Winning MSP Financial Clients: A Guide from Former Bank CISO Dan Sitton

Most MSPs look at a bank and see two things: a big potential contract and a terrifying wall of regulation. 

You see the revenue, but then you see the acronyms FFIEC, GLBA, FDIC... and the endless audits. For many, the natural reaction is to run in the other direction. 

But Empath Navigator and former bank CISO Dan Sitton runs toward it, and he knows that most MSPs lose the business simply because they’re speaking the wrong language. 

We sat down with Dan to discuss how MSPs can stop being intimidated by compliance, how to position yourself as a business advisor rather than just a tech vendor, and the specific first steps to breaking into this lucrative vertical. 

Meet Dan Sitton 

As the founder of Guardian Technology Group and a U.S. Marine Corps veteran, Dan Sitton brings 26 years of hard-earned experience to the front lines of cybersecurity leadership. 

Before he was a consultant helping MSPs, he was the CISO/CIO for a $7 billion financial institution. He knows the pressure of the boardroom, managing IT during billion-dollar mergers and successfully resolving 92 audit findings in under six months. 

Dan is known for translating cybersecurity confusion into executive clarity. He is a trusted advisor, a principled leader, and a powerful voice for making cybersecurity a business strength instead of a technical afterthought. 

Why Good IT Companies Fail in Banking (And How to Think Like a Banker) 

Dan's expertise came from 18 years of working inside financial institutions. It was there, reporting to the board, that he realized the fundamental disconnect, "IT was treated like a necessary evil." 

But the revelation came when he moved to a smaller bank and found himself on the other side of the table, hiring MSPs to support his team. He watched countless providers fail. 

"It wasn't because of bad tech," Dan explains. "It was because they didn’t understand the regulatory mindset." 

He spent years learning firsthand how compliance and cybersecurity intersect. Through that, he observed that most MSPs make a fatal error in their approach, "Banks aren’t SMBs with bigger budgets, they’re risk-driven organizations under constant examination." 

To win banking clients, you have to fundamentally change your vocabulary. He asserts, "Stop talking like an IT guy and start thinking like a banker."  

Most MSPs walk into a board meeting talking about firewall rules, open ports, and patch reports. But bank executives don't care about those things. They care about three specific outcomes: reducing risk, passing audits, and protecting their reputation. 

If you lead with tools, you lose them. But if you talk about risk tolerance and examiner expectations, you have their full attention. 

You must explain how your specific work prevents audit findings and shortens exam prep. That is how you stop being "the IT vendor" and become the person they call before the examiner walks in. 

Regulation is a Business Model     

"Most MSPs look at regulation and run the other way. That’s a mistake." Dan says. 

In the banking world, compliance isn't optional. Every new regulation creates a mandatory demand for projects and services. Banks must demonstrate cybersecurity maturity year after year, and as they grow in asset size, that bar gets raised. Most community institutions simply lack the internal resources to keep up. 

This creates a unique market dynamic. Unlike a typical SMB that might haggle over the price of a firewall, a bank is looking for a partner who can solve a specific, high-stakes pain. 

"This isn’t a price-driven market, it’s a trust-driven one," Dan explains. "If you can reduce audit pain, help executives sleep at night, and keep examiners happy, you’ll build relationships that last for decades." 

Position yourself as the expert who simplifies their world, and you instantly separate yourself from 90% of the competition. As Dan puts it, "You’re not selling IT services anymore; you’re selling confidence. And in this market, confidence is worth every penny." 

Accountability and the Long Game 

Before you enter this vertical, there is a critical rule: you must take ownership of everything you touch. 

"Banks live and die by accountability," Dan warns. 

If something breaks or gets missed, you don't blame the vendor or the user. You own it. You fix it. And you document it with a formal "lessons learned" to ensure it never happens again. 

"This isn’t a zero-tolerance environment for mistakes, but it is for trust," Dan says. "You’re protecting reputations." 

This emphasis on trust dictates the sales cycle. Dan is clear that this isn't a "fast close." The financial world moves slowly because it is built on relationships. You have to earn the right to do business with them. 

But for the MSP willing to play the long game, the reward is unmatched stability. 

"Once you earn their trust, they’ll stick with you for years," Dan says. "That kind of loyalty doesn’t exist anywhere else in IT." 

How to Find Your First Client 

The biggest hurdle is simply knowing where to look. Dan’s advice is to “Start local. Start small. Start smart." 

He recommends using public databases like iBanknet.com to identify community banks and credit unions with under $1 billion in assets. These institutions are in the strategic sweet spot: they face the exact same regulatory headaches as the national giants, but they lack the internal staff to handle them. 

That gap is your opening. 

But when you walk in, do not pitch "managed services." Lead with immediate value. Offer an FFIEC gap check or an audit-readiness review. 

"You’re not selling services, you’re helping them look good to their regulators," Dan explains. 

If that first conversation saves them from an audit finding or clarifies their compliance roadmap, you have proven your worth. 

That initial win paves the way for a multi-year relationship where you can take over the heavy lifting of technical debt, patching, backups, and vulnerability management, priced to follow regulations to the letter. 

Ready to Learn the Language of Banking? 

The financial vertical is a massive opportunity, but only for those who are ready to move beyond the checkbox. 

If you’re done being intimidated by compliance and eager to start building a high-value, risk-focused practice, Dan Sitton’s full course How to Approach Financial Clients is waiting for you. 

He breaks down the FFIEC guidelines you need to know, the prospecting scripts that open doors, and the step-by-step roadmap to winning your first bank client. 

Already working with financial clients? Dive deeper with Dan’s advanced course, What MSPs Need to Know About the FFIEC to master the specific regulations that will keep you ahead of the examiners. 

Start your 14-day free trial of Empath today and get immediate access to Dan’s course and the entire Navigator library. 

Like this? You'll love our newsletter.

Get our weekly emails packed with more expert insights, new courses, and community events you won't find anywhere else.