Browse Blog:
Management
Video
Acquisitions
Operations
Call Center
Org Chart
Marketing
Recruitment
HR
Podcast

Entry & Exit #46 Security Is Becoming an IT Business. Here's Why

IT Is Taking Over Security and Most Integrators Aren’t Ready.In this episode of Entry & Exit, Stephen Olmon and Collin Trimble discuss one of the biggest shifts happening in the security industry: the rise of IT as the primary decision-maker. What used to be a facilities-driven purchase is rapidly becoming a technology conversation centered around APIs, cybersecurity, data ownership, interoperability, and AI.
Podcast
November 7, 2025

IT Is Taking Over Security and Most Integrators Aren’t Ready.

In this episode of Entry & Exit, Stephen Olmon and Collin Trimble discuss one of the biggest shifts happening in the security industry: the rise of IT as the primary decision-maker. What used to be a facilities-driven purchase is rapidly becoming a technology conversation centered around APIs, cybersecurity, data ownership, interoperability, and AI.

They break down why open APIs are becoming table stakes, how enterprise buyers are evaluating security vendors differently, and why security professionals who can't speak the language of technology risk being left behind. The conversation also explores cybersecurity vulnerabilities, penetration testing, AI's impact on enterprise security, and practical ways integrators can future-proof their businesses.

In this episode:

→ Why IT is becoming the economic buyer in security projects
→ The growing importance of APIs, integrations, and data ownership
→ Why open platforms are winning over closed systems
→ How AI is accelerating change across the security industry
→ Cybersecurity risks every integrator should understand
→ Why penetration testing is becoming more common
→ The future of custom-built security software stacks

Connect:

Stephen Olmon — https://x.com/stephenolmon
Collin Trimble — https://x.com/TXAlarmGuy


Owned and Operated
New Episodes Every Wednesday!

Subscribe For More

And I think that that's kind of the new reality of where we are, right?

I mean, when you didn't you feel that when we were at ESA this last two weeks ago or whenever we were over there last week, it really felt like if you really look around, a lot of that room is made up of technology salespeople.

Data integration and data sharing is going to be the new table thing. It's not gonna be, do you have an API?

And so you have to be able to speak to cybersecurity, you have to be able to speak to interoperability APIs. If Colin just said MCP and you're like, what is that, MasterCard? Uh like three to five years, you're gonna get left behind if you can't speak the language. That's good. Honestly, people, this is the sauce right here, actually. Welcome

to Entry and Exit. My name is Steven Ullman, and I also have Colin Trimble with me. We run Alarm Masters by day, and by night or other parts of the day, we also host this podcast. And we hope it helps people.

Not really ever by night. Not really ever by night.

Not really. No, we're with our kids. Like, let's be honest. Yeah. And our wives, we have those two. Um one of them each. Uh and so whatever. It's a technicality. Yeah, a technicality. In case you're in case you're curious. Um I'm gonna leave it. I'm gonna leave it alone. Um, yeah, yeah. I'm not getting in

trouble. Um, so today we're talking about kind of a hot take. You know, there's this concept that um cyber and physical, or maybe even better said, like um the uh IT, high high-tech IT side and physical are kind of converging, but that kind of sounds like it's a 50-50 relationship. And the hot take is no, it's just that IT and everything that comes along with it is kind of taking over the conversation.

Yeah, that's right. I uh I was watching this really interesting um video yesterday that was about a company that uh 20 years ago launched some of the first satellites, like kind of precursor to Starlink, and they were geostationary, and so meaning they were positioned in a fixed place, and all they did was take pictures of retailers' parking lots, and they come did a statistical analysis year over year because it was the best predictor uh when you aggregate it for how Target, Best Buy, Bed Bath and Beyond, whatever their stock was gonna do. And they had something like an 85% uh correlation, whatever. And so what was super interesting about that was data uh was the king, and they were getting paid a lot of money for the data. And what I think is gonna happen here is well, what I don't think it's already happening. IT is now becoming the primary purchaser for um commercial security applications and even fire a lot of times. Uh where used to it would be kind of thrown on the IT person to just kind of figure it out and deal with it, or it was maybe on maintenance and they kind of had a hand with IT. Now it's almost, I mean, it was what we're experiencing is almost squarely with IT. The IT is the economic buyer qualifier, not always the top-level decision maker, but they are the qualifier and they are the economic decision maker. And so what's happened, and the reason that's happening more, I mean, you you tell me, I I think a lot of that's happening because kind of gone are the days where you had to have all these wired devices all over your building. We're now in an IoT world and and we're seeing you know, burglar alarms are sort of traditional burglar alarms are disappearing. Traditional access control is sort of morphing into video enabled access control. Um and I think that that's kind of the new reality of where we are, right? I mean, don't you didn't you feel that when we were at ESA this last like two weeks ago or whenever we were there last week?

Kind of the like the fun, good old boy, like very technical security focused um salesman it isn't really at those things anymore. It feels like and it really felt like if you really look around, a lot of that room is made up of technology salespeople and people that have come from other industries that are really adept at selling software as a service or you know, licenses or things like that. And there's this heavy technology uh background that exists in that room that um is is just a different it's a different mix in the room than it would have been five or ten years ago.

Yeah,

I agree with you. I actually think I I I think that the biggest, I think this is the biggest, most salient point. I'm just gonna, you know, I should wait till the end of the podcast to say this so that everybody will stick around. I think that the most salient point is that like data integration and data sharing is going to be the new table stakes. It's not gonna be, do you have an API? If you do not have an API, if you're selling Integrator, a service uh manufacturer that does not have an open API in five years from now, you're not gonna win that deal. And and honestly, you're gonna three years.

Maybe I was gonna say maybe two or three years. Yeah.

We're in a deal right now where the whole deal is around um the end user is interviewing multiple manufacturers, and all they are having a conversation about is the API because they don't really care that much about the software. They're actually pulling all that into an internal operating system that they're building, which is just wild. And it is everything to do with how easily can I get the data that's mine out of your system? Because and historically, that's been kind of like a glamorous, nice to have thing. I remember in 2015 when I was at Brevo, I would talk about open APIs, and people were like, What is that? Well, I don't care about that. That doesn't mean anything to me. Does it unlock the door? You know, and now it's like uh the flashy feature set stuff is a whole lot less impressive, and having an MCP server and having really robust APIs is the new gold rush. Data is the new gold rush.

Yeah. And you you have to be able to, as a on a dealer side or as an integrator, like you have to be able to speak that language because you aren't just speaking to someone on the security side, like you are talking, likely if it's a deal of any size, like director of IT or some sort of C-suite person that's got technology and kind of technology-oriented purchasing brain, uh like in a hat on. And so you have to be able to speak to cybersecurity, you have to be able to speak to interoperability APIs. Uh, even I I love, I I've said it before, I'll say it again, is because it's just fun, is like it's not SaaS software as a service, it's becoming SUS, you know, single-use software and where people are building their own. Ooh, I never heard that.

You've never said that before.

I love toss toss, toss, toss, toss. Um, and so if you're listening right now, you just missed me do a little hair flip, which I don't have, but it was makes me feel good. Um, and so um don't don't laugh. Uh sorry. So uh if you here's the thing. If you can't speak that language today, if Colin just said MCP and you're like, what is that, MasterCard? Uh like yeah, a go learn, go learn uh more about what's happening all around us uh from an AI um and kind of uh data, the data layer of this industry, which is rapidly advancing and changing. I would say we're kind of catching up in a lot of ways uh to some other industries. Table stakes, right? Like in the next couple of years, you being able to speak to all that, you being able to look someone in the face, or coaching your sales team to be able to have those sorts of kind of high technology. Um, it's almost like in finance, you talk about finance like high finance, like sophisticated finance. Like you're gonna have to be able to speak sophisticated technology, um, and kind of have like high-level technological conversations with key decision makers that are not just like, oh man, like tell me about the key card entry. Like that's not what we're doing. So, and it's changing.

No, I think I think that's a great take. I have a bot, a bunch of thoughts that that are resulted. That one is um, well, we'll come back to cybersecurity in a second. The bottom line, it's in the the same vein of you've got to learn to speak the language, you've got to start really learning cybersecurity because that's becoming an even bigger deal now with all of these models that have the ability to penetration to be able to do penetration uh testing on your own business. It's really cool and they like that, but they're finding vulnerabilities every day. And um, so you need to be able to speak that language. That's that's a separate thing we should have a conversation about in a second. But here's here's another kind of tangential take. You will never learn the AI high-tech uh language if you're not doing it in your own business. Amen. Just like right now, um, you learn a new access control manufacturer because you bring them into your office, they train you on access control, and then you install it in your own office. And so you get your hands on it and you learn it and you figure out how the the quirks and the nuances about how to program it and install it, and then you can be a subject matter expert to the customer about that particular product. That is what is required now uh for this technology. So when your customer says, Hey, um, can this door be unlocked by a camera? And you're gonna say, Yeah, I I've uh Eagle Eye Brevo showed me that feature, you know, DMP, it can it can happen. That's gonna be that's where it will stop today. But in three years from now, they're gonna say, explain the mechanism to me and where the data is being stored and how it's coming off and what is the latency and is that a part of an open API? All of that language is going to be the next discussion. It's not gonna stop at layer one, it's not gonna be feature set, it's gonna go technical. And it's kind of funny. Lately, I've been feeling really justified in my in my uh experience because his I'm not the technical guy. And if you have been on this podcast long enough, if you listen, you know that like I don't uh I don't really have a lot of technical chops. Um, I obviously have some sales chops and I have some AI chops, but I've learned a lot about IT and software and programming and networking and APIs just from doing it for our own business. What has happened is I'm now brought in for my own sales team as a subject matter expert on what the art of the possible for your for your uh your security stack and integration into your business. And I think that right now you can get away with not having that and being the technical guy that knows about locks and getting your meter out and you know doing all the things. I think in three to five years, you're gonna get left behind if you can't speak the language.

Yeah, I I 100%

agree. Um, and one thing that you touched on, I wanted to go back to really quickly. You talked about vulner vulnerabilities, and that's gonna continue to be a topic people are gonna ask a lot of questions about. And so um, like I actually just had uh a friend who uh owns a pen test uh business, like all they do is run penetration testing of all sorts of AI enabled pen test stuff, correct? But they they mostly do physical devices and they specialize in healthcare, but they do lots of different things, and guess what? They aren't doing like one one big project anymore, which is better for their business model too. But like now it's hey, you can either choose to do semi-annual, quarterly, or monthly, yeah, because this is all advancing and changing so rapidly in new vulnerabilities based on new models and new technology that are coming out for the that people can use in uh malicious ways. Yeah, you have to get out in front of that. And so they are literally uh, you know, uh conversation we had yesterday related to you know, someone else I introduced them to, they are going to be doing penetration testing for that client every four weeks because it is that that that you know client's kind of at the forefront and it's PHI and all the good stuff, right? Um, but I feel a similar burden, like, man, we've got to be really thoughtful, really careful, and we have to be able to speak it and and not just like know the buzzword. You actually have to be able to speak extemporaneously about these things with executives, especially if you're gonna try to do like enterprisey multi-site big time commercial stuff. Like you've really got to play some catch up if this sounds confusing.

Yeah, I I think that what's super interesting about what you're saying is when people are doing pen testing, or there's or not, like a black hat hacker is trying to find a way to um trying to find a way to hurt you or find a vulnerability, they're trying to find the path of least resistance. And so when they are doing that, they're typically looking for outdated, non-updated hardware that exists on a network that enables them to get into the broader network. And that's that's the whole game, right? Well, do you know one of the oldest tech in the world is freaking security tech, it has inbound ports like crazy. There was a story um that I that they used to preach at Prevo in the early days about uh Target that they one of the local Target stores hired an HVAC person to come in and replace the thermostat, and they put in like a it wasn't, I don't think it was nest, but some type of smart thermostat. Yeah, and they opened a port and they did what'd you say?

Bluetooth enabled some sort, like yeah.

Anyway, they put it on the network and they didn't secure it, and somebody hacked it and got all the credit cards for some you know regional amount of target targets, you know, and this was 10 years ago. And so the point is, it's like if you don't think as an integrator, I don't care what your contract says and how good your limbs of liability insurance is, if you don't think an event like that that hurts your customer is not gonna come back and hurt you, you are sorely mistaken. Like it it is, and the only way to prevent that is to get educated and to work with your manufacturers to understand what is the best way and then to pull the IT person into the conversation.

And by the way, putting my sales hat on for a second, you're gonna look really good if you're not single-threaded to the IT person. Like if you're working in facilities or a property manager and you say, Hey, one of the requirements for us to do this is to get hooked up with your IT person.

That's good. Honestly, people, this is the sauce right here, actually. Like, this is good. You um so many people are not disciplined to be multi-threaded. We preach that to our sales team. And if you don't have that as a requirement for your sales team, especially if it's a deal of any size, like let's say yeah, 25k, 50k, and over, yeah, you know, anything like that, especially on the commercial side for our commercially oriented friends. Um, and and this is true, you know, really. This is uh maybe more true in security, but this has implications in many different verticals, many different industries. And like what a great, I don't want to say excuse, but like what a great line of reasoning to get multi-threaded and and um with a it doesn't have to be fear-based. You almost have to speak of it like, well, of course you would want me to speak to your head of IT, right? Like because of these vulnerabilities, we know what's going on with mop frontier models, and they're like, Oh yeah, man, like for sure. Let me introduce you to Kenny. Um, so Kenny, uh that's that's good. That's yeah, thank you. That's a good pull.

Yeah, yeah, and I think it's uh I think that it's it's relevant, and I think you've got to learn to ask those questions. And if I think soon, if you don't ask those questions, you're gonna be flagged. We always uh if it's you know, it you can get a little lazy if you're doing cloud-based solutions because you really just need outbound internet and say, I don't really need the IT guy. You really still do, truly, because even if you're gonna be on cloud-based, it's not perfectly impenetrable. You should always be on a subnet. I mean, there's whatever. We're not gonna get the nitty-gritty here, but the point is there's always a reason to do it. Um so yeah, I just I think to close this out, my takeaway in all this is like this is becoming important. You're seeing the trend. We actually did an episode with Leo Des that kind of touched on some of these same themes. Um, you should go back and listen to that. Uh, somebody will link it here. I hope. I hope they do because I just said it out loud. But we'll do it. Yeah, for sure. Um, anyway, I think that this is a new reality, and the best way to get up to speed is not reading Wall Street Journal articles or going to another manufacturer training, is to do it in your business. And so if you if that's your if that's the only takeaway you get from this is like run this through your business so you understand why it's important to your consumer.

Yes. And if you enjoy takeaways like this and others that we provide, think about and just consider, prayerfully consider um liking it, little boop, uh, subscribe, share with a friend, a cousin, second cousin, whatever. Yeah, we'd love that. Thanks in Gigum.

Continue Watching
Entry & Exit #47 The Security Industry's Best Lead Generation Channel Right Now
Your Best Salesperson Shouldn't Be Updating the CRM
Entry & Exit #45 Our Biggest Takeaways from ESX 2026
Entry & Exit #44 AI for Service Teams: Scheduling, Notes & More Revenue

Build it. Scale it. Sell it.

Subscribe to the playbook for growing and exiting security and fire companies, led by Alarm Masters’ Stephen Olmon and Collin Trimble.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Entry & Exit is YOUR front-row seat to building a Security & Fire platform.

Available on Spotify and YouTube.
Quicklinks
HomePodcast
Resources
Blog
© Copyright powered by 72HourSites