Podcasts about EDR

At Infosecurity Europe 2026 in London, Matt Ellison, Director of Sales Engineering EMEA & APAC at Corelight, joins Sean Martin to unpack the visibility gap widening across security operations. The SOC is either drowning in data or missing the data that matters most. Corelight, custodian of the open-source Zeek project, builds a platform that turns raw network traffic into evidence teams can actually use. Why do today's most evasive attacks slip past endpoint detection? Because they are designed to. Ellison points to typhoon-style campaigns staged from network and hardware devices specifically to avoid EDR. When a platform sees all of the network traffic moving backwards and forwards, those moves stop being invisible. Seeing more is only half the battle. Ellison describes teams trapped by a fear of missing something, switching on every "just in case" detection until alert volume becomes its own crisis. The real question shifts from "what fired" to "what does this actually mean for my environment." How do you investigate a detection you cannot see inside? A black box hands down a verdict with no evidence behind it. Corelight takes an open approach, exposing the data behind every conclusion so analysts can follow a flow to its root cause and apply the one thing no vendor ships: their own knowledge of the network. The proof tends to show up fast. Ellison recalls a proof of value where, within thirty minutes, the team surfaced sensitive information moving unencrypted across the network. Other finds are smaller but telling, like a finance team's certificate using a weak cipher. Corelight even names its catch-all logs plainly, the "weird" log and the "unknown" log. Visibility feeds compliance too. Frameworks like NIS2, DORA, and GDPR demand evidence, not a tool humming in the corner that no one reviews. Ellison previews a coming release that adds asset classification, identifying every device on the network and explaining the why behind it. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUESTMatt Ellison, Director of Sales Engineering EMEA & APAC, Corelight LinkedIn: https://www.linkedin.com/in/matthewrellison/ RESOURCES Learn more about Corelight, including customer stories: https://corelight.com Zeek, the open-source NDR project Corelight maintains: https://zeek.org Infosecurity Europe 2026 coverage from ITSPmagazine: https://www.itspmagazine.com/infosecurity-europe-2026-infosec-london-cybersecurity-event-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight ▶︎ Get your own Brand Briefing at an upcoming event: https://www.studioc60.com/buy-brand-briefings KEYWORDS Matt Ellison, Corelight, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, network detection and response, NDR, Zeek, open source security, network visibility, threat hunting, SOC alert fatigue, EDR evasion, encrypted traffic analysis, NIS2, DORA, GDPR, Infosecurity Europe 2026 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Estamos asistiendo al fin de los utilitarios y el Segmento A. Este tema me toca la fibra sensible porque afecta directamente al derecho a la movilidad de los más jóvenes y de las rentas más bajas. ¿Has intentado comprar un coche pequeño y económico últimamente? Es imposible. El Segmento A ha muerto. Modelos honestos y racionales como el Seat Mii, el Ford Ka o el Citroën C1 han pasado a mejor vida, y no por falta de clientes, sino por un "suicidio financiero" provocado por la normativa. El "impuesto" de la seguridad obligatoria Desde 2024, con implementación total en este 2026, la Unión Europea exige que todos los vehículos nuevos incorporen sistemas ADAS (seguridad activa). Hablamos de frenada de emergencia, asistente de carril, detector de fatiga y la famosa caja negra (EDR). Técnicamente, instalar estos sensores en un coche de 100.000 euros es insignificante, pero en un utilitario diseñado para costar 10.000 euros, supone un sobrecoste directo de unos 2.000 euros. Rediseñar el cableado y el salpicadero de un coche diminuto para que todo quepa dispara los costes de ingeniería. El fabricante se queda sin opciones: o vende el coche a 17.000 euros (y nadie lo compra) o deja de fabricarlo. La estocada final: La Normativa Euro 7 Si la seguridad hirió al segmento, la Euro 7 le ha dado la estocada. Para que un motor de 1.0 litro cumpla con los límites de óxidos de nitrógeno y partículas en condiciones reales de conducción, necesita un sistema de escape extremadamente complejo. Catalizadores de tres vías avanzados y filtros de partículas de última generación añaden otros 1.200 euros de coste mínimo por motor. La física y la química no entienden de presupuestos ajustados; limpiar los gases requiere metales preciosos y tecnología cara. El refugio de los SUV y la rentabilidad Las marcas han descubierto que es mucho más rentable vender un B-SUV que un utilitario tradicional. Mientras que en un coche de 12.000 euros el beneficio neto podía ser de apenas 500 euros, en un SUV basado en la misma plataforma el margen salta a los 3.000 o 4.000 euros. El valor percibido por el cliente es mayor, aunque la tecnología interna sea casi idéntica. Estamos pasando de una industria que buscaba motorizar a las masas a una que busca maximizar el beneficio por unidad. La falsa promesa del coche eléctrico Muchos dicen que el eléctrico salvará el segmento, pero la realidad industrial de 2026 dice lo contrario. Una batería con autonomía digna cuesta hoy cerca de 6.000 euros. Si solo la batería representa el 40% del coste total, es imposible fabricar coches eléctricos de 10.000 euros. El coche eléctrico pequeño se está convirtiendo en un segundo o tercer coche para familias de alto poder adquisitivo, no en una solución para el ciudadano medio. Consecuencias: Un parque móvil envejecido Al encarecer artificialmente los coches pequeños, estamos consiguiendo el efecto contrario al deseado. Como la gente no puede pagar un coche nuevo, mantiene su vehículo de 15 o 20 años. Estamos envejeciendo el parque móvil y, por tanto, contaminando más. Es la paradoja de la movilidad moderna: hemos legislado contra la sencillez y, al final, hemos expulsado a la población de la movilidad privada nueva. En el video de hoy recordamos clásicos como el Fiat Panda de segunda generación, el ejemplo perfecto de lo que hemos perdido: un coche indestructible, lógico y barato que hoy sería ilegal fabricar. Bienvenidos a la era donde la sencillez es un lujo prohibido.

Podcast: Industrial Cybersecurity InsiderEpisode: Five Federal Agencies. One Zero-Trust OT Briefing. Most Haven't Read it.Pub date: 2026-06-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe joint CISA, FBI, Department of War, Department of Energy, and Department of State briefing on adapting Zero Trust to operational technology landed on April 29. Has OT leadership read it?In this episode, Craig and Dino address how the European Cyber Resilience Act is quietly forcing US plants into failed audits, why IT teams still see less than a third of OT assets, how EDR tools are taking down $100K-an-hour packaging lines, and why only a handful of integrators in North America have a real OT cybersecurity practice. They walk through what zero trust and micro-segmentation actually look like inside a 20-year-old plant with flat layer-two networks, DLR rings, jump boxes, and Cradlepoint workarounds, and lay out the first concrete move every CISO and CIO should make to start closing the IT/OT gap.Chapters:(00:00:00) - Cold Open: How the European CRA Is Failing US Plants(00:01:30) - The April 29 CISA/FBI Zero Trust in OT Briefing Nobody Read(00:05:00) - Compliance Without Teeth: Why US Regulations Aren't Moving the Needle(00:07:30) - When CrowdStrike Shuts Down a $100K-an-Hour Packaging Line(00:10:30) - The Visibility Gap: IT Sees Less Than a Third of OT Assets(00:15:30) - OEM Resistance: The Million-Dollar, Six-Month Cybersecurity Tax(00:18:30) - The Cradlepoint Workaround: How Plant Managers Bypass IT(00:21:30) - Layering Zero Trust onto a 20-Year-Old Plant Without Rip-and-Replace(00:25:30) - Why Only 5–10 of 1,000 Integrators Have a Real OT Cyber Practice(00:31:30) - Where CISOs Should Actually Be Looking (Hint: Not RSA or Black Hat)Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode, Raghu Nandakumara sits down with two heavyweights in cybersecurity: Dr. Anton Chuvakin (Google Cloud) and Erik Bloch (Illumio), for a candid, often funny, and occasionally sobering look at why detection and response keeps fighting the same battles it was fighting 20 years ago. From the birth of SIEM and the coining of "EDR," to the short-lived reign of XDR, to today's AI hype cycle, Anton and Erik trace the full arc of the industry's evolution and interrogate why, despite decades of tooling investment, the fundamental outcomes haven't changed.  Alert fatigue, signal-to-noise ratios, and the needle-in-the-haystack problem remain as stubborn as ever –and the slides security teams are building in 2025 look suspiciously like the ones from 2003. Raghu, Anton, and Erik discuss: Why the SOC still largely runs on a 1990s operating model and what it would actually take to change that How compliance pulled SIEM away from detection for over a decade and why that hangover still lingers Why a handful of engineering-led organizations (Google, Netflix, a European bank) have cracked the code while nearly everyone else keeps applying band-aids The pharmaceutical industry analogy that explains why security startups keep building band-aids instead of solving root causes What MDRs are doing right and why enterprise SOCs have no incentive to learn from them Why AI is accelerating tooling but, for some organizations, actually slowing down the harder transformation work How securing AI is repeating the exact same mistakes made in the early days of cloud Stay connected with our host Raghu on LinkedIn For more information about Illumio, check out our website at illumio.com

Send us Fan MailAI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CISSP thinking and real security leadership.We walk through what is driving the mess: board-level pressure, AI FOMO, and the dangerous habit of treating AI agents like old-school automation. Then we get concrete. We talk about why many enterprises still lack an inventory of AI agents, why traditional security tooling is tuned for human behaviour anomalies, and what it actually takes to be audit-ready. We cover practical governance frameworks like tiered autonomy, why observability is more than collecting output logs, and how to design decision-path tracing with execution records and decision logs you can act on.To make it actionable for exam prep and day-to-day work, I close with CISSP-style practice questions on the exact scenarios you will face: detection gaps, human approval bottlenecks, least privilege for agents, proving decisions during audits, and architecting platforms that balance operational efficiency with risk management. If you are serious about passing, I also share how my CISSP Sprint cohort is structured to force momentum, including booking your exam date early.Subscribe for weekly CISSP-focused training, share this with a teammate building AI workflows, and leave a review so more security pros can find the show. What part of AI agent governance is your biggest blind spot right now?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

https://youtu.be/sUyjA0muVgM Tom Kirkham, Founder and CEO of Kirkham IronTech, believes business should create value for everyone involved — employees, clients, vendors, and the broader community. After overcoming major personal challenges and rebuilding his perspective on leadership, Tom embraced stakeholder capitalism and built a company culture focused on long-term partnerships, trust, and continuous learning. In this conversation, Tom shares the IronTech Framework — a practical approach to modern IT management built around three core pillars: Generate ROI and Productivity, Make Cybersecurity Core, and Surround it with a Governance Layer. He explains why businesses should stop treating IT as an expense and instead view it as a strategic investment that improves productivity, protects the company from cyber threats, and aligns technology with leadership goals. Tom also dives into the massive scale of the cybercrime industry, why governance is often the missing piece in cybersecurity, and how proactive IT strategy can dramatically improve business performance. — Turn Your IT into Your Growth Engine with Tom Kirkham Good day. Steve Preda here with the Management Blueprint Podcast, and today’s guest is Tom Kirkham, the Founder and CEO of Kirkham IronTech, where he helps businesses build strong, secure IT foundations, whether fully managed, co-managed, or cybersecurity only. Tom is a keynote speaker on cybersecurity, and he’s the author of two books, Hack the Rich and The Cyber Pandemic. Tom, welcome to the show.  Oh, it’s great to be here, Steve.  Well, great to have you here. And I am curious to dive in, and would like to ask you my favorite question. What is your personal ‘Why’, and how are you manifesting it in Kirkham IronTech?  That’s a great question. So the company’s about twenty-six years old. I went through a lot of personal health problems, and then my wife was real sick, and she ended up passing away—it's been about eleven years ago now. And I was fortunate enough to put a friend of mine in the company, and he was able to take over while I was dealing with this for a couple of years. And when most of it was done, I took some time off and did a lot of traveling and a lot of thinking and a lot of reading. And I’m a lifelong reader, a lifelong learner, and I went back through my history of investing techniques, understanding what makes a good company great. If you’ve read Jim Collins, you know what I’m talking about. And so during those times, I was reflecting, studying philosophy, studying biographies of other CEOs like Elon Musk, Steve Jobs, Andy Grove—gosh, the list goes on and on. Whether you like them or hate them, it doesn’t matter, right? There’s always something you can learn. And I came upon and read a lot about stakeholder capitalism. Like Peter Drucker says, “Culture eats strategy for breakfast.” And I understood what that meant, and it was kind of weird. So when I re-engaged with the company, I identified one of the weaknesses, and I said, “Well, if we need to do marketing in this business—which we have to do in any business—I really need to master marketing.” So I spent a lot of time with marketing gurus, most of them are what I would consider household names these days, and re-engaged with the company to do marketing to establish a great culture around stakeholder capitalism. In other words, we exist as a for-profit business not just for the shareholders but for everyone—the community, vendors, employees. And I really wanted to be around people I enjoyed being around. I wanted them to enjoy coming into work.Share on X And so we’ve been trying to perfect that system in the culture for the past ten years. Of course, no one's perfect, but if you pursue perfection, you can achieve excellence. And I think we've done a really good job. We have very low turnover. Everyone seems genuinely happy to be there, and it's really fulfilling. It's more of a personal feeling because I've been a successful investor practically my whole adult life. I started investing in stocks when I was nineteen, and I'm sixty-four now. So I didn't really need the company. I could have just closed it up or sold it or whatever. But I really wanted to have my own reasons. Those are the things that drive me, and I hope they drive everyone else too.  What resonated with you with this idea of stakeholder capitalism? It just made sense. The obvious part is with employees—all of that is true. That's obvious to any good leader or manager, right? As you well know, there's a difference between leadership and management, and understanding that distinction, and the difference between sales and marketing, and understanding those things. A good example is dealing with vendors. There are all sorts of vendors that supply products and services to us, so we carefully vet these tools and vendors to see if their values align with ours, just like we do with prospects. But especially with vendors, if it's something new—a new tool that we're going to invest a lot of time, money, and energy into to make their product or service successful for us and successful for them—we make a commitment to that vendor.  So it's not about the money or how cheap I can get it. What I want is a good partnership with every stakeholder. And I want to make sure that when I'm dealing with a vendor, if it fails for us, it's not our fault—it's their fault, right? Either they oversold the product or they didn't deliver on the service component. I didn't want it to be because we failed to do the right training, or didn't communicate properly, or missed all the other things that are just part of doing business the right way. And that applies to our employees, our local community, and every stakeholder in the company.  Yeah. I like it. So you're looking for partnership-based relationships where it's win-win. And yeah, if you want people to stick around, it has to make sense for them too. You can't exploit your partners forever without consequences. So that makes a lot of sense. So Tom, let me ask you this other question. This podcast is called The Management Blueprint because I'm always looking for frameworks—something practical that helps businesses achieve results. Usually it's some kind of three-to-five-step process that helps you grow the business, get customers, improve operations, or understand something at a deeper level. So when I ask about your favorite business framework, what comes to mind?  Well, we have a thing we call the IronTech Framework.  Okay.  And it was something that we came up with many years ago and started practicing seven or eight years ago, and it's a framework. It's like the NIST Cybersecurity Framework. I looked at NIST and there's five components to it, and it's about cybersecurity. And I looked at this and I go, “None of this works without the right policies and procedures in place.” The security training—it's not enough just to throw it out there and tell all your people to take it. You've got to follow up, you've got to manage, and coach, and everything like that. And so I started adding this governance component to the way we sold it, presented it, and practiced what we do for our clients day in and day out. Help them develop the policies and procedures for all of the different things, the protocols.  If somebody accidentally fires off a ransomware attack, they need to know they're not going to be penalized for it. We need to know as soon as possible to stop it. And just little things like that, there's a lot that really improve the effectiveness of all of these tools and services that we provide to their clients. And unbeknownst to me, NIST, who has the cybersecurity framework, they added governance about three years ago to the other five things. And so that was kind of nice to know that we were exhibiting some thought leadership. And so when we go in, it's all well and good if you want to put these protections in and these particular products, but we're a best-of-breed company. Like one of our critical tools that's required for our clients to put in place, to buy it and use it every single day on every single computer, is what's known as an EDR. And it's basically an AI-based super turbo antivirus.  To even call it an antivirus is not doing it justice. So there's three legs to the IronTech Framework. We want to make sure that you're getting a return on your investment in IT, because that's why you buy it. If you treat IT as an expense, you need to kind of change the way you're thinking. You want to improve productivity and efficiency.Share on X The second leg is cybersecurity, because a bad cyberattack can put you out of business. I think the last stats I saw were something like 40 to 60% of businesses go out of business within two years of a significant cyberattack. And then finally, the third is governance. That's the three legs of our IronTech Framework. So part of governance is engaging with our clients' management and leadership—the CEO, finance, of course the CIO, the CISO or security officer, and maybe even the board sometimes. Really getting to know: what are your objectives, and how can we utilize our services to best help your company realize those objectives? Because for most companies, there's no other vendor they engage with as much as us.  We're talking to Susie every day. We're talking to Bill every day. We know that Mary's out sick and Steve's on vacation. I mean, when you're running help desk, stopping attacks, providing training, and all the support we provide along those lines, we get to know their company better than practically any other vendor by far. So it really helps if our clients treat us as a partner to help them realize their goals and objectives. And when all of that clicks into place, then it makes recommending things easier.Share on X “Okay, you need to replace these 30 laptops that are four years old. You're not getting an ROI on them.” “This server's five years old. Let's start thinking about replacing it.” “We have this new tool that's really excellent. We're recommending everybody get it.” And because we've developed that trust, those conversations become pretty easy. For the most part, everybody just says yes. But of course, we don't sell just to sell, especially when it comes to things like hardware. That's not really what we're here for. We're here for the day-in, day-out work: keeping things running, stopping breaches, and putting the policies and procedures in place to run your company as smoothly as possible.  Yeah. I love that. So when I had an IT back in the 2000s, I had an IT person who was a contractor, but he was very active in my business, and I always wanted to talk to him and pick his brain. What are the new things out there? How can we make our business more efficient, more effective, more attractive to employees? Cooler. I wanted to be cool. So I wanted everyone to have a PDA in the early 2000s with email on it—a PalmPilot. And we had multiple screens, and I was looking at, okay, how can we manage data in the cloud and on our server so we don't have to deal with it in the office? That kind of stuff. And I really thought about it as a great investment because it was much cheaper than hiring people. And if you give people good tools, they're going to be more motivated and more effective. So I thought it was a no-brainer.  Yes, but there's still a subset of people that treat IT as an expense. Then there are some companies that tend to put IT under the finance guy because the finance guy usually has a lot of IT experience, but never actually did it as a career or a job, right? And those situations are hard because I need CEO-level or owner-level approval, and I need a direct route to that person.  Yeah, that makes sense. So Tom, tell me, what drives growth in your business?  Yeah. From a growth perspective, for us, number one is maintaining our clients and reducing churn. Number two is—I don't know if you're asking about tactics or strategy—but of course we want to get new clients for the right reasons. So we prefer inbound strategies. We don't cold call people unless we've already contacted them in another way, if that's what you're asking.  Yeah. I'm asking what the real driver of growth is. I understand that you do marketing and inbound marketing, but what makes people want to have an IT service partner like you? Well, they understand those three pillars of the IronTech Framework. They may not believe in stakeholder capitalism, but they don't treat IT as an expense. And they understand—especially after talking to me—the true risk of being hacked. A lot of people don't understand the size and scale of that industry. It's a $10 to $12 trillion industry now.  Wow.  If it were a country, it would have the third-largest GDP. The US would be first, China second, and then the hacking industry. It is an industry that hacks at scale. So when these companies—maybe a small 10-person accounting firm in North Dakota in the middle of nowhere—get these ransomware emails and someone tries to hack them, and we alert on it and trap it, and nothing goes wrong, everything's fine… If they don't already understand it, they go, “Well, why are they trying to hack me?” And I say, “You don't understand. That email was one of 100,000 emails that got blasted out. They don't know who you are, nor do they care who you are.” They're playing a numbers game. And it's kind of like marketing. They're looking at conversion numbers. Yeah.  Let's say it's 100,000 emails. They got a list of all the certified public accountants in 10 different states. They set up the email, they send it all out, and let's say 1% become victims. And let's say they collect an average of $10,000 per victim. Well, that's a multi-million dollar payday for about a week or two of work. And then they rinse and repeat. It's done at scale, and it's a much bigger industry than that. That's just a taste of it. Some of our clients are targeted. In other words, hackers are investing time, money, and energy specifically into that company. We're one of them. Any law firm that does intellectual property law—especially around patents, manufacturing, and things like that—you've got China and other nation states not only trying to get into your client, but you're also a threat vector. You're a way to get into that client's patents and secrets.  So we've got to treat that differently. It's not just about the money. There are different types of threat actors, and we have to educate clients, bring them up to speed, and say, “Well, because of this case, you need this other service and tool that we're offering to prevent China from breaking in.” Or, “You need to follow this practice.” Maybe you don't publicly talk about one of your clients being Ford Motor Company or NVIDIA. You just keep that quiet. You don’t want that to be public knowledge. That's one of the things we do. You spent time on our website, and you didn't see a single client name on there. And that's just one of the small things we do to protect our clients' security and privacy, because privacy and security go hand in hand. Yeah. That is fascinating. So what is it that you’re trying to figure out in your business right now? What’s the big thing for you?  I think because of all the chaos in the United States, making a decision to do anything—everybody's kind of frozen. There are a lot of hiring freezes. I know we've got a freeze on right now because we're looking to see, well, do we really need to add somebody, or can we do this with AI? The hackers do the same thing. That's one of the challenges, is getting people over the hump. No matter what you do, if you've got an IT company doing your stuff and you only call them when things are broken, there's a much more profitable way to do that. You're spending more money.  So there are benchmarks in industries, right? Basically, the research—and these aren't numbers we made up, this is legitimate research from many independent sources—says the average professional service provider, like law firms, accounting firms, healthcare providers, and on and on, should be spending 6 to 12% of their revenue on IT and cybersecurity. And that's everything. I'm talking servers, wiring, cloud, security, defense—all of those things should be 6 to 12%. We know that. That's the way it works. So when we engage with a prospect and find out they're only spending 3 or 4%, then I already know they have gaps. I don't even have to do an assessment to see what they're not doing.  They're either not getting a return on investment, or they're not secure. That's it. If all the accounting firms are spending 6%, and you're only spending 4%, don't just pat yourself on the back. That's one of those moments where you should ask, “What am I missing?” Because I do that often. Someone on the management team will come up with an idea, and we all agree. Well, that's a red flag for me. I want to know: what are we missing? If we all agree on this, is there some gotcha or something we haven't uncovered? And those are some of the things we try to educate our clients on. They don't have to tell us their revenue. I can give them the numbers. I can do the math. I can show them the numbers for something like laptop replacement. Maybe it's $1,000 to $3,000 depending on the industry. If the employee using that laptop is making $100,000 a year, why are you trying to squeeze another year out of a $2,000 investment when it's hurting productivity by 10% or more? Yeah. That’s a no-brainer.  Yeah. It should be.  Yeah. It's not just in IT. I had a client years ago in civil engineering, and they had a rule that they would never keep equipment longer than four years. And they were selling equipment that still looked brand new. And I asked them, “Why are you doing this? It seems like this equipment still has a lot of life left in it. Why are you selling it or giving it back to the lease company?” And he said, “We did the math, and we figured out that this is the optimal time to replace it.” If they got rid of the equipment at that point, they wouldn't have to deal with fixing it. There would be less disruption. They would stay state-of-the-art all the time. And their clients would be impressed. And it actually worked for them. It was a high-margin civil engineering firm.  Precisely. I mean, we're so tuned into that that we're a Mac house. We all use Macs. We all have laptops, and we all have setups with screens at home and in the office. We spare no expense on that. If somebody wants an extra screen for their house—alright, here it is. We'll order it and get it there for you. We're so tuned into that, that we went all Mac back when they were still Intel Macs. And I don't know how much you know about Macs, but they were…  I have a couple. Okay. Yeah, we're Mac people too. Yeah, so they were running Intel processors. Well, Apple decided to build their own processor and moved to the M-chip. And so I bought an M1, and it was like, holy cow, everybody in the company has got to have one of these. And I don't think there was a single one more than two years old at that time. So we replaced them all. Now, the M-series generations themselves—M1, M2, M3, and on—those changes aren't as dramatic as going from Intel to the first M-series chip. But it's still unusual. I said two years, but there are probably people right now with a three-year-old laptop. But we definitely trade them in. That's where the sweet spot is on trade-in value. We rotate them every two to three years and they're out. I think mine is maybe a year old, but I'll probably keep this one for a couple more years.  By the way, you're the first IT company and MSP I've met that doesn't use PCs—you use Macs. Yeah. And I long had this theory that all the IT companies I worked with were always anti-Mac, and I never understood why. And when I got my first Mac, I realized I actually didn't need them anymore since I had the Mac.  Yeah, that's kind of funny because it really started with me during Covid. It may not have been seven years now, but whatever it was, it kind of started with Covid. And for years I was a PC guy. I tried Macs briefly back in the old MacBook days—you know, the white plastic ones? Whatever that was, 15 or more years ago.  Yeah. Classic. Very classic.  Yeah. But what I kept trying to do with a Windows laptop—and I like Dell, I had Dell XPSs, good Dell computers, and we're a Dell partner— What I could never get a Windows computer to do was seamlessly come off a docking station and then plug into another monitor at my house. It would always blue screen or something. So when I went back to a Mac, I was like, “Holy cow, it doesn't break. It doesn't mind being unplugged from a docking station. It just works.” Yeah.  And then all the other things—that they're generally built better, they have a longer lifespan, and they hold their resale value longer, and all of that. Even as old as I was, I forced myself to really get proficient at using a Mac. And when we sent everybody home during Covid, I said, “Well, everybody's going Mac.” And, oh, there was a revolt. And I said, “Just give it a few months.”  Yeah.  About half the office resisted it. And I said, “You gotta try it because I think you'll like it, and if you don't, then we'll deal with it then.” We had Linux people, PC people. So then I said, “Well, maybe we should open it up and let people pick what they want.” Yeah, I love it. Yeah. So our time is coming to an end, but if someone is running on Mac and they're finally talking to an IT service company that's not anti-Mac, and they want to connect with you immediately, where should they go and where can they learn more about Kirkham IronTech and maybe connect with you personally? The website is the best place to go. It's www.kirkhamirontech.com. Just give us a call, fill out a form, let us know what you're thinking, because we want to know what you're thinking and see if there's a fit with the way we do things. Macs started becoming important with executives. That's where we first started seeing it. So even though they may still have to run Windows, the owners and executives wanted to carry Macs for the very reasons I mentioned. So we're perfectly happy with that.  Yeah. Okay. Very good. So if you're listening to this and you enjoyed hearing about how to make your IT work—how to increase ROI, make sure you're doing cybersecurity right, and implement governance so you can use IT as a strategic tool to run your business better—then definitely reach out to Tom Kirkham. Or stay tuned to this show, because you're going to hear from other entrepreneurs who are very smart about business. And preferably do both. Tom, thank you for coming and sharing your wisdom, and thank you for listening.  Oh, it’s been my pleasure, Steve. Important Links: Tom's LinkedIn Tom's website

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-460

Basic cyber hygiene — patch management, password management, and MFA — is responsible for stopping roughly 90% of the ransomware attacks that could hit your organization. This episode is the overview: what those three things are, why they matter, and what happens when you skip them.WannaCry infected over 200,000 systems worldwide. A patch existed. People just hadn't applied it. Rackspace lost an entire business line — not because the attack was sophisticated, but because a workaround gave them false confidence and they delayed a critical patch. These aren't edge cases. They're the rule.Dr. Mike Saylor (Black Swan Cybersecurity) and Prasanna Malaiyandi join me to walk through the three pillars of basic cyber hygiene. We cover patch management first — and before you can even patch, you have to know what you have. Inventory is the starting point. Then we get into passwords: why reusing them is a numbers game the bad guys always win, and why a password manager isn't optional anymore. Finally, MFA — what it is, which forms are actually worth using, and why "remember this device" is quietly defeating the whole point.This is an overview episode. We're going deeper on each pillar in three follow-up episodes. But if you're not doing these three things today, stop reading this and go do them. There's no point talking about EDR, XDR, or any other three-letter security product if you haven't nailed the basics first. It's like researching a Roth IRA when you don't have a savings account.Chapters:0:00 Intro0:59 Welcome & Introductions4:20 WannaCry: The Patch That Would Have Saved 200,000 Systems7:33 Rackspace: When a Workaround Isn't Enough12:12 Defining Basic Cyber Hygiene14:53 Why These Three Things Stop 90% of Ransomware17:54 Pillar 1: Patch Management23:55 Pillar 2: Password Management31:55 Pillar 3: MFA & Passkeys37:34 Wrap-Up & What's Next

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-460

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460

In this sponsored interview James Wilson chats with Sondera CEO Josh Devon about why guardrails and instruction files aren't enough to keep AI agents from going haywire. EDR, DLP and other traditional controls can't and won't prevent agents from going rogue. Josh explains Sondera's “principle of least autonomy” for agents: let them do useful work, but put them in a deterministic policy harness so they can't leak secrets, abuse tools or wander off-task. Show notes

Agentic AI was the theme that pulled away from the pack at RSAC Conference 2026. Tony Anscombe of ESET makes the case that once AI shifts from being directed by humans to operating with its own objectives and logic, the security surface changes with it, and organizations are being forced to rethink what they protect and how. At the show, ESET announced two products that meet that moment head on. The ESET AI Skills Checker is a free-to-use tool coming to market. ESET AI Protection looks inside AI sessions on the endpoint, flagging sensitive data leakage, malicious links returned by AI systems, and suspicious behavior, and surfacing it all inside normal cybersecurity operations for investigation, blocking, or detection. Tony closes with a reminder worth keeping. His first RSA was in 1998, and the technology he worked on then (sandboxing, dynamic code, remote windowing, encryption, authentication) mirrors a lot of what walks the RSAC Conference floor today. The packaging evolves, the core principles do not. Build forward, but do not lose sight of what the past already proved. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES Learn more about ESET: https://www.eset.com ESET AI Skills Checker and ESET AI Protection: https://www.eset.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic AI, AI security, RSAC Conference 2026, threat intelligence, MDR, EDR, endpoint security, AI Skills Checker, AI Protection, cybersecurity community, multifactor authentication, cybersecurity evolution Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-448

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Show Notes: https://securityweekly.com/bsw-448

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-448

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Show Notes: https://securityweekly.com/bsw-448

A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws. In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users. Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces. In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running. Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see. Chapters: 00:00 Sponsor Message 00:24 Headlines Intro 00:49 Ransomware Nation-State Discipline 04:18 Exchange Zero-Day Mitigation 07:01 Fired Contractors Caught Recording 09:21 Fortinet Critical Vulnerabilities 11:07 Wrap Up and Sign Off 11:38 Sponsor Deep Dive Ad #Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday

Greg Murphy of Vectra AI explains why no single security tool is enough in 2026, and how AI is transforming overwhelmed security teams into lean, highly responsive defense operations.Topics Include:Vectra AI helps enterprises detect and respond to cyberattacks before they become breaches.CISOs face millions of alerts monthly with dangerously understaffed security teams.Vectra pioneered AI-driven triage to prioritize only the most critical threats.The result: analysts act on two or three alerts, not thousands.Generative AI is now actively being weaponized by sophisticated bad actors.The first fully AI-orchestrated cyberattack by a nation state has already happened.Vectra and AWS Bedrock are building autonomous agents to fight back.Agentic AI can investigate thousands of incidents and surface only what matters.Over-reliance on single tools like EDR leaves dangerous gaps in defense.Modern attacks move fluidly across identity, network, and cloud environments simultaneously.AI stitches cross-surface signals together, revealing attacks hidden in isolated events.Best practice: assume breach, expand your network definition, and layer best-of-breed solutions.Participants:Greg Murphy – Chief Business Officer, Vectra AISee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

EDR might be over, but we're still riding to Baja! In this episode, hosts Sanna, Staci, and Davin explore some of their favorite paved and unpaved roads, towns, restaurants, things to do, and places to stay in the northern half of the Baja California Peninsula.  They also cover some basic good-to-know tips for riding to Mexico, including crossing the border, when to travel, and what to bring.

Cameron Tousley, director of MSP channels for ESET North America For most MSPs, the quarterly client conversation looks something like this: here are the alerts we handled, here is your uptime number, here is a dashboard of things we blocked. Useful, certainly – but not exactly the stuff of trusted advisor relationships. Cameron Tousley, director of MSP channels for ESET North America, has a phrase for the upgrade: move from statistical talks to threat briefings. In this episode of In The Channel, he and Pedro Kertzman, threat intelligence specialist at ESET, join host Robert Dutt to explain what that actually looks like in practice – and why the window for MSPs to make that transition may be narrowing. Pedro Kertzman, threat intelligence specialist at ESET The occasion is ESET’s eCrime Reports, a threat intelligence offering that tracks cybercriminal activity at the affiliate level – the individuals buying malware-as-a-service and executing the actual attacks. Kertzman explains why that granularity matters: affiliates signal tactical shifts before attacks scale, giving security-forward MSPs a genuine early-warning advantage. Tousley adds the client conversation layer: knowing that a specific threat group is targeting your customer’s vertical via a specific attack method is a meaningfully different conversation than “we blocked 4,000 threats this month.” There’s also an uncomfortable wrinkle for MSPs specifically: as Pedro notes, affiliates increasingly exploit MSP tooling itself as a vector – compromising credentials to access managed environments quietly, hitting dozens of small clients while staying well below the radar of law enforcement attention focused on high-profile infrastructure targets. For the smaller MSP without a dedicated analyst, the entry point is more accessible than it sounds. Indicators of compromise can be automated directly into client firewalls without a full threat intelligence platform. WeLiveSecurity and the live threat feed built into ESET Protect offer a low-barrier starting point for shops that are earlier in their security maturity journey. Tousley’s closing frame is the one worth sitting with: the Canadian MSP market is being reshaped by consolidation at a pace that isn’t slowing. The independents that survive will be the ones having more sophisticated conversations with their clients. Evolve or sell. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Cyber Threat Intelligence, CTI, has long been framed as an enterprise discipline. Dedicated team, security operations center, analysts who live in the data. But the threat landscape doesn’t really respect that boundary anymore. The tooling is getting more accessible, the attacks are getting more targeted at smaller organizations, and as we’ve talked about on the show before, the MSP stack itself has become a threat vector. So the question for the typical Canadian MSP isn’t really “Is threat intelligence relevant to me?” It’s “What do I actually do with it?” To dig into that, I sat down with two people from ESET. Cameron Tousley is director of MSP channels for ESET North America, and he lives squarely in the business conversation around what MSPs need to grow and differentiate. Pedro Kertzman is ESET’s resident CTI subject matter expert, and I’ll note that Pedro usually sits on the other side of the interview chair as the host of his own podcast on threat intelligence. So this was a bit of a role reversal for him. We talked about ESET’s eCrime reports, the idea of tracking cyber criminal activity at the affiliate level rather than just the group level, what proactive threat intelligence actually looks like for a 15-person MSP shop, and what Cameron described as the “evolve or sell” reality facing the MSP market right now. Let’s get right into it. Cameron, Pedro, thanks for joining us. I appreciate it. Cameron Tousley: Thanks for having us. Pedro Kertzman: Great to be here. Robert Dutt: Before we get into what ESET is specifically bringing to market, Cameron, can you give our listeners a sense for where the threat intelligence conversation is right now in the channel? Is this still primarily an enterprise kind of discussion or has something really shifted in terms of how MSPs and MSSPs are thinking about and talking about CTI? Cameron Tousley: I think that the market is evolving as a whole, no matter if you’re in the SMB segment or enterprise. I mean, it’s evolving everywhere. The beautiful thing is technology is getting cheaper, it’s getting more accessible. People are able with the advent of AI to kind of do more with less staff and things like that, and then allow their staff to kind of become more specialized. Enter in the topic of CTI. I just think that there’s an appetite from certain, and probably more evolving larger MSPs, to start incorporating more for their clients. I think they’ve always probably wanted to educate them, but it’s always that, “Hey man, just make sure I have uptime and the help desk is active when I need it.” And that’s the conversation. Fast forward to now and it’s becoming a little bit more relevant to want to consume CTI. So I’ll kind of start there and I’ll take a pause. I don’t know if Pedro’s got any other comments on that. Pedro Kertzman: No, I 100% agree. I think the threat landscape now with the maturity of the CTI offerings, MSPs can see that the things they’re trying to protect their customers against are more clearly explained and delivered in a way that they can see through CTI offerings now. So I think it’s just a natural evolution within the cybersecurity space to start leveraging that expertise as well. Robert Dutt: Without getting too far into pure positioning, how would you characterize what differentiates your approach to threat intelligence, sort of at the methodology level? What’s the philosophy behind how you’re researching and tracking threats and what you’re bringing to market with this CTI package? Cameron Tousley: Yeah, I’d say first off, our reach. We’re a global company. We have a product line, yeah, but we have 11 threat intel centers and those are also R&D centers too. So it’s a wealth of knowledge. Then we have researchers outside of that that are just remote, and so our tentacles are everywhere and that means something for somebody choosing a cybersecurity vendor or a platform because our researchers, they’re looking at a bunch of different avenues. They’re looking at the major threat acting groups. We have an offering we’ll talk about here in a few minutes, that centers on tracking affiliates because malicious activity, malware-as-a-service, is just like MSPs provide a service. So if I’m an affiliate—and I’ll define that real quick, an affiliate being the people that are buying the malware service and then going and distributing it and causing zero-day attacks—those are affiliates. So the real key part is what they do, not necessarily always the major malware-as-a-service group because that’s just one large avenue, but then you can’t predict what your customers are going to go and do on the black market. So yeah, I think we have a really exciting offering on our threat intelligence called eCrime and it comes in a feed and reports and it’s amazing. It really centers on the affiliate level and that is going to help get the conversations to be more quality with customers. It’s going to help an MSP who provides more, let’s call it reactive security at best, generalized services—which no knock against them, that’s just the model—and that’s going to help propel them into the more proactive security and having more quality cybersecurity-forward conversations with their customers of all sizes. Robert Dutt: Let’s delve a little bit more into that. Can you walk me through a scenario, even hypothetical or composite, where that affiliate-level insight would practically change the outcome for an MSP or one of their customers? How does this show up for an MSP basically? Pedro Kertzman: Yeah. So basically, I’ll take a step back a little bit just to explain how this threat ecosystem works. So the affiliates will be the ones really on the end of the line bringing that malware they got from a quote-unquote threat actor market or affiliate programs, more technically speaking per se, but they will be the ones delivering or sending that payload forward to whatever companies that they are trying to attack. So knowing how these guys work is basically going to give the companies, and the MSPs of course working for their security, the ability to stop the attack in the early stages, because the affiliates will be the ones trying to break in, acquire through whatever methods—credentials stolen or compromised credentials. So they are responsible, quote-unquote, within these affiliate programs to get the foot inside the door. So if you’re knowledgeable about how they act, what kind of techniques they use to get that foot in, you’re basically stopping the attacks before they actually become super massive, widespread attacks or super dangerous attacks. It’s kind of the proactive security instead of the reactive security. Cameron Tousley: Yeah, that’s a good comment. And then I’ll just throw one more little thing on that. I was talking about the conversations you can have with your clients, everything Pedro said, plus it’s like, you could have a specific conversation about, “Hey, this is what we blocked this month, but these are the threat acting groups, and here are the patterns, here’s the kind of malware that’s out there right now. By the way, you’re in the healthcare vertical, this threat acting group is targeting healthcare and doing this specific type of attack—happens to be phishing or fileless or whatever the complex attack is.” So they got to get really granular in the conversation. It can’t just be a super high-level one, because then your user’s not going to know what to do with that information. But if you coach them on the end-of-the-line issue and where it’s sourcing from, to Pedro’s point, you get ahead of that attack early, you might even prevent stuff that would have normally been a real headache. Robert Dutt: And you need to position yourself at least somewhat as the hero in so much as you’re saying, “Here’s the people who are attacking you, here’s what they’re doing, here’s what we’re doing proactively to counter that.” Cameron Tousley: Absolutely. Yeah, that’s a huge value to your end customer. The one that normally would have not cared about security and it’s more of an annoyance, now they’re paranoid about it, just like the MSP, just like the vendors, we’re all trying to get ahead of it. So I think that that provides a lot of value, and the average MSP is probably not going to do that. So you don’t necessarily have to go spend a ton of money, you just have to consume the information that’s out there maybe for free, and then maybe some of the paid services like the eCrime reports without buying our full threat intelligence platform, you can just do that. And that is like a huge value on its own to track exactly what we’re talking about right now. Robert Dutt: So taking a step back, I think some of this certainly informs and colors the question we go to ask, but I’m a 15-person MSP somewhere. I’ve got solid endpoint protection, an RMM stack I like, maybe managed SOC coverage, that kind of model. What’s the case, in addition to what we’ve already discussed, for why threat intelligence should be on my radar as a distinct capability I need to think about, bring to my customers and offer? Pedro Kertzman: Yeah, I think especially because again, talking specifically about the eCrime reports, we’re talking about the ones that are really perpetrating the attacks or executing the attacks. When you understand how your adversaries really act, you don’t need to always rely on the expertise of a super senior CTI analyst. There are ways that also, depending on your vendor, you can automate the expertise to just be pumping, let’s say, IOCs or IP addresses into your existing end users’ firewalls. If you manage a bunch of other firewalls for your end users, you can pump that eCrime knowledge into those firewalls in the form of IP addresses, domains, and things like that. But understanding that it’s going to be a proactive approach so they don’t get a foot in the door first, it’s kind of that decision beforehand that will give the MSPs, or MSSPs with 15 or so employees, that kind of extra leverage against those frontline attackers. Robert Dutt: I’m really interested in the idea of using intelligence and these eCrime reports as a client-facing tool, not just something that’s consumed internally, especially for that smaller MSP—something that you’re using in your QBR or whatever business review you have with customers to show your value. I’m curious, is that something you’re seeing happening today or is it a realistic use case, or is it a stretch for most MSPs right now? Cameron Tousley: I think it’s realistic. Now, let’s set the tone here. An MSP, they may not have the budget nor the expertise nor the staff to be buying a full-blown threat intelligence offering even like ours, but they can use certain parts of it like the eCrime reports. So that’s a good jumping-in point for the MSPs that are growing, or if you have 15 people on staff and there’s a good deal of them on the technical side, you may want to run your SOC in-house. Maybe that’s something you want to do. I think for them, the maturing MSP and definitely the MSSP, a threat intelligence offering is something that you will probably want to consume if you’re doing everything in-house. Now, I think there’s an argument for even if you’re going to go out-of-house and use the vendor, I still think there are free sources. We have customers that are using free platforms but running a paid feed through it. This is really dynamic. It’s flexible. It can fit to every different audience for the most part, except for the ones who are just not staffed for it and they’re probably outsourcing everything and they just don’t want to do it. They know that they are never going to be able to staff a 24×7 team and they’re also never going to be able to consume as much information as is coming in. But there are also other free resources, like I said, associated with our threat intelligence platform, like the eCrime reports, but there’s white papers that we produce. There are periodic threat reports. We do all kinds of analysis. And then on our welivesecurity.com blog, we publish all kinds of free information. And the really cool thing for existing ESET customers is through our ESET security platform, ESET Protect, we run a live feed through there and it shows you like, “Hey, here’s the latest news on WeLiveSecurity. Here is something you need to be aware of, there’s a vulnerability in the wild.” So we run some of the security stuff and this news right through a window inside of our platform, which I think is really big value added. Pedro Kertzman: Awesome. Yeah, I would add, if I can, Rob, we do have monthly digests as well on the CTI offerings, even for not super deep-down technical people. Let’s say more executives or CSMs, let’s say account managers on the MSSP or MSP side. It’s kind of an executive-ready type of report. So it’s more about the threat landscape overview. I think it helps them show that they are expanding their offerings on the security side and they’re knowledgeable about it as well. Again, doesn’t need to go in the nitty-gritty like in the weeds of IOCs and all that, but understanding, for example, that now the ecosystem on the other side is somebody providing the malware, somebody going and executing it. So just to show how they see these movements, I think it’s sometimes important enough to show that they are expanding their coverage for their end users. Robert Dutt: The reports, the eCrime reports, have been in the market about a month now, I guess. I’m curious what you’re actually hearing from MSPs and MSSPs as they’re digging into them. Are people using them the way you expected or are there surprises that you’re seeing in how they’re engaging, what they’re doing, how they’re thinking about this information? Pedro Kertzman: That’s a good question. I think because of the name, we got out of the gate with police forces reaching out to us, but in theory, it’s not the best kind of deep analysis that we’re going to give them, because they have a lot of expertise. So then we have the APT reports that would bring more detailed analysis for them. So it was interesting to see that people are kind of eager on the end-user side to see how the threat landscape, especially related to financial crimes or eCrime, are really, let’s say, hot right now. The MSPs are kind of following that trend, not as jumping on like the police forces were, but they are starting to inquire about the new eCrime reports for sure. Cameron Tousley: Yeah, I’d agree. I think the defender agencies, I’ll call them, the ones that are fighting the same battle we are, but maybe physically, but now they’re fighting the eCrime too. As they’re learning, this is a great tool for them. We find that they’re excited about it. It’s relatively new, so we’re going to see more and more adoption of it. But plenty of people who are in evaluation are like, “Hey, can I run a free month of this? I want to check it out and see what I’m going to get.” And we’re getting a lot of good feedback on it right now. I’d say on the MSSP/MSP side, again, it’s new for them too. And they do a lot of different things. So for them, they’re like, “I need to slice out some time to check this out as well because this is interesting. I don’t know if anybody else is really doing anything quite like this.” So for them to be able to check it out and add it to their offering, I think what’s going to happen is that they’ll get hooked on something like that and they’ll want more. And we’re already working on more. So our teams are hard at work. We’re adding new feeds, new reporting structures, new ways to consume it. And reasonably priced packages and things like that. Even ones where you have somebody on retainer where you can go to and get a very long deep dive on what you’re reading periodically throughout any given month. So I think with that, you’ll see a lot of internal IT large agencies adopt it. I think you’ll see some MSSPs adopt it. And you might even see some general MSPs who are evolving up that chain do the same thing. So it’s kind of a report and an offering for everybody there. Pedro Kertzman: Yeah, I think you mentioned something important, Cam. We do offer trials for the eCrime reports as well, right? If they want to test it out. Cameron Tousley: Yeah, try it before you buy it. Yeah. Robert Dutt: It sounds like you’re also thinking about ways that you can slice this, dice this, package it out to that smaller MSP or that MSP who’s not a pure-play security player going forward. I was going to ask, what do you see as coming next in CTI and in your eCrime reports? I think that’s certainly a hint. Anything else that you see sort of in the pipeline or where you’d like it to go, where partners would like to see it go? Cameron Tousley: Yeah, I’ll take a stab at this one because my heart’s near and dear to the MSP community. That’s what I’ve been working in. That’s a segment for quite a long time now for ESET. And so what I’m reading and what I’m theorizing on is that there’s other kinds of technologies that are pretty complex, have gotten more simple in the way that they’re still doing complex processes, like an EDR, right? It’s an investigative tool, and then you pair it with AI and then things become easier for the team managing it. I think it’s going to be the same thing here where you’re going to have an AI paired with it, which we have our own agentic AI agent in this offering now, which is very, very cool, and it’s built in our security platform. But for this, I think it’s going to make consuming information easier, generalizing it, summarizing it, and making sure you can spin it into a quick executive summary. My theory is click of a button, right? So I’m going to have a dashboard. I’m going to say, “Hey, I want an executive summary on this event.” So you’re basically just filtering, and then the end result is you hit that AI generate button and then it generates something that’s quality, and you can do it at various user levels, maybe various role levels. I’ll hit the CTO button or I’ll hit the CEO button and they’ll be a little bit different, obviously. So I think that it’s going to get simpler and managed intelligence as a service, that’s next. It’s already a term that’s being thrown out there a little bit if you look for it. So it’s just not mainstream yet. And I think it will be here in a short period of time. Pedro Kertzman: A hundred percent. And just to double down a little bit as well, Rob. I think especially for the smaller MSPs, let’s say you hit a critical infrastructure, you stop a pipeline or anything like that, you’re going to have federal agencies going after you, right? But then when you hit a mom-and-pop shop, nobody really cares. And those guys are often served through these smaller MSPs. So I think getting a better understanding of the threat landscape that especially targets those small businesses, I think it’s just a natural progression of the change in the threat landscape. Robert Dutt: Well, and you bring up a point that I kind of pulled on a little bit with your friend, Tony Anscombe, not too long ago. There’s so much data about how many attacks right now are taking advantage of the MSP tooling as a threat vector. And so I think that also speaks to a need for an MSP who wants to be mature and responsible about these kinds of things to have a better grip on who’s looking, what they’re looking at, and how that maps to what they’re doing. Pedro Kertzman: A hundred percent. And just to link this specifically about eCrime and affiliates, affiliates would be the ones exploiting those RMM tools, right? Because it’s something that is already deployed in the environment. If they get the credentials that got stolen for whatever reason, they have access to those tools and then they can deploy malware that they bought from those affiliate programs inside of the victim’s networks. Robert Dutt: And it’s funny, almost a reversal of back in the day, I can remember as a Mac user, there was a saying that Apple engaged in security through obscurity. What you describe is almost the opposite of that. It’s insecurity to a degree through obscurity. In that if I’m an attacker, I know that if I go after Colonial Pipeline to use your example, I’m all over the front page and there’s going to be a lot of government agencies who have a lot of serious, serious questions for me. If I take out an MSP tool that gives me access to a bunch of very small clients though, maybe I fly under the radar just a little bit more. Cameron Tousley: Oh yeah. Robert Dutt: This is my last question. If there’s one shift in thinking that you’d want a Canadian MSP to walk away with after this conversation, in terms of how they think about these reports, in terms of how they think about the role of threat intelligence in their business, you know, one thing they should reconsider about how they’re approaching their security practice, what would that be? Pedro Kertzman: So I think first, Rob, that’s kind of more of a mindset type of thing. CTI still sounds super complex to a lot of people. I would say there are two main flavors. One, if you really want to dig into techniques and all that, yes, you can get fairly technical and sophisticated, but there are really simple ways to ingest cyber threat intelligence into existing automated tools. You can, of course, do a POC with one, two, whatever vendors you want to do. Once you find that real value for your customers, your end users, then it’s automated. We’re talking about data feeds ingesting directly into a firewall. If you don’t have a CTI central brain kind of thing, which the market knows as a TIP (threat intel platform), you don’t need to go that route, the sophisticated route. There are simple ways to use threat intelligence. And honestly, it’s super valuable because it’s just, again, automated. You’re outsourcing the knowledge to the vendor directly who’s going to execute that, like a firewall, for example. Cameron Tousley: Yeah, I think that’s some really good commentary. And I have a lot of business conversations with MSP business owners and I follow the market, and the consolidation, there’s tons of it. And there has been for a few years, but it’s just insane right now. And I think that there’s this thing going around, it’s like, look, evolve or sell. Because you have the advent of AI and that’s speeding everything up tenfold. And just don’t be afraid. If you want to continue to run your business, don’t worry, you’re going to have clients out there in your locale that probably love you. But they’re also going to have people calling them as these other MSPs get bigger, and these national ones that swallow other little smaller companies and then their go-to market will be, “Well, let’s go down market, down market,” because we can’t always go up market, that’s pretty hard to do. But down market is like shooting fish in a barrel kind of thing. So that means it’s a risk for the smaller MSPs that are not going to sell out, that want to be in business another 10 or 15 years. So don’t be afraid, utilize AI to research it. They say don’t use AI as Google, I disagree a little bit, but you can use it for a lot of things. This can summarize: what is this offering? Can I use it? Ask it really basic questions to get acquainted, and then take the next step and call your vendor and just have a conversation with them and say, “What are all my options? I am in this locale, I serve these kind of verticals, here’s my sizing, here’s the tools I use.” You’ve got to throw everything out on the table because then your vendor, somebody like a technical or business contact, can jump in and say, “Look, I think that you should check out this part of this larger offering. And here’s what I’ll do for you. And here’s what you’re going to do. We’ll give you a game plan, right? You’re going to trial it in the following ways, we’re going to pair you up with a technical person to teach you a little bit and be your co-pilot—Microsoft gets enough press.” But really kind of jump in, try it out. Don’t be afraid. Because if you want to be around another 10 or 15 years, you have to make the leap. And you don’t have to do anything big, but you have to start adopting some of this security-forward thinking so that you can have threat briefings with your clients and not statistical talks. There was just that MSP summit and there was actually a panel on what the next gen of MSPs is doing. And it was funny to hear it because they’re like, “Well, we’re focused on outcomes.” And I totally agree, but I know some of the older MSPs are like, “Well, we’re focused on outcomes too.” But I think it’s the talk track. You’re all saying the same thing, but you need some more complex tools in some ways to be able to have these more outcome-based discussions. Like, “Hey, I not only blocked X amount of threats, I kept your uptime up in this way, and that allowed you to keep productivity up. So by my clock here, you were able to achieve all those things that you wanted to achieve in our initial meeting, we’re on track.” That’s the conversation you want to have in addition to that little bit of the threat briefings peppered in. Robert Dutt: All right. Some great advice there. Gentlemen, thank you both for taking the time. I appreciate it. Cameron Tousley: Thank you, Rob. Pedro Kertzman: Great to be here. Cameron Tousley: Absolutely. It was a pleasure. Thanks so much. Robert Dutt: There you have it, Cameron Tousley and Pedro Kertzman from ESET. I’d like to thank both Cameron and Pedro for their time. They did exactly what we set out to do with this conversation, kept it firmly in the strategy lane with technical depth in service of the business point rather than the other way around. A few things to leave you with. The framing that stuck with me most was Cameron’s distinction between statistics talk and threat briefings. The idea that your quarterly client review shifts from “here’s how many threats we blocked” to “here’s the specific group targeting your vertical right now. Here’s how their affiliate operates, and here’s what we’ve already done about it.” That’s a real upgrade in how an MSP demonstrates value. It moves you from uptime vendor to trusted advisor and that’s a conversation your competitors probably aren’t having yet. On the technical side, Pedro’s explanation of affiliate-level tracking is worth sitting with. The headline ransomware groups get the attention, but it’s the affiliates, the ones buying malware-as-a-service and doing the actual execution who determine the tactics on the ground. Tracking them is what gives you an early warning before the attack scales. And as I noted during the conversation, there’s a certain logic in how attackers exploit the MSP model specifically. Go after the tooling, stay under the radar, quietly compromise a hundred small clients instead of one high-profile target. Obscurity in that scenario is working against you. For the smaller MSP who’s heard all of this and thought, “I’m not staffed for this,” Pedro’s entry point is worth considering. You don’t need a full threat intelligence platform or a dedicated analyst to start. Automate the ingestion of indicators of compromise directly into your clients’ firewalls. Let the tooling do the work. It’s not glamorous, but it’s real, actionable and it’s a lot more than most of your competitors are doing. And Cameron’s closing thought, “evolve or sell,” is the frame I’d put around all of it. The consolidation wave hitting the MSP market right now is not slowing down. The shops that survive as independents will be the ones that have more sophisticated conversations with their customers. Threat intelligence is one of the things that helps you have those conversations. If you found this one useful, please follow or subscribe to the podcast wherever you listen. We’re on Apple Podcasts, Spotify, YouTube, all the major podcast directories. Ratings and reviews are always appreciated. Until next time, I’m Robert Dutt for ChannelBuzz.ca and I’ll see you in the channel.

The future of SOC operations is AI-driven, automated, and faster than ever before. In this deep-dive masterclass, InfosecTrain explores how Artificial Intelligence is moving from a buzzword to a fundamental engine for modern Security Operations Centers. We break down the shift from manual alert fatigue to intelligent threat detection, automated triage, and the predictive analytics that are defining the 2026 security landscape.The "course titled" Advanced AI SOC Analyst Certification Training is designed to bridge the gap between traditional security monitoring and the next generation of autonomous defense. We provide a high-level briefing on how to integrate AI into your SIEM and EDR workflows, ensuring that analysts can focus on high-impact hunting while AI handles the noise of real-time security operations.

Joel Abramson, managing partner at Top Down Ventures Today’s In The Channel episode lands on the same morning that Vancouver-based Top Down Ventures announces the close of Founders Fund I at C$38 million – oversubscribed against an original target of US$25 million, and positioned as the first institutional venture fund focused exclusively on early-stage software and AI for the managed service provider ecosystem. Managing partner Joel Abramson joined the show to walk through the fund’s thesis and what it means for the channel. Abramson co-founded and led Fully Managed through more than a dozen acquisitions before its $137 million acquisition by Telus Business Solutions in 2021. He joins general partners Chris Day (founder of IT Glue and ScalePad) and Mark Scott (founder of N-able) at Top Down – three operators who between them have spent about 75 years building and scaling companies inside the MSP ecosystem. The fund’s first exit – zofiQ to ConnectWise, which closed in January 2026 – returned 5.3 times the invested capital in roughly six months. Abramson describes it as a case study in what Top Down looks for: founders solving singular problems with exceptional depth, validated by real MSP operators rather than generalist investors. The macro thesis is equally compelling. The global IT services market is projected to grow from $600 billion to over $1 trillion by 2030. And in 2026, SMB IT spend is on track to outpace enterprise IT spend for the first time ever – a shift Abramson contrasts with what he calls the “SaaSpocalypse” in enterprise, where headcount reductions are translating directly into fewer SaaS licenses. The fund’s LP base of more than 100 MSP operators – including Pax8 – acts as a flywheel for validating investments, sourcing design partners, and connecting portfolio companies with the customers best positioned to stress-test what they’re building. Find Top Down Ventures, including their newsletter and annual research report, at topdown.com. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If you caught The Buzz this morning – and you really should have – you already know the headline. Vancouver-based Top Down Ventures has closed Founders Fund I at $38 million Canadian, oversubscribed, as the first institutional venture fund focused exclusively on early-stage software and AI for the managed service provider ecosystem. The story behind it, though, is rich. Top Down was founded with three partners with deep roots in the Canadian channel community: Chris Day of IT Glue and ScalePad, Mark Scott who founded N-able, and today’s guest, Joel Abramson, who ran Fully Managed through more than a dozen acquisitions before its $137 million sale to Telus Business Solutions in 2021. The fund already has its first exit in the books. zofiQ, an agentic AI platform for MSP service desks that ConnectWise acquired just six months after Top Down’s investment, at 5.3 times the invested capital. Joel joined me this morning to talk about why MSP software needs its own dedicated venture fund, what the first exit tells us about where agentic AI is headed, and one market shift that has the team genuinely excited about the decade ahead. Let’s get right into it. My chat with Joel Abramson. Joel, thanks for taking the time. I appreciate it. Joel Abramson: Great to be here, Rob. Robert Dutt: I wanted to start with the origin story here. I think it’s an interesting one in that you had a big role in building and running Fully Managed through a dozen or so acquisitions, then sold – instead of going off and retiring on a boat somewhere or that sort of thing, you ended up in venture investing in specifically MSP software. Can you walk me through how that happened? How did Top Down come together? Was this something that you sought out or something that Chris Day pulled you into? How did that happen? Joel Abramson: Yeah, well, let’s be clear – I do love being on boats. To tell the origin story, you get to go through a 25-year journey of the MSP ecosystem itself, because there are three general partners: Mark Scott, Chris Day, and myself, Joel Abramson. Our journey dates back to the early 2000s when Mark Scott started N-able, and he was one of the pioneers that really helped value-added resellers and break-fix IT service providers become MSPs. I meet people every time I’m out on the road who have a story about working with N-able – transitioning their revenue model from break-fix to recurring. N-able is a phenomenal company today and I think Mark’s legacy lives on there. Mark started that company and then exited just before the SolarWinds acquisition. Then he went on to start a service provider called CareWorks – an MSP focused on senior care facilities. A really interesting vertical, as well as broad SMB. But I’ll pause his story and focus on Chris, because Chris is founder and chairman and really sets the vision for Top Down. Chris had an MSP as well back in the early 2000s. Eventually that was Fully Managed, and that’s where I joined him. I had a small – much less successful – MSP called Packetsafe Networks, and I rolled my little MSP into Chris’s marquee MSP, Fully Managed, and together we set on this journey. We wanted to bring that company to ten cities with $10 million in revenue in each city and then sell it to a Canadian telco – and it’s not revisionist history, it was actually the goal. But then a couple of years into our shared journey at Fully Managed, Chris got pulled into building software. It was because I’d built a bunch of software for Fully Managed to run on, and he made the mistake – or the fortuitous opportunity – of showing it to his peer group. His peer group was like, “I want to use that.” So he said, “Okay, well, I’ll build it for you.” He started building a documentation platform from the ground up and called it IT Glue, and that was a phenomenal ride for him – taking it from a couple of peer group mates trying it out to selling to Kaseya in 2018 and building a very large company in a relatively short amount of time. Not without a tremendous amount of hard work and grind. He was on the road with pop-up banners signing up logo by logo by logo in the early days, but eventually the movement just took shape and every MSP realized that they needed a documentation platform, and IT Glue took off. So IT Glue exits to Kaseya in 2018. Chris has to make that decision: do I want to golf and travel for the rest of my life, or what brings me joy? And so he actually started Top Down as a way to re-engage back with the MSP community. He had an early portfolio of three companies: Warranty Master, a company he had started with his brother; Backup Radar; and Quoter. Together those three early companies started to grow at their own individual pace. Keep in mind, we’re still running Fully Managed over here – I’m running it for him. Then we ended up putting Fully Managed together with Mark Scott’s MSP, and that’s how the three of us came together. Then yes, we did a number of acquisitions. We grew Fully Managed to be $100 million in revenue. It wasn’t the straight line Chris and I had talked about – ten cities in ten years – but it was maybe seven cities. The bridge version: Telus came in and said they wanted to acquire Canada’s largest MSP, which was Fully Managed at the time. They had done a bunch of research and nine months later we consummated that transaction, at the end of 2021. I’d been working with Chris for a number of years on the early-stage portfolio, because we’d get a couple of calls every month with people saying, “Hey, I’m starting this project, Chris, are you interested in taking a look?” So we started to build this reputation as investors in early-stage MSP software companies. We tried some other stuff – everything from consumer packaged goods (we still have a couple of investments) to starting a country music label, which we’ll save for another time. But we always knew our home, I think, was in the MSP space. After the Fully Managed exit, we decided we wanted to really compound our impact. We had this idea of a venture fund – and maybe I’ll pause there, because I can continue the journey, but we’ll wait and see if you have any questions up to that point. Robert Dutt: Understandable. It’s a wild journey, and it really is back to the heart of the early days of the MSP movement – as you say, from break-fix and VAR models. I guess tell me a little bit about where you’re at now. The fund is positioned as the first institutional VC targeting early-stage software and AI for this ecosystem. Why do you think this space needs a dedicated fund? What does a generalist venture fund miss or get wrong when they’re looking at the space? Joel Abramson: We’ve been doing early-stage investing for a few years – five years. At the same time, Warranty Master became ScalePad, and ScalePad started to gain really, really great momentum. ScalePad brought in a growth equity partner, Integrity Growth Partners, who are just phenomenal folks. They capitalized the business and that grew ScalePad from $10 million to $50 million. They were great partners, great board members, and we watched these guys – we were like, wow, we’ve been through this journey a couple of times. They add a lot of value, and we’re really excited about that relationship. We were doing our thing with the early-stage companies, and so we looked across the ecosystem. We said, there is a ton of capital that’s ready to invest in companies in the MSP ecosystem when they get to a certain scale – that was kind of the scale that ScalePad had gotten to. Then we looked down and said, well, what about the guys that are just starting out? There’s not a ton of support. There’s a ConnectWise pitch contest that grants $60,000 or $70,000 to early-stage companies. And there are early-stage investors – we’ve seen companies like Pax8 and Huntress go through many rounds of financing and they started somewhere. But we saw that the strongest source of capital in the MSP ecosystem was actually coming from angel investors. It was Joe Paniterri and Kevin Blake and Channel Angels, and they had done a number of deals, bringing together really early-stage capital and putting $100,000 into a business fueled from a number of different folks. That’s really, really cool. But where’s all the venture? You look across horizontal software and there are funds of venture that just pour in. In the big markets – the Valley and New York – and then in secondary markets, there are funds focused on those areas. But we saw early-stage MSP software companies as vastly overlooked. So we said, what if we could bring together capital from the MSP ecosystem? Because we’ve made plenty of millionaires just by acquiring them with Fully Managed. You look at how that scales out across the ecosystem: you’ve got Evergreen and Integris and Thrive and all these folks buying up MSPs. The stats are over 200 search funds, family offices, and MSP aggregators buying MSPs right now. That’s generating a lot of wealth for a lot of people. Then you have MSPs that are super profitable and people are making good cash flow. Then you have all the software companies that have exited with similar stories to Chris’s. There’s actually quite a bit of capital that could be put to work back into the ecosystem if we just found a way to harness it and focus it on innovation. We said, instead of doing a couple of deals a year, what if we could make 8 to 10 investments a year by bringing capital together? And then what if we could build a system around that to take everything we’ve learned working with early-stage companies – applying those practices, bringing folks together for design partners, early customers, advice, and partnerships in the MSP ecosystem? So we set out to raise a $25 million venture fund, and we said we were going to focus on educating the MSP ecosystem on what investing in a venture fund looks like, because it’s really just going to fuel innovation for MSPs themselves. Our goal was to have half the fund raised from the MSP community and half from outside – similar to what it was at Fully Managed: let’s tell the world about what a great opportunity exists in MSP. We were super successful in the first bucket. We got really well received by the MSP community. We have over 100 LPs in the fund and we exceeded our target of $25 million. In the second bucket, we still have a lot of work to do. We’re one year into our Outliers podcast, we’ve produced one white paper, and we’ve had hundreds and hundreds of conversations in the institutional community, educating funds of funds and family offices on the opportunity for early-stage MSP software investing. We only got a couple of participants in this fund – which is all right, because it shows the strength of the MSP ecosystem. We still oversubscribed our target. But we’re excited to continue that journey of educating institutional investors for our second fund and beyond. Robert Dutt: You mentioned you’re in at the early stage. Where in the lifecycle do you typically start looking, and what does a target portfolio company look like at the point you’re getting involved? Joel Abramson: I’ve only been doing this for a few years, so I’m still learning some of the language, Rob. But we talk about early stage being right at inception – which is called pre-seed, the first money into a company. Maybe they have an idea of what they want to build, a prototype, a business plan, some people, but they haven’t actually started that path to launch – all the way up to around that first million or million and a half of revenue, where they’d be called a late-seed investment or an early Series A. So maybe it’s the second money in, or in a Series A it could be the third. But really we’re focused on the early stage where we can leverage the strength of our LP base – a lot of strong MSPs – as well as the strength of the community that Top Down works to enable and bring together. That can be for design partners, early customers, folks to help with advice, and then partnerships in the MSP ecosystem. Maybe a company is working with ScalePad to solve a problem and ScalePad can help by bringing that product to its customer base. It’s really about building the things that matter most to MSPs. And that’s why I think we love this ecosystem so much – it’s a partnership of vendors and service providers. If we look forward to how AI is going to impact things, you have small and medium businesses at the frontline – all the enablement use cases there, all the cybersecurity use cases. Then you have the service provider layer, which is MSPs helping them with all those things. Then you have a middle layer of supply chain software like the companies we invest in. And on top of that, you have the hyperscalers, the cloud companies, the frontier companies. That four-tiered system really matters, because without the innovation from Microsoft and Anthropic, the macro doesn’t move forward. But very rarely is it going to go straight from there into frontline workers’ hands. The two layers in between – the layer we invest in, and the MSPs themselves – are really what’s helping bring the value from the top to the end market. We think it’s an incredibly resilient ecosystem. We think there’s nobody better positioned to help with AI transformation than MSPs. And that layer between the frontier companies and the hyperscalers and the MSPs is really important – that’s where innovation happens on their behalf, and that’s the kind of companies we’re investing in. Robert Dutt: One example of that would be zofiQ, which I think was your first exit – and some pretty startling numbers there: a six-month turnaround, selling to ConnectWise, bringing back more than 5x what you put in. What did you see in that company that made you say “we’re in,” and what did the ConnectWise acquisition tell you about the market for PSA and agentic AI and where that’s all headed? Joel Abramson: It starts with Lee and his team. We get the fortunate opportunity to look at a lot of things that are being built and we’re still learning, trying to keep pace. As the last couple of years have played out, we’ve been students of what people are building and how they’re looking at solving problems, armed with the knowledge of the last 25 years of the ecosystem. When we met Lee, we were really impressed with him as a founder. He had a strong track record of purpose-building solutions. When Chris and I sat down with him, it was obvious he was solving singular problems with a tremendous amount of depth, versus some of the other folks we’d seen building solutions who were really going an inch deep and a mile wide. Knowing how mission-critical these solutions are to MSPs – that for every time they mess up a service ticket, they put that customer relationship at risk – we knew that Lee’s approach was just bang on. He was obsessed with solving singular use cases. It showed in the team he put together, the technology he built, and what customers were saying about the product. It’s very atypical to make an investment and then six months later have it acquired. When it was all going down and we were talking to the ConnectWise folks, it was bittersweet. We’re so happy to see ConnectWise gain this incredible capability, but we were sad to know we weren’t going to have Lee in the Top Down portfolio anymore. Ultimately, thrilled – because what it means for ConnectWise is that they can get this really powerful technology into a lot of people’s hands. That has a tremendous impact for the ecosystem, the end market, the MSPs partnered with ConnectWise. They can get this great innovative technology out into the market much faster than Lee could on his own, just going out and telling the story and waiting for the momentum to build. Thrilled for ConnectWise, thrilled for Lee and the team to jump into an organization like ConnectWise. And proud that we were able to play a tiny part on that journey. Robert Dutt: zofiQ was automating the service desk with AI agents. From what you saw inside that experience with them, and looking across the portfolio now, I’m curious – especially given your background running an MSP – when you’re talking to MSPs about what some of these companies are doing, how ready are they to adopt and operationalize this kind of agentic tooling? Both in terms of willingness and interest, which I’m sure is high, and actual aptitude and ability to make the operational changes that come with it? Joel Abramson: It totally depends on the MSP’s maturity. I’ve been through the life cycle of MSP maturity many times – two steps forward, one step back, a bunch of times. Every MSP is on a similar treadmill of growing and maturing, then having to embrace new technology, then getting hit by outside factors: whether it’s COVID, the move to remote work, the push back to the office, or the change in technology. It’s not a static industry, but it is an industrial-strength ecosystem because it’s so mission-critical for the customers MSPs serve. Everybody is at their own part of the journey. Companies like zofiQ come around and they focus on building the right technology, then working with the ideal MSPs that are at a place where they can embrace it. I go back to an inspirational investor, Dave Lahn, who always talks about the different buckets of work: the hero work, all the work that supports the hero work, and then all the work that should be done but isn’t. I think about MSPs with that third bucket. As a 20-year MSP operator, there were all these things I knew I wanted to do but could never get around to because we were always fighting fires, then trying to do proactive work, then project work – it compounds and you never had enough hands for the work that should be done that isn’t. I think that’s one of the huge opportunities with AI – actually getting that work done, staying on top of it, and providing more stable, secure environments for MSP customers. If AI is the great enabler for MSPs themselves, then how exciting is it to be in a position where I can’t think of a service provider that supports small and medium businesses that’s better positioned to bring AI enablement down to that market than an MSP. I doubt it’s the accountant, I doubt it’s the janitor or the maintenance people. I think it’s the MSP, because you’re already talking technology. As MSPs continue to evolve from the server room to boardroom conversations, AI is an incredible hook to get into that conversation. That’s why the work ScalePad does around customer success and supporting the strategy conversations is so critical. But the next wave of companies we see are really around helping MSPs actually deliver AI use cases successfully to their customers. That transformation will take place for a long, long time. Robert Dutt: Your base of limited partners includes more than 100 MSP operators, including Pax8. That’s unusual for a VC fund. Was that a deliberate choice? And how does having operators as limited partners actually change how you source and evaluate deals? Joel Abramson: It just makes us so strong. We have the brainpower of over 100 people there for us to tap and leverage. At our Horizons event in November – where we bring all of our LPs together – I’ve never seen a more aligned group of individuals, focused on supporting the supply chain of an ecosystem, come together and have meaningful conversations without any real individual agenda. We think about it as a flywheel. We have a group of limited partners with all of our capital in this fund together. Of course we all want to make money – but I think what drives that outcome is supporting innovation and figuring out exactly where the best place to put capital is today that can have the largest impact tomorrow. zofiQ is a perfect example. Here’s a strong founder with a huge problem, solving it at the deepest level, that MSPs are going to be able to take forward and dramatically impact their businesses and their customer experience. That, to me, is the genesis of venture investing: aligning all those things and putting the right pieces together. We think about the strength of the mindshare of our LPs, figuring out ways to connect them with our portfolio companies, ways to validate our thesis and investments by harnessing that energy, and then making the right investments and providing the right support throughout a portfolio company’s lifecycle, thanks to that really, really strong LP base. Robert Dutt: So if I’m an MSP owner listening to this – not an investor per se, just someone running a managed services shop – why should I be paying attention to what you guys are doing and what you’re funding? What’s the typical practical downstream impact on my business? Joel Abramson: You could look at our portfolio with a degree of confidence that these companies are getting great support to build great products, that they’re talking to top MSP operators around the world to help shape what gets built. The average MSP is the benefactor of that, because it means they’re getting great product built that they can use in their MSP or deploy to their customers. We’re doing this to earn and keep the reputation that a Top Down-backed company means tier-one innovation, great people behind it, that it’s been validated and tested – and that MSPs themselves can be the benefactor of that by leveraging this technology. Robert Dutt: You closed this fund at about $38 million, oversubscribed, in what you called a slog of an environment – and I get that. What does that tell you about where institutional capital is actually flowing in 2026? And what does a successful Fund I set up for Fund II? Joel Abramson: A lot of institutional capital is flowing towards the frontier companies and the supply chain of AI. We think that’s great, because just like the Microsofts and Googles that have powered the ecosystem for the last ten years, we think heavily capitalized AI companies are fantastic for the downstream companies – the software companies we’re investing in, the AI companies we’re investing in, the MSPs themselves, and the SMB layer. Capital flows down as well. As vertical-focused funds like ours demonstrate a strong track record, more institutional capital will flow into vehicles like ours. Certainly a lot of capital is tied up at the top right now, but we see that as a great thing because we’re not super concerned about the capital cycles of the next three months. We’re much more concerned about the capital cycles of the next two decades. As we’ve mobilized a non-insignificant pool of capital to support early-stage MSP software companies, we strive to earn the right to have a second fund with a more diverse group of participants, and subsequent funds beyond that – as long as we continue to find the right companies to partner with and add value along the way. Robert Dutt: And that seems like – just with the names you’ve mentioned and the names I can think of off the top of my head – a target-rich environment. There are lots of companies building specifically for the MSP market for obvious reasons. But I’m curious: without necessarily naming names or tipping your hand, what problem or product category are you most excited about in the MSP software pipeline right now? Where’s the white space that’s still underbuilt? Joel Abramson: In our research paper, we talk about two big macro things happening in the market right now. One: we think this market – let’s broaden it to IT services, not just MSP – is going from a $600 billion addressable market to a $1.3 trillion addressable market, certainly $1 trillion by 2030. That’s a huge market. On the MSP side specifically, we have four or five scaled companies at or above a billion in revenue. Ninja is on its way up there. N-able, of course, is a big company. But you’re talking about a much larger addressable market – there’s still empty canvas where new companies can scale up to fill the middle and eventually be alongside some of those platforms. We expect those platforms to continue to grow and thrive, and we hope to build or invest in companies that can partner with them to take advantage of their distribution and ultimately make small and medium businesses better through MSPs. All that said, what are some of those categories? I don’t think it’s new MSPs starting up and buying PSA – that market is fairly saturated. Nor do I think it’s more EDR or XDR – those are pretty saturated markets too. There’s still market share that will trade, don’t get me wrong, and innovation will build on top of it. But doubling the market requires new products, new revenue streams, and obviously AI is a critical part of that. Whether it’s the evolution of agentic service work to do all the work that should be done but isn’t, or raising productivity levels so the service is that much better, or helping the average SMB with a sophisticated IT strategy that evolves into an AI strategy – we see the category of AI services enablement for MSPs as a huge, huge opportunity. In the enterprise, we’re living through what I call the SaaSpocalypse – the idea that big SaaS companies are going to see fewer licenses because people are going to downsize headcount and thus take an impact on their top line. But we see the SMB market as more resilient, because my accountant with 60 people and one person in marketing – they’re not going to downsize that one-person marketing department. That person is actually just going to get that much better thanks to all the tools they’re using. SMB IT spend is expected to outpace enterprise IT spend for the first time ever in 2026. We believe that’s because of the resiliency of the SMB market – the idea that when a big tech company lays off 5,000 people, those people don’t all sail off into the sunset. A lot of them move into the SMB economy and start small businesses. Maybe the IT folks start an MSP. So we see the SMB part of the economy continuing to thrive, and it’s showing itself this year – thanks to this crazy stat that SMB IT spend will outpace enterprise IT spend for the first time ever. For all those reasons, we’re very excited about the opportunities it creates in the companies that we’re invested in. Robert Dutt: That is a crazy stat, and it’s worth underlining – because of where you and your peers and so much of this community is focused, right in that SMB space. And closer to home, as a Canadian podcast, we’re very much a nation of SMBs. So it really is super impactful here. Joel Abramson: Yeah, I would agree. Robert Dutt: For people who want to follow what you guys are doing – whether they’re founders, MSPs, or just interested in what’s coming in terms of new AI-first MSP software – where do they find you? How can they find out more? Joel Abramson: TopDown.com. We publish a newsletter and try to share all the learnings we’re gaining each quarter. We publish a white paper annually. We have a conference in November called Horizons – if you’re interested in investing in the MSP ecosystem, our goal is to bring everybody together as peers. We do a lot of dinners and events around the big MSP events. Our goal is always to bring everyone together as peers, not in a supplier relationship where you’re being sold to – just everybody trying to solve this thing together. The community aspect of the MSP ecosystem is so strong, and that’s how you engage. I’m pretty easy to find and always interested in a conversation with anybody from inside the ecosystem or outside, as we try to build this thing one brick at a time toward 1.3 trillion of addressable market. Robert Dutt: Brilliant. Go get that. Go build that. I appreciate you taking the time, Joel. Joel Abramson: Thank you so much for having me. Robert Dutt: There you have it – Joel Abramson from Top Down Ventures. I’d like to thank Joel for his time this morning. Thank you as always for listening to In The Channel. A few things stuck with me from this conversation. First, the framework Joel described: frontier AI companies at the top, then the supply chain software layer that Top Down invests in, then MSPs, then SMBs at the front line. It’s a clean way to think about how AI value actually gets delivered to small and medium businesses. And the point that MSPs are the most natural vehicle for that delivery is hard to argue with – from where I sit, and probably from where you sit too. Second, that stat about SMB IT spend outpacing enterprise IT for the first time ever this year. If we’re in what Joel calls the SaaSpocalypse for the enterprise, we’re in a resilience story for SMB. For an audience of MSPs, that’s your market, and that’s your moment. And the zofiQ story. A six-month hold, 5.3 times the invested capital to ConnectWise. What Joel said about what made it work – going deep into a singular problem rather than an inch deep and a mile wide – is as much a product philosophy lesson as it is a venture capital story. If you want to follow what Top Down is doing, find them at TopDown.com, where they publish a regular newsletter and annual white paper on the state of MSP capital. Their Horizons conference runs every November if you’re engaged in this ecosystem as a founder, an operator, or an investor. If you’re enjoying the show, please give the podcast a follow or subscribe on Apple Podcasts, Spotify, YouTube, or most of the major podcast directories. Ratings and reviews are always encouraged. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Synopsis Cette semaine, Patrick et Jacques reçoivent Jonathan Bastille, technicien informatique avec mandat sécurité au Cégep de Rivière-du-Loup. Jonathan raconte sa transition du privé vers le secteur public, et le contraste brutal entre la rapidité de décision en PME et le rythme « paquebot » d'un milieu où chaque changement passe par un conseil d'administration. La discussion bifurque rapidement vers la loi 25, l'illusion de conformité par bouts de papier, et l'attitude de trop de PME québécoises : « la sécurité, c'est pas important — j'attends que ça le devienne ». Le trio s'attaque ensuite à un sujet récurrent du podcast : la futilité de la majorité des campagnes de phishing simulé. Renforcement positif vs punition, tests qui ne mesurent que le clic au lieu du processus de détection en arrière, et l'argument central de Patrick — si vos employés deviennent bons à reconnaître votre simulation, ils ne deviennent pas pour autant bons à reconnaître les vraies attaques. Jonathan partage aussi une histoire concrète où il a bloqué le device code flow dans Microsoft, juste avant qu'une attaque réelle utilisant exactement cette technique frappe l'organisation. Côté actualités, plusieurs nouvelles passent au crible : le retour forcé au bureau qui a accouché du néologisme « téléprésentiel », la sortie maladroite du chef du CST qui blâme la proximité avec les États-Unis pour les cyberattaques canadiennes, et surtout le combo explosif CopyFeld + cPanel — une vulnérabilité Linux d'escalade de privilèges présente depuis 2007 et un piratage massif de panneaux d'administration d'hébergeurs. L'épisode se ferme sur une campagne de phishing déployant ScreenConnect chez 80+ organisations, un faux positif retentissant de Microsoft Defender sur des certificats DigiCert, et un rappel martelé : tant que les utilisateurs travaillent en local admin, aucun EDR ne va vous sauver. Crew Patrick Mathieu Jacques Sauvé Jonathan Bastille (invité spécial) Liens et ressources Patrick Microsoft Attack Surface Reduction Rules Device code phishing - Microsoft Microsoft Digital Defense Report Téléprésentiel – retour au bureau, 3 h de trafic pour Teams (Journal de Montréal) Proximité avec les États-Unis et cyberattaques – Radio-Canada cPanel / WHM – exploitation massive du contournement d'authentification (TechCrunch) Copy Fail – exploitation pour obtenir root sur Linux (CISA / BleepingComputer) Jacques Campagne phishing ScreenConnect 80+ organisations Microsoft Defender faux positif DigiCert / Cerdigent Jonathan Microsoft Defender for Endpoint Microsoft Sentinel Microsoft Intune Shamelessplug Inscriptions Hackfest 2026 Hackfest CTF Polar - journée pour les gestionnaires en cybersécurité Call for Paper Hackfest 2026 (mai à fin août) iHack - 30 mai 2026 (Québec, Trois-Rivières, Chicoutimi, Montréal) Discord Hackfest securite.fm Crédits Montage audio par Hackfest Communication Musique par Caleidisco – Candy Island - Much Too Loose Locaux virtuels par Streamyard

In this episode, Ken Westin maps AI adoption onto the hero's journey framework, drawing on two decades of security experience to explore how practitioners can move past early resistance, build real fluency with AI tools, and find a working model where humans and AI operate together.Key Topics:Why early AI tools left security teams skeptical and what has genuinely changed since thenHow Ken used AI to accelerate detection engineering without sacrificing analyst oversightWhy AI is best understood as an eager, overconfident intern that still needs supervisionThe importance of hands-on experimentation over passive observation when learning AIHow collaboration and shared prompting practices are shaping how practitioners learnWhy security analysts who engage with AI now will not be left behind as the field evolvesThe case for AI as a tool of empowerment, not replacementAt Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.About Our GuestKen Westin is a Senior Solutions Engineer at LimaCharlie with nearly two decades in the cybersecurity industry. A former startup founder who built tools to track criminal activity, Ken has worked across SIEM, EDR, and detection engineering throughout his career. He also teaches at the college level, where AI and cybersecurity are increasingly intertwined disciplines.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Ken Westin - Senior Solutions Engineer at LimaCharlie

Got a question or comment? Message us here!Qilin ransomware is deploying a malicious DLL to disable EDR tools before encryption begins. In this #SOCBrief, we break down how the attack works, what to look for, and how defenders can respond. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

A new type of cyberattack is bypassing every security tool you've invested in — and it starts with a simple Microsoft Teams message. No malware. No exploit. No zero-day. Just someone pretending to be IT support. At the same time, new data shows 73% of ransomware attacks are now entering through VPNs, and small businesses are absorbing an average of $422,000 per incident. Meanwhile, KPMG just released its 8 cybersecurity priorities for 2026, sending a clear message to executives: the biggest risk isn't technology — it's leadership. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three critical developments every business leader needs to understand right now. This Week's Cybersecurity Breakdown 1. Microsoft Teams Hack (UNC6692 Attack Campaign) Hackers are impersonating IT support inside Microsoft Teams to gain access to enterprise environments. No software vulnerability exploited Targets C-suite and senior leadership (77% of victims) Uses legitimate platforms like AWS and Heroku to evade detection 2. VPNs Are Now the Front Door for Ransomware (At-Bay 2026 Report) New insurance data reveals a sharp increase in ransomware attacks targeting VPN infrastructure: 73% of attacks originate through VPNs 60% of victims had EDR deployed — and still got hit SonicWall vulnerabilities linked to a significant percentage of attacks Average loss: $422,000 for SMBs 3. KPMG's 8 Cybersecurity Priorities for 2026 A strategic warning for boards, CEOs, and executives: AI is now an attack surface Non-human identities (APIs, service accounts) are a major blind spot Supply chain attacks are becoming the primary entry point Cybersecurity is no longer an IT issue — it's a leadership responsibility The Bottom Line The biggest cybersecurity gap today isn't technical. It's leadership. You can't patch employee trust You can't rely on tools without oversight You can't delegate cyber risk and expect protection If you're running a business, this is required awareness. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware trends, and executive-level security insights.

Stop Using VSS as a Backup Before Ransomware Deletes Your Shadow CopiesRansomware deletes shadow copies using your own built-in Windows tools against you — and if VSS was your backup plan, you just found out the hard way that it wasn't. In this episode, W. Curtis Preston (Mr. Backup), Prasanna Malaiyandi, and Dr. Mike Saylor break down exactly what shadow copies are, why they don't qualify as a real backup, and how attackers are weaponizing vssadmin to wipe your recovery options before you even know you're under attack.If you've got Windows systems and you've been thinking "eh, we've got shadow copies," this episode is for you. We cover the history of VSS — what it was actually designed for, why it became a crutch, and why using it as your primary backup strategy is a bad idea on multiple levels. Performance, the 3-2-1 rule, and the fact that one attacker with admin rights can delete every single copy in seconds. We also get into the living off the land angle: how attackers do recon on your shadow copies, how they use them to scope out valuable data before going full ransomware, and what you can actually do to detect and respond to this behavior using EDR tools.The bottom line: VSS is a great tool. It was just never meant to be your backup. Get a real one.Chapters:0:00 — Intro1:39 — Welcome & Book Talk3:26 — What Are Shadow Copies and Why Do People Use Them as Backups?9:14 — Performance Problems with VSS as a Backup10:19 — Living Off the Land: How Ransomware Uses VSS Against You12:36 — Can You Monitor or Lock Down VSS Admin?14:26 — Why Shadow Copies Fail the 3-2-1 Rule (They're Not a Backup)18:01 — How to Protect Yourself: Configuring Your EDR21:31 — The Local Admin Problem and Security Culture27:00 — Virtualization, Snapshots, and Shadow Copies29:00 — Final Thoughts: Just Don't Do That

Cybersecurity is no longer a nice-to-have for government contractors — CMMC compliance is now a pre-award requirement, and if you haven't addressed it, your proposal may be dead before anyone reads it. In this episode, Eric sits down with a 15-year MIT Lincoln Laboratory veteran whose company now trains US Cyber Command to break down exactly what small and mid-size contractors need to know about cyber readiness in a rapidly shifting AI-driven threat landscape. Here's what you'll learn in this episode: Why CMMC and FedRAMP exist — and why meeting the minimum standard is just the floor, not the finish line, for contractors serious about winning DoD business How AI is accelerating cyberattacks on small businesses — attackers are using the same tools you use to run your business, and they're moving faster than ever What a cyber range actually is and how it works — the fire drill analogy that explains why buying tools without training your team is money wasted The right cybersecurity stack for small contractors — endpoint detection and response (EDR), firewalls, and SIEMs explained in plain language with practical starting points How to stop overspending on tools you don't use — why most CISOs only fully utilize a third of their security tools and how to build a lean, effective stack instead What AI adoption inside your company is actually exposing — prompt injection, data leakage, and the governance controls that protect your sensitive contract data   EPISODE CHAPTERS: 0:00 - Sponsor message and why cybersecurity just became mandatory 0:53 - Introducing a 15-year MIT Lincoln Lab cyber expert  6:01 - How the guest built cyber infrastructure for national defense 7:25 - What cyber ranges are and how they work for DoD training  9:16 - The fire drill analogy for understanding cyber readiness 11:07 - Why buying tools without training your team is not enough  13:28 - How the threat landscape has evolved from servers to cloud to AI 16:17 - CMMC and FedRAMP explained as a minimum bar for contractors  19:38 - The real-world financial losses that finally force action on cyber 25:21 - Building a practical cyber stack for small business contractors  31:17 - How AI is changing team size, efficiency, and detection capability 33:36 - Where AI adoption inside your business is creating new vulnerabilities  37:00 - How cyber range assessments work and how long they take  42:14 - What the next five years looks like for cybersecurity in govcon   If you want to learn more about the community and to join the webinars go to: https://federalhelpcenter.com/ Website: https://govcongiants.org/ Connect with Encore Funding: http://govcongiants.org/funding Connect with Lee Rossey: https://www.linkedin.com/in/lee-rossey-0873881/  

The dominant structural shift discussed in the episode is the movement from tools-based differentiation to a market defined by proof and liability. This shift is driven by the rising demand for continuous, auditable control over data location, access, and change—requirements increasingly codified by policy mandates, insurance underwriting, and regional AI governance. As illustrated by France's shift away from Windows to Linux across government ministries, enforced through formal governmental policy, the conversation is moving beyond technology preferences to mandated operational boundaries and verifiable compliance. The episode cites findings from ESET's 2026 SMB Cyber Readiness Index, reporting that 86% of US SMBs and 78% of Canadian SMBs carry cyber insurance, with over half of US-insured SMBs required to implement explicit security controls by insurers. Underwriters increasingly demand evidence of controls like MFA, immutable backups, and EDR—not just attestations—at renewal, underwriting, and post-incident. Public sector mandates, such as France's comprehensive push for sovereignty encompassing OS, collaboration, cloud, and AI platforms, are producing enforceable requirements that cascade to commercial contracts and the MSP channel. Supporting developments include Gartner's forecast that by 2027, 35% of countries will be locked into region-specific AI platforms. This is reinforced by channel research from Channel Insider and a survey of 333 MSPs by AvePoint and Omnia, both pointing to governance—not AI tooling—as the leading blocker for MSPs adopting new technologies. Microsoft's move toward metered AI billing and the proliferation of shadow data (with more than 80% of sensitive data potentially sitting outside formal controls, according to Palo Alto Networks research) further highlight how operational complexity and fragmented governance elevate risk for service providers. For MSPs and IT leaders, these trends increase contractual and operational exposure. Failure to recognize that the market is purchasing assurance rather than tool support will leave providers absorbing liabilities related to insurance control failures and unmetered operational costs, often under fixed-fee models that do not account for new governance demands. Providers are advised to immediately review contract language for obligations tied to security controls, reconsider pricing and scope in governance delivery, and prepare for insurer-driven requirements such as third-party access to telemetry or continuous control attestations. The takeaway is that defensible, auditable evidence—not stack management—will define margins, accountability, and long-term client relationships. 00:00 Sovereignty Squeeze 04:22 Spawl Blindspot 07:02 Proof Pays 09:35 Why Do We Care?  Supported by:  ScalePad CometBackup 

In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting hundreds of internal penetration tests every year.This isn't a vendor comparison or a theoretical framework. It's an honest account of what works, what gets misconfigured, and what separates organizations that slow attackers down from those that don't.Topics covered include:Application Control — ThreatLocker and Magic Sword — why app control is probably the single most effective endpoint control against attackers, how the learning period works, why jumping straight to enforcement mode is a mistake, and why executive buy-in is as critical as the technical implementationWDAC vs. traditional App Locker — the differences, what closed-book enforcement actually means for attackers, and the two schools of thought on allow-list vs. block-list approachesStrong identity controls — MFA beyond RDP including SMB, WinRM, and HTTP via products like Silverfort, why push notification MFA falls short, and why number matching mattersProtected Users Group — one of the most powerful and underused Active Directory controls, with a real-world story of how it nearly matched a full third-party identity product in effectiveness during a law firm pen testLeast privilege and admin tiering — why Help Desk is one of the most targeted groups for social engineering, how over-permissioned service accounts hand attackers domain admin in minutes, and the real cost of control path vulnerabilitiesNetwork segmentation and zero trust — why domain controllers don't need internet access, how segmentation limits attacker recon, and where products like Zscaler fit inEDR baselining and UEBA — why plugging in an EDR tool and expecting it to work isn't enough, the case for getting back to behavior-based detection, and why catching recon activity matters more than catching executionDeception — honeypots, canaries, and fake assets — why deception is underrated, why high-fidelity low-false-positive alerts change the game, and what it actually feels like as a pen tester to trip on a well-placed decoy without knowing itAlso mentioned: Spencer and Brad's Tools of the Trade workshop at ILTA Evolve — Denver, end of April.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Is your EDR blinding you to insider threats? In this episode, Ashish is joined by Brandon Dixon (Co-Founder & CTO of Ent AI, and former Microsoft Security Copilot leader) to discuss why traditional endpoint security tools are failing in the AI era .Brandon talks about the reality of modern "Insider Risk." Attackers are no longer relying on malware; they are "living off the land" by using legitimate enterprise software (like Zoom or Microsoft Office) to look like everyday employees . Why EDR tools can see that Zoom is running, but are completely blind to a user granting remote control to an outsider .We also explore the explosion of Shadow AI, highlighting a real-world HIPAA violation where an HR employee tried to feed patient records into Meta AI via WhatsApp . If your SOC team is drowning in alerts from "dumb control points," this episode talks about how to move from reactive pattern matching (legacy DLP) to proactive behavioral intent modeling at the endpointGuest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Brandon's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Security, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:50) Who is Brandon Dixon? (RiskIQ, Microsoft Copilot, Ent AI) (04:00) Redefining Insider Risk: Malice vs. Mistakes (05:10) "Living Off the Land": Why Adversaries Use Legitimate Tools (06:30) The Zoom Example: Why EDR is Blind to Remote Control Hacks (09:30) The Failure of Security Training against "Click Fix" Attacks (11:50) Case Study: A HIPAA Violation via Meta AI in WhatsApp (13:50) Why Traditional DLP Fails at Semantic Context (16:50) Local AI Usage: Why Workloads Are Returning to the Endpoint (18:50) The Problem with UEBA: Putting Anomalies in Context (22:30) Why You Can't Build This With a Data Lake (26:30) Stopping the "Trophy SOC" and Dumb Alerts (27:40) Fun Questions: Kangaroo Jerky Tasting (28:40) Hobbies & Pride: Ultramarathons and Growing Up in Baltimore (29:20) Favorite Cuisine: Burmese Food (Tea Leaf Salad)

Guest: Raja Mukerji, Co-Founder & Chief Scientist, Extrahop Rafal Los, VP of Client Relations and Strategic Initiatives, Extrahop Topics: Is Network Detection and Response (NDR) coming back after being shoved to the side by EDR a bit? Is this for real? What's the value proposition of NDR in 2026, because some people still don't understand it? How does NDR apply to the world of WFH, cloud/SaaS, encryption, high bandwidth, etc? Is the value of NDR the same, or different, when it comes to public (or private) cloud? How does NDR fill visibility gaps that identity and agent-based solutions cannot? What does NDR offer that built-in cloud security tooling (as of right now) does not? Would you call NDR a key cloud security control? Does NDR help with shadow AI? NDR elephant in the room is sometimes cost. How does cost change the value prop when compared to on-premise or physical infrastructure? Resources: Video version EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty EP113 Love it or Hate it, Network Security is Coming to the Cloud EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google EP115 How to Approach Cloud in a Cloudy Way, not As Somebody Else's Computer? EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI) "The GC+CISO Connection Book" book

Send us Fan MailCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvAn AI model that can uncover thousands of zero-days and potentially chain multiple vulnerabilities into an automated exploit is not just a scary headline, it's a stress test for every risk program on the planet. I open with what the Mythos news implies for real-world defense: attacker behavior may shift from human pace to machine speed, and many SIEM and EDR detections are still tuned for human patterns. That's why we talk candidly about what security teams may need to do next, including tightening externally facing systems and moving faster toward a zero trust architecture. Then we pivot into CISSP Domain 1 risk management concepts, translating exam language into decisions you'll actually make in a business. We define the core terminology like assets, threats, vulnerabilities, exposure, safeguards, attacks and breaches, then walk through control categories (technical, administrative, physical) and control types (preventive, detective, corrective, deterrent, recovery and compensating). If you've ever wondered why risk conversations go sideways, we also dig into the difference between risk appetite, risk capacity, and risk tolerance, and why you can't set these without business leaders in the room. We also tackle quantitative risk analysis versus qualitative risk analysis, including CISSP formulas such as AV, EF, SLE, ARO and ALE, plus a critical reality check on “fake precision” and how to apply a cost-benefit analysis that holds up. Finally, we cover security control assessments, monitoring and measurement, building a risk register safely, and how maturity models and risk frameworks like CMMI, ISO 31000, NIST approaches, ISO 27005, COBIT, SABSA and PCI DSS fit into a defensible cybersecurity risk management program. Subscribe, share this with a CISSP study partner, and leave a review so more security pros can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this sponsored interview, Corelight's Senior Director of Product Management, Dave Getman, tells James Wilson how Corelight Agentic Triage helps defenders stay ahead of AI-powered attacks. Corelight makes NDR hardware that runs a heavily optimised version of the Zeek network monitoring tool. Corelight Agentic Triage integrates with EDR and other data sources, and helps defenders make sense of all the data that NDR can generate. Show notes

Podcast: Industrial Cybersecurity InsiderEpisode: Who Actually Owns OT Cybersecurity? Not Who You ThinkPub date: 2026-04-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig break down what they are seeing in real industrial environments as companies begin the OT cybersecurity journey. They outline why most organizations are still in an “unaware to awareness” phase, what creates the “oh wow” moment after the first pilot, and why ownership and execution often falls to plant-floor teams and their OEM and integrator partners.The conversation covers the limits of surface-level visibility, why accurate asset inventory and remote access control are foundational, and how practical constraints like flat networks, legacy switches, warranty concerns, and limited human capital can stall progress.They also share cautionary examples of IT-first security tooling causing operational impact, and they close with a clear message: think globally, act locally, and build a defensible OT program that matches how plants actually run.Chapters:(00:00:00) Why OT vulnerabilities and remote access are the real “kicker”(00:01:00) The market reality: 60% unaware, 30% starting, 10% operationalized(00:03:00) Who owns remediation: IT vs OT and the plant-floor accountability gap(00:05:00) Why “visibility” often stops at Purdue Level 3 and misses Level 2 assets(00:07:00) OEMs, integrators, and why support models matter in OT cybersecurity(00:09:00) Flat networks, north-south traffic, and why you still miss panel-level devices(00:11:00) The human capital problem and why outsourcing is often unavoidable(00:18:00) A real-world warning: EDR in ICS can create massive operational cost(00:20:00) Safety, quality, and cybersecurity: the three things leaders will fund(00:24:00) Change management failures and why monitoring PLC edits mattersLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments.This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and controls that actually hold up against how attackers operate.Topics covered include:"Just enable MFA everywhere" — why focusing only on RDP leaves SMB, WinRM, service accounts, and legacy protocols wide open"EDR will catch it" — the danger of over-relying on a single control, including a little-known CrowdStrike behavior where it self-disables on domain controllers at 90% resource utilization — often completely unnoticed"Patch everything immediately" — why blind speed creates its own operational risk, and how to build a prioritized, high-risk patching process that actually works"Least privilege everywhere" — why removing permissions without providing alternatives drives workarounds, shared accounts, and exceptions that undo the whole point"Follow the framework and you're secure" — why compliance is a starting point, not a finish line, and what most standards actually require vs. what actually reduces riskFocusing on attack paths over checklists — why thinking like an attacker leads to better security decisions than ticking boxesBrad and Spencer close with what actually works: context-driven decisions, management buy-in, clear communication when making sweeping changes, and validating every control through internal penetration testing. As Spencer notes, most clients don't have full confidence in their EDR and SOC after a pentest — and that's exactly why trust but verify matters.Also mentioned: Spencer and Brad's upcoming Tools of the Trade workshop at the ILTA Evolve conference in Denver.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Raj Rajamani is co-founder and CEO of JetStream. JetStream sells an AI agent governance and identity platform designed to help organizations identify and control their sprawling AI footprint. In a crowded space, JetStream has emerged as a leader with a world-class team and $34 million seed round. Before JetStream, Raj has a storied career as a product leader at several of the most important EDR companies of the last 15 years. He served as a VP of Product at Cylance, CPO at SentinelOne, and CPO at CrowdStrike. In the episode, we talk about the lessons from the winners of the EDR battle, his personal character changes throughout, and how his experience has set him up to lead a startup in arguably the most important security category right now. https://jetstream.security/

Today is my favorite pentest pwnage tale of 2026 – and maybe ever!  It centers around an ADCS abuse via an attack path I'd never seen before.  Tips include: Use Netexec to pull Powershell history Trying to steal reg hives and the EDR is made?  Try copying them out to some-other-server.domain.comshare This post featured interesting use of the Responder -N option

In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that's become a go-to for their internal penetration testing engagements.They start with the backstory: years of relying on AD Explorer from Microsoft Sysinternals, and the growing need to evade EDR detections. At one point, that meant manually obfuscating binaries with a hex editor. NetTools eliminates that friction entirely — no installation, no dependencies, no signatures to fight.Topics covered include:Why NetTools replaced AD Explorer and how EDR pressure forced the shiftGroup Policy enumeration, including how to spot dangerous GPO permissions like authenticated users with write access to server OUsLDAP Search & Browser for querying AD, identifying risky data (like passwords in descriptions), and exploring object relationshipsAssigned Trustees & Permissions Reporter for fast, visual identification of misconfigurationsHow to run NetTools from non-domain-joined machines using saved credential profilesPassword checker functionality for targeted validation without spraying the environmentFor pentesters, it's a faster way to get visibility into AD risk. For IT admins, it's a practical way to audit and harden your environment.NetTools combines the functionality of multiple tools into one portable utility. Learn more at nettools.net. Credit to creator Gary Reynolds.NetTools | The Swiss army knife of AD troubleshootingBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

On the RSAC Conference show floor, Tony Anscombe shared how ESET has expanded its threat intelligence offering with ECR reports -- designed to give commercial organizations both machine-readable feeds and human-readable analysis. The reason: threat actors are increasingly hard to attribute, they share tools, run coordinated campaigns, and reinvest profits into more sophisticated operations. Having someone do the research and surface actionable intelligence is no longer a luxury. Anscombe pointed to a telling campaign pattern from last year: threat actors refined attack methods against UK retailers, then rapidly adapted those same techniques against US retailers. The implication is clear -- your business may be unique in its infrastructure, but it is not unique in its sector. Understanding how your sector is being targeted is the foundation of a prevention-first posture. Automation came up as equally non-negotiable. If it takes three days to collect all the information needed to make a determination about an incident, the post-attack phase has already begun. ESET Inspect is designed to flip that equation: when an analyst opens an incident, the forensic analysis is done, the evidence is visualized, and the determination can be made on facts rather than gathered through investigation. Anscombe was careful to draw a line between automation as speed and automation as replacement. ESET's position is that AI should operate alongside human expertise -- trust and verify applies to AI-assisted analysis just as it does to any intelligence feed. Oversight remains essential, even as the tooling gets faster. A preview of upcoming survey data offered one of the more striking moments in the conversation. Roughly 35% of SMBs using MDR are sourcing that service directly from their cyber insurer. Anscombe flagged the monoculture risk: when a large share of businesses in the same sector run identical security stacks, a single point of failure becomes a sector-wide vulnerability. His advice after 30 years in the industry -- different organizations should deliberately choose different platforms to maintain diversity. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES ESET: https://www.eset.com ESET Threat Intelligence: https://www.eset.com/int/business/services/threat-intelligence/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, threat intelligence, cyber resilience, MDR, EDR, XDR, managed detection and response, SMB security, cybersecurity automation, RSAC Conference 2026, prevention-first security, cyber insurance, monoculture risk, ESET Inspect, APT research Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Vijit Nair, VP of Product Management at Corelight, joins Sean Martin on the floor of RSAC Conference 2026 for a conversation about what it takes to move security operations from AI-assisted to AI-autonomous. Corelight is the fastest-growing company in the network detection and response (NDR) space, and Nair has spent six years helping build the platform from early network monitoring to its current position as a Gartner Magic Quadrant Leader. The company's open NDR platform transforms raw network traffic into high-fidelity, unopinionated evidence -- and that evidence is now powering the next leap: agentic triage. Corelight's newly launched Agentic Triage product moves beyond the "level one" AI assistant model -- where a system answers questions but takes no action -- to a "level two" agent that actually investigates and triages alerts. It identifies the riskiest entities in an environment, collects all associated context and data, runs a full investigation cycle, and delivers a verdict with full evidence attached. Nair calls it "bringing the receipts": analysts see not just the conclusion but every step of the reasoning. Early results show a 10x increase in investigation speed and 60-70% of alerts being automatically triaged. The network is having a resurgence as an essential visibility layer, and Nair explains why: attackers have adapted to EDR. Nation-state-style campaigns like Volt Typhoon and Salt Typhoon operate in the network layer, targeting unmanaged devices, routers, firewalls, and VPNs that endpoint tools cannot see. Corelight almost always finds something in the first 30 days of a pilot deployment -- from shadow IT and shadow VPNs to active red team attacks using tools like Sliver-based C2 frameworks. On the question of SOC adoption, Nair pushes back on the assumption that hesitation comes from the top. The hunger for AI-powered tools runs from CISOs all the way down to the analysts dealing with alert overload and understaffed teams. A recent customer put it simply: "This is amazing. Please don't take it away from me." Nair frames the path to full autonomy as a spectrum -- from human-controlled to fully agentic -- and draws the comparison to Waymo: the journey is measured and incremental, but the destination is inevitable. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Vijit Nair, VP of Product Management, Corelighthttps://www.linkedin.com/in/vijitn RESOURCES Corelight: https://corelight.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Vijit Nair, Corelight, Sean Martin, network detection and response, NDR, agentic triage, AI SOC, autonomous security operations, SOC automation, network security monitoring, threat detection, AI-powered security, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security teams have more data than ever -- and less confidence in it. Angelos Kottas, VP of Product and Corporate Marketing at Axonius, opens by sharing a striking finding from the Axonius Actionability Report: 55% of CISOs still run their environments off spreadsheets, and fewer than 20% have daily updates to their asset data. The result is a gap between what organizations think they know and what is actually happening across their digital real estate. Axonius was founded in 2017 after its co-founders witnessed a Fortune 100 retailer go into crisis during a live security incident -- unable to identify which assets were impacted or who owned them. That founding story still frames the company's mission: give security teams a comprehensive, enriched, and current view of every asset so they can stop flying blind. But Kottas argues that visibility alone is no longer the goal. Axonius launched its exposure management product at RSAC Conference 2025 -- its most successful product launch to date -- and the message from customers is consistent: what used to take weeks now takes hours or minutes. The platform now enables teams to move from discovery to coverage gap analysis to prioritized remediation, all in one place. The business case is real. Texas A&M University used Axonius to gamify risk reduction across its decentralized schools and divisions, turning remediation into a leaderboard and dramatically accelerating time to closure. An entertainment company customer used Axonius during the 2024 CrowdStrike Blue Screen of Death incident to scope its impact and build a remediation plan in minutes -- delaying operations by just five minutes, while others faced days of disruption. Kottas also addresses the AI question head-on. He frames it as AI squared: the foundation for artificial intelligence is asset intelligence. Agentic AI and autonomous SOC workflows are only as reliable as the data underneath them. Conflicting endpoint counts across EDR, CMDB, and other tools produce dirty data that undermines AI trust. Axonius solves this by delivering a deduplicated, enriched asset graph with business context layered in -- so AI systems can make recommendations organizations can actually act on. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Angelos Kottas, VP of Product and Corporate Marketing, Axonius LinkedIn: https://www.linkedin.com/in/amkottas/ RESOURCES Axonius website: https://www.axonius.com Axonius Actionability Report: https://www.axonius.com (available on the Axonius website) Adapt 2026 (annual customer conference, April 15, New York City): https://www.axonius.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Angelos Kottas, Axonius, Sean Martin, asset intelligence, exposure management, cyber asset attack surface management, CAASM, vulnerability management, actionability, CISO visibility, AI in cybersecurity, agentic AI, asset discovery, coverage gap analysis, incident response, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

I sat down with Jonathan Claudius from Asymmetric Research to talk about the security landscape in Web3. We covered the new vulnerabilities emerging from LLMs and AI agents, the easy wins every founder should implement today, and why security can't be confined to a two-week audit window. Jonathan shares real examples from their work with the Interchain Foundation, explains how to balance shipping speed with security rigor, and gives practical advice on building defense in depth. If you're building in this space, this conversation will change how you think about security. • [01:03] How Asymmetric Research started from Jump Crypto and their shift to commercial engagements• [04:52] Real incident: Preventing a DPRK hacking group infiltration at Interchain Foundation• [08:18] New security threats from LLMs and AI agents - the offense vs defense arms race• [10:08] Bug bounty programs seeing high-quality submissions from LLM-enabled attackers• [13:46] Easy wins: Branch protection, security keys, linting, and static analysis tools• [16:24] Balancing speed and security through defense in depth strategies• [18:35] OpenClaw and AI agents creating new attack vectors like prompt injection• [22:14] Laptop security basics: MDM and EDR solutions every team needs• [25:19] Why Asymmetric focuses on human connection over productization• [29:14] Founder lessons: Building finance and BD systems earlyAsymmetric Research Website: https://asymmetric.reAsymmetric Research Careers: https://asymmetric.re/careerWeb3 with Sam Kamani: https://www.web3pod.xyz/Nothing mentioned in this podcast is investment advice and please do your own research. It would mean a lot if you can leave a review of this podcast on Apple Podcasts or Spotify and share this podcast with a friend. Be a guest on the podcast or contact us - https://www.web3pod.xyz/

Fileless malware is one of the most dangerous attack types out there — it never writes to your hard drive, lives entirely in RAM, and can steal your credentials before your antivirus has any idea it's there. In this episode, I bring in Dr. Mike Saylor — my co-author on Learning Ransomware Response & Recovery — to break down exactly how this attack works, why it's so hard to detect, and what you can actually do to protect yourself.Mike walks us through how fileless malware hides in memory, how bad guys maintain their foothold even after a reboot by modifying registry keys or rewriting the operating system itself, and why the ArcGIS attack is a perfect real-world example — attackers sitting undetected inside a network for two years. We also get into MFA, specifically why a lot of MFA setups are done wrong, why passkeys are the better answer, and when it's time to bring in an EDR or XDR tool.Fair warning: the action items here are a bit more advanced than our usual stuff. Think of this as the 401k conversation — don't have it before you've built your emergency fund. But this is stuff you absolutely need to know.00:01:26 - Welcome & intro00:04:43 - What is fileless malware?00:09:16 - How fileless malware achieves persistence (ArcGIS case study)00:15:02 - Can fileless malware spread beyond one machine?00:16:43 - Defending yourself: MFA done right00:20:38 - Why passkeys beat MFA00:23:00 - EDR and XDR explained00:28:03 - How modern EDR tools detect fileless malware00:30:01 - Wrap-up and action items

Every vendor at RSAC Conference 2026 will have an autonomous SOC story. Subo Guha, Senior Vice President of Product Management at Stellar Cyber, has been building the real thing for over a decade -- and he has one question every buyer should ask at every booth: can your platform explain why it reached its verdict? Stellar Cyber's autonomous SOC provides a full case summary for every true positive, showing the forensic evidence chain, threat intelligence correlations, and specific observables that led to the conclusion. SOC analysts can review, challenge, or override -- and that feedback loop is how the system improves. The threat landscape has shifted in ways that validate Stellar Cyber's original architecture. LLM-generated attacks have collapsed the time to launch a sophisticated phishing campaign from weeks to minutes. Stellar Cyber was built to serve the mid-market and the MSSPs that protect it -- organizations that face identical threats to enterprises but without enterprise resources. A unified, multi-tenant platform means MSSPs onboard new customers in minutes. An open data ingestion engine works with whatever tools are already in place -- no EDR lock-in, no rip-and-replace. At the center of the platform is a correlation engine that transforms thousands of individual alerts into a manageable set of high-confidence cases. An identity compromise driving lateral movement across dozens of alerts becomes one case with a clear recommended action. Subo describes this as the difference between drowning in noise and focusing on decisions that actually require human judgment -- and it is the foundation the autonomous SOC layer is built on. Subo is direct about what the hype gets wrong: the claim that organizations can dramatically cut SOC headcount because AI has it covered is not happening. The realistic version of autonomous SOC is a force multiplier -- digital agents handle the continuous, high-volume triage work that consumes analyst hours, freeing humans for the cases that require context and institutional knowledge. A system that automates without explainability does not reduce risk. It relocates it. Stellar Cyber will be at booth S327 in the South Hall at RSAC Conference 2026, right at the bottom of the escalator. Live autonomous SOC demonstrations will be running throughout the event, with real-world results from customers already in production. The team also has a barista on site -- a detail Subo was particularly keen to mention for Marco Ciappelli. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Subo Guha, Senior Vice President of Product Management, Stellar Cyberhttps://www.linkedin.com/in/suboguha/ RESOURCES Learn more about Stellar Cyber: https://stellarcyber.ai RSAC Conference 2026 Coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, autonomous SOC, Open XDR, MSSP security platform, AI-driven security operations, agentic AI cybersecurity, threat detection and response, RSAC Conference 2026, SOC analyst tools, multi-tenant security platform, LLM-generated attacks, security operations center, SIEM NDR unified platform Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

NSA and Cyber Command head confirmed Russians targeting encrypted messaging app users OpenAI rolls out vulnerability scanner Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-march-11-2026/ Huge thanks to our sponsor, Dropzone AI Remember yesterday's 3 AM threat intel? Here is how it plays out with Dropzone AI.   The intelligence drops. Dropzone picks it up, turns it into a threat hunt, and runs it across your SIEM, EDR, and cloud data while your team sleeps. By morning, your analysts have answers, not a backlog.   That is the AI Threat Hunter, the newest agent on the team, debuting at RSAC. Booth 455, South Expo Hall. dropzone.ai/rsa-2026-ai-diner  

On Episode 254 of K12 Tech Talk, Josh, Chris, and Mark break down Apple's big announcement: the Mac Neo, a $499 laptop that many call a potential Chromebook killer. They compare specs, durability, repairability, management with Apple School Manager, resale value, and the extra operational costs and security considerations (EDR, content filtering, app installs) for school districts. The hosts debate whether the Neo could replace student Chromebooks or target staff and teacher devices first. The episode also covers recent education tech news: a $1.1M California fine against PlayOn for deceptive data‑sharing practices, College Board's ban on smart glasses during exams, and Arkansas HB78 proposing a ban on passive screen time in Pre‑K and Kindergarten with mandatory teacher training. ———— Sponsored by: Meter - meter.com/k12techtalk Visit meter.com/k12techtalk to book a demo!   Eaton - SysAdmin. You live it. You know it. But how well do your colleagues actually understand what makes these teams tick? Eaton's on the scene to clear up any misconceptions. They designed A User's Guide to SysAdmins to help demystify SysAdmins and improve workplace interactions. This guide addresses everyday challenges and misconceptions that Sysadmins face and teaches your colleagues how to interact with you (their SysAdmin), what you wish they knew (but are too polite to say), and how to get their tech tickets to the top of the list. So go ahead: Print it. Forward it. Leave it in the break room with passive-aggressive annotations. Or read it aloud like dramatic slam poetry during the next all-hands. Read A User's Guide to SysAdmins here.   Incident IQ   Lightspeed Systems Fortinet Managed Methods ———— MidwestTechTalk Security Symposium/K12TechPro Meetup (Midwest) March 12th-13th, 2026 ———— Join the K12TechPro Community (exclusively for K12 Tech professionals) Buy some swag (tech dept gift boxes, shirts, hoodies...)!!! Email us at k12techtalk@gmail.com OR our "professional" email addy is info@k12techtalkpodcast.com X @k12techtalkpod Facebook Visit our LinkedIn Music by Colt Ball Disclaimer: The views and work done by Josh, Chris, and Mark are solely their own and do not reflect the opinions or positions of sponsors or any respective employers or organizations associated with the guys. K12 Tech Talk itself does not endorse or validate the ideas, views, or statements expressed by Josh, Chris, and Mark's individual views and opinions are not representative of K12 Tech Talk. Furthermore, any references or mention of products, services, organizations, or individuals on K12 Tech Talk should not be considered as endorsements related to any employer or organization associated with the guys.

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. We talk about a "gut feeling" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. Matthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.

*5:00am: What moment made you feel like you were about to be in a crime scene? *6:00am: Technology tried to sabotage you? What was a sign that you were getting older? *7:00am: What is your job perk? (EDR's at Casinos) *8:00am: Skye Marsh from Southwest Exotic Avian Rescue Talk Lose Toucan in Las Vegas, What's the weirdest thing you've seen with your own eyes in Las Vegas?