber Score showing breached credentials, you need to be ready to explain exactly how you’d fix it. Here are the essential hardening steps every MSP should standardize across all clients.

Linux Hardening Checklist

For Linux endpoints, implement these baseline controls:

 1. Update kernel and packages
sudo apt update && sudo apt upgrade -y  Debian/Ubuntu
sudo yum update -y  RHEL/CentOS

<ol>
<li>Disable unused services
sudo systemctl disable --1ow telnet.socket
sudo systemctl disable --1ow rsh.socket
sudo systemctl disable --1ow rexec.socket</p></li>
<li><p>SSH Hardening - disable root login, enforce key-based auth
sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd</p></li>
<li><p>Configure UFW firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable</p></li>
<li><p>Enable audit logging
sudo auditctl -e 1
sudo systemctl enable --1ow auditd

Windows Hardening Checklist

For Windows environments, enforce these baseline controls:

 1. Enable BitLocker full-disk encryption
Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -SkipHardwareTest

<ol>
<li>Disable SMBv1 (blocks WannaCry-style exploits)
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol</p></li>
<li><p>Configure Windows Defender Firewall
Set-1etFirewallProfile -Profile Domain,Public,Private -Enabled True</p></li>
<li><p>Enforce strong password policies
secedit /export /cfg C:\secpol.cfg
(Get-Content C:\secpol.cfg) -replace 'PasswordComplexity = 0', 'PasswordComplexity = 1' | Set-Content C:\secpol.cfg
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY</p></li>
<li><p>Remove unused local admin accounts
Get-LocalUser | Where-Object {$<em>.Enabled -eq $true -and $</em>.Name -1e "Administrator"} | Remove-LocalUser
  1. MDR Standardization: The Non-1egotiable Security Baseline for 2026

For 2026, MSPs should standardize MDR across all clients to build a stronger security baseline. MSPs can no longer rely on optional, client-by-client security adoption. When clients choose outdated protection like basic AV, the MSP absorbs the operational risk – and often the blame – when incidents occur.

Leading MSPs are now standardizing MDR as a foundational control across their entire client base to achieve:
– Reduce attack exposure for all clients
– Ensure a consistent security posture
– Eliminate the operational overhead caused by mixed protection levels
– Provide every client with the same 24/7 expert-driven defense
– Accelerate response speed and service delivery

One MSP featured in a Bitdefender webinar achieved 98% MDR adoption through an opt-out model supported by clear communication and formal risk acknowledgment. The outcome was significant: multiple attacks were prevented before they could escalate into business-disrupting incidents.

Why Reactive Security No Longer Works

Bitdefender research into 700,000 security incidents shows that 84% of major attacks now involve the abuse of trusted, built-in utilities, a tactic known as Living Off the Land (LOTL), which evades traditional defenses by blending in with normal system activity. Common attacker techniques leverage:
– Built-in OS tools (PowerShell, cmd.exe, WMI)
– Legitimate credentials
– Remote access channels
– RMM exploitation
– Lateral movement techniques

Prevention-Driven Hardening Commands

To combat LOTL attacks, implement these prevention-driven controls:

 Windows: Restrict PowerShell execution to signed scripts only
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

Windows: Enable PowerShell logging for forensic visibility
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -1ame "EnableScriptBlockLogging" -Value 1

Windows: Disable WMI from remote execution (where not needed)
 Use Group Policy: Computer Configuration > Administrative Templates > Windows Components > Windows Management Instrumentation > Disable WMI

Linux: Restrict cron jobs to authorized users only
echo "root" > /etc/cron.allow
echo "user1" >> /etc/cron.allow
chmod 600 /etc/cron.allow
  1. Zero-Trust Architecture: Building the Foundation for MSP Security

Zero-trust architecture has become a cornerstone of MSP security in 2026. The core principle is simple: never trust, always verify. Here’s how to implement zero-trust controls across your client environments:

Network Access Controls

  • Enforce multi-factor authentication (MFA) across all systems – MFA adoption reduces breach success dramatically
  • Eliminate default usernames and enforce unique, strong passwords
  • Follow least privilege principles – users get only the access they need
  • Inventory and classify all assets
  • Segment networks to prevent lateral movement
  • Restrict workstation-to-workstation traffic
  • Audit inactive user accounts regularly

Secure Remote Management Tools

  • Restrict access to RMM tools using IP whitelisting and MFA
  • Use centralized logging for all RMM activity
  • Keep RMM software updated with the latest patches
  • Disable RDP unless absolutely necessary
  • Use NLA (Network Level Authentication), firewalls, and RD Gateways
  • Change default ports for remote access services

Implementation Commands

 Windows: Enforce MFA for all admin accounts via Conditional Access policy
 (Requires Azure AD Premium licensing)
 Configure via Azure Portal > Azure AD > Security > Conditional Access

Windows: Restrict RDP access using firewall rules
New-1etFirewallRule -DisplayName "Restrict RDP" -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Block

Windows: Enable NLA for RDP
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -1ame "UserAuthentication" -Value 1

Linux: Implement IP-based access control for SSH
echo "sshd: 192.168.1.0/24" >> /etc/hosts.allow
echo "sshd: ALL" >> /etc/hosts.deny

6. Automated Patch Management: Closing the Vulnerability Gap

Automated patch management is critical for closing vulnerability gaps across Windows, macOS, Linux, and over 850+ third-party applications. Here’s a comprehensive approach:

Linux Patch Automation Script

!/bin/bash
 Linux Automated Patch Management Script

LOG_FILE="/var/log/patch_management.log"
DATE=$(date '+%Y-%m-%d %H:%M:%S')

echo "[$DATE] Starting patch management..." >> $LOG_FILE

Debian/Ubuntu
if [ -f /etc/debian_version ]; then
apt update >> $LOG_FILE 2>&1
apt upgrade -y >> $LOG_FILE 2>&1
apt autoremove -y >> $LOG_FILE 2>&1
fi

RHEL/CentOS
if [ -f /etc/redhat-release ]; then
yum update -y >> $LOG_FILE 2>&1
fi

Reboot if required
if [ -f /var/run/reboot-required ]; then
echo "[$DATE] Reboot required. Scheduling reboot." >> $LOG_FILE
 Schedule reboot during maintenance window
shutdown -r +60 "System reboot for patch installation"
fi

echo "[$DATE] Patch management completed." >> $LOG_FILE

Windows Patch Automation via PowerShell

 Windows Automated Patch Management
 Schedule this to run via Task Scheduler during maintenance windows

$logPath = "C:\Logs\patch_management.log"
$date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"

Add-Content -Path $logPath -Value "[$date] Starting Windows updates..."

Install Windows Updates
Import-Module PSWindowsUpdate
Install-WindowsUpdate -AcceptAll -AutoReboot -IgnoreReboot

Check for reboot requirement
if (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired") {
Add-Content -Path $logPath -Value "[$date] Reboot required. Scheduling reboot."
 Schedule reboot during maintenance window
shutdown /r /t 3600 /c "System reboot for patch installation"
}

Add-Content -Path $logPath -Value "[$date] Windows updates completed."

7. API Security: Protecting Your MSP Management Tools

As MSPs increasingly rely on APIs for integration between RMM, PSA, and security tools, API security becomes paramount. Here are essential API security best practices:

API Security Checklist

  • Implement OAuth 2.0 or OpenID Connect for authentication
  • Use API keys with least privilege scopes
  • Enforce rate limiting to prevent brute-force attacks
  • Validate all input to prevent injection attacks
  • Log all API access for audit purposes
  • Regularly rotate API keys and secrets
  • Use HTTPS for all API communications

API Security Testing Commands

 Test API endpoint for basic authentication
curl -X GET "https://api.yourmsp.com/v1/clients" -H "Authorization: Bearer YOUR_TOKEN"

Test rate limiting
for i in {1..100}; do curl -X GET "https://api.yourmsp.com/v1/clients" -H "Authorization: Bearer YOUR_TOKEN"; done

Check for insecure headers
curl -I "https://api.yourmsp.com/v1/health"

What Undercode Say:

  • Key Takeaway 1: The Donut Method proves that in an increasingly digital world, human-to-human connection remains the most powerful lead generation tool. A $9 box of donuts consistently outperforms expensive ad campaigns because it bypasses digital noise and creates genuine rapport.

  • Key Takeaway 2: Cybersecurity is the ultimate conversation starter. By leading with a Cyber Score that reveals breached credentials and exposed data, MSPs transform cold prospects into engaged buyers who understand the urgency of their security posture.

  • Key Takeaway 3: The most successful MSPs in 2026 are those who standardize security across all clients – MDR, zero-trust, and automated patching are no longer optional add-ons but foundational requirements.

  • Key Takeaway 4: Prevention-driven hardening is the new frontier. With 84% of attacks now leveraging legitimate system tools (LOTL), traditional reactive defenses are obsolete. MSPs must adopt technologies that automatically reduce attack surfaces.

  • Key Takeaway 5: The integration of sales methodology with technical delivery creates a powerful flywheel – donuts open doors, Cyber Scores create urgency, and hardened security postures close deals.

Analysis: Michael Bakaic’s approach represents a fundamental shift in how MSPs think about sales. Rather than viewing sales and security as separate functions, he demonstrates that cybersecurity expertise is itself the most compelling sales tool. The Donut Method works because it addresses the human element that no amount of marketing automation can replicate. When you combine genuine human connection with data-driven security insights, you create a buying experience that feels consultative rather than transactional. This is particularly powerful in the MSP space, where trust is the primary currency. The technical hardening guides provided above ensure that when prospects say “yes,” your MSP can deliver on the promise of security excellence. As the threat landscape continues to evolve, MSPs who master both the human and technical sides of security will dominate their markets.

Prediction:

  • +1 The Donut Method will become a standardized lead generation playbook adopted by thousands of MSPs within the next 12-18 months, driven by the GTIA ChannelCon workshop and Iceberg Cyber’s growing influence.

  • +1 Cyber Scores will evolve into a de facto industry standard for security assessments, similar to credit scores for financial health, creating new revenue streams for MSPs who offer ongoing security monitoring.

  • -1 MSPs who fail to standardize MDR and zero-trust controls across all clients will face increasing liability as ransomware attacks against SMBs continue to rise, with legal repercussions for negligence.

  • -1 The window for “optional” security adoption is closing – clients will increasingly demand auditable security baselines, and MSPs without standardized offerings will lose competitive ground.

  • +1 The integration of AI-driven threat detection with human-led security conversations will create a new category of “Security Sales Engineers” who combine technical expertise with consultative selling skills.

  • -1 Living Off the Land (LOTL) attacks will account for over 90% of major breaches by 2027, forcing MSPs to abandon legacy AV and embrace prevention-driven hardening technologies or face catastrophic client losses.

  • +1 MSPs who adopt the Donut Method + Cyber Score combination will see client acquisition costs drop by 40-60% within their first year of implementation, based on the dramatic reduction in paid advertising and cold outreach expenses.

▶️ Related Video (82% Match):

https://www.youtube.com/watch?v=nzoWqwjC8SA

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Gtiachannelcon Mspmarketing – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky

Related Posts: