MSP 1337

Managed Service Providers are being pushed to “get compliant fast.” In my discussion with Bruno Leqoc, we reframe the challenge. Compliance isn't security, and lasting compliance depends on security maturity first. Highlighting how AI policy can extend existing governance frameworks, why Microsoft Secure Score is a practical readiness indicator, and why foundational controls (MFA, patching, device management/remote wipe) must come before certifications and GRC tooling. In this episode, we also explore MSPs' expanding responsibilities in data privacy and governance amid fragmented U.S. state laws and why client alignment and continuous maintenance are the true costs of compliance.

Exploring the fast-moving intersection of AI governance, ethics, and cybersecurity, examining how organizations are struggling to adopt AI responsibly while keeping pace with innovation. The conversation highlights a growing disconnect between enthusiasm for AI tools and the absence of clearly defined use cases, governance models, and security guardrails.As AI capabilities rapidly expand, Dr. Adeel Sheikh Mohammed emphasizes that organizations must move beyond checkbox compliance and adopt a shared, strategic approach to AI risk, ethics, and cybersecurity maturity.

Phishing simulations are one of the most debated tools in cybersecurity awareness, but do they actually work?In today's episode, we're joined by David Shipley, former soldier turned cybersecurity researcher and founder of Beauceron Security, to unpack what the data really says about phishing simulations, human behavior, and why zero clicks has never been, and will never be, the goal.

Have you ever been stuck in an elevator? What happens when you push the call button? Physical safeguards managed by a 3rd party are often ignored or marked as N/A. What happens when processes and procedures don't get updated after a change? Listen in as Charles Love of ShowTech Solutions shares his experience of being trapped in an elevator and what we should all take away in lessons learned.

A much-needed discussion on the fast‑shifting world of data privacy in 2026 and what it means for MSPs on the front lines. From the tangled web of U.S. state privacy laws to the rising risks hidden in modern data flows (yes, even your car!), guest Andy Sambandam, Clarip CEO & Founder, lays out why every security breach is now a privacy breach, and why security and privacy are officially a forever marriage. We dig into transparency, consent, data mapping, retention policies, and the growing pressure on businesses to actually practice what their privacy policies preach. If you want to stay ahead of compliance, client expectations, and real‑world data risks, this episode gives you the clarity and direction you need.

In this episode, we cut through the AI hype with Alane Boyd to unpack what MSPs really need to know about today's AI landscape. We cut right to the chase on data‑privacy pitfalls and free-tool misconceptions, and on the rise of AI agents that go far beyond simple automation. We explore practical, business-ready use cases, how to build safe and effective AI policies, and why better prompting (and better balance with our mental health) matters more than ever. If you've wondered how AI can help your team without putting your data at risk, this episode delivers the clarity you've been looking for. If you are looking to connect with Alane Boyd, her website is biggestgoal.ai

Chris Johnson and cybersecurity expert Robert Siciliano dive into the human side of security, exploring why default trust and denial make people vulnerable to social engineering and cyber threats. They discuss the cultural framing of security, the importance of personalizing security practices, and why leadership must model proactive behaviors. The conversation introduces the concept of a “strategic human firewall,” emphasizing that proper protection comes from security appreciation, not just awareness. From AI-driven fraud and voice cloning to practical steps like password managers and two-factor authentication, this episode highlights how mindset shifts and personal responsibility are key to resilience in today's threat landscape.

Resilience and Continuous Improvement for ITSPs as we go into 2026. I discuss what it means to be on a resilience journey with Charles Love of ShowTech Solutions. ShowTech Solutions has reached a milestone in its maturity journey, achieving Assured status, and continues to advance its maturity process. Experiences and lessons learned that will help any ITSP on their own journey.

Predictions and challenges in the technology and cybersecurity space for 2026, with a focus on Microsoft ecosystem changes, licensing, security, and the impact of AI and Copilot. I had a chance to catch up with Shay Cohen of Optimize365.io this week, and I think you will find his insights on the future of CoPilot and other unique changes we can expect in 2026.

In 2026, AI will increasingly integrate into business processes, emphasizing strong data quality and security as prerequisites for success. AI agents, distinct from chatbots, will operate with machine identities to automate tasks while supporting, rather than replacing, human decision-making. This is just a glimpse of the insights Ben Wilcox of ProArch shared this week.

Looking ahead to 2026 trends and challenges in the MSP (Managed Service Provider) space, focusing on AI, automation, security, risk management, and social engineering. In a conversation with Josh Hohbein of Centrex IT, we discussed the key challenges and opportunities as we enter 2026.

Predictions for the Managed Service Provider (MSP) cybersecurity landscape in 2026, with a focus on risk management, the continued importance of basic cyber hygiene, open-source adoption, and the strategic use of risk registers. Did I say Risk Register? Dom Kirby brings it home: the importance of the Risk Register and its role as we enter 2026. He advocates that MSPs move beyond discussions of technical tools and engage in business and risk conversations with their clients.

I sat down with Chris Loehr to discuss the varying approaches businesses are taking toward cybersecurity spending as they plan for 2026, highlighting the influence of private equity and the unpredictability in budget increases or reductions even within the same industry.

From what keeps us up at night, to just meeting the minimums and nothing more to be compliant. Dorota Ulkowska of Accurate Networks and I discuss the recurring challenge of clients, tiny businesses, resisting recommended cybersecurity practices due to cost, perceived inconvenience, or a belief that risks are exaggerated, with Dorota providing real-world examples from their experience at Accurate Networks.

Sitting down with Bobby Glen James of Boteka about the importance of simplicity in IT security for MSPs. Bobby shares lessons from decades in the industry, advocating for Lean IT practices, streamlined technology stacks, and a service-first approach that avoids hardware upselling and long-term contracts. Practical insights on risk management, prioritizing critical systems, and building resilient, client-focused MSP services.

By the end, it is hard to believe that in 2025, less than 30% of all Web Domains have properly configured SPF, DMARC, and DKIM records. Yep, less than 30% of the top 10 million domains. I sit down with Al Iverson of Valimail to talk about DNS records and the importance of SPF, DMARC, and DKIM records. Might sound a bit boring...At the end of November, bulk mailing will stop working for your company if you don't have those records configured correctly.

Once upon a time, I was an MSP. Looking at everything that MSPs have to keep track of, both internally and client-facing, can be overwhelming. I sat down with Dor Eisner of Guardz.com to talk about the biggest challenge facing MSPs.

With IT Nation Connect Global only a week away, we wanted to share some of the workshops and the value frameworks play in helping shift the conversations about cybersecurity from speed and feeds to Risk. Josh Hohbein of CentrixIT to get his perspectives and why he is so passionate about helping other MSPs and their clients better understand how frameworks help and the importance of the GTIA Cybersecurity Trustmark.

First ever monlogue with CJ... I recap some of the things I found to be of interest over the past few weeks with Pax8 EMEA and ChannelCon EMEA... Tell some stories and then looking forward to MSP Global. This one is short and sweet and I hope you find some entertainement in it.

Incident Response Planning and tabletop exercises have been discussed on the show several times. However, how do you get culture adoption and buy-in from all staff? I sit down with Amanda Lachapelle of Auvik to talk about IR Games, how to do them, and the importance of doing them, not just internally but also with your clients.

A Discussion around the global proliferation of cybersecurity and technology events, noting regional differences, the heavy concentration of events in October, and the increasing overlap in topics and audiences. Chris and Henry Timm of Phantom Technology Solutions also reviewed the agendas and standout features of key events they plan to attend—PAX8 Beyond, Channel EMEA, and MSP Global—highlighting session themes, notable speakers, and unique elements shaping the month's cybersecurity dialogue.

Pax8 Beyond EMEA 2025 is less than a week away, and I wanted to take a minute to talk about the cyber sessions. What Matt Lee, of Pax8, is doing (today's guest), specifically his AI and CTF session. We might drift a bit in our conversation and go down a deep rabbit hole when setting up a home lab on the cheap. Enjoy!

Using a framework to assess a client is a great way to baseline security and compliance. We explore the challenges, hurdles, and best outcomes when you look at who is responsible for different pieces. Some safeguards can only be implemented or addressed by the MSP. Other safeguards require the participation of both MSP and the client. Lastly, some safeguards require the client to lead. Jim Harryman of Kinetic Technology Group shares their approach to get the desired outcome.

At Channelcon25, I was able to capture a few of our members in some in-person interviews on different topics. Dustin Bolander of Beltex Insurance had some really interesting insights that I wanted to share before we get to cybersecurity month.

Identity is who we are, and it is constantly being subjected to many different threats. I sat down with Kristen Costagliola CTO at Syncro, to talk about the challenges and some of the solutions to help MSPs and their clients make good decisions about protecting their identity.

In the current threat landscape, one can easily become overwhelmed. I sat down with Noam Morginstin, founder of Exigence, to talk about realistic ways MSPs can begin building their Incident Response Plan and how to tackle successful Tabletop Exercises and prepare for resilience.

If you are an MSP, there is probably at least one tool in both the physical space and the digital space that you were just awestruck when you finally got your hands on it. I sit down with Charles Love of ShowTech Solutions to talk about some tools from the wayback days and how the tools today are in some ways truly transformational in how they save us time, make us more accurate, and help us take better care of our clientsIf you are a Managed Service Provider (MSP), you likely have experienced a moment of awe when you finally got your hands on a tool—whether it was in the physical realm or the digital space. I recently sat down with Charles Love from ShowTech Solutions to discuss some of the tools from the past and how today's tools are truly transformational. They save us time, enhance our accuracy, and allow us to provide better care for our clients..

How do you get your clients to take cybersecurity seriously? I sat down with Ann Westerheim of Ekaru to discuss strategies for helping MSP clients improve their cybersecurity posture.

Getting to compliance... Do you end up with more to do because you have the GTIA Cybersecurity Trustmark Assured? I sit down with Chase Griffin with ShowTech Solutions to talk about their experience and what has transpired since achieving Assured status and how that changed their outlook on improving their compliance to a standard and setting them up to be resilient.

When a client is hit with ransomware, it can be paralyzing. After the tabletop exercises carried out at #ChannelCon25, Jason Comstock of Clarity Technology Solutions explored ransomware and the path to recovery. Stay tuned to the end for Jason's after-action report.

With more than 100 attendees for a full day of networking and learning. The TD preday and another 30+ next door for MSP-Ignite peer group facilitated discussions, it was a learning and growing experience for all. I sat down with Roddy B. of ShureWeb to get his take and perspective. We went off script a few times, and I'll be sure to bring some more insights in future episodes. Insights to be had for sure all the way around.

Charles Love of ShowTech Solutions and I sit down to discuss Channelcon25. Why you should attend and a preview of some of the sessions. From MSP-Ignite and their peer group style conversations to Tech Degenerates and many other communities coming together for a Monday Pre-day and then rolling into the daily agenda, centered, of course, on sessions that pertain to Cybersecurity and perhaps a path to developing the skills to help you on your GTIA Cybersecurity Trustmark journey.

With some of the recent events in the ransomware space, I had a chance to hear firsthand from Dave Alton of Strategic Integrated Resources. I asked the question, "What is concerning you today?" This discussion has some action items that you can do with your own clients. Whether you are dealing with business email compromise, wire fraud, or are just worried about a vendor, you will want to listen in as Dave shares. Also, stay tuned to the end. ChannelCon and the Tech Degenerates preday is less than 2 weeks away.

Cybersecurity Insurance and Risk Management are generally conversations we avoid in the ITSP space, but with recent events, Matt Lee and I sit down to talk about how the two complement each other, the pitfalls, and some tips for protecting yourself through both.

With more than 30 ITSPs through their first assessment cycle, I wanted to take some time to get feedback on why it is an important process for any ITSP. A raw conversation with someone who will pull no punches on providing feedback as it pertains to the Trustmark and the history of what Trustmarks have come out of GTIA for its members. Charles Love of ShowTech Solutions provides significant insights that allow everyone to find at least one nugget.

The challenges and opportunities facing Managed Service Providers (MSPs) in 2025 are ever-changing, and the twists and turns keep any MSP on their toes. As I sat down with Brian Rodgers of Aeko Tech, we discussed several topics and found ourselves hitting on a recurring trend: the ever-evolving role of AI in business operations. Here are the four areas we covered: Client Education - If they don't understand the why, they tend not to comply. Entrepreneurial Resistance - You have heard it before, "I got this." Compliance misunderstandings - Attempting to check a box when asked to have a risk mitigation strategy, and last... Customization over productization - which translates to compliance solutions, must be tailored: one-size-fits-all packages often fall short.

Where does my data go? What data was sent across the API? How do we separate the signal from the noise? Pedro Castillo of Onum and I sit down to talk about what might be the subsequent transformation of data processing since Akamai came on the scene. Onum's mission is to address the challenges in data management and cybersecurity. Enjoy our raw conversation, which just got captured; we agreed to share it immediately.

A fireside chat with George Bardissi of bVoIP and me at the 1Stream by bVoIP Partner Gathering. Mistakes we made, the challenges we overcame, and then we jump into some interesting questions ranging from AI and Insurance to the Cybersecurity Trustmark and how it benefits MSPs. This is a different format and was recorded with a live audience.

Sitting with Henry Tim of Tech Degenerates and Phantom Technology Solutions to talk about GRC platforms. What makes it a GRC platform? How important is a GRC in my MSP? These questions and several others are tackled, and I think we have found some answers.

There has been a lot of buzz over the last 12 months surrounding the use of GenAI. We are all familiar with the likes of ChatGPT, Perplexity, and others, but what is the real value of AI when used correctly? I sat down with Alex Heublein of NETSURIT to talk about how they take an approach with their clients that involves democratizing AI and automation.

With ITN Secure right around the corner, I sit down with Matt Topper of ConnectWise to talk about Community. What does it mean to share in a community? Matt Topper and others at ConnectWise are bringing the community to their partners. GTIA and Tech Degenerates... Whether you are in a community, peer group, or part of an association, this is for you. When multiple groups come together to share, everyone benefits.

Over the years industry events have evolved. I remember the earily 2000s and it was very partner focused, Community, Vendors shared their roadmaps and you heard directly from those that were running the inititiatives. Join me as Charles Love of ShowTech Solution and I look at the changes and how we are seeing a glimplse at a new future of smaller micro events and more community.