The Integrator of 2030

Nobody in the security industry can agree on exactly when the transformation will be official, but ask three of the sharpest integration executives in the business about the Integrator of 2030, and they will tell you one thing with remarkable consistency: The finish line doesn’t exist.

What does exist – right now, today – is a widening gap between the integration firms that are actively reinventing themselves and those still kicking the can down the road. That gap is going to become a chasm, and as an executive leading a security integration firm, if you miss that window, irrelevance will arrive quietly. There will be no dramatic collapses, just a slow fade while better-positioned firms take your customers and your talent.

To map the road ahead, Security Business convened its expert integrator panel: Shaun Castillo, President of Preferred Technologies, John Nemerofsky, COO of Sage Integration, and Christine Lanning, President of Integrated Security Technologies (IST).

While their companies represent three very different business models, customer bases, and geographic realities, they all share a clear-eyed view of where this industry is going and what it will cost to get there.

The Finish Line That Doesn’t Exist

Ask any of the three executives whether 2030 is a realistic target for this broader integration business transformation, and you’ll get the same answer delivered three different ways: the date is irrelevant.

The reality, as our integrator roundtable reveals, is far more nuanced.

For the integrator of 2030, Nemerofsky argues, RMR isn't optional; in fact, he has already built RMR into a core pillar at SAGE Integration. “It’s a lot nicer to wake up at the beginning of a month and know I’ve got $3 million of revenue [vs.] saying it is March 1 and we’re starting from scratch,” he says.

SAGE set out to hit 20 percent RMR four years ago and got there in a little more than two years – half the time projected. Nemerofsky says they are now approaching 30 percent and still climbing.

How can other integrators make the same move? His roadmap for integrators involves five steps:

1. Name the program (SAGE calls theirs Einstein); 
2. Build a menu of services with clear pricing; 
3. Get legal documentation around Service Level Agreements (SLAs) and uptime commitments; 
4. Ensure your Enterprise Resource Planning (ERP) software can actually invoice for recurring services; and
5. Most critically, change the company’s compensation model. 

“If you want to sell RMR, make sure you’re incentivizing salespeople to sell recurring monthly services,” Nemerofsky says. “We doubled the incentives we were paying, and we definitely got the result we wanted.”

Nemerofsky’s minimum benchmark for viability – and thus his company’s initial goal – is 20 percent of revenue from RMR. “It’s a reachable goal, and it makes for a much more predictable, healthy business.”

Lanning jumps in with an important caveat: Not all RMR is created equal.  While alarm monitoring and software/subscription revenue are what most security executives first think of when it comes to RMR, IST’s most valuable recurring revenue is embedded personnel; in fact, about a third of IST’s staff reports directly to customer sites full-time.

“That RMR is extremely sticky compared to, say, paying $50 a month for alarm monitoring or $5 a month per reader stored in the cloud,” Lanning says.

For IST, this RMR mix is driven by necessity. With a government-heavy customer base that includes DoD and other government agencies, cloud-based RMR is often a non-starter due to authority-to-operate requirements and compliance constraints. Embedded technicians are where the real, durable, recurring revenue lives for IST.

As SAGE is also focused on embedded staff, Nemerofsky validates this emphatically. He explains the model works on three levels simultaneously: “The number-one thing it does is lead to a better client experience. If your client wants a two-hour response time, the only way you get it is if somebody’s already there.”

For the technician, it means stability and depth, and for the integration company, it means predictable, near-impossible-to-displace revenue. “If you’re embedded there, [the customer] is not going to give a project to somebody else. They have made the decision that you are their partner.”

That doesn’t mean there is only one playbook for the integrator of 2030. Castillo comes at the RMR question from an entirely different angle; in fact, his perspective represents a significant portion of the integration market that rarely gets a voice in the RMR conversation.

Less than one percent of Preferred Technologies revenue in 2025 came from  RMR, and this is a strategic decision on Castillo’s part. Because their enterprise-focused customer base is built around large, complex capital projects, Castillo says RMR is not a viable business strategy for PrefTech.

“RMR is a buying enablement tool,” Castillo explains. “Many of our customers want to buy systems as a managed service or have a very capital-intensive approach. The range of customer appetites is very wide.”

The margin, he argues, is in the outcome, not the hardware. “Customers will pay for outcomes,” Castillo says. “If they’re just paying for cameras and card readers, it is going to be a race to the bottom.”

Redefining the Integrator Value Layer

The traditional manufacturer-to-distributor-to-integrator channel model is under serious strain. Software companies and some manufacturers are selling directly to practitioners. Platforms and AI are commoditizing hardware. The integrators of today may find themselves getting squeezed because they never evolved past moving products; as Castillo points out in the RMR discussion, the integrators of 2030 and beyond must focus on outcomes.

This was validated last October at SIA’s Securing New Ground conference, when Convergint executive Eric Yunag highlighted an ongoing shift using the language of “value chain thinking” – moving from “sell” to “build with” and “competition” to “collaboration.” Modern complexity, and manufacturers and end-users are already taking a route around the integrators who cannot keep up.

“What Eric said is absolutely true,” Nemerofsky says. “The integrator of 2030 needs to figure out how they are critical to the end-user and how they make it so the end-user needs to buy technology through them. You’ve got to integrate – not just resell software they could just buy direct.”

All three integrators agree that the integrator of 2030 must shift from installer to strategic advisor; however, it isn’t just a sales training issue. It requires rewiring how everyone at every level inside the company thinks about its role.

Lanning has institutionalized it at the process level. When a project is handed from sales to operations at IST, the first question asked is what problem they are trying to solve, not which product was sold.

“I can sit here and say I need five cameras and four access control doors, but that doesn’t tell me what problem they are trying to solve,” Lanning says, adding that IT companies consistently miss this aspect. “They install cameras because a customer asked for cameras, but they never ask why the camera goes in that corner. That’s the gap the outcome-focused integrator fills.”

Castillo’s approach is similarly methodical, but it starts even earlier in the customer relationship. Rather than qualifying opportunities, PrefTech works to disqualify them. “We look at the relationship, the future potential, their values, our values, what they’ve done in the past, the systems they use, the long-term strategies – and if we can’t disqualify them as a customer, that means they are a good fit for us,” he explains.

From there, it is about understanding the customer’s pain points: “We want to make them the hero. We’re just the guide,” Castillo says.  

The integrator of 2030 must understand that customers who feel understood pay more and stay longer. Firms that simply respond to RFPs and bid on projects won’t achieve comparable margins. “Customers will invest in you if you can deliver holistic outcomes over a long period of time,” Castillo says.

For integrators targeting enterprise and Fortune 500 clients, Nemerofsky says the strategic advisor role is simply a requirement. “You can’t even get started until you get through the InfoComm department. After that, you’re working with legal to get through a master service agreement, then procurement. It’s quite the process before you can actually talk to a client about the technology and services you offer.”

The integrator of 2030 doesn't wait for a phone call to add two more cameras; they bring customers technology proactively, showing up as consultants before a problem ever requires it.

The Hybrid Technician: It’s Impossible to Build a Unicorn

The security integration industry has long dreamed of the perfect hybrid technician – someone equally comfortable running cable in the Texas heat as they are troubleshooting a SQL environment from a laptop.

“Of course, we’d love to find someone willing to lace up the work boots, put on the safety helmet, and climb a ladder in the hot August Texas sun, while also having the ability to pull up a laptop, troubleshoot software, and provision operating systems on servers,” Castillo says. “But those are unicorns – and if we’re only trying to hire unicorns, we’re going to be very disappointed.”

The solution at PrefTech is to build a high-functioning team where the subject matter expertise lives collectively, not in any single person. Technical depth in IT and networking. Certified professionals who can ask the right questions and guide customers to good decisions. Field technicians who do the difficult physical work. And everyone is bound by deliberately cultivated leadership and relational skills. “We’re investing a whole lot of money in leadership and relationship skills,” Castillo says, “because we have to bring a team together to deliver complex integrated security solutions.”

Lanning learned the hard way what happens when you try to solve it with employees running on separate tracks. “We used to hire dedicated IT people, but it created silos – the IT technicians would do all the software and IT-related stuff, and the hardware installers would never do it,” she explains, adding that the IT people hoarded their knowledge because it made them feel valuable, which meant the field technicians never developed.

“Both areas of expertise are essential to what we do,” she says. “We’re unique – a combination of traditional construction companies and IT companies. And that’s what separates us.”

The practical implications of that convergence show up in the field. Lanning describes a visitor management deployment that went sideways – not because the technology failed, but because the tech team didn’t understand how the customer needed it to work. “That kind of gap absolutely highlights why technical installation alone isn’t enough,” she says. “You’ve got to understand a customer’s needs, how they work, and how to tailor the hardware and software to fully support what they’re trying to do.”

Nemerofsky is driving toward something specific: the Security Industry Cybersecurity Certification (SICC), offered through SIA. SAGE has 125 field technicians, and each has been given the opportunity – along with a $3,500 incentive bonus – to earn the SICC, which covers 21 different areas from networking and cloud to social engineering and cybersecurity vulnerabilities. A few dozen have earned it so far, and the impact is tangible: faster resolution of complex network issues, fewer escalations, and engineers confident enough to put the credential on their email signatures.

“I think that’s a great benchmark for integrators to shoot for,” Nemerofsky says. “The more SICCs you have, the more it tells [customers] about your literacy in highly technical systems. If you’re going to get a low-voltage technician running cable today to actually work on a network tomorrow, they’re going to need to understand IP addresses, MAC addresses, cloud, cybersecurity, and what they should be doing in the field.”

AI is about to change the equation. “You won’t need unicorns in 2030,” Nemerofsky says. “With AI, you can start hiring for aptitude and attitude, not just technical depth. AI can help fill those certification gaps.” More practically, he says AI can compress the junior-to-senior development timeline from 12-18 months down to 3-6 months by assisting with documentation, diagnostics, and real-time learning on complex platforms.

In 2030, hiring will be less about finding the perfect technician with 10 certifications and more about “finding great people and giving them powerful tools to succeed,” Nemerofsky adds.

The Workforce: Invest More, Expect More, Let Some Go

Whether today’s integrator has a unicorn on staff or not, all of them know the talent problem is real. What’s less discussed is how the best firms are solving it — and how much it actually costs.

All three executives operate with a shared belief that investment in people is the non-negotiable foundation of everything else; however, their approaches to building that investment philosophy reveal different roads to the same destination.

“I once got some wisdom from Dee Ann Turner, who was the Chief People Officer for Chick-fil-A for 35 years,” Castillo says. “She said, when it comes to people decisions, kick the CFO out of the room, because those decisions never make financial sense.”

For a security integrator whose service is only as good as the people who show up to a job site, Castillo says there’s no softer way to put it: “People are the crux of what we do, and if we’re going to succeed or fail, it depends on the people who show up.”

He says the integrator of 2030 must come to the realization that training is imperative and is a built-in cost. Castillo says PrefTech already spends roughly five times more on training than the average integrator, covering everything from technical and cyber certifications to leadership development, relationship training, and what Castillo calls “self-reflection” – helping people become healthy, whole professionals.

Lanning takes a similarly systematic approach and has the data to back it up. IST spends approximately $10,000 to $20,000 per employee annually on professional development. Every technician spends one paid hour every Friday in training, she says.

“It’s expensive,” Lanning says without hesitation, adding that IST includes training as a line item in every employee’s annual compensation letter – a deliberate move to reframe development as an investment the company is making in that individual. “That level of commitment is huge for us in terms of our long-term success.”

One-third of IST’s staff has been with the company for 10 years or more, and Lanning connects that retention directly to a culture of expected growth. “I don’t want people to just come in and punch a clock and stay in their own little silo and not learn anything new,” she says. “My goal is to get people out of their comfort zone – but not so much that they drown.”

Nemerofsky frames the workforce challenge through the lens of competition and attractiveness. Security integration has not always been the coolest career path, but again, AI is changing the story. “The work feels more like tech and less like manual labor, and younger candidates, when they hear AI, think of it as a future-proof career path,” he explains.

On the retention side, Castillo is candid about the ongoing poaching problem. “When a private equity firm with effectively unlimited capital makes an offer to one of your top people, you probably can’t match it,” he admits. His response? Stop trying to win on compensation alone.

“It’s imperative that I give them a reason to stay at Preferred Technologies beyond compensation,” he says. “That means creating a culture of encouragement, genuine career paths with demanded growth, and a company identity that people want to be part of. We’re very religious about our culture. You’re going to live it, or you’re not going to be a part of it.”

A few people have gotten those big offers and have left PrefTech – a fact of business, Castillo says. “We hope that they take what they learned here and make the company they’re going to that much better. Our whole industry will be better as a result.”

AI: An Internal Savior

The security industry has heard plenty about AI as a product for customers, from video analytics to autonomous monitoring, gunshot detection, and smart GSOC tools. What is less developed is the conversation about AI as an internal business tool for integration companies.

The integrator of 2030 will use AI both externally and internally, but our roundtable participants suggest starting with the latter.

Nemerofsky recalls a parallel from about 15 years ago, when PSA Security Network CEO Bill Bozeman started pushing integrators to pay attention to cybersecurity. His message then: Get your own house in order before you sell cyber hygiene to customers. The same principle applies to AI. “Maybe you should be using AI in your own business before you start talking to your clients about it,” Nemerofsky argues.

SAGE has done exactly that. Their internal agent, called Sage AI, started with one of the most painful, invisible time-sinks in integration: RFP responses. “We get these RFPs with the same questions over and over again. It can take days, sometimes weeks, to fill them out,” Nemerofsky says. “We took all the questions from our past RFPs, answered them once, and put them in Sage AI. Now, when we get an RFP, we plug it in and in seconds, we’ve got the answers.”

A second AI application for SAGE is client playbooks. Enterprise clients want documented standards for how their installations look – naming conventions, panel wiring standards, specific configuration requirements. Building those playbooks used to take engineering teams weeks; Sage AI gets it 95 percent of the way there, immediately.

The third AI application is automated reporting. Nemerofsky was asking his director of business operations for reports and getting an answer he now finds unacceptable: She hadn’t had a chance to actually look at the report because she was too busy building it.

“It’s more important to know what the report says than it is to just put it together,” Nemerofsky explains. Now his VPs are spending time analyzing data and coaching their teams instead of compiling spreadsheets.

Castillo’s field teams are also experimenting with AI, including an internally developed tool that allows a technician to photograph a panel with their phone and receive an instant quality control review: is it labeled correctly, terminated properly, and code compliant? “AI increases efficiency and effectiveness. It is a tool that makes us do our jobs better,” he says.

The integrator of 2030 will have already found the low-hanging fruit that will dramatically improve efficiency. “If there’s a process that takes 30 minutes every time and an AI tool can get it down to two minutes, that’s your opportunity – find those first,” Castillo says. “The integrator of tomorrow understands where human decisions make a difference. Empower people; give them the tools and freedom to be in the right position at the right time to make those human decisions that need to be made, and then automate everything else.”

Cybersecurity: A Posture, Not a Product

The truth about cybersecurity and most security integrators? For the majority, it isn’t a revenue stream and probably shouldn’t be. Lanning, whose government-focused business requires deep cybersecurity competency, says it plainly: “Stay in your lane. These cybersecurity people are way too expensive, and they’re all taken up by the big boys.”

But staying in your lane doesn’t mean staying ignorant. The integrator of 2030 doesn’t need to be selling managed security operations, pen testing, or incident response. What they do need is fluency – the ability to speak the language, meet compliance requirements, and ensure their own house is secure before they set foot on a client’s network.

Castillo frames it as part of the company’s DNA: “Five years from now, cybersecurity will just be a part of our business. It won’t be segmented or an addition; just a core part of who we are.” For PrefTech, that means SOC 2 Type 2 compliance, certifications across the team, and fluency in the cybersecurity conversation. “We have great cybersecurity hygiene. It’s a core part of our business internally and externally with customers.”

For integrators operating in the federal and defense space, the stakes are considerably higher. CMMC (Cybersecurity Maturity Model Certification) isn’t optional or waivable, and it applies all the way down the supply chain. “Even if you’re a sub, you have to be CMMC compliant,” Lanning says. “I think you need to understand cybersecurity from an ownership or executive perspective, because ultimately you have to sign off on what’s being done in your organization. That’s just the reality.”

For integrators who want a starting point, both Nemerofsky and Castillo point to the SICC as a meaningful benchmark. Nemerofsky also recommends integrators work now toward SOC 2 or ISO 27001 compliance, because customers who will require it in 2030 are already starting to ask.

Survive to Thrive: The Big Picture

Castillo says the integrator of today needs to focus on three things to become an integrator of 2030:

1. Agility: “If I could predict the future, I’d be in Vegas right now. Since I cannot predict the future, I need to make sure we remain agile – that we’re ready to adapt and move as the market says we need to.”

2. Stop leading the company of today: “We get caught up fighting the daily fight and lose sight of the future. Transformation takes a while. If I’m reactive, it’s probably already too late.”

3. Put hay in the barn: “Manage the store well and reserve funds so that you can make investments when they’re needed. Make sure you have cash available and lines of credit, even when you don’t need them.”

For integrators who don’t embrace the 2030 mentality, what does failure look like? For Lanning, it’s a single word: transactional. “If you don’t invest in or find the right people, you’re just going to become a transactional company,” she says. “There’s going to be less and less of them, or if they exist, they’re going to struggle in the long term because all they have to offer is a lower price.”

Nemerofsky sees failure as being passed by rather than going out of business. “There’ll be a huge disparity between the companies that have taken these steps and those that haven’t. You’ll be having a totally different discussion in a meeting if you don’t take these steps.”

The path forward, all three agree, starts with an honest assessment of where you stand today: “Stop kicking the can down the road and invest in the future today,” Castillo says. “Change is a constant. You just have to accept that and be willing to invest today, so you have a viable business tomorrow.”