We're not referring to finding quality people (always do this) and the usual motivational talk banality, but about getting the right specialties in the door at the right time. Information security has expanded so wide that the idea of the "generalist" is almost extinct; there just won't be the "one" who can run an entire security operations center (SOC), conduct research, do turn-ups, automate, etc...
Therefore, you must break out the functions of your MSSP and find experts for each specialty. In addition to "who," there is also "when." Knowing when to scale staff and when to hire for new skills is certainly a challenge, but often exuberance can cause businesses to hire too early or stubbornness will cause them to hire only after a problem becomes untenable. We'd love nothing more than to share a formula with you on when to hire X for Y at Z, but businesses are dynamic and unique, which is a euphemism for "you're on your own with that."
It's often said that making mistakes is part of making progress, but it's also said that those that don't learn from history will repeat it. Remember to focus on your service, keep it standard, and look at everything from a scalability perspective.
MSSPs, or managed security service providers, are at an exciting point where market acceptance, awareness and demand have converged. This is positive for a potential MSSP but also for the customers and businesses it will protect, enhancing security for everyone. However, excitement and the prospect of profits can create haste, and with haste comes an increased risk of mistakes. AlienVault, which has been fortunate enough to work with and help ensure the success of a number of our MSSPs, has identified five key lessons learned and mistakes every MSSP should avoid in order to be successful.