POPULARITY
Health Affairs Publishing's Rob Lott speaks to Adam Markovitz of the University of Michigan about his recent paper exploring the growing role of third-party firms in Medicare ACOs, highlighting how they have contributed to wider participation and more geographically dispersed networks while raising questions about how these structures relate to shared savings outcomes.Order the June 2026 issue of Health Affairs.Sign up for our free Health Affairs newsletters to stay up to date on health policy news and analysis.
Today’s headline news for Canadian IT solution providers: HPE Discover 2026 kicks off: HPE Discover 2026 opens today at The Venetian in Las Vegas with the Partner Growth Summit, the partner-exclusive day that precedes the main conference. The General Session – “The Power of One” – is led by HPE channel head Simon Ewington and focuses on HPE’s unified partner strategy under the HPE Partner Ready Vantage program, spanning networking, cloud, and AI. This is the first Partner Growth Summit since HPE’s $14 billion Juniper Networks acquisition closed, and HPE is presenting partners with a fully unified portfolio story for the first time. ChannelBuzz.ca is on the ground all week: Tuesday’s Buzz will feature a full Partner Growth Summit recap, and In The Channel this week features a multi-part series with Jeremiah Jenson, HPE’s vice president of North America channel and partner ecosystem, covering the Discover announcements in depth. Cato Networks launches integration hub: Cato Networks has launched a new Technology Partner Program and a Platform Integration Hub, debuting with more than 100 out-of-the-box integrations with third-party security, cloud, and networking solutions. The SASE provider says the program is designed to simplify how partners and customers connect Cato’s platform with existing enterprise technology stacks. The move is significant for Canadian MSPs and MSSPs: a robust integration catalog reduces the custom API work that often slows deployment and increases delivery costs, making it easier to position Cato alongside the broader tools in a customer’s security environment. Checkmarx flags CISO compliance pressures: A new 2026 Future of Application Security Report from Checkmarx, based on a survey of more than 2,000 developers and CISOs, found that 95 per cent of CISOs report being pressured to suppress or delay compliance-related security issues when business deadlines loom. The research also highlights how AI-generated code is expanding the attack surface faster than many security teams can manage. For Canadian MSSPs, the data reinforces the value of independent, third-party security oversight – and the case for structured application security as a managed service. Dataminr and TD SYNNEX partner on AI cyber defense: Dataminr has signed a strategic distribution agreement with TD SYNNEX, making Dataminr for Cyber Defense available to more than 35,000 North American resellers. The platform combines external risk signals with internal telemetry to help security teams prioritize threats in real time. For Canadian partners already working with TD SYNNEX, the deal adds an AI-driven threat intelligence offering to the distributor’s security portfolio at a time when customers are asking for earlier warning around cyber risk. inforcer launches Microsoft 365 TDR platform: inforcer has launched inforcer Threat Detection and Response, a new platform that gives MSPs a single environment to manage detection, incident response, and reporting across the full Microsoft 365 estate – including Entra, Defender, Purview, Teams, and SharePoint. According to the company, the platform’s advantage is its existing policy and configuration context for each tenant, which it says allows the detection engine to separate real threats from alert noise. The product launched in early access at Pax8 Beyond last week. ConnectSecure introduces Patch 360: ConnectSecure has launched Patch 360, a patch management solution designed specifically for MSPs. According to the company, the platform gives MSPs more control over patch prioritization, testing, and approval workflows, and is designed to reduce deployment risk while accelerating patching across operating systems and third-party applications. NetRise launches Discovery Partner Program: Software supply chain security firm NetRise has launched the Discovery Partner Program for VARs, MSSPs, distributors, and systems integrators. The program provides partners access to the NetRise Platform, which analyzes compiled software artifacts – including binaries, firmware, and containers – to identify components and risks that may not appear in source-code scans or vendor-provided SBOMs. NetRise is positioning the program as a way for partners to address growing customer demand for independent software supply chain verification. Read Full Transcript This episode of The Buzz is brought to you by HPE Discover 2026. HPE Discover runs June 15 to 18 at The Venetian in Las Vegas. Discover what’s next at hpe.com/discover. Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Monday, June 15th, and here’s what’s happening in the channel today. The biggest event on HPE’s calendar opens today at The Venetian Convention and Expo Center in Las Vegas, and ChannelBuzz.ca is on the ground for the full week. But before the main conference opens to the broader audience tomorrow, today belongs exclusively to the channel. The HPE Partner Growth Summit – the partner-only day that kicks off Discover week – is underway as you’re hearing this. The centrepiece is the General Session called “The Power of One,” led by HPE channel head Simon Ewington alongside a lineup of HPE senior executives. The name captures the message HPE is sending its partner ecosystem heading into the back half of 2026: one comprehensive portfolio, one unified program under HPE Partner Ready Vantage, and one integrated experience across networking, cloud, and AI. The afternoon breakout agenda is dense – covering GreenLake and hybrid cloud, Aruba networking with AI, monetizing accelerated compute and agentic workloads, and HPE’s evolving service provider story. It’s also worth noting the context: this is the first Partner Growth Summit since HPE’s $14 billion acquisition of Juniper Networks cleared regulatory review and officially closed. Partners are getting their first look at a fully unified networking and compute story from a company that can now tell it cleanly. We’re bringing you the announcements as they happen all week. In just a couple of hours on In The Channel, I’ll help you get ready for Discover, as I preview the event with the help of none other than Jeremiah Jenson, HPE’s vice president of North American channel and partner ecosystem. Tomorrow on The Buzz, we’ll have all the news from Partner Growth Summit, and tomorrow’s In The Channel will also feature Jenson, as we take a deeper dive into the HPE’s partner programs and where he sees the biggest opportunities for the channel right now. Be sure to stick with us all week as we bring you full coverage from Vegas. Cato Networks is expanding its ecosystem with the launch of a new Technology Partner Program and a Platform Integration Hub. The SASE provider says the hub debuts with more than 100 integrations out of the box, offering streamlined connectivity with third-party security, cloud, and networking solutions. According to Cato, the program is designed to simplify how partners and customers integrate its platform with existing enterprise technology stacks, reducing friction and speeding up deployments. A vendor-led integration effort at this scale matters for the channel. As enterprise environments grow more layered and complex, MSPs rely on platforms that connect cleanly to an existing stack rather than requiring months of custom API work. Out-of-the-box integrations mean less time troubleshooting compatibility and more time delivering security outcomes to clients. It’s worth noting that Cato’s channel chief said earlier this year that seven out of ten deals the company closes are already partner-led. A stronger integration story could deepen that dependence on the channel by making it easier for MSPs and MSSPs to position Cato alongside the other tools in a customer’s security stack. A report released last week by application security vendor Checkmarx is putting hard numbers on a dynamic that security-focused channel partners have likely been seeing for some time. The 2026 Future of Application Security Report, based on a survey of more than 2,000 developers and CISOs, found that 95 per cent of CISOs say they have been pressured to suppress or delay compliance-related security issues when business deadlines loom. Compounding the problem: the adoption of AI-generated code is accelerating, which Checkmarx says is multiplying the attack surface in production environments faster than many security teams can manage. The business case for external, independent security oversight has rarely been clearer. When internal security leaders are being overruled on vulnerability management, an MSP or MSSP operating as a neutral third party – accountable to security outcomes rather than product launch timelines – steps into a genuine gap. The data also validates the case for application security as a structured managed service. As AI-generated code becomes standard in the development pipeline, organizations that can’t close that gap internally will need to find a partner who can. In Brief – Dataminr and TD SYNNEX have signed a distribution agreement that makes Dataminr for Cyber Defense available to more than 35,000 North American resellers through TD SYNNEX’s channel network. Security vendor inforcer has launched inforcer Threat Detection and Response, a new platform designed to give MSPs a single environment to manage detection, incident response, and reporting for Microsoft 365. ConnectSecure has introduced Patch 360, a patch management solution built specifically for MSPs that the company says reduces deployment risk while accelerating patching across operating systems and third-party applications. NetRise has launched the Discovery Partner Program, targeting VARs, MSSPs, distributors, and systems integrators with software supply chain security capabilities built around compiled binary analysis rather than source code or vendor-provided SBOMs. Full details and links in the show notes or the blog post. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Today’s headline news for Canadian IT solution providers: Dell PowerStore Elite and the reimagined data center: Yesterday at Dell Technologies World, Dell Technologiesintroduced Dell PowerStore Elite, a new enterprise storage platform delivering up to 3x performance over the prior generation and an industry-best 6:1 data reduction guarantee. The platform packs 5.8 petabytes into a single 3U chassis using standards-based E3 NVMe flash, and introduces Dell Cyber Detect, which identifies ransomware with 99.99% accuracy and pinpoints the last known clean copy for recovery. PowerStore Elite ships in July 2026; Cyber Detect for PowerStore follows in Q3. The broader Day 2 announcement also included 11 new PowerEdge servers, expanded Dell Private Cloud support for Broadcom, Microsoft, and Nutanix stacks, Dell PowerProtect One for simplified cyber resilience, and two new automation products: the Dell Automation Platform and Dell Automation Studio. Jeff Clarke’s tokenomics keynote: In Tuesday’s Day 2 keynote at DTW, Dell COO Jeff Clarke presented a set of ten fundamental shifts from the past year whose through-line is what he called tokenomics. The math: model prices fell 80% per token; token consumption is up 10x; GenAI software spend tripled. Net effect – AI is getting more expensive for most organizations, not less. Clarke illustrated the stakes with a concrete example: one developer running a single agentic use case on the public cloud can burn approximately $3,400 per day in token costs; the same workload runs at zero incremental cost on on-premises infrastructure. Clarke confirmed Dell moved its own operations to on-prem after internal token costs became untenable, and described work underway on what he called “token routing” – an orchestration layer that would automatically direct tasks to either a deskside AI workstation or data center hardware based on workload. He closed with three imperatives: know your token consumption, find your super users, and lead the operating model change or be disrupted by it. Intezer launches Amplify Partner Program: Intezer has officially launched its Intezer Amplify Partner Program, naming channel veteran Mark Daggett as vice president of global channels and alliances. The program formalizes Intezer’s channel investment as demand for AI-driven security operations grows and the talent gap in security operations continues to widen. According to Intezer, the program is designed to help MSSPs and solution providers step in where internal security teams lack the capacity to operationalize AI-powered alert triage and threat investigation, translating the company’s platform capabilities into managed and co-managed service offerings. Check Point agentic network security orchestration: Check Point announced an agentic network security orchestration platform on Monday designed to replace decades of rule-based complexity, reducing network policy management from months of manual effort to minutes of verified, automated action. The announcement is part of a broader Check Point push into agentic security capabilities across its Infinity platform. Zendesk unveils Autonomous Service Workforce: At its annual Relate conference, Zendesk announced the Autonomous Service Workforce, a product vision built around specialized AI agents priced per resolution rather than per seat. Key launches include a no-code Agent Builder, omnichannel coverage with shared context, and a real-time Quality Score applied to every interaction – human or AI. Riverbed extends Aternity AIOps: Riverbed has released new Aternity digital experience (DEX) capabilities positioning AIOps as proactive disruption prevention rather than reactive monitoring, giving IT teams predictive intelligence before end-user experience degrades. WinMagic brings zero trust to legacy OT: WinMagic has introduced Continuous Identity Assurance, a hardware-bound approach to endpoint identity that extends zero trust controls to air-gapped systems and legacy operational technology environments traditionally outside the reach of modern identity platforms. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, May 20, 2026, and here’s what’s happening in the channel today. Continuing coverage from Dell Technologies World in Las Vegas, where yesterday’s Day 2 product announcements shifted the spotlight from the partner program to the infrastructure portfolio. The headline item was Dell PowerStore Elite, which Dell is positioning as a new class of enterprise storage platform built for what it calls an AI-era data center. According to the company, PowerStore Elite delivers up to three times the performance of the previous generation through software-driven improvements, and backs it all with what Dell describes as an industry-best 6:1 data reduction guarantee – up from 5:1 – a number it says carries real weight in today’s supply-constrained flash market. The platform packs up to 5.8 petabytes of effective capacity into a single 3U chassis using industry-standard E3 NVMe flash rather than proprietary drives, giving partners and their customers more flexibility on cost and sourcing. The cyber resilience angle is where it gets interesting for MSPs. Dell is introducing Dell Cyber Detect for PowerStore, which inspects data at the byte level and is positioned as being able to identify ransomware with 99.99% accuracy – surfacing the last known clean copy so organizations can recover fast. That capability will be available in Q3 2026. PowerStore Elite itself is set for global availability in July. The broader data center announcement also included 11 new PowerEdge servers spanning both air-cooled and liquid-cooled environments, expanded Dell Private Cloud support for Broadcom, Microsoft, and Nutanix software stacks, and two new automation products: the Dell Automation Platform, which pairs AI agents with a conversational interface for infrastructure deployment and management, and Dell Automation Studio for building custom, full-stack orchestration workflows. Nearly 20,000 customers already run PowerStore globally, and Dell is emphasizing that existing deployments can cluster with PowerStore Elite without disruption – a meaningful selling point for partners managing live customer environments. The second big story out of Las Vegas yesterday is one that deserves some unpacking. During his keynote, Dell’s chief operating officer Jeff Clarke laid out what he called ten fundamental changes in the past twelve months – and the thread running through the whole list is a single concept: tokenomics. The numbers Clarke presented tell a story that’s easy to miss if you only hear the headline. Model prices have fallen roughly 80% per token in the last year – sounds like great news. Except token consumption is simultaneously up ten times. And GenAI software spend has tripled in twelve months. The net effect is that AI is actually getting more expensive for most organizations, not less. Clarke made it concrete with a single example: one developer, one agentic use case, building a software tool. On the public cloud, that use case can run up roughly $3,400 a day in token costs. Running the equivalent workload on on-premises infrastructure with local models? Zero incremental dollars. Clarke went further and confirmed that Dell itself made the shift to on-premises AI after its own token costs became untenable – which is a different kind of endorsement than anything you hear from a keynote stage. He also flagged something worth watching: Dell is working on what he called token routing, an orchestration layer that would automatically determine whether a given task is better handled by a deskside AI workstation or by data center infrastructure. He was clear it’s still in development, but it signals where Dell sees the intersection of its PC and server businesses heading. Clarke closed his keynote with three actionable imperatives: know your token consumption, find your super users, and lead the operating model change or be disrupted by it. That first one is the real challenge for most organizations – and the one an MSP or trusted advisor can walk into and own. Away from Las Vegas now, and Intezer has officially launched its Intezer Amplify Partner Program, naming industry veteran Mark Daggett as vice president of global channels and alliances to lead the effort. The program formalizes the company’s channel investment at a moment when demand for AI-driven security operations is accelerating. Intezer’s pitch to the channel is essentially a gap-filling argument: internal security teams are drowning in alert volume while the talent required to triage and investigate those alerts remains in short supply. The Amplify program is designed to equip partners to step into that gap, delivering Intezer’s automated alert triage and threat investigation capabilities as a managed or co-managed offering. The appointment of a dedicated channel VP is the clearest signal yet that Intezer is treating the channel as a primary route to market, not a secondary one. Partners building out managed security or MSSP practices looking to differentiate around AI-augmented SOC capabilities have another option worth a closer look. In Brief – Check Point launches an agentic network security orchestration platform it says collapses months of manual policy work into minutes of verified action. Zendesk unveils its Autonomous Service Workforce at the Relate conference, introducing per-resolution AI agent pricing and a no-code Agent Builder. Riverbed announces new Aternity digital experience capabilities designed to shift AIOps from reactive visibility to proactive disruption prevention. WinMagic introduces Continuous Identity Assurance, anchoring identity verification in hardware to extend zero trust protocols to air-gapped and legacy OT environments. Full details and links in the show notes or the blog post. Later today on In The Channel, still from the show floor at Dell Technologies World, I sit down with Rob Emsley, director of cyber resilience marketing at Dell Technologies, on why 97% of cyber attacks now specifically target the backup infrastructure – and what it actually means to build a resilience strategy around the concept of the minimum viable company. And if you haven’t heard yesterday’s episode yet, check out my conversation with Alan Ashby, Dell’s senior director of Americas data center presales and specialty sales, on the practical infrastructure realities of the AI boom – from a deskside AI workstation for an SMB to consolidating 13 legacy servers into one. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Jeff Taylor, executive director of global partner ecosystem and operations for Lenovo There are not many conversations where you get both the global architect of a vendor’s partner program and the Canadian channel chief in the same room. In this episode of In The Channel, recorded the week after Lenovo 360 Acceleratewrapped up in Austin, we had both: Jeff Taylor, executive director of global partner ecosystem and programs at Lenovo, and Craig Taylor, senior director and Canada channel chief. The headlining number from the conversation is the dramatic simplification of Lenovo’s incentive structure. Jeff confirmed that Lenovo has reduced its active global incentives from 2,300 down to approximately 200 – a 92 per cent reduction – while maintaining the same total investment pool. The analogy he reached for: the same pizza, fewer slices, each one bigger. The earning power stays; the complexity goes. For Canadian partners, Craig noted that over 90 per cent either maintained or improved their tier status in the move to the new Lenovo 360 Authorized, Gold, and Platinum structure. Craig Taylor, senior director and Canada channel chief at Lenovo The conversation moved quickly into services. Lenovo is targeting a 15 to 20 per cent partner revenue mix from services and solutions within the next one to two years. Craig pointed to TruScale as the on-ramp, noting Canadian partner feedback has consistently positioned it as more flexible than competing offerings in market. On AI, Jeff described a “reimagination of enablement” – moving partner portals from static, backward-looking data tools into agentic AI-driven platforms that are intuitive and forward-looking. Craig pointed to Lenovo’s CIO Playbook as the practical tool helping Canadian partners move customers from proof of concept to proof of execution on their AI investments. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor at ChannelBuzz.ca and your host for the show. You want to understand how a global technology vendor thinks about its partner program, not the press release version, but the actual mechanics of how design decisions get made and how they land in markets like Canada. Today’s conversation is a fairly rare opportunity. We have at the same time the global architect of the Lenovo partner ecosystem and the Canadian channel chief. Jeff Taylor is executive director of global partner ecosystem and operations for Lenovo, responsible for the Lenovo 360 framework that governs how the company works with partners worldwide and for the new consolidated partner ecosystems and program structure for the international markets that Lenovo unveiled earlier this year. Craig Taylor is senior director and Canada channel chief at Lenovo, a 2026 CRN channel chief and the person responsible for translating all that global framework into real outcomes for Canadian partners on the ground. We recorded this conversation just after Lenovo 360 Accelerate, the company’s annual North American partner event wrapped up in Austin, Texas. So this is about as fresh a read on the state of the Lenovo partner ecosystems you’re gonna get. We covered the dramatic simplification of Lenovo’s incentive structure, the push towards services-led selling and recurring revenue, how AI is reshaping both the partner conversation with customers and Lenovo’s own approach to enablement, and how Canadian partners should be thinking about a volatile period in hardware pricing. And yes, they’re both named Taylor. We had asked some questions. Let’s get right into it. My chat with Jeff Taylor and Craig Taylor. [Music] Gentlemen, thank you for taking the time. Jeff Taylor: Hey Robert, how are you? Robert Dutt: Very well, thank you. Craig Taylor: Excellent. Good afternoon, Robert. Robert Dutt: Interesting situation, one of those channel journalist dream situations, chatting with both the global architect of the partner program and the Canadian channel chief at the same time. And as fate would have it, you’re both just coming back from Austin. Jeff, for people who weren’t there in the room for Accelerate this year, the event was themed “unified as one” — pretty deliberate choice of words, I dare say. What were you trying to signal with that framing? Jeff Taylor: Yeah, well, I mean, obviously one with our partners is probably the first and foremost thing, but also to represent Lenovo holistically. From Motorola all the way through our devices, tablets, PCs, etc. and then into the data center. So we are one company and as an extension of that, one company includes our partners and the whole intent of the event was to bring everybody together and unify. Feedback has been really, really positive and it’s, you know, it’s only been a week, but lots of really good discourse and wonderful event. Robert Dutt: Craig, from a Canadian perspective, what did the Canadian attendance look like and what did Austin feel like compared to previous Accelerate events from a Canadian partner point of view? Craig Taylor: Yeah, our Canadian partners had very positive feedback to Jeff’s point. We’re always very well represented in these types of North American based events. We always punch above our weight class, I’d like to say. So all of the key strategic partners across our ecosystem were there in present and actively participating in our discussions as to how we’re going to strategize for our next fiscal year. Robert Dutt: Jeff, one thing that stood out for me from Austin was the choice of putting Jay McBain, Steve Brazier and Tiffany Bova on stage together, three analysts who ostensibly compete against each other in the market. Curious what the goal was in putting them together and what came out of that conversation that you think partners should take away. Jeff Taylor: Yeah, I think a couple of things. First of all, the moderator of that panel was with Alex Smith. So we had four great analysts all on the stage at the same time. I think if you take a step back and just look at the theme overall, what we’re trying to accomplish at Accelerate, it was really about industry topics. So we had representatives from the US Department of Energy as an example, talking about power and what’s happening at a governmental level. And part of that was to get these four analysts together who, as you say, they mix in a lot of the same circles, but they’d never been on the stage at the same time. And the idea was to propagate a little bit. And in some cases, they were aligned in a lot of their messages to the channel. In some cases, they differed. And it was a really lively and engaging conversation. And folks at Lenovo, we engage with these folks all the time, but having them all together, kind of representing their unique perspectives on the market right now was super valuable and engaging. Robert Dutt: So to dig into what you guys have been doing on the partner side of things, back in March, you announced the new consolidated partner ecosystem and programs, International Markets Organization. Now that Accelerate’s happened, partners have had a chance to hear it explained in person. What’s the clearest way to explain what operationally changed and what didn’t? Because from the outside, centralize where it makes sense can go a lot of different directions. Jeff Taylor: Yeah, look, I think the easiest way to explain it is we now have a single common framework across the globe. That framework is a guidepost, very intentionally set up as a framework, because execution has to remain local. And the input, the guidance, the feedback that we receive from our Canadian partners, from Craig, representing the viewpoints of those Canadian partners is absolutely critical to what we’re doing. And so by, you know, over time, as we had a lot of different markets and a lot of different geographies kind of expand over time as the company grew, there was similar objectives happening in multiple markets. And maybe the execution model was slightly different. And we thought by kind of bringing some of that together, we could simplify and we could gain efficiencies for our partners. But it’s really important to understand that the execution happens locally, sales happens locally, channel partners happen locally. And so it’s one really about standardizing the framework and not centralizing execution. Robert Dutt: How has that landed here in Canada, both with Canadian partners and in terms of how things operate for you, Craig? Craig Taylor: Yeah, the feedback has been really positive, Rob. You know, from a Canadian perspective, it’s all about leveraging our local teams and our local relationships, which haven’t changed. And feedback from our partner community is we are often best in class when it comes to how we represent our organization in front of the partner ecosystem. What I think is what more exciting for me now is we’re elevating those relationships to be consistent as to how we’re going to market with our partners. Consistency in the programs, consistency in the incentives, and also how quickly we can execute. What that means is our partner facing team can spend more time in market with our partners trying to win opportunities together with our mutual customers. Jeff Taylor: And if I could add, Rob, real quick, I mean, this was a very thoughtful process. This wasn’t something that happened kind of quick and without a lot of forethought. We have been working on this for years through the introduction of Lenovo 360 as that kind of framework itself. And then over time, as we’ve built some meat on the skeleton, the timing was just really right for us to go do this. But again, that premise of local execution is probably the most important thing. Robert Dutt: Well, I know that internally you guys have kind of had the mantra of “global might, local fight” internally for a while now, kind of being applied to the partner org, it seems here. I guess I’m still a little curious where there is a certain tension between global consistency and local relevance. You’ve kind of unpacked it, but where does that actually land in terms of which side takes the lead? Jeff Taylor: Yeah. So let me give you some real tangible numbers and examples. Three years ago in market across the globe, we had 2,300 active incentives in the market. I’m going to repeat that. We had 2,300 active incentives in the market. So if you think of your investment pool as a pizza, right, and you divide that 2,300 ways, the relative impact of those individual slices can be quite small. Now, what we found in talking to markets was that there was absolutely a consistency and intent. And maybe that intent was new customer acquisition, or maybe it was growth targets, or maybe it was something else. There was consistency in intent, but the execution was different, and that created operational complexity. It created our ability to report seamlessly and consistently over time more of a challenge than simplification. So in just the last two years, we’ve gone from that 2,300 partner incentives to about 200. So almost a 92% reduction without any change in investments, any negative change in investments, because the intent was still there, right? The intent was consistent across the globe. So that’s one where we centrally can look at the forest through the trees. We can see an opportunity for simplification. Then we can bring that to the markets while still driving that strategic intent that we want to accomplish with our partners. So that’s just one example. Craig Taylor: Yeah, well said. Just to add to that, Rob, one of the things that was very important was to make sure we had local input to the global framework that was being created at Jeff’s level. So we had many conversations as to what our market needs and demands were, and make sure that we shaped it to be properly represented within the framework. That worked out very, very well. We also are allowed to have some nuances in this organization as well. And so what we’re allowed to do is perhaps if a certain pathway doesn’t make sense to the Canadian market, for example, being more of an SMB-based market, we’re going to pivot and we’re going to make those changes to make sure that we service our partners the best that we should. And kind of beef up that SMB-facing side of things. Robert Dutt: Yeah, that makes sense. Jeff Taylor: It’s really interesting. It’s interesting, Robert. From day one, we called Lenovo 360 a framework and not a program from day one. And the whole idea was that we wanted to ask three basic questions like, how do you best engage with your partners? How do you best connect with your partners and how do you best grow with your partners? But depending on the conversation, the answers to those three questions might be different. So as an example, if you’re talking to a traditional hardware solution provider, you have answers for those three questions. If you’re talking to a GSI or an MSP or an MSSP, same questions may be very different answers. And so the whole idea with this framework was to be able to flex accordingly. And that went down all the way to the market level. So Craig mentioned that Canadian being more oriented towards an SMB type of approach, the framework has to flex to be able to support that. Whereas in other markets, it may flex a slightly different way, but it’s still all about engaging, connecting and growing. Robert Dutt: OK, back to your pizza point, Jeff, and one of my favorite, probably apocryphal Yogi Berra quotes, “cut my pizza in four slices, please, I can’t eat eight.” Curious, though, for a partner who looks at it and says, “all right, well, I used to have three incentives applied to my business and now there’s only really the one. The math doesn’t work for me.” What’s sort of the answer for them? Because the earning power says we didn’t take away the earning power. Jeff Taylor: So again, it’s the intent stays the same. The earning power stayed the same. The whole idea now is operationally, it should be easier for… the intent was that it would be easier for the partners to have a path towards that earning power. So instead of Jenga or a very complicated jigsaw puzzle, the intent here was to simplify that. So it’s a clear path to that earning potential with the same intent around growth, acquisition, those types of things. Craig Taylor: Yeah. And Robert, one of the things our partners have been asking us for is to provide more direction, focus as to where they want us to go win together in the market. And I think by simplifying these programs, it’s also allowed us to provide more focus to our partner community in the ecosystem to make sure that we’re winning together in the areas that we want to win. Jeff Taylor: And Robert, it goes beyond just traditional incentives programs, too. So we’ve simplified things like our certification programs. I’m going to get this number slightly wrong, but in the ballpark, in the last two years, we’ve driven 80,000 new certifications globally through some of the simplified changes that we’ve made. So all of these things, it’s look at the globe and then apply it locally. And again, with the full intent of making it as easy as possible for the partner. Robert Dutt: As with most partner programs slash framework changes, updates, you’ve acknowledged that some partners will land at a different tier under the new structure. How are you managing the transition and what should a partner do if they feel the new placement doesn’t reflect where they’re actually at in the relationship with Lenovo? Jeff Taylor: We’re very conscious about that. And I think, Robert, you know, any time there’s even a small change in some type of construct within the program, there’s some unfortunate circumstances associated with that. But we really tried to minimize it. And I’ll just give another example to hit a tier level. We have a volume requirement. OK, that’s the framework. But what that volume requirement is, it’s going to differ by market. So, you know, it might be very different in the U.S. than it is in France, than it is in Canada, than it is in Indonesia, as an example. And the whole intent there was through our analysis was to kind of minimize those impacts as much as possible while still creating the right type of incentive and the right value associated with each of those tier levels. Craig Taylor: And to that point, Robert, it was very thoughtful in Canada as to what the thresholds should be in order to properly reflect our market. And what’s happened as a result of that is over 90 percent of the partners have either maintained or actually improved their tier status as a result of the simplification and restructuring. What we’re doing with that remaining 10 or less than 10 percent is getting out in front of our foot, making sure that we have those discussions, working together through joint business plans to determine how we’re going to get them not only to the next threshold, but have a future plan to get us to the one after that and up-tier them as we continue our relationships with them. Robert Dutt: The services shift. Jeff, you put out a specific target there in recent interviews. 15 to 20 percent of partner revenue mix coming from services and solutions over the next year or two. The services business, as I understand it, has grown in the channel for the last five years or so with channel growth outpacing overall growth. That’s certainly real numbers and real growth. What’s driving customers towards the as-a-service and TruScale model specifically right now? Jeff Taylor: Yeah, I think it’s one word. It’s complementary. Our strategic approach is to have complementary services to those of our partners. We want to be able to ensure that our mutual end users are getting the best possible experience that they can get. In many cases, those services are provided 100 percent by the partner themselves. But in other cases where they don’t have those capabilities, our job is to complement those with the service capabilities that we have. The idea is that, first of all, I think you know Robert, the services space, like the TAM, is massive. There’s so much opportunity really for everybody to play in a meaningful way. You just have to be smart about it. I think that’s the first thing. The second thing is communicate. If there is an instance in which maybe there’s a perception of competing for services revenue, we’re going to communicate. We’re going to talk. We’re going to figure out what the best solution is for that end user and then move forward that way. Craig Taylor: Yeah, the other thing I would add and maybe another word for thought is flexibility as well. Feedback from our Canadian partners is that the Lenovo TruScale offering is much more flexible than other competitive offerings in market. Because we understand that not all customers look and feel the same. So this allows our partners to scale with us during their journey as they create more of a services-led go-to-market motion for their customers. Jeff Taylor: One of the conversations, Robert, that came out, you mentioned the Accelerate event last week in Austin. Obviously, a lot of discussions around AI and a lot of discussions around how do we best build an AI practice to go serve customers, whether they’re small businesses or large enterprises. And that’s a really scary thing for a lot of solution providers right now because they see that market exploding and they want to get it right. And this is a great example of where Lenovo can come in and partner with our partners on developing an AI practice that includes not just hardware and software, but also services. Robert Dutt: Craig, for a Canadian partner to whom Lenovo still means primarily ThinkPads and infrastructure hardware, what’s the first move usually looked like for a partner who wants to shift towards services with you guys and where are most partners sitting today against that 15-20% target? Craig Taylor: Yeah, great question. I think Jeff mentioned it earlier. It’s about communication. Often, it’s a miss when we don’t understand the partner services capabilities. We are a channel-led organization. We’ll continue to be with our services engagement in order to scale and address the Canadian customers. We need the channel and we will continue to work with the channel in order to win in services, but we have to understand what it is they can offer. So our team is working very closely with our partner community through this joint business partner plan in order to understand and make sure that we’re aligning their services capabilities with the needs of those customers. That’s first. Second of all is internally, we’re making sure that we have a motto of sell with, sell for, and sell through the channel. And so our Lenovo customer-facing sales teams understand the importance and the value that our partners are bringing to our mutual customers. And together, we’re winning more than we ever have before. Jeff Taylor: Hey Robert, there’s almost like a macroeconomic driver here as well. So partners are, and we’re seeing this globally, that there’s a realization that to maximize the value, to increase the multiple on their valuation, a move towards MRR or ARR models is extremely important, right? And those are services-led models. And so we are seeing a lot of these traditional partners who are very accustomed as us being a PC or an infrastructure provider, really needing our help in moving towards this recurring revenue model that’s going to increase their valuation and their multiples. So we’re seeing that trend everywhere right now, probably more so in North America than anywhere else, but it’s definitely happening globally. Robert Dutt: To that point where I wanted to go next was the MSP pathway. 3,000 partners signed up globally, 150 million or so last year for you guys, real proof point. You’re expanding to new geographies. What can you tell me about where that pathway is at in Canada? And as you’ve expanded geographically, are there any new developments on the Canadian front, either announced at Accelerate or along the way? Jeff Taylor: Why don’t I take kind of the big picture and then Craig can go deeper into Canada? Again, this move towards recurring revenue models is happening everywhere. And so not only has Lenovo’s growth in that space been even better than expected, dare I say, we’re seeing it, the growth of MSPs just in pure numbers globally is growing very, very rapidly. And again, I think it’s this financial macroeconomic driver that’s making that happen. To go back to our framework around engaging, connecting and growing, those answers are so different with an MSP than they are with maybe a traditional Lenovo partner. And so we spent the first year developing this program by listening, literally going to conferences, setting up a booth. We had MSPs coming up to us saying, “What are you doing here?” And we would be like, “We’re just listening. We just want to hear what motivates you and what is your business driver.” And so that was the genesis of creating this program because we wanted it to be bespoke specifically for those MSPs that are just operating in a kind of a different way than traditional VARs or traditional service providers. And now I’ll hand it over to Craig. Craig Taylor: Yeah, no well said. And you’ll see that the way that we’ve set up the Lenovo 360 for MSP pathway is the solutions hub within our online support and the way that we work with those partners looks different. The incentive stack is aligned to the needs, as per Jeff’s saying, and we have dedicated campaigns and road shows and community engagements in order to make sure that we’re addressing the needs of those MSP partners. What’s most exciting in Canada is it’s actually opened up a new route to market for us and new partner relationships where we haven’t had them before. You know, I would say that until this pathway was created, we were probably under penetrated from a Lenovo Canada perspective within the MSP community. Now the opportunity is vast. The partners, those MSP related partners are interested in working with Lenovo more than ever. And I think together we’re going to go win in the market. Robert Dutt: Are we still in the early innings of operationalizing that and realizing that or is that something that’s sort of matured with the program being out there? Craig Taylor: I think we already had a head start. And so, you know, some of the relationships with the key MSP partners in the Canadian ecosystem, those relationships already existed. I think this is now an opportunity just to extend our reach and better support the masses of MSP partners that are in the Canadian marketplace. So we’re well down the path, but no pun intended. But I think this framework actually allows us to go even deeper and have more intimate relationships with this set of partners. Jeff Taylor: I think globally, if I could interject here, we’re probably in the second inning of a nine inning game. There’s so much more we can and we’ll be doing with this MSP community. And at the same time, there’s tens of thousands of MSPs out there. So the opportunity is huge and our interest and our investment kind of matches that opportunity. But we still have many innings to play here. So we’re excited about it. Robert Dutt: I don’t know if you guys have noticed over the last few months, but memory costs have been a little bit volatile. You guys, you know, Ryan McCurdy was out in front of that publicly and the Top Choice Express model guidance for pricing some of the ISG deals. Real things that partners are navigating. How do you counsel a partner who’s trying to manage customer conversations when prices can shift before product ships? And what specific tools or protections do partners have inside Lenovo right now that they need to know about? Jeff Taylor: Yeah, again, I’ll just kind of take the big picture here. Lenovo culturally within our partner community has always been one based on trust and communication always. And we’ve navigated tough waters before, whether that was the pandemic or this situation that’s affecting the entire industry. And our approach is complete candor, open communication. We don’t hide behind any potential downside or any risk. We’re very communicative up front as we get information, we share that information. That can at times be frustrating for partners, but at the same time, if they, you know, at the end of the day, when they take a step back, they really appreciate Lenovo just being super transparent. It is a tricky deal right now. It is complicated and things are moving very quickly. I do not envy our sales folks and I don’t envy our partner sellers out there right now because there’s a lot of tricky, tough conversations that have to happen. You had mentioned Top Choice and Top Choice Express. We have invested in a model for Top Choice Express where we do have a supply. We can commit to an order to ship SLA that other vendors can’t right now. And again, I think that’s very well received by the partner community. It may be that the exact configuration is slightly different, but at a time like this, it’s a great way for us to service those customers collectively with our partners and with a high quality solution from Lenovo. Craig Taylor: Yeah, just to add to that as well, I would say resiliency and agility have always been built into our supply chain. We currently manufacture in over 30 locations in 10 different markets worldwide. That global footprint allows us to be more agile as we go to market during these challenging times. Recently, Gartner has rated us as the number eight most robust supply chain in the world. I think that’s going to work to our advantage as we go and continue through these challenging times. Robert Dutt: Switching to AI, you guys have posted 72% year-over-year growth in AI-related revenue. I want to unpack that a little bit. Jeff, where’s that coming from? Is that AI PC, infrastructure services, mix of all three through the hybrid AI advantage program and the Nvidia work? What does the enablement for a partner who wants to build an AI practice actually look like? Jeff Taylor: Lots of questions in there, so let me make sure I can get them all back. In terms of our mix, it really is cross portfolio. We are leading the way in AI PC, which is fantastic. I think we’ve just scratched the surface on that device side. I still think some consumers and users are wondering, what is the real AI value here? Those use cases will continue to come and we’ll continue to see that market expand. In terms of our infrastructure business, everywhere from being able to service the big hyperscalers all the way into the enterprise and the SMB space is a testament to the strength of our portfolio. That growth is represented from everywhere from the hyperscalers to enterprise to mid-market to SMB. Again, on the services side, we talked about that a little bit ago. It’s really about partnering to make that happen. We are very fortunate to have partners. You had mentioned Nvidia, also Intel, also AMD, all the silicon guys are very much working with us on making sure that, A, the solutions are there, and that, B, the way we’re enabling those solutions, which is also a little bit different, Robert. We have to be enabling around outcomes and not around feeds and speeds. You have to be talking to customers about what are they trying to accomplish. It’s not feeds and speeds anymore. How we’re enabling our partners, Craig had mentioned our Lenovo 360 Solution Hub as an example. It is an outcome-based platform where our partners can come in and learn what’s available from an outcome’s perspective. The solutions, the hardware and the software is really incidental to the conversation around the outcome itself. I think all of those things play together. Robert Dutt: Craig, where do you find Canadian partners are with AI at this point? There’s a spectrum with some building real AI practices, many still figuring out what the first customer conversation looks like. So I guess both acknowledging there’s a range of answers, where do you find partners are at? What’s the realistic, most common entry point for a mid-market focused Canadian partner? Craig Taylor: Yeah, to answer the first part of the question, it is a vast spectrum as to where each partner is on their AI journey. But rest assured, because of the Lenovo services portfolio, we can actually support each of those partners independently and complement their offerings as they scale their AI journey. I would suggest that many of them probably are moving from proof of concept with their customers to now proof of execution with their customers. More and more, there’s a demand on measuring an ROI on the AI investments that have been made. And I think that’s where partners and customers are looking for Lenovo for some direction. We recently created a CIO playbook, which actually helps our customers and partners be able to capture what that ROI is and what the financial returns are getting as a result of their AI investments. And feedback from that from our partner community has been very good. The other thing I would suggest is that because these AI workloads are now going from modeling into the cloud, now into being actually practically used within the customer sets, it creates a massive opportunity for our infrastructure solutions group business. And you heard Jeff mention that several times. One of the things we’re doing with our partner community is making sure that we’re over-investing with their technical architects and solution architects within the partner community to drive even more familiarity with the Lenovo solutions around AI playbook to make sure that we’re being suggested, recommended, and considered when customers are coming to them for advice. Robert Dutt: Jeff, Austin’s in the rearview mirror. You got the program changes out. New org is in place. What have you done for me lately? What does the rest of 2026 look like? And what would tell you by year end that this consolidation worked the way you wanted it to? Jeff Taylor: Yeah, first, I’m going to take a nap. I’m tired. There’s a lot that has to happen. I mean, the first thing is we have a commitment to our partners and to our partners like Craig, our internal partners, that everything continues to move from a local perspective, that we want to make sure that whatever changes we’re making, services our geographies, services our markets, and most importantly, services our partners. So that’s kind of the first priority in my mind to go do that. The second thing, and we briefly mentioned this before, is I think the world of enablement is changing quite a bit. And I think AI is driving that. And we throw around the word transformation quite a bit and things still aren’t really transformative. They’re more evolutionary. I actually think at this point, we’re at a transformative part in terms of channel management. So we are investing heavily in our digital platforms to move from just kind of basic LLM models into AI agents and eventually into agentic AI that’s going to completely change the way that we enable all of our partners, big and small. It’ll be more efficient. It’ll be more intuitive. It’ll be more timely. It’ll be more forward-looking than backwards-looking. I think, Robert, you know most portals are somewhat static and kind of represents yesterday and not tomorrow. I think all of that is going to change. And so a big focus for myself and working very closely with our IT and digital transformations organizations is this reimagination of enablement in this world of AI. And you’ll see more and more from Lenovo in that regard. Robert Dutt: I think that is going to be one of the most interesting things from a partner program structure point of view over the next couple of years is how you and your peers address those challenges and really potentially change the shape of what programs and enablement look like. It’s exciting. Jeff Taylor: It really is an exciting time for us channel nerds that have been around for forever. This is like, “Yes, we’re going to be able to rock the world. It’s going to be great.” Robert Dutt: Craig, for a Canadian partner listening to this, what’s the one thing that you want them to do differently or think differently in their relationship with Lenovo over the next little while? Craig Taylor: Yeah, I think we’ve talked about some of them already. We need to continue to protect and grow the core, which is our client computing and PC business. We have to grow at a premium to market. And I think we’re well positioned for that. I need the channel community to help us to continue to accelerate our ISG, our infrastructure solutions group business, around the data center to make sure we continue to drive relevance, focus on those technical relationships and leverage Top Choice Express, which will better service all of our customers by getting the right products in their hands quicker. We talked about helping our customers and our partners on this services-led selling journey. So we’re going to spend more time on that. But the last two, I think, are probably where a majority of my focus will be for the second half of the year. The one is continuing to make sure that we demonstrate ourselves as the easiest partner to do business with. So whether it be through our portfolio like Top Seller and Top Choice, whether it be the program optimization that Jeff and his team are doing fabulous work on, or whether it be the alignment of our portfolio coming together to represent one Lenovo, that’s going to be the key to our success and where our partners should continue to challenge us. Internally, I’m challenging my team to operate and act like an owner of your own business. And so we’re empowering our people to make decisions in market in front of their partners in order to have a more agile relationship with those customers. We’re enabling them with the right tools. And then finally, we’re educating them properly to make sure they represent this more complex portfolio of offerings that continues to be positioned in the marketplace and satisfy our customers’ business outcomes. So a lot for the second half of the year, but I’m very bullish that we’re positioned properly for success. Jeff Taylor: Robert, if you don’t mind, I would add just one quick thing there. And you had mentioned, like, we are in difficult times right now with memory and price increases and things like that. Partners are smart. They are going to lean on the partners that they trust, and they’re going to lean on the partners that have been there with them, or their partners that have been with them through these difficult times previously. And while nobody wants this situation, I think Lenovo is actually in a really good spot right now because we are that trusted advisor and have been for years. It’s not just words, right? It’s years and years and years of building relationships, the work that Craig and his team have done in Canada. You know, we have these relationships that allow us to navigate these waters maybe better than others. Robert Dutt: And my last super serious question to end this is, I’m basing this on an inference off a small sample size of two. But do you guys have any problems finding Taylors to run the channel orgs in all of the countries you operate in worldwide? Jeff Taylor: Go ahead, Craig. Say what you always say. Craig Taylor: Listen, I like to tease Jeff that he’s my dad, but our age delta is probably much more closer than makes that physically possible. But hey, listen, we’re going to take the best of the best. We happen to get two Taylors on this call with you, Robert. That’s what you’re getting today. And we’ll look for more next time we meet. Jeff Taylor: He’s definitely the better of the two. So it’s a funny thing. We were actually talking in Austin about how we might be able to mess with you a little bit, but we just don’t have to. Robert Dutt: Good to know. And Craig, I’ll send you the audio clip of him saying you’re the better one for your performance review. Craig Taylor: As long as that is your final edit, Rob, I’m happy. Robert Dutt: Gentlemen, thank you for taking the time. It’s been a fun conversation and we covered a lot of ground very well. Thank you. Jeff Taylor: Yeah, thank you, Robert. Craig Taylor: Yeah, look forward to seeing you soon, Robert. Thank you. Robert Dutt: There you have it. Jeff Taylor and Craig Taylor, both from Lenovo. I’d like to thank both Jeff and Craig for the time. It’s genuinely not that often you get the global and local perspective on the same conversation at the same time. And I thought the dynamic made for a richer discussion than either could have delivered on their own. A few things were taken away from this one. The incentive consolidation is real and it’s significant. Going from 2,300 active global incentives down to about 200, a 92% reduction, while keeping the total investment pool intact. Meaningful simplification. Jeff’s pizza framing is a good one. Same amount of pizza, fewer slices, each one bigger and more impactful. Earning power stays, operational complexity goes. If your business has been navigating a patchwork of overlapping incentives, the cleaner path to earning should be welcome. On the tier transition, Craig was direct that over 90% of Canadian partners either maintained or improved their status in the move to the new authorized gold and platinum structure. If you’re in the 10% that didn’t, the message was clear. Get in front of your Lenovo rep, build a joint business plan. There’s a path forward, but you have to start the conversation. The services shift didn’t seem like a someday conversation. Lenovo’s targeting 15 to 20% of its partner revenues from services and solutions over the next one to two years. TruScale is available and more flexible than a lot of partners probably realize. The partners who are going to win here are the ones who can articulate their own services capabilities clearly, so Lenovo can align around them rather than compete with them. On AI, I found Jeff’s forward-looking comments on agentic AI and the reimagination of enablement genuinely fascinating. Most partner portals are, as he said, static. They show you yesterday, not tomorrow. That is going to change. And how it changes will shape how partner programs actually function. Worth paying attention to across the industry. And for the hardware volatility piece, Top Choice Express is the practical answer right now for partners trying to manage customer conversations when prices are moving before product ships. If you’re not comfortable with it already, your first call tomorrow should be with your Lenovo rep. Oh, and yes, we did keep the clip of Jeff saying that Craig is the better Taylor. It’s in the edit. You’re welcome, Craig. If you enjoyed this episode, please follow or subscribe to the podcast wherever you get your podcasts. We’re on Apple Podcasts, Spotify, YouTube, most of the major directories. Ratings and reviews are always appreciated and genuinely do help the show find a wider audience in the Canadian channel community. Until next time, I’m Robert Dutt for ChannelBuzz.ca and I’ll see you in the channel.
Cameron Tousley, director of MSP channels for ESET North America For most MSPs, the quarterly client conversation looks something like this: here are the alerts we handled, here is your uptime number, here is a dashboard of things we blocked. Useful, certainly – but not exactly the stuff of trusted advisor relationships. Cameron Tousley, director of MSP channels for ESET North America, has a phrase for the upgrade: move from statistical talks to threat briefings. In this episode of In The Channel, he and Pedro Kertzman, threat intelligence specialist at ESET, join host Robert Dutt to explain what that actually looks like in practice – and why the window for MSPs to make that transition may be narrowing. Pedro Kertzman, threat intelligence specialist at ESET The occasion is ESET’s eCrime Reports, a threat intelligence offering that tracks cybercriminal activity at the affiliate level – the individuals buying malware-as-a-service and executing the actual attacks. Kertzman explains why that granularity matters: affiliates signal tactical shifts before attacks scale, giving security-forward MSPs a genuine early-warning advantage. Tousley adds the client conversation layer: knowing that a specific threat group is targeting your customer’s vertical via a specific attack method is a meaningfully different conversation than “we blocked 4,000 threats this month.” There’s also an uncomfortable wrinkle for MSPs specifically: as Pedro notes, affiliates increasingly exploit MSP tooling itself as a vector – compromising credentials to access managed environments quietly, hitting dozens of small clients while staying well below the radar of law enforcement attention focused on high-profile infrastructure targets. For the smaller MSP without a dedicated analyst, the entry point is more accessible than it sounds. Indicators of compromise can be automated directly into client firewalls without a full threat intelligence platform. WeLiveSecurity and the live threat feed built into ESET Protect offer a low-barrier starting point for shops that are earlier in their security maturity journey. Tousley’s closing frame is the one worth sitting with: the Canadian MSP market is being reshaped by consolidation at a pace that isn’t slowing. The independents that survive will be the ones having more sophisticated conversations with their clients. Evolve or sell. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Cyber Threat Intelligence, CTI, has long been framed as an enterprise discipline. Dedicated team, security operations center, analysts who live in the data. But the threat landscape doesn’t really respect that boundary anymore. The tooling is getting more accessible, the attacks are getting more targeted at smaller organizations, and as we’ve talked about on the show before, the MSP stack itself has become a threat vector. So the question for the typical Canadian MSP isn’t really “Is threat intelligence relevant to me?” It’s “What do I actually do with it?” To dig into that, I sat down with two people from ESET. Cameron Tousley is director of MSP channels for ESET North America, and he lives squarely in the business conversation around what MSPs need to grow and differentiate. Pedro Kertzman is ESET’s resident CTI subject matter expert, and I’ll note that Pedro usually sits on the other side of the interview chair as the host of his own podcast on threat intelligence. So this was a bit of a role reversal for him. We talked about ESET’s eCrime reports, the idea of tracking cyber criminal activity at the affiliate level rather than just the group level, what proactive threat intelligence actually looks like for a 15-person MSP shop, and what Cameron described as the “evolve or sell” reality facing the MSP market right now. Let’s get right into it. Cameron, Pedro, thanks for joining us. I appreciate it. Cameron Tousley: Thanks for having us. Pedro Kertzman: Great to be here. Robert Dutt: Before we get into what ESET is specifically bringing to market, Cameron, can you give our listeners a sense for where the threat intelligence conversation is right now in the channel? Is this still primarily an enterprise kind of discussion or has something really shifted in terms of how MSPs and MSSPs are thinking about and talking about CTI? Cameron Tousley: I think that the market is evolving as a whole, no matter if you’re in the SMB segment or enterprise. I mean, it’s evolving everywhere. The beautiful thing is technology is getting cheaper, it’s getting more accessible. People are able with the advent of AI to kind of do more with less staff and things like that, and then allow their staff to kind of become more specialized. Enter in the topic of CTI. I just think that there’s an appetite from certain, and probably more evolving larger MSPs, to start incorporating more for their clients. I think they’ve always probably wanted to educate them, but it’s always that, “Hey man, just make sure I have uptime and the help desk is active when I need it.” And that’s the conversation. Fast forward to now and it’s becoming a little bit more relevant to want to consume CTI. So I’ll kind of start there and I’ll take a pause. I don’t know if Pedro’s got any other comments on that. Pedro Kertzman: No, I 100% agree. I think the threat landscape now with the maturity of the CTI offerings, MSPs can see that the things they’re trying to protect their customers against are more clearly explained and delivered in a way that they can see through CTI offerings now. So I think it’s just a natural evolution within the cybersecurity space to start leveraging that expertise as well. Robert Dutt: Without getting too far into pure positioning, how would you characterize what differentiates your approach to threat intelligence, sort of at the methodology level? What’s the philosophy behind how you’re researching and tracking threats and what you’re bringing to market with this CTI package? Cameron Tousley: Yeah, I’d say first off, our reach. We’re a global company. We have a product line, yeah, but we have 11 threat intel centers and those are also R&D centers too. So it’s a wealth of knowledge. Then we have researchers outside of that that are just remote, and so our tentacles are everywhere and that means something for somebody choosing a cybersecurity vendor or a platform because our researchers, they’re looking at a bunch of different avenues. They’re looking at the major threat acting groups. We have an offering we’ll talk about here in a few minutes, that centers on tracking affiliates because malicious activity, malware-as-a-service, is just like MSPs provide a service. So if I’m an affiliate—and I’ll define that real quick, an affiliate being the people that are buying the malware service and then going and distributing it and causing zero-day attacks—those are affiliates. So the real key part is what they do, not necessarily always the major malware-as-a-service group because that’s just one large avenue, but then you can’t predict what your customers are going to go and do on the black market. So yeah, I think we have a really exciting offering on our threat intelligence called eCrime and it comes in a feed and reports and it’s amazing. It really centers on the affiliate level and that is going to help get the conversations to be more quality with customers. It’s going to help an MSP who provides more, let’s call it reactive security at best, generalized services—which no knock against them, that’s just the model—and that’s going to help propel them into the more proactive security and having more quality cybersecurity-forward conversations with their customers of all sizes. Robert Dutt: Let’s delve a little bit more into that. Can you walk me through a scenario, even hypothetical or composite, where that affiliate-level insight would practically change the outcome for an MSP or one of their customers? How does this show up for an MSP basically? Pedro Kertzman: Yeah. So basically, I’ll take a step back a little bit just to explain how this threat ecosystem works. So the affiliates will be the ones really on the end of the line bringing that malware they got from a quote-unquote threat actor market or affiliate programs, more technically speaking per se, but they will be the ones delivering or sending that payload forward to whatever companies that they are trying to attack. So knowing how these guys work is basically going to give the companies, and the MSPs of course working for their security, the ability to stop the attack in the early stages, because the affiliates will be the ones trying to break in, acquire through whatever methods—credentials stolen or compromised credentials. So they are responsible, quote-unquote, within these affiliate programs to get the foot inside the door. So if you’re knowledgeable about how they act, what kind of techniques they use to get that foot in, you’re basically stopping the attacks before they actually become super massive, widespread attacks or super dangerous attacks. It’s kind of the proactive security instead of the reactive security. Cameron Tousley: Yeah, that’s a good comment. And then I’ll just throw one more little thing on that. I was talking about the conversations you can have with your clients, everything Pedro said, plus it’s like, you could have a specific conversation about, “Hey, this is what we blocked this month, but these are the threat acting groups, and here are the patterns, here’s the kind of malware that’s out there right now. By the way, you’re in the healthcare vertical, this threat acting group is targeting healthcare and doing this specific type of attack—happens to be phishing or fileless or whatever the complex attack is.” So they got to get really granular in the conversation. It can’t just be a super high-level one, because then your user’s not going to know what to do with that information. But if you coach them on the end-of-the-line issue and where it’s sourcing from, to Pedro’s point, you get ahead of that attack early, you might even prevent stuff that would have normally been a real headache. Robert Dutt: And you need to position yourself at least somewhat as the hero in so much as you’re saying, “Here’s the people who are attacking you, here’s what they’re doing, here’s what we’re doing proactively to counter that.” Cameron Tousley: Absolutely. Yeah, that’s a huge value to your end customer. The one that normally would have not cared about security and it’s more of an annoyance, now they’re paranoid about it, just like the MSP, just like the vendors, we’re all trying to get ahead of it. So I think that that provides a lot of value, and the average MSP is probably not going to do that. So you don’t necessarily have to go spend a ton of money, you just have to consume the information that’s out there maybe for free, and then maybe some of the paid services like the eCrime reports without buying our full threat intelligence platform, you can just do that. And that is like a huge value on its own to track exactly what we’re talking about right now. Robert Dutt: So taking a step back, I think some of this certainly informs and colors the question we go to ask, but I’m a 15-person MSP somewhere. I’ve got solid endpoint protection, an RMM stack I like, maybe managed SOC coverage, that kind of model. What’s the case, in addition to what we’ve already discussed, for why threat intelligence should be on my radar as a distinct capability I need to think about, bring to my customers and offer? Pedro Kertzman: Yeah, I think especially because again, talking specifically about the eCrime reports, we’re talking about the ones that are really perpetrating the attacks or executing the attacks. When you understand how your adversaries really act, you don’t need to always rely on the expertise of a super senior CTI analyst. There are ways that also, depending on your vendor, you can automate the expertise to just be pumping, let’s say, IOCs or IP addresses into your existing end users’ firewalls. If you manage a bunch of other firewalls for your end users, you can pump that eCrime knowledge into those firewalls in the form of IP addresses, domains, and things like that. But understanding that it’s going to be a proactive approach so they don’t get a foot in the door first, it’s kind of that decision beforehand that will give the MSPs, or MSSPs with 15 or so employees, that kind of extra leverage against those frontline attackers. Robert Dutt: I’m really interested in the idea of using intelligence and these eCrime reports as a client-facing tool, not just something that’s consumed internally, especially for that smaller MSP—something that you’re using in your QBR or whatever business review you have with customers to show your value. I’m curious, is that something you’re seeing happening today or is it a realistic use case, or is it a stretch for most MSPs right now? Cameron Tousley: I think it’s realistic. Now, let’s set the tone here. An MSP, they may not have the budget nor the expertise nor the staff to be buying a full-blown threat intelligence offering even like ours, but they can use certain parts of it like the eCrime reports. So that’s a good jumping-in point for the MSPs that are growing, or if you have 15 people on staff and there’s a good deal of them on the technical side, you may want to run your SOC in-house. Maybe that’s something you want to do. I think for them, the maturing MSP and definitely the MSSP, a threat intelligence offering is something that you will probably want to consume if you’re doing everything in-house. Now, I think there’s an argument for even if you’re going to go out-of-house and use the vendor, I still think there are free sources. We have customers that are using free platforms but running a paid feed through it. This is really dynamic. It’s flexible. It can fit to every different audience for the most part, except for the ones who are just not staffed for it and they’re probably outsourcing everything and they just don’t want to do it. They know that they are never going to be able to staff a 24×7 team and they’re also never going to be able to consume as much information as is coming in. But there are also other free resources, like I said, associated with our threat intelligence platform, like the eCrime reports, but there’s white papers that we produce. There are periodic threat reports. We do all kinds of analysis. And then on our welivesecurity.com blog, we publish all kinds of free information. And the really cool thing for existing ESET customers is through our ESET security platform, ESET Protect, we run a live feed through there and it shows you like, “Hey, here’s the latest news on WeLiveSecurity. Here is something you need to be aware of, there’s a vulnerability in the wild.” So we run some of the security stuff and this news right through a window inside of our platform, which I think is really big value added. Pedro Kertzman: Awesome. Yeah, I would add, if I can, Rob, we do have monthly digests as well on the CTI offerings, even for not super deep-down technical people. Let’s say more executives or CSMs, let’s say account managers on the MSSP or MSP side. It’s kind of an executive-ready type of report. So it’s more about the threat landscape overview. I think it helps them show that they are expanding their offerings on the security side and they’re knowledgeable about it as well. Again, doesn’t need to go in the nitty-gritty like in the weeds of IOCs and all that, but understanding, for example, that now the ecosystem on the other side is somebody providing the malware, somebody going and executing it. So just to show how they see these movements, I think it’s sometimes important enough to show that they are expanding their coverage for their end users. Robert Dutt: The reports, the eCrime reports, have been in the market about a month now, I guess. I’m curious what you’re actually hearing from MSPs and MSSPs as they’re digging into them. Are people using them the way you expected or are there surprises that you’re seeing in how they’re engaging, what they’re doing, how they’re thinking about this information? Pedro Kertzman: That’s a good question. I think because of the name, we got out of the gate with police forces reaching out to us, but in theory, it’s not the best kind of deep analysis that we’re going to give them, because they have a lot of expertise. So then we have the APT reports that would bring more detailed analysis for them. So it was interesting to see that people are kind of eager on the end-user side to see how the threat landscape, especially related to financial crimes or eCrime, are really, let’s say, hot right now. The MSPs are kind of following that trend, not as jumping on like the police forces were, but they are starting to inquire about the new eCrime reports for sure. Cameron Tousley: Yeah, I’d agree. I think the defender agencies, I’ll call them, the ones that are fighting the same battle we are, but maybe physically, but now they’re fighting the eCrime too. As they’re learning, this is a great tool for them. We find that they’re excited about it. It’s relatively new, so we’re going to see more and more adoption of it. But plenty of people who are in evaluation are like, “Hey, can I run a free month of this? I want to check it out and see what I’m going to get.” And we’re getting a lot of good feedback on it right now. I’d say on the MSSP/MSP side, again, it’s new for them too. And they do a lot of different things. So for them, they’re like, “I need to slice out some time to check this out as well because this is interesting. I don’t know if anybody else is really doing anything quite like this.” So for them to be able to check it out and add it to their offering, I think what’s going to happen is that they’ll get hooked on something like that and they’ll want more. And we’re already working on more. So our teams are hard at work. We’re adding new feeds, new reporting structures, new ways to consume it. And reasonably priced packages and things like that. Even ones where you have somebody on retainer where you can go to and get a very long deep dive on what you’re reading periodically throughout any given month. So I think with that, you’ll see a lot of internal IT large agencies adopt it. I think you’ll see some MSSPs adopt it. And you might even see some general MSPs who are evolving up that chain do the same thing. So it’s kind of a report and an offering for everybody there. Pedro Kertzman: Yeah, I think you mentioned something important, Cam. We do offer trials for the eCrime reports as well, right? If they want to test it out. Cameron Tousley: Yeah, try it before you buy it. Yeah. Robert Dutt: It sounds like you’re also thinking about ways that you can slice this, dice this, package it out to that smaller MSP or that MSP who’s not a pure-play security player going forward. I was going to ask, what do you see as coming next in CTI and in your eCrime reports? I think that’s certainly a hint. Anything else that you see sort of in the pipeline or where you’d like it to go, where partners would like to see it go? Cameron Tousley: Yeah, I’ll take a stab at this one because my heart’s near and dear to the MSP community. That’s what I’ve been working in. That’s a segment for quite a long time now for ESET. And so what I’m reading and what I’m theorizing on is that there’s other kinds of technologies that are pretty complex, have gotten more simple in the way that they’re still doing complex processes, like an EDR, right? It’s an investigative tool, and then you pair it with AI and then things become easier for the team managing it. I think it’s going to be the same thing here where you’re going to have an AI paired with it, which we have our own agentic AI agent in this offering now, which is very, very cool, and it’s built in our security platform. But for this, I think it’s going to make consuming information easier, generalizing it, summarizing it, and making sure you can spin it into a quick executive summary. My theory is click of a button, right? So I’m going to have a dashboard. I’m going to say, “Hey, I want an executive summary on this event.” So you’re basically just filtering, and then the end result is you hit that AI generate button and then it generates something that’s quality, and you can do it at various user levels, maybe various role levels. I’ll hit the CTO button or I’ll hit the CEO button and they’ll be a little bit different, obviously. So I think that it’s going to get simpler and managed intelligence as a service, that’s next. It’s already a term that’s being thrown out there a little bit if you look for it. So it’s just not mainstream yet. And I think it will be here in a short period of time. Pedro Kertzman: A hundred percent. And just to double down a little bit as well, Rob. I think especially for the smaller MSPs, let’s say you hit a critical infrastructure, you stop a pipeline or anything like that, you’re going to have federal agencies going after you, right? But then when you hit a mom-and-pop shop, nobody really cares. And those guys are often served through these smaller MSPs. So I think getting a better understanding of the threat landscape that especially targets those small businesses, I think it’s just a natural progression of the change in the threat landscape. Robert Dutt: Well, and you bring up a point that I kind of pulled on a little bit with your friend, Tony Anscombe, not too long ago. There’s so much data about how many attacks right now are taking advantage of the MSP tooling as a threat vector. And so I think that also speaks to a need for an MSP who wants to be mature and responsible about these kinds of things to have a better grip on who’s looking, what they’re looking at, and how that maps to what they’re doing. Pedro Kertzman: A hundred percent. And just to link this specifically about eCrime and affiliates, affiliates would be the ones exploiting those RMM tools, right? Because it’s something that is already deployed in the environment. If they get the credentials that got stolen for whatever reason, they have access to those tools and then they can deploy malware that they bought from those affiliate programs inside of the victim’s networks. Robert Dutt: And it’s funny, almost a reversal of back in the day, I can remember as a Mac user, there was a saying that Apple engaged in security through obscurity. What you describe is almost the opposite of that. It’s insecurity to a degree through obscurity. In that if I’m an attacker, I know that if I go after Colonial Pipeline to use your example, I’m all over the front page and there’s going to be a lot of government agencies who have a lot of serious, serious questions for me. If I take out an MSP tool that gives me access to a bunch of very small clients though, maybe I fly under the radar just a little bit more. Cameron Tousley: Oh yeah. Robert Dutt: This is my last question. If there’s one shift in thinking that you’d want a Canadian MSP to walk away with after this conversation, in terms of how they think about these reports, in terms of how they think about the role of threat intelligence in their business, you know, one thing they should reconsider about how they’re approaching their security practice, what would that be? Pedro Kertzman: So I think first, Rob, that’s kind of more of a mindset type of thing. CTI still sounds super complex to a lot of people. I would say there are two main flavors. One, if you really want to dig into techniques and all that, yes, you can get fairly technical and sophisticated, but there are really simple ways to ingest cyber threat intelligence into existing automated tools. You can, of course, do a POC with one, two, whatever vendors you want to do. Once you find that real value for your customers, your end users, then it’s automated. We’re talking about data feeds ingesting directly into a firewall. If you don’t have a CTI central brain kind of thing, which the market knows as a TIP (threat intel platform), you don’t need to go that route, the sophisticated route. There are simple ways to use threat intelligence. And honestly, it’s super valuable because it’s just, again, automated. You’re outsourcing the knowledge to the vendor directly who’s going to execute that, like a firewall, for example. Cameron Tousley: Yeah, I think that’s some really good commentary. And I have a lot of business conversations with MSP business owners and I follow the market, and the consolidation, there’s tons of it. And there has been for a few years, but it’s just insane right now. And I think that there’s this thing going around, it’s like, look, evolve or sell. Because you have the advent of AI and that’s speeding everything up tenfold. And just don’t be afraid. If you want to continue to run your business, don’t worry, you’re going to have clients out there in your locale that probably love you. But they’re also going to have people calling them as these other MSPs get bigger, and these national ones that swallow other little smaller companies and then their go-to market will be, “Well, let’s go down market, down market,” because we can’t always go up market, that’s pretty hard to do. But down market is like shooting fish in a barrel kind of thing. So that means it’s a risk for the smaller MSPs that are not going to sell out, that want to be in business another 10 or 15 years. So don’t be afraid, utilize AI to research it. They say don’t use AI as Google, I disagree a little bit, but you can use it for a lot of things. This can summarize: what is this offering? Can I use it? Ask it really basic questions to get acquainted, and then take the next step and call your vendor and just have a conversation with them and say, “What are all my options? I am in this locale, I serve these kind of verticals, here’s my sizing, here’s the tools I use.” You’ve got to throw everything out on the table because then your vendor, somebody like a technical or business contact, can jump in and say, “Look, I think that you should check out this part of this larger offering. And here’s what I’ll do for you. And here’s what you’re going to do. We’ll give you a game plan, right? You’re going to trial it in the following ways, we’re going to pair you up with a technical person to teach you a little bit and be your co-pilot—Microsoft gets enough press.” But really kind of jump in, try it out. Don’t be afraid. Because if you want to be around another 10 or 15 years, you have to make the leap. And you don’t have to do anything big, but you have to start adopting some of this security-forward thinking so that you can have threat briefings with your clients and not statistical talks. There was just that MSP summit and there was actually a panel on what the next gen of MSPs is doing. And it was funny to hear it because they’re like, “Well, we’re focused on outcomes.” And I totally agree, but I know some of the older MSPs are like, “Well, we’re focused on outcomes too.” But I think it’s the talk track. You’re all saying the same thing, but you need some more complex tools in some ways to be able to have these more outcome-based discussions. Like, “Hey, I not only blocked X amount of threats, I kept your uptime up in this way, and that allowed you to keep productivity up. So by my clock here, you were able to achieve all those things that you wanted to achieve in our initial meeting, we’re on track.” That’s the conversation you want to have in addition to that little bit of the threat briefings peppered in. Robert Dutt: All right. Some great advice there. Gentlemen, thank you both for taking the time. I appreciate it. Cameron Tousley: Thank you, Rob. Pedro Kertzman: Great to be here. Cameron Tousley: Absolutely. It was a pleasure. Thanks so much. Robert Dutt: There you have it, Cameron Tousley and Pedro Kertzman from ESET. I’d like to thank both Cameron and Pedro for their time. They did exactly what we set out to do with this conversation, kept it firmly in the strategy lane with technical depth in service of the business point rather than the other way around. A few things to leave you with. The framing that stuck with me most was Cameron’s distinction between statistics talk and threat briefings. The idea that your quarterly client review shifts from “here’s how many threats we blocked” to “here’s the specific group targeting your vertical right now. Here’s how their affiliate operates, and here’s what we’ve already done about it.” That’s a real upgrade in how an MSP demonstrates value. It moves you from uptime vendor to trusted advisor and that’s a conversation your competitors probably aren’t having yet. On the technical side, Pedro’s explanation of affiliate-level tracking is worth sitting with. The headline ransomware groups get the attention, but it’s the affiliates, the ones buying malware-as-a-service and doing the actual execution who determine the tactics on the ground. Tracking them is what gives you an early warning before the attack scales. And as I noted during the conversation, there’s a certain logic in how attackers exploit the MSP model specifically. Go after the tooling, stay under the radar, quietly compromise a hundred small clients instead of one high-profile target. Obscurity in that scenario is working against you. For the smaller MSP who’s heard all of this and thought, “I’m not staffed for this,” Pedro’s entry point is worth considering. You don’t need a full threat intelligence platform or a dedicated analyst to start. Automate the ingestion of indicators of compromise directly into your clients’ firewalls. Let the tooling do the work. It’s not glamorous, but it’s real, actionable and it’s a lot more than most of your competitors are doing. And Cameron’s closing thought, “evolve or sell,” is the frame I’d put around all of it. The consolidation wave hitting the MSP market right now is not slowing down. The shops that survive as independents will be the ones that have more sophisticated conversations with their customers. Threat intelligence is one of the things that helps you have those conversations. If you found this one useful, please follow or subscribe to the podcast wherever you listen. We’re on Apple Podcasts, Spotify, YouTube, all the major podcast directories. Ratings and reviews are always appreciated. Until next time, I’m Robert Dutt for ChannelBuzz.ca and I’ll see you in the channel.
In this May 2026 episode, MSSP intern Saadhya Bahudodda interviews Greg Rapport, founder and Executive Director of Age Out Angels. Greg shares his journey from a writing services career to leading a nonprofit focused on helping youth in foster care transition to independence. He discusses the importance of mentorship, innovative educational programs, and trauma-informed care in supporting these young individuals. The conversation highlights the challenges faced by youth aging out of the foster care system and the organization's efforts to provide practical solutions for financial well-being and educational success. Greg also emphasizes the need for systemic improvements and the significance of Foster Care Awareness Month.
Support the D.A.W.G.Z. @ patreon.com/MSsecretpod Support Nate and the Bros @ https://www.patreon.com/pitm Go See Matt Live @ mattmccusker.com/dates Go See Shane Live @ shanemgillis.com Go See Lemaire Lee Live @ https://lemairelee.fun/ Go See Shawn Gardini Live if you want @ https://www.shawngardini.com/live hello. Hope you're all having a good week. Shang is out Cali way for the netflix fest / roast (everyone tune in this wknd!!!!). We wish our brother luck on his journey. In his absence we got a solo-solar cast for you this week. Cusk talks RAH aka the sun. We talk Mercury and Venus on the paytch. Please enjoy. God Bless. Visit https://prizepicks.onelink.me/DRENCHED and use code DRENCHED and get $50 in lineups when you play your first $5 lineup! Exclusive $25-off Carver Mat at https://on.auraframes.com/MSSP. Promo Code MSSP Learn more about your ad choices. Visit podcastchoices.com/adchoices
Tim Coach, chief evangelist at Cynomi For most managed service providers, the security services story has followed a familiar arc: endpoint protection, email security, security awareness training. Each category added value, then became table stakes. Third-party risk management – TPRM – is what comes next, and according to Cynomi Chief Evangelist Tim Coach, it may be the stickiest revenue category yet. The case is straightforward. Every business relies on a web of vendors, software providers, and service partners. Each one is a potential vulnerability. And most SMBs have no formal process for knowing how well those third parties are managing their own security – or what happens to them downstream if one of those vendors gets breached. Research from Cynomi suggests 45 percent of organizations will face supply chain attacks, and 30 percent of data breaches already involve a third party. The attack surface has shifted to the things organizations trust most. For Canadian MSPs, the regulatory pressure is specific and near-term. OSFI’s Guideline E-21, with a September 2026 compliance deadline for federally regulated financial institutions, puts third-party oversight explicitly on the agenda. The cascade effect on their vendors – and the MSPs serving those vendors – is already in motion. Perhaps the sharpest signal in this conversation: cyber underwriters are now denying SMB coverage not because of anything the SMB did, but because they are connected to an MSP. The managed service provider, long positioned as the path to better insurance outcomes, has become a risk factor in its own right. Coach’s recommended first move for any MSP building into TPRM isn’t a vendor questionnaire – it’s a Business Impact Analysis. Understand how the client actually makes money, which vendors are critical to those revenue processes, and what an hour of downtime costs. That reframes the conversation from technical widgets to revenue, cost, and risk – the language every business owner speaks. – UPLOAD AUDIO Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, your host for the show. My guest today is Tim Coach, Chief Evangelist at Cynomi, a vCISO platform purpose-built for MSPs and MSSPs. Tim brings an unusually grounded perspective to the space. He’s an engineer by training who spent nearly two decades building, running, and consulting on managed service practices before landing at Cynomi after seeing the platform first-hand and recognizing it could have solved one of his biggest operational headaches as an MSP owner – the CISO bottleneck, the point at which growth stalls because the security function can’t scale without adding expensive headcount. That personal history shapes everything he thinks about TPRM, third-party risk management, which is increasingly being talked about as the next major revenue category for MSPs after human cyber risk. Today we’re talking about what building a TPRM practice actually looks like, why cyber insurance has quietly flipped the MSP value equation, and why the right starting point isn’t a vendor questionnaire at all. Let’s get right into it, my chat with Tim Coach. Tim, thanks for taking the time. I appreciate it. Tim Coach: I absolutely love to be on. Thanks so much for having me, and for having Cynomi on your webinars. We’re always happy to do these things and educate the community. Robert Dutt: You’ve spent a long time in and around the MSP community. How did you end up at Cynomi specifically, and what was it about the opportunity around TPRM that pulled you in? Tim Coach: TPRM was eventually in the process – let me back up. What got me into the community was my engineering background. I went to college for what was called network communications back in those days. Basically I’m a network guy – I always point at the front-end programming guy and say, “It’s your fault,” and the programming guy says, “No, no, it’s the network’s fault.” So I did that for a large-scale nationwide company for many years, and then I fired my MSP. The owner was like, “Well, if you’re so good, why don’t you come over here and run this?” And I said okay. It took me about 24 hours to realize I didn’t have a clue what was going on – the place was chaos. But through process and procedure, and a military background, I knew I could get it under control. I ended up with a business partner from that experience, and we spent about 20 years rebuilding and consulting with MSPs. About five years ago, I just needed something different. The kids were a little older. I started looking at what else was out there, talked to a couple of mentors in the space – I’m sure if I mentioned their names everyone would know them – and they said, “You should come over and do this.” So I jumped. I went to work for a Canadian company, grew them quite a bit in the first year, then moved to an Australian company, grew them, and then went back to consulting for a short time. David from Cynomi was recommended to me as a consulting connection. We were going back and forth and he said, “Why don’t you come on board?” And I said, “I’m not really interested in selling a widget” – and it’s a security widget, right? There are so many great widgets and great personalities in the security space already. Probably not my jam. But he said, “No, no – let’s look at it.” And he showed me what Cynomi did, and I was blown away. The reason I was blown away is that at my most successful MSP, we hit a stopping point in our growth. The reason was our CISO – and this was before CISO was even a cool term. He was our bottleneck. Not because he was inefficient as a person, but because of the way he had to work: 80 pages of Excel spreadsheets and hours and hours of questionnaires. When I first saw Cynomi, I thought, “Here’s a way I could have doubled the size of my company with the same staff, the same CISO.” That’s what really inspired me to come on board – seeing that dashboard and connecting it to the personal pain I’d experienced around the security bottleneck. Now with the addition of TPRM, that excites me even more, because back in my MSP days I had a lot of bank clients, and banks are SOC 2 all over the place. Part of SOC 2 is that you have to have TPRM – you have to be responsible for everybody in the chain. So now we’ve built out a platform that lets the MSP, MSSP, ITSP, or whatever SP you want to put in front of those letters, easily manage vendor relationships and understand where clients are in their security posture. Robert Dutt: You may not feel it’s cool, but it’s certainly foundational security. Tim Coach: And that’s the problem, right? That’s why we’re still talking about security – because nobody knows how to talk business. They all talk widgets, bits and bobs: here’s this cool firewall, MDR, XDR. But you know what your clients don’t care about? The widgets. They care about being secure. Until we can bridge that gap – until Cynomi brings something that says, here’s an easy way to get to the data and details you need, here’s CISO-level intelligence so the MSP can translate it into business terms for the doctor’s office, the manufacturing company, whatever vertical you want – we’re going to keep having this same conversation. Robert Dutt: Let’s do a little bit of that with TPRM itself. Let’s take a step back and look at it from the viewpoint of an MSP who’s heard the acronym but hasn’t really dug in yet. Third-party risk management – what are we actually talking about, and what problem does it solve? Tim Coach: What a lot of people need to understand – and I try to say this in a way that’s easy to grasp – is: manage security first, and compliance becomes a default. What I mean is that you need a baseline, whether it’s CIS Controls, Cyber Essentials Plus, CMMC 2.0, one of the financial frameworks, HIPAA, whatever applies. You need a baseline you’re actively managing your security against. In the process of meeting that baseline, compliance follows. What we’re increasingly seeing is that certification bodies, auditors, and insurance underwriters all want to see that your solutions and partners are just as secure as you are. I was at Canalys Barcelona last year and someone made a statement that blew me away: for the first time ever, we’re seeing insurance underwriters deny coverage to an SMB because they’re connected to an MSP – and the MSP is what they consider the risk. We went from being the most important people in the room, essential workers, to being the risk factor. And on top of that, helping clients with their insurance has been one of our foot-in-the-door conversations for the last decade. That’s where TPRM comes in. The frameworks and insurance underwriters now want to see not just that you’re secure, but that everyone you’re working with is secure. The problem has always been how you manage that. Back in my day, you had to call the vendor, find the right person, ask for evidence of their SOC 2 compliance, get bounced around, end up with legal, sign an NDA, and eventually get the report. Now people share that information a bit more freely, but you still need a central place to manage it – so when an auditor or insurance broker asks, you can point to it and say, “Here it is.” We do a community call every Wednesday at noon Eastern, and we’ve had a gentleman on a couple of times who has written books specifically on TPRM. He’s sounding the alarms – not bad alarms, just “it’s coming.” But like a lot of SMBs, MSPs are having to drag their clients toward where they need to be. Once you make it easy for the MSP, you make it easy for the SMB, and you finally have a way to prove you’re taking those measures. Robert Dutt: Supply chain attacks have certainly been a theme in the channel for a while – Kaseya, SolarWinds, MOVEit. But TPRM as a formal managed service element feels newer. The insurance side sounds like a big driver. What else changed to make it go from a theoretical concern to something MSPs can actually build a practice around? Tim Coach: I firmly believe you cannot be a business partner without knowing how your partner makes money and how you need to protect them. I can’t protect them if I don’t know what they’re using. It’s the old adage: if two people are managing something, nobody’s managing it. TPRM is really the next step for the ITSP to move from a transactional relationship to a true business partnership – ensuring that everyone your clients are using is also protected. Because what happens is what always happens: it doesn’t matter what you have hard-coded in the contract about not being responsible for X. When something goes wrong, the SMB comes back and says, “But I thought you were managing this.” We go over it in the contract reviews, sure, but the conversation still happens. When you’re genuinely talking business – saying, “I’m going to protect how you operate quarter after quarter, year after year” – you’re protecting their entire environment, not just your piece of it. That’s when you move to a real business relationship instead of a sales relationship where every conversation is an upsell or a cross-sell. We’ve done it to ourselves a little bit, honestly. It’s like an insurance agent in Oklahoma trying to sell hurricane insurance. That’s not what we should be doing as business partners. TPRM allows us to have a full understanding of the client’s environment and make sure everything is protected – or at minimum, that the gaps are known by everyone. Robert Dutt: Cynomi has described TPRM as the next major revenue category after human cyber risk. Can you walk me through what the recurring revenue model actually looks like, and what makes it sticky? Tim Coach: Everything leads to MRR – that’s business. But you have to start with a project. You need to understand where the client is in their security journey before you can manage them ongoing. SMBs don’t do things for free, and neither do our partners. This is a revenue generator. But it’s a revenue generator because it actively has to be managed. I always say: I can’t throw a server at security. I can’t throw a firewall at it and declare myself secure. The best analogy I’ve heard for security is a block of Swiss cheese. There are holes, and you can stick a fork through those holes quite a way. But if you slice that block and turn every slice 90 degrees, the holes are still there – they’re just not as deep or vulnerable. That’s TPRM. There is no set-it-and-forget-it. It has to be actively managed, and that active management is where the recurring revenue lives. Robert Dutt: What does a typical engagement look like early on, for an MSP starting from zero with a client? Where does the work begin, and what surprises people about the scope as they go deeper? Tim Coach: Everything begins with an assessment. With Cynomi’s tools, we can use Cyber Essentials Plus or CIS Controls as a self-regulating baseline and add a couple of hours to the initial assessment to incorporate the security piece. We all do assessments upfront to understand what we’re getting into – or what needs to be fixed before we really dig in. Once you’re in the security layer, the next step is TPRM. And TPRM brings with it something I think is critically important: the Business Impact Analysis. It’s not enough to ask, “What does your client do?” They make dog food – do they? Or is that just the end product? When I was an MSP, I had a metal manufacturer that cut and stamped metal. But if you asked their CFO what the business was, he’d say, “Making pallets – I make more on pallets than on the stamping work.” I used this example in a presentation just yesterday. Years ago I was walking through a manufacturer’s facility and asked about a machine: “What does that one do?” “That runs the software that completes our product.” “Why isn’t it plugged into the network?” “It’s a Windows 98 machine.” “Why are you still running that?” “Because it runs decade-old German software that costs ten million dollars to replace. And we only have that one machine.” If you’re not walking through and genuinely understanding how they make money, you don’t know where the risks are. And that’s what TPRM forces you to do. Ideally, I’d love to sell a project that includes a full security assessment, a BIA, TPRM, BCP, IR planning, all of it from day one. But it doesn’t happen that way. You have to phase it. Once you understand the BIA and what they’re actually doing, you understand where the software and systems that carry real business risk are, and you can start building that into their security posture. It’s the same principle: why hack an individual when you can hack the software that manages all the individuals? Why try to crack one account when you can compromise an MSP’s RMM tool and get access to everybody? If you go into a business without understanding their software environment and vendor posture, you at minimum need to be able to tell them where the risks are. Because the language they speak is revenue, cost, and risk. TPRM is a risk if it’s not being managed – and that’s why we’re seeing so much attention on it lately, even though some of us have been doing this for decades. We just used to call it vendor management. Robert Dutt: We’ve talked a lot on the show about MSP tools as an attack surface – RMM agents, remote access tools, backup platforms. The MSP is supposed to be managing the client’s vendor risk, but the MSP’s own toolchain is also someone else’s third-party risk. How should MSPs be thinking about that? Tim Coach: It comes back to the BIA again. What are they using? What’s creating the security gaps, and how do you build better overall management around it? There’s a project in there, but every project should lead to MRR – period. It still has to be managed. Remember when Exchange servers went away and everyone panicked about where the revenue was going to go? There was still an entire environment to manage. We always made some revenue on hardware, though that’s gotten harder – the real money is in managing the ongoing environment. TPRM is the same thing: it’s a significant security gap in the overall posture of your clients, and that gap has to be actively managed. Robert Dutt: Pushing on that a little further – TPRM platforms are pulling in a pretty comprehensive map of an organization’s vendor ecosystem: the gaps, what’s been remediated, basically a full picture of the landscape. If one of those platforms gets compromised, that’s not just a breach – that’s a pretty rich target list for an attacker. How do you think about that? Tim Coach: Think about a CNC factory. Their job is building molds to produce a specific part, and the software on their server has all the schematics fully built out. What happens if that software gets hacked? You lose all the schematics for the CNC machine – so suddenly you can’t produce anything. And if the attacker gets in early enough in the process, the downstream supply chain impact goes way beyond that one facility. That’s the risk. If you’ve got $200,000 five-axis CNC machines – and I may have a little experience with this – and you’re not protecting the software running them, and you don’t understand from a TPRM perspective what the vulnerabilities look like, that’s an ongoing, persistent risk. You always have to be managing it. Robert Dutt: Sitting where Cynomi is, how do you think about the security side of running a TPRM solution, and what should MSPs be asking vendors in this space about that? Tim Coach: Efficiency. How efficient can you make it? I’ll probably get in trouble for saying this, but we’ve essentially stupid-proofed the first few levels. We’ve built it out for you. And look – I know AI is a word we’ve managed to avoid for about the last half hour, but AI is meant to enhance the human. It’s a tool. What we’ve done at Cynomi is build AI agents and intelligence into the platform to make this work manageable at a lower labor level. If I can take work that previously required a CISO – an expensive asset – and bring it down to a tier-two technician, my margins go up because my labor costs go down. That said, we’re not replacing the CISO. I used to work with a company that built a component for Apache helicopters – no public-facing anything. If a tier-two tech runs a report showing no web security for that client and flags it as a critical gap, the CISO might be the only person who knows that client has no public-facing presence by design. That context matters. The CISO still needs to be the final approval layer. What Cynomi has done is open up bandwidth for other people to do the groundwork, so you can grow your company without adding another six-figure salary. When your staff becomes more efficient, the CISO is less of a bottleneck – which was the original problem we started with. Robert Dutt: For the Canadians listening, there are some very specific regulatory drivers on the table right now. OSFI’s Guideline E-21 has a September 2026 compliance deadline for federally regulated financial institutions. Can you talk about the role you see TPRM playing in responding to that kind of regulation? Tim Coach: What we’re seeing is that the insurance underwriters, auditors, and regulators are the ones setting the standard, and the industry has to meet it – but the industry isn’t yet at a point where it can easily meet a TPRM standard. So what will probably happen, whether it’s Canada, the US, the UK, or EMEA, is a pattern we’ve seen before: they’ll release a guideline, there’ll be a period of voluntary adoption, and then they’ll give it teeth. Like HIPAA – they threw it out there, and eventually it got enforcement. The thing I’ve always loved is watching the auditors, because they’re typically running a couple of years ahead of the regulation. If you stop treating auditors like your mortal enemy – “they’re here to expose everything I’m doing wrong” – and start paying attention to what they’re flagging, you can get ahead of the game. Auditors are a leading indicator. It’ll always come down to government forcing the policy, and then insurance trying to find a way out of paying claims when it’s not followed. But if you’re watching the auditors and TPRM is showing up in their reviews, you already know what’s coming. Robert Dutt: For an MSP listening to this and thinking, “I should be doing this” – what’s the realistic first move? Not the ideal end state, but the practical starting point? Tim Coach: Start with the BIA – the Business Impact Analysis. Research suggests every SMB has three to five critical processes that drive about 80% of their revenue. Do they actually know what those are? Probably not. They make dog food. They take care of kids. Whatever it is – they don’t actually know how they make money. I have an old client who’s also a friend – he works in retirement planning. If you asked how he makes money, you’d assume it’s from managing portfolios. It’s not. He makes money by selling the policy, and the insurance company pays him a commission on that. If you don’t start by understanding the BIA, you don’t really know what solutions your clients are dependent on. Start with: who is your critical software outside of us? Who maintains it? Do we have a relationship with them? Does it connect directly to how you make money? And tie it to cost of downtime. If a doctor’s office goes down for four hours – and in a medical practice you call them providers, not doctors, right? Speaking their language, not ours – what does that cost? If the pallet machine on an assembly line goes down, and that pallet machine is the only thing holding product so the rest of the line can keep moving, what’s the cost per hour? If you don’t know that, you don’t actually understand how to service your client. You’re still talking bits and bobs instead of revenue, cost, and risk. Robert Dutt: Future-looking question to wrap up: where do you see this category going over the next couple of years? Is TPRM a standalone practice, or does it fold into a broader vCISO or governance offering? Tim Coach: I think it’s going to be both. For more mature MSPs, it’ll be baked right into their silver, gold, and platinum packages – TPRM is just part of what you get at a certain tier. For others, especially those that aren’t at a full vCISO-as-a-service level yet, it’ll be available as a standalone – a meaningful piece of the security posture they can deliver to clients without committing to the full stack. Growth and maturity, right? As people build their practices, the more advanced will have it embedded. But there’s also a real path for someone starting out to say, “I need to at least get this piece right, because it’s critical to the overall security posture of my clients.” Robert Dutt: Fascinating. It’s an interesting area of technology and – to your greater point – business. I appreciate you taking the time to share some thoughts on how service providers can get involved. Tim Coach: Thanks for having me on. I always appreciate it. Robert Dutt: There you have it – Tim Coach from Cynomi. I’d like to thank Tim for taking the time today. He’s been around the MSP space long enough that when he points at something and says it’s the next thing, it’s worth listening. A few things I want to make sure land from this conversation. The first is the Business Impact Analysis as the true starting point. Before you think about vendor questionnaires or risk scoring tools, you need to understand how your client actually generates revenue – which processes drive the majority of the business, and which vendors are load-bearing in that equation. That’s not a security conversation. That’s a business conversation. And that’s the shift that moves an MSP from tool vendor to genuine business partner. The second is the insurance signal. When underwriters start denying SMB coverage not because of something the SMB did, but because they’re connected to an MSP – that’s a warning and an opportunity in the same breath. MSPs who can demonstrate they’re actively managing their clients’ third-party risk have a new and better story to tell. And the frame to carry with you: security first, compliance becomes a default. Build the practice to the right security baseline and the compliance checkboxes largely take care of themselves. In The Channel is available on Apple Podcasts, Spotify, YouTube, and most major podcast directories. If you’re finding value here, ratings and reviews are always appreciated – they help other people in the Canadian IT channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Integris, a managed AI and IT services firm backed by OMERS Private Equity, has announced its intent to acquireFirst Focus, the largest managed service provider serving small and midsize businesses across Australia, New Zealand, and the Philippines. The deal, subject to regulatory approval, is designed to extend Integris’ geographic reach while accelerating delivery of AI-enabled managed services across regions. For the channel, the transaction is a clear expression of the platform MSP consolidation trend playing out globally through private equity – and for Canadian observers, the OMERS connection is notable: the Ontario Municipal Employees Retirement System is the PE backer driving this international build-out. Cybersecurity vendor NeuShield has announced a partnership with Ontario-based MSP Data Guards to deliver instant ransomware recovery services to clients. In a documented real-world use case, the companies reported restoring more than 6.2 terabytes of encrypted data in just fifteen minutes – a recovery window NeuShield says would have taken more than five days using traditional backup methods. By integrating NeuShield Data Sentinel into its managed security stack, Data Guards can offer one-click recovery of corrupted data and storage-layer protection against ransomware and file tampering, reflecting a broader market shift as solution providers move beyond prevention and detection to guarantee client data remains continuously recoverable without system rebuilds. ThreatLabs Europe, the research arm of ThreatDown, has discovered threat actors weaponizing AI agent skills to deliver the GachiLoader infostealer. Attackers are using a fake OpenClaw AI agent skill as a lure to inject the Rhadamanthys infostealer directly into memory, leveraging the Polygon blockchain for command and control to bypass traditional perimeter defenses. The malware harvests cryptocurrency wallets, browser credentials, Telegram messages, and password manager contents. The discovery is a direct warning for the channel: as non-human identities proliferate in client environments, identity and access management practices must now account for the vulnerabilities introduced by AI agents – not just human users. In brief: Sublime Security has launched its first formal channel partner program and announced a move to a 100 percent channel sales model, with dedicated reseller and MSSP tracks. The agentic email security platform uses a rules-plus-AI approach it says catches attacks that signature-based tools and generic AI products miss. Konica Minolta has announced the spring 2026 launch of the AccurioPress C5080 Series, a new line of digital production presses designed for high-volume commercial printing environments. Forescout has launched Mission:Possible, the company’s biggest channel partner tour in 25 years, spanning more than 90 cities globally between May and September. The immersive events are built around hands-on IT, OT, IoT, and industrial security challenges, with the goal of sharpening partner positioning around zero trust and continuous threat exposure management. Microsoft 365 E7 goes generally available today at $99 per user per month, bundling Microsoft 365 Copilot, the Entra Suite, and advanced compliance capabilities in a single commercial tier. Microsoft’s Q3 earnings this week confirmed Copilot has crossed 20 million paid seats – E7’s launch signals the next phase of the AI licensing conversation for solution providers. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, May 1, 2026, and here’s what’s happening in the channel today. Integris, a managed AI and IT services firm backed by OMERS Private Equity, has announced its intent to acquire First Focus, the largest managed service provider serving small and midsize businesses across Australia, New Zealand, and the Philippines. The deal is subject to regulatory approval and is designed to extend Integris’ geographic footprint while accelerating delivery of secure, scalable AI capabilities across regions. For the channel, it’s a clear example of the platform MSP consolidation trend playing out globally – and for Canadian observers specifically, it’s worth noting that OMERS, the Ontario Municipal Employees Retirement System, is the private equity backer driving this international build-out. Cybersecurity vendor NeuShield has announced a partnership with Canadian MSP Data Guards to deliver instant ransomware recovery services to clients. In a real-world use case that highlights the collaboration, the companies reported successfully restoring more than 6.2 terabytes of encrypted data in just fifteen minutes. According to NeuShield, this compares to more than five days that would have been required using traditional backup methods. By integrating NeuShield Data Sentinel into its managed security stack, Data Guards can offer one-click recovery of corrupted data and protection at the storage layer against ransomware and file tampering. The partnership underscores a broader trend in the market, as solution providers increasingly move beyond prevention and detection to ensure client data remains continuously recoverable without the need to rebuild systems from scratch. ThreatLabs Europe, the research arm of ThreatDown, has discovered that threat actors are now weaponizing AI agent skills to deliver the GachiLoader infostealer. According to the company, attackers are using a fake OpenClaw AI agent skill as a lure to inject the Rhadamanthys infostealer directly into memory. The attack utilizes the Polygon blockchain for command and control instructions, allowing it to bypass many traditional perimeter defenses to harvest cryptocurrency wallets, browser credentials, Telegram messages, and password managers. As malicious actors increasingly exploit the expanding footprint of non-human identities, the discovery serves as a clear warning to the channel. IT professionals must ensure comprehensive identity and access management practices account for the vulnerabilities introduced by AI agents operating within client environments. In Brief – Sublime Security plans to go 100 percent channel Konica Minolta has announced the spring 2026 launch of its AccurioPress C5080 Series for digital production environments. Forescout goes on Mission:Possible partner tour And finally, today's the day for the launch of Microsoft 365 E7 Full details and links in the show notes or the blog post. Later today on In The Channel, we continue our coverage from SAS Innovate 2026, as we talk to SAS global channel chief John Carey about four years building out the channel program for the analytics company, the increasing role of MSPs, and how his own goals for the partner portion of the company's revenues are evolving. And if you haven’t heard it yet, yesterday’s episode featured my chat with SAS Canada leader Ryan MacDonald on the state of the AI opportunity in Canada, the role of partners, and why the value of SAS may be hidden to some customers. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Michael Crean, senior vice president and general manager of managed security services at SonicWall SonicWall published its 2026 Cyber Protect Report in March with a deliberate reframe: rather than threat intelligence for its own sake, the report is built around actionable content for solution providers. The centrepiece is the seven deadly sins of SMB cybersecurity – seven predictable, preventable failure patterns drawn from real breach data. The headline numbers are sobering: 88 percent of SMB breaches involve ransomware, more than double the enterprise rate, average dwell time sits at 181 days, and 85 percent of actionable alerts trace back to identity and credential compromise. Michael Crean, senior vice president and general manager of managed security services at SonicWall, came to the company through the acquisition of Solutions Granted, the MSSP he built – one of the early pioneers of SOC-as-a-service for the MSP market. He’s direct about what the data means for partners: the seven sins aren’t just an SMB customer problem. They’re an MSP problem too. His core argument is that mastering fundamentals – MFA, patching, privilege management – is non-negotiable, and owning the right tools doesn’t change that. You can have the same toolbox as your mechanic; that doesn’t make you a mechanic. On the MSP-to-MSSP question, his answer channels Yoda: do or do not, there is no try. A month after the report’s release, Crean says partners have already been using the sins framework directly in customer conversations – which he describes as the whole point. One postscript: his personal favourite of the seven sins is number five, cost-driven security decisions. His test – ask a room of MSPs how many bought the cheapest car on the lot. Nobody raises their hand. But too many of their customers are doing exactly that with cybersecurity. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. SonicWall has published annual threat research for years, but this year they did something different. They stopped calling it a threat report. The 2026 Cyber Protect Report reframes the conversation away from data for its own sake towards something MSPs can actually use – a set of tools and talking points for strategic conversations with customers. The hook they chose? The seven deadly sins of SMB cybersecurity. Seven predictable, preventable failures that show up in breach after breach. My guest is Michael Crean, senior vice president and general manager of managed security services at SonicWall. Michael came to SonicWall through the acquisition of Solutions Granted, the MSSP he built and one of the early pioneers of SOC-as-a-service for the MSP market. Before that, nine years in the military. So when he talks about what MSPs are getting wrong on security, he’s speaking from a fairly unusual vantage point – inside the SOC, inside the vendor, inside the partner community itself. The report had been out about a month when we sat down and I was curious what the actual conversation had looked like since launch. We got into that, the sins themselves, the 181-day dwell time that should make many MSPs uncomfortable, and what it really means to be or partner with a true MSSP. Let’s get right into it. My chat with Michael Crean. Michael, thanks for taking the time. I appreciate it. Michael Crean: Absolutely, sir. Robert Dutt: You called this report the Cyber Protect Report, not the threat report that you guys have been publishing for years. That seems like a deliberate choice. What are you trying to signal with that shift and who are you really talking to with this report? Michael Crean: I think every other threat report just looks the same. It’s got some different colors, it’s got some different logos, but everybody talks about the same exact thing and it felt boring. It felt like, “Why do we have to fit into the same role as everyone else? Why can’t we do something different that’s purposeful and should be meaningful to people?” It actually gives them something to talk about – not just with themselves internally, but also to their customers. That was the reason we went down this path and decided to call it the Protect Report. Robert Dutt: I’m guessing that also sets up why you went with the framing of those seven deadly sins – the seven predictable, preventable failures. I thought that was a really neat hook for it. When you look at that list, which one do you think most MSPs would be surprised to see themselves in? Not so much their customers, but themselves as MSPs? Michael Crean: Number one – ignoring the fundamentals. I mean, it’s incredible the amount of times – because of the work that we do at the SonicWall Security Operations Centers and the amount of compromises that we’re brought in to participate in, investigate, help people with – that you just find it’s this overwhelming amount of: you had the right tools, you had the right tech, and you didn’t know what to do with it. Or you did and you just didn’t take the time to really learn how to ride the bike well. We had a compromise today where a customer of ours got hit with Akira [verify], a ransomware, and we thought we probably knew that the penetration point was the firewall, but we had to do some more investigation. And when we did the investigation, the amount of misconfiguration was staggering [verify]. You pay for all these security services, and they weren’t even enabled – IPS, IDS disabled – and they paid for them. So it’s just unfortunate. These are just, again, what we call ignoring the fundamentals. Robert Dutt: Do you have any thoughts on what’s driving that? Is it a matter of, this is up and running, moving on to the next shiny thing, moving on to the next opportunity? What’s behind that? Michael Crean: I think some of it is that MSPs have found themselves in this place of challenge where they have so much responsibility and customers are looking at them. And I heard this a long time ago when I was a child – the smart person is the person that says what they don’t know. I think a lot of people are fearful to show that side of, “I don’t know something.” But saying “I don’t know” doesn’t mean you don’t know and you’ll never know. It just means, “Hey, I don’t know that, but I’m going to go here and ask this person, or I’m going to go to this vendor and get more information, or I’m going to do some more research and come back to you with a really solid answer.” Instead, there’s this constant – I hate to use the word – but it feels like there’s this constant necessity of yes that we have to keep giving our customers. I prefer somebody to tell me, “Nope, I don’t know how to do that, but I’m going to give you a great contact so that you can get it done right.” So I think that’s part of it. And then we, as manufacturers, we keep telling people all along the way, “Hey, buy my stuff, it fixes your problems. Just buy my stuff.” Well, I can go buy the same box of tools that my mechanic has, but that doesn’t mean I’m a mechanic and it obviously does not mean that my car is going to get fixed just because I’ve got the tools. Robert Dutt: Can attest to that. Fortunately, not with great experience, but there’s a reason I do take my car to someone else to get looked at. Michael Crean: Oh my goodness, you and me both. I want it done right. And as hard as I tend to drive my cars – because I have a thing for speed and adrenaline – I would actually like them to be as proper as they can be. Robert Dutt: Well, especially given that it’s important, when you’re testing the limits shall we say, that the thing stays together while you’re doing so. Michael Crean: Absolutely. Robert Dutt: And back to that point, I think there’s also the factor of when you are presenting yourself – and most MSPs do – as the trusted advisor, the expert on this, who’s going to take care of all this, that creates an even greater disincentive to admitting, “You know what? I need to check on that. Let me find out more,” rather than saying, “Yeah, I got this.” Michael Crean: I think it’s human nature, just in general. Because the moment you admit you don’t know something or you’re not certain, at that very moment in time, we just assume that to be a point of weakness. I believe through the military – I served for nine years – and being a CEO and founder for 22 years, what I really realized, and even when it came to my kids, sometimes when you just don’t know, it’s okay to say you don’t know, but I’m going to find out, or I’m going to figure it out, or we’re going to do it together and we’re both going to be better for it than we were when we started with the question. Robert Dutt: Funny, that came up early in my journalism career too. My editor at the time would say, “Your job is not to know. Your job is to find the person who does.” Along the same lines, a little bit of a different lens. You said something that I quoted in the news piece we did on the release of the report: that the danger isn’t that AI isn’t working – it’s that we’re using it as an excuse not to do the things we already know we should. That’s a remarkably direct thing for a security vendor to say, and it touches on that eating-your-vegetables kind of advice. What are you seeing that made you include that line? Michael Crean: It’s not what I’m seeing today. It’s what I’ve seen for the last 20 years in this industry. I mean, we went from deep packet inspection firewalls to next-generation firewalls. We got all of these extra added capabilities in the firewall, but then we got lazy on doing proper firewalling – controlling ports both inbound and outbound the way we used to do it – because we felt that we were overcompensating because we had so much power and capabilities. Then we went from signature-based AV to next-gen AV where we had these mathematical algorithms doing predictive analysis to understand whether a file is good or bad. Then we got EDR technologies helping us with the behaviour behind it. We just keep adding and adding and adding. I see AI as nothing more than just another tool. But how good can a tool be when you’re not performing the fundamentals? It helps, but it just can’t – I don’t know if you’re a sports guy or not, but think about it. When you look at the best of the best, whoever that may be – I’m a hockey guy – I’ll call Alex Ovechkin today. The best of the best, the all-time goal scorer. He beat Wayne Gretzky, he took that last year. That man works hard and he works on the fundamentals. I love what AI can do for us – to help get rid of some of the tasks that we don’t want to do, that we hate to do, that we can use for automation and make things faster, help us find bugs in our code, and in a security operations center, get through just mounds of data quicker. But you still have to do the fundamentals and you have to do the right things. Because when you do the right things and then you add something like AI to it, the world becomes a much different place. Robert Dutt: 88% of the SMB breaches you’re reporting on involved ransomware. That’s more than double the enterprise rate, if I’m remembering correctly. That’s a striking gap. What’s causing that? Do you see it as primarily resources, primarily end-user training, or something structural about how SMBs get attacked that’s different from enterprise? Michael Crean: I think it’s a little bit of everything that you mentioned, but mostly what it is, is this perception of, “I’m too little. I don’t have anything valuable. Why would somebody want to attack me?” When these large threat actors are going after huge enterprises – Colonial Pipeline, JBS, some massive organization – those organizations have better tools, better resources, better people, and they probably have more maturity to respond when they start to notice an attack taking place. When you think nobody’s ever going to break into your house, you may not lock your doors. You may not care about having the 70-pound German shepherd on watch when you’re not there. Because, I don’t have anything in my house of perceived value. But when you take that shotgun approach and you can knock down a hundred SMBs and get $10,000 out of each one, that’s a hell of a payday. It’s logical what we’re seeing right now. What it requires is that we all understand we have responsibility for the data that’s been entrusted to us – whether it’s customer data or supply chain data you’re responsible for because you’re supporting another vendor. The data we have is far more valuable than we give it credit for. Robert Dutt: And I guess there might also be an element of the ability to fly under the radar – the opposite of security through obscurity – in that you make that hit on Colonial Pipeline and it’s front-page news everywhere. You hit a bunch of small businesses for ten grand each, it gets a lot less attention from media. Michael Crean: I mean – I’m sure you’ve heard this, you’ve been doing this long enough – the idea around news and media: if it bleeds, it leads. And it’s not really sexy when you talk about a two-chair dental practice that gets hit with ransomware. And the two-chair dental practice doesn’t really want to talk about it either, because they’re a small community-based organization and it’s really damaging to how people potentially look at them. Whereas a Target, a Home Depot, a Lowe’s, whoever gets hit with ransomware – they’ve got the marketing machine, the attorneys, the dollars, the insurance. And at the end of the day, they’ll be as profitable, if not more profitable, a few quarters later. Robert Dutt: The report surfaces the number of 181 days of dwell time. For an MSP who’s running monthly security reports, quarterly reviews, thinks they have things in order – that number has to sting. What does it require of an MSP’s operating model to address that? Michael Crean: One, making sure that the investments you’ve made and the technologies you’ve decided to procure – the tools you’re going to use – make sure you’re well-trained on them and well-versed on the best practices so that you can get optimal outcomes. Patch management, man – I can’t tell you the amount of times we’ve seen… you talk about this 181 days, it comes down so many times to pure patch management. And the vast majority of manufacturers give you the patches for free. But we don’t think about it, we get distracted, we don’t see it as valuable as it really is. And it’s the really simple things. Again, it’s that number one – ignoring the fundamentals. Patching has been a fundamental thing we’ve talked about for so long. And I also think that for an MSP that just magically adds the additional S and starts calling themselves an MSSP – don’t dabble in security. Either do or do not. Do not try. We’re going to throw a little Yoda in here for the day. And if you’re not going to be a real MSSP, partner with one. There are so many great organizations out there – I’ll say we’re a great organization to partner with, that’s how we go to market – but there are lots of others out there who are purpose-built for this. It’s like being the best doctor in the world but you’re not a surgeon. So you refer somebody to a surgeon to get that surgery done. Robert Dutt: Your own background includes Solutions Granted – building out one of the first SOC-as-a-service models for MSPs before SonicWall acquired you. I’m curious, when you look back at your time on the other side, when you were the MSP – are there any of those sins you look at and go, “Hmm, that sounds awfully familiar”? Michael Crean: Oh, absolutely. I will say I went through that transition – 22 years of being a VAR, to being a government contractor, to being an MSP – realizing I was a really crappy MSP. Not going to lie. My bedside manner wasn’t great. I wasn’t passionate about what I was doing. And I think that’s something that gets lost sometimes. I was super passionate about security – getting out of the military, transitioning away from that, getting into IT and the tech space. And when I found my way into this SOC-as-a-service MSP space, it’s where I found my passion and love again. And I think that means a lot. Don’t do it for the sake of doing it. I think we all have to keep the lights on and put food on the table and clothe our kids and find a way to retirement one day, but find some happiness in that too and be really passionate about what you’re doing. And you’ll probably find a lot of these seven deadly sins aren’t as deadly for you. Robert Dutt: That’s one way of mitigating it, that’s for sure. The report is framed around protection outcomes and it’s explicitly aimed at giving MSPs the language to have strategic conversations with SMB decision-makers. But there’s a responsibility question underneath that. If the MSP is the last line of defense for most SMBs – and I think we’ve talked about this a little bit already – what does good actually look like? What’s the bar you have to reach before you either back off from security and/or partner with someone else who’s much more committed? Michael Crean: I think, one, it’s a team effort. It isn’t just the MSP’s responsibility. The business owners, the decision-makers, the board, whoever you’re dealing with that’s making these decisions – they have to buy in. And if they don’t, well, then you’re at a disconnect. You’re bringing in a subject matter expert – the MSP – to help make them more secure, for survivability, for all the things they’re asking for to make sure they can operate at the highest levels possible, and then you don’t allow them to do their job. That’s a huge risk. What I will say – and this is a hard lesson to learn, but one of the most valuable lessons to learn – is when you fire your first customer. Not get fired, but you actually fire your first customer because it wasn’t the right fit and the financial impact was going to hurt. It didn’t feel good. Nobody ever really wants to get fired or be fired. But when you do that, you start to mature. And inevitably, you also help that customer mature – because if they hear the same message from multiple people: “We’ve got to do patch management. Don’t tell me we can’t. We’re going to use MFA. We’re going to have a SOC monitoring this 24 hours a day, seven days a week, 365 days a year. We’re going to take away administrative privileges. We’re going to do the fundamentals. We’re going to make investments in tools and put the right people, process, and technology in place.” The outcomes really start to matter. But it is a team sport. I can’t tell you – and I’m sure you’ve heard this – MSPs talking about, “I can’t get my customer to use MFA, so I got them to sign this indemnification clause.” How many MSPs are getting sued, and these indemnification clauses aren’t holding up? Because you’re the expert. If you believe it’s 100% the right thing to do, then if they don’t follow – you fire them. Robert Dutt: It’s funny how often it comes down to that. I’ve heard that same sentiment from MSPs in the move towards, “This is what you have to take. It is not negotiable. It is the cost, as it were, of doing business with us.” I think that’s sage advice. Michael Crean: We accept it from our surgeons, right? If I’ve got a bum knee and I need it fixed and I’m a little overweight and he knows I’m drinking a little too much bourbon or eating a little too much red meat and he wants me to lose ten pounds so that he can be successful – if I’m not doing my part, well, why does he want to do surgery on me? Robert Dutt: Point taken. The report’s been out for a few weeks now. Curious – what’s the question you’re getting most from partners that you didn’t expect as they sit with this? What’s hit differently than you thought it might? Michael Crean: I thought we were going to get more pushback on why we called it a Protect Report instead of a Threat Report. That really isn’t the question we’ve been getting. What’s been surprising to me is the commentary. The unsolicited emails, the LinkedIn requests, the comments – people have really enjoyed receiving a report that just wasn’t like everything else. There’s been a lot of commentary along the lines of, “I’m going to have this discussion and use these analogies and use these seven deadly sins to have conversations with my customers.” That’s what we were hoping for, but you never know when you go against the grain how well it’s going to hit. I think we got lucky. Robert Dutt: It sounds very much like mission accomplished. I know it’s something that caught my attention and that I’ve heard out there as well. I look forward to seeing what comes next as you continue to reinvent what these kinds of reports do and what they look like. Michael, I thank you for taking the time to talk through this and to offer some advice. Michael Crean: I appreciate your time as well, sir. Thanks a lot. Robert Dutt: There you have it – Michael Crean from SonicWall. I’d like to thank Michael for his time, and for a conversation that felt a little different from the usual vendor security briefing. His background – building Solutions Granted from scratch, running a real MSSP, operating inside a SOC, and now sitting on the vendor side – gives him a perspective that’s harder to find than you’d think among people who are now in vendor roles. A few things will stay with me. The mechanic analogy – you can own the same box of tools, but that doesn’t make you a mechanic, and it doesn’t mean your car is going to get fixed. The surgeon line – if the patient won’t follow the pre-op advice, why are you doing the surgery? His answer on when an MSP reaches maturity – it’s the moment you fire your first customer who won’t implement MFA or basic patch management, even when it hurts. And the Ovechkin riff – even the greatest goal scorer in NHL history never stopped working on the fundamentals. Now, after we stopped recording, Michael mentioned something he wished he’d worked into the interview, and I promised I’d pass it along. Of the seven deadly sins in the report, I asked which one is most personally interesting to him and he landed on sin number five – cost-driven security decisions. He illustrated it this way: he’d been speaking at a conference recently and asked how many in the room had bought a car in the last eighteen months. A lot of hands. Then he asked how many of them had bought the cheapest car on the lot. Not one hand went down. Because we think about safety ratings, about the features, about whether the thing will hold together when we need it to. But when it comes to cybersecurity, too many businesses just reach for the cheapest option. As Michael said himself, it’s a little strange to have a personal favourite deadly sin. But there you have it. The 2026 Cyber Protect Report is well worth a look for any MSP or solution provider thinking about how to have a more strategic security conversation with their customers. Links in the show notes. If you found this useful, follow or subscribe to In The Channel from ChannelBuzz.ca wherever you get your podcasts – you’ll find us on Apple Podcasts, Spotify, YouTube, and all the major directories. Ratings and reviews are always appreciated and genuinely help other people in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
In this April 2026 episode, MSSP intern Saadhya Bahudodda interviews Lee Marshall, founder and CEO of Kids to Love, a nonprofit dedicated to addressing the immediate needs of youth in foster care while creating long-term pathways to stability. Drawing on her lived experience of being born into foster care and her career in television journalism, Lee shares how both her personal and professional journeys led her to this work. She highlights programming including scholarships, workforce preparation through the K-Tech Initiative, trauma-informed mental health services, and transitional housing. For this invaluable work, the organization won the 2025 Aging Out Award for the Mid-Large Organization Category. Throughout the conversation, Lee emphasizes the need for community collaboration and innovative, wraparound programming to ensure that youth aging out of foster care have the resources and stability needed to thrive.
At RSAC Conference 2026, the expo floor runs on one word: AI. But Lisa Liu, Corporate Marketing and Communications Manager at Stellar Cyber, has been watching the confusion this creates in real time. Visitors at the Stellar Cyber booth are asking the same question: does AI in cybersecurity mean a tool that fights AI-powered attackers, a tool that is AI-based, or something else entirely? Lisa Liu's take is direct -- if your messaging can't answer that question, the noise is winning. Stellar Cyber has been building toward a human-augmented, autonomous SOC for years -- long before "agentic" became the conference password. The logic driving that mission is not about market positioning. It is about what happens when AI makes a mistake at scale. One error in judgment can echo a thousandfold. Human oversight is not a limitation on the platform -- it is the architecture. The goal is not to put a human on the sidelines as a safety check. The goal is to make every analyst perform at a higher level, so a junior analyst works at the capability of a senior analyst. Lisa Liu draws on the Waymo analogy familiar to anyone walking the streets of San Francisco this week: autonomous vehicles went from having a safety driver present to running solo. But when a power outage knocked out every Waymo unit simultaneously, the city needed humans to step in immediately. The same principle applies to security operations. Agentic AI is changing the analyst's role -- replacing alert fatigue and log chasing with higher-order problem solving -- but human involvement in the process is not going away. For SOC teams asking how to get there, Lisa Liu is clear: success is not a rip-and-replace project. Success is minimal personnel disruption and maximum operational efficiency -- repositioning existing tools to work smarter without exposing the organization to weeks of vulnerability during a rebuild. Stellar Cyber's platform integrates with existing SIEMs and tools, adds coverage across network, endpoint, identity, and cloud environments, and offers hundreds of pre-built integrations with more being added continuously. For managed security service providers serving clients across different industries and risk profiles, that kind of unified visibility is what makes the business model scale. The outcomes are specific. One Stellar Cyber customer reported that analysts were 83% more accurate in their threat environment analysis. Lisa Liu frames that number carefully: analysts are not measured by what they catch -- they are measured by what they miss. Any meaningful improvement in accuracy is not just a business metric. It changes how people feel about their work. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Lisa Liu, Corporate Marketing and Communications Manager, Stellar Cyberhttps://www.linkedin.com/in/lisaaliu/ RESOURCES Stellar Cyber: https://stellarcyber.ai Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Lisa Liu, Stellar Cyber, Sean Martin, RSAC Conference 2026, human-augmented SOC, autonomous SOC, AI-native security operations, Multi-Layer AI, MSSP security platform, SOC analyst efficiency, alert triage, agentic AI cybersecurity, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
31% of businesses that had backup solutions still failed to restore their data during a ransomware attack according to At-Bay's analysis of 186 real insurance claims. And if you think your business is safe because someone "set up backups," you need to watch this. Meanwhile, there are 4.8 million unfilled cybersecurity jobs globally right now and 61% of midsize businesses have zero dedicated security staff on payroll. Bryan Hornung and Reginald Andre break down exactly how bad the staffing gap has gotten (ISC2's 2025 Cybersecurity Workforce Study shows the pipeline shrank from 31% growth in 2022 to just 12% in 2024), why your IT person is being set up to fail, and how much a single mid-level security analyst actually costs vs. what an MSSP can deliver at the same price. Then they go straight at the backup crisis: the 25-point confidence gap between what IT teams believe about recovery and what At-Bay, Sophos, and Spiceworks data actually show. Ransomware attackers are targeting your backup repositories first before they trigger the main attack. The average business is down 24 days after a ransomware hit, with average recovery costs of $1.53 million. For a business under 500 employees, that can be existential. This episode is for every business owner who has ever said "we have backups" or "IT handles security" and hasn't verified either of those statements. Support the show: buymeacoffee.com/securitysquawk
Every vendor at RSAC Conference 2026 will have an autonomous SOC story. Subo Guha, Senior Vice President of Product Management at Stellar Cyber, has been building the real thing for over a decade -- and he has one question every buyer should ask at every booth: can your platform explain why it reached its verdict? Stellar Cyber's autonomous SOC provides a full case summary for every true positive, showing the forensic evidence chain, threat intelligence correlations, and specific observables that led to the conclusion. SOC analysts can review, challenge, or override -- and that feedback loop is how the system improves. The threat landscape has shifted in ways that validate Stellar Cyber's original architecture. LLM-generated attacks have collapsed the time to launch a sophisticated phishing campaign from weeks to minutes. Stellar Cyber was built to serve the mid-market and the MSSPs that protect it -- organizations that face identical threats to enterprises but without enterprise resources. A unified, multi-tenant platform means MSSPs onboard new customers in minutes. An open data ingestion engine works with whatever tools are already in place -- no EDR lock-in, no rip-and-replace. At the center of the platform is a correlation engine that transforms thousands of individual alerts into a manageable set of high-confidence cases. An identity compromise driving lateral movement across dozens of alerts becomes one case with a clear recommended action. Subo describes this as the difference between drowning in noise and focusing on decisions that actually require human judgment -- and it is the foundation the autonomous SOC layer is built on. Subo is direct about what the hype gets wrong: the claim that organizations can dramatically cut SOC headcount because AI has it covered is not happening. The realistic version of autonomous SOC is a force multiplier -- digital agents handle the continuous, high-volume triage work that consumes analyst hours, freeing humans for the cases that require context and institutional knowledge. A system that automates without explainability does not reduce risk. It relocates it. Stellar Cyber will be at booth S327 in the South Hall at RSAC Conference 2026, right at the bottom of the escalator. Live autonomous SOC demonstrations will be running throughout the event, with real-world results from customers already in production. The team also has a barista on site -- a detail Subo was particularly keen to mention for Marco Ciappelli. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Subo Guha, Senior Vice President of Product Management, Stellar Cyberhttps://www.linkedin.com/in/suboguha/ RESOURCES Learn more about Stellar Cyber: https://stellarcyber.ai RSAC Conference 2026 Coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, autonomous SOC, Open XDR, MSSP security platform, AI-driven security operations, agentic AI cybersecurity, threat detection and response, RSAC Conference 2026, SOC analyst tools, multi-tenant security platform, LLM-generated attacks, security operations center, SIEM NDR unified platform Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Are attackers really using AI to run end-to-end cyber campaigns? In this episode, Edward Wu (Founder and CEO, DropzoneAI) joins Ashish to separate the hype from reality when it comes to AI-driven attacks .Edward explains how attackers are currently using open-source LLMs for reconnaissance and spear-phishing , and why the major commercial models now explicitly prohibit users from generating exploits without vetting . On the defense side, Edward shares how AI agents have successfully automated over 160 years' worth of alert investigations in the real world proving that 100% software-delivered SOC triage is already here .We also debunk the myth of AI "hallucinations," explaining why most errors are actually just poor context management . If you're building a security operations center or working with an MSSP, this episode will teach you how to shift from manual alert fatigue to leveraging AI for threat hunting.Guest Socials - Edward's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:50) Who is Edward Wu? (Founder of Dropzone AI) (04:50) The Reality of AI Cyber Attacks Today (Recon vs. End-to-End) (07:20) Why Commercial LLMs Are Blocking Exploit Generation (11:50) How MSSPs are Evolving with AI Triage (18:20) The Asymmetric Capacity Gap: Why Humans Can't Keep Up (22:30) Automating 160 Years of Alert Investigations (23:50) Why AI Hallucinations are Actually Context Management Failures (26:00) Build vs. Buy: The Data Network Effect for AI Agents (29:20) The New Workflow for SOC Analysts & Threat Hunters(31:30) Defining "Threategy": Scope, Authorization, and Context (35:50) How to Detect Prompt Injection (Treat it like an Insider Threat) (38:30) Dropzone AI Announcements at RSACResources spoken about during the episode:- Dropzone Diner RSAC 2026- If you want to learn more about Dropzone- you can do that here!
Episode 502 features Stacey's conversation with Brian Machut (Alliant Health) on how widespread Medicare fee-for-service fraud is inflating costs and undermining ACO shared savings in MSSP and ACO REACH. ACOs uncovered major urinary catheter fraud in 2023 tied to codes A4352/A4353, totaling about $3.5B, with some beneficiaries billed for items never received (including a case shared by Dr. Tara Lagu). CMS created a "SAHS" (significant, anomalous, highly suspect) process to remove certain suspect costs, but benchmark effects can unevenly impact ACOs; catheter fraud is still projected at $3–$3.5B in 2025. The episode also highlights rapidly growing "skin substitute" spending projected at $13–$15B in 2025; CMS did not classify 2024 skin substitute costs as SAHS, leaving them in ACO performance calculations. Machut explains this fraud and missed CMS trend projections can reduce provider earnings, discourage participation in value-based care, and potentially drive cost shifting into higher commercial rates—affecting plan sponsors such as self-insured employers. === LINKS ===
Ekco, one of Europe's leading security-first managed security service providers (MSSP), has announced the acquisition of Cork-based Datalogix. Ekco, founded and headquartered in Dublin, is continuing its ambitious acquisition trail, following a busy year in 2025 with three strategic acquisitions. Datalogix is a Cork-headquartered operational technology (OT) business with over 20 years' experience delivering proactive OT services to enterprise customers across Ireland, the UK, and the US. It provides secure OT infrastructure design, implementation, and support services that automate industrial processes for companies in the life sciences, pharmaceutical, general manufacturing, and critical national infrastructure sectors. The company's team will join Ekco's workforce of more than 1,000 people globally across Ireland, UK, the Netherlands, Malaysia, and South Africa. Datalogix will form part of Ekco's security division, bringing the division's revenues to a €100 million share of Ekco's overall group revenues of €200 million. The acquisition will significantly expand Ekco's OT capabilities in the Irish, UK, and US markets, under the leadership of Ekco Ireland CEO Steve MacNicholas. It will enable Ekco to increasingly secure IT and OT convergence for customers amidst a growing OT threat landscape and a complex regulatory backdrop. As part of Ekco's rapid growth strategy, Datalogix marks the eighth company to be acquired by Ekco in the last two years. The acquisition follows the 2025 purchases of cybersecurity consultancy Predatech, and managed service providers (MSP) Solsoft and Adapt IT. It signifies another milestone in Ekco's ambition to build a security-first unified MSP platform across Europe. Datalogix is led by Managing Director Der Cremen and Chief Technical Officer Damian White, who will bring over 50 years' combined industry experience to Ekco. Steve MacNicholas, CEO of Ekco Ireland, said: "Having known Datalogix well for many years, we have always admired their highly specialised and client focused capabilities as trusted OT advisors in the life sciences, pharmaceutical, and critical national infrastructure markets. With Ekco's world class expertise in security-first managed services and cutting-edge technology, this partnership is a perfect match – and we are looking forward to growing and learning together." Der Cremen, Managing Director of Datalogix, added: "Joining Ekco enables us to increasingly invest in and develop our OT capabilities to bring enhanced resources and resilience to our customers, backed by Ekco's scale—while maintaining the responsiveness they value." Ronan Murray, EY M&A Partner, said: "EY were delighted to provide sell side M&A lead advisory and tax services to the shareholders of Datalogix on the company's sale to Ekco. Congratulations to the combined team." See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience. You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.
What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTSubo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedInRESOURCESLearn more about Stellar Cyber: https://stellarcyber.aiAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSSubo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTSubo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedInRESOURCESLearn more about Stellar Cyber: https://stellarcyber.aiAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSSubo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
In this special episode of The Cybersecurity Defenders Podcast, a panel of cybersecurity experts discuss the irreversible changes AI has brought to the industry. This panel originally aired on January 20th, 2026.The panel attendees include:Christopher Luft (host) - Co-Founder / CCO, LimaCharlieMaxime Lamothe-Brassard - Founder / CEO, LimaCharlieEric Capuano - Co-Founder, Digital Defense InstituteJoshua Neil - Co-Founder, Alpha LevelKris Merritt - AdvisorDaniel Lees - Sr Staff Cloud Security Architect, GoogleLimaCharlie has watched the AI SOC conversation unfold and stayed quiet. Until now.Security vendors are racing to attach chatbots to legacy platforms and call it innovation. AI SOC startups have raised hundreds of millions to build better alert triage. Both approaches solve the same narrow problem: helping analysts click faster.Service providers managing hundreds or thousands of tenants face a different reality. Alert triage matters, but so does deployment, configuration, detection engineering, reporting, and onboarding. The tedious work that eats margin and slows growth spans the entire operation.What if AI could operate your entire security infrastructure with the same access as your best analyst?We built LimaCharlie for complete programmatic access from day one. we were building for AI operators before AI operators existed. On January 20th, we'll show you what happens when AI agents can do everything in a security platform, across every tenant, through natural language.No marketing theater. Just real conversations and a demonstration of AI-driven security operations where you stay in control.Learn more at https://limacharlie.io/
Send us a textIn this high-energy and entertaining episode, Joey Pinz sits down with cybersecurity founder and unabashed Italian-American storyteller Tony Pietrocola. From stomping grapes as a child to running an AI-driven security operations platform, Tony brings a rare blend of toughness, humor, and entrepreneurial clarity.They jump from wine, cooking, and massive NFL bodies to college football, concussions, and how elite athletes are built differently. Tony shares what makes college football the real American spectacle—and why private equity is about to reshape the sport.On the cybersecurity front, Tony breaks down the challenges MSPs face, why most still struggle with security, and how AgileBlue helps them build profitable, white-label practices without the overhead of running a SOC. He explains the three questions every MSP should ask a vendor, the rise of AI-assisted attacks, and why consolidation and greenfield opportunities are the biggest missed revenue streams.The conversation ends with health, habit, and personal transformation—discussing Joey's 130-lb weight loss, Tony's daily 5 a.m. workouts, and the childhood structure that forged their work ethic.
Send us a textIn this energizing and uplifting conversation, Joey Pinz sits down with cybersecurity rising star ChiChi Ubah, whose passion for learning, adventure, and personal growth lights up every moment of the dialogue. ChiChi shares her love for adrenaline-filled activities, her ambitions to learn to fly a small aircraft, and the mindset that fuels her ongoing pursuit of new experiences—including her PhD focused on AI-driven cybersecurity curriculum development.A dedicated advocate for women in cybersecurity, ChiChi discusses the life-changing support she's received from WiCyS, where mentorship, training, and certifications helped guide her path into cloud security. She reflects on the role of representation, allies, and community in creating opportunities for women in a male-dominated industry.The conversation also explores breaking old beliefs, embracing intentionality, and the everyday practice of consistency—whether pursuing certifications, maintaining health, or building a TikTok channel from 0 to 5,000 followers. ChiChi also opens up about motivation, legacy, and redefining success through freedom, impact, and personal evolution.This episode is packed with insight, heart, humor, and the fearless drive of someone committed to becoming better every day.
Send us a textIn this powerful and deeply insightful conversation, Joey Pinz sits down with national security leader Valerie Cofield to explore the past, present, and future of cybersecurity across government, critical infrastructure, and everyday life. With 26 years at the FBI, senior leadership at CISA, and her current mission at ICIT, Valerie brings unmatched clarity to the threats shaping our world—from nation-state attacks on rural water systems to AI-enabled scams targeting vulnerable populations.Valerie reflects on why critical infrastructure is now a primary battleground, how bipartisan policy work shaped U.S. cyber readiness, and why the private sector—not government—will be on the front lines of future conflicts. She also shares her personal journey as the daughter of South Korean immigrants, the gratitude that shaped her service, and the emotional weight of protecting the country that gave her family a second chance.Beyond cyber, Joey and Valerie discuss reading habits, mental health, misinformation, and the dangers social media poses to young people. Valerie also offers a heartfelt perspective on leadership, longevity, habits, exercise, and earning success through consistency—not perfection.
Send us a textIn this captivating and wide-ranging conversation, Joey Pinz welcomes cybersecurity executive, author, and Brazilian jiu-jitsu enthusiast Caroline Wong. What begins with jiu-jitsu quickly expands into a profound dialogue about humility, body awareness, emotional regulation, and the unexpected personal growth that comes from combat sports—especially as an adult beginner.Caroline opens up about her upcoming book on AI and cybersecurity, explaining how AI isn't just another shift—it's redefining the entire security landscape. She outlines how to evaluate real AI solutions, why transparency matters, and how LLMs make modern social engineering nearly indistinguishable from authentic communication.She also reflects on tech's wobbly job market, why global talent has reshaped the industry, and which cybersecurity markets AI will completely replace in the years ahead. The conversation deepens as Caroline shares her journey through sobriety, the discipline instilled by her Chinese immigrant parents, the challenges of raising resilient kids in a privileged world, and why joy, peace, and positive impact—not titles—define success.
Send us a textIn this heartfelt and globally enriched conversation, Joey Pinz sits down with storyteller, journalist, and events leader Kris Tanaka, whose life has been shaped by language, culture, and a deep commitment to human connection. Kris shares her remarkable journey studying Japanese from childhood, living a decade in Japan, and learning how language influences behavior, relationships, and even emotional expression.Together, they explore the nuances of communication, the cultural layers behind expressions that don't translate, and how travel expands empathy and perspective. Kris also speaks about her Hawaiian roots, the concept of ohana, and how growing up in a cultural melting pot shaped her worldview.In her role at CyberRisk Alliance, Kris explains why MSSP Alert Live succeeds: participation, purposeful networking, and the magic of spontaneous connections. She discusses what makes events thrive, how to maximize value from industry conferences, and why cybersecurity professionals inspire her daily.The conversation also dives into personal growth—pivoting careers, overcoming fear of change, redefining success, finding inspiration in everyday “magic,” and the emotional impact of helping others shine.
Send us a textIn this insightful episode of Joey Pinz Disciple Conversations, Joey sits down with industry veteran Raffaele Mautone, the visionary CEO behind Judy Security. With more than 25 years in cybersecurity, Raffaele reveals why traditional security models no longer work for MSPs—and how a simpler, partner-led approach is reshaping the future.Raffaele shares how the shift from point products to unified visibility is transforming how MSPs protect clients, reduce noise, and deliver measurable value. He explains Judy's “Blue Team” approach, instant provisioning, and real-time OpenXDR visibility—allowing MSPs to win more business without rip-and-replace tactics.They also explore AI's rapid acceleration, the fragmentation of global cyber standards, and why customers are desperate for clarity, not more tools. Raffaele's passion for reading, family, and his beloved Bernedoodles also highlight the human side of leadership in an increasingly complex world.The episode ends with a powerful reflection on personal focus, consistency, and showing up daily—no matter what the challenge brings.
Send us a textIn this powerful conversation, Joey Pinz sits down with cybersecurity leader and former Naval cryptologic specialist Wilfredo “Will” Santiago to explore the hidden world of modern cyber defense. From growing up in Washington State obsessed with Pokémon cards to serving in Naval intelligence and supporting special operations teams, Will shares how his early experiences, curiosity, and service shaped a career protecting organizations from today's most advanced digital threats.Will breaks down how signals intelligence, network analysis, and cryptology evolved into cybersecurity as we know it—and why the field feels like a high-stakes video game where the challenges never stop. He also dives into how AI is transforming both defense and cybercrime, why quantum compute will accelerate everything, and how MSPs can choose partners they can truly trust.Finally, Joey and Will explore the mindset required to thrive in high-pressure environments: routine, focus, and the ability to act even when you don't feel like it. This episode is packed with insight, humanity, and real-world wisdom.⭐ Top 3 Highlights•
Send us a textIn this thoughtful and deeply human conversation, Joey Pinz sits down with Sharon Florentine, Editorial Director at CyberRisk Alliance, to explore the intersection of creativity, leadership, community, and the ever-changing MSP landscape. Sharon shares her roots as a rhythm guitarist, her love of knitting, and the creative habits that keep her grounded before diving into the bigger questions facing today's MSPs.Sharon breaks down the three biggest challenges MSPs face—security, human capital, and sustainable growth—and explains how media, community, and honest storytelling can help leaders navigate them. She discusses how CyberRisk Alliance supports MSPs with trusted reporting, events, education, and authentic industry insight.The conversation also explores the evolution of publishing, the role of AI in editing, the importance of company values, and the subtle but powerful impact of workplace culture. Sharon also opens up about her personal journey quitting smoking and how consistency, clarity, and self-awareness shape both personal and professional success.This episode blends heart, humor, and hard-won wisdom—perfect for anyone building a business, a team, or a better version of themselves.
Send us a textIn this inspiring conversation, Joey Pinz speaks with cybersecurity advocate Brianna Steele, who brings a refreshing and deeply human perspective to one of the world's most technical professions. With a background in psychology and a passion for understanding human behavior, Brianna explains why attacker motivations, intentions, and emotional drivers are just as important as the tools they use.Brianna shares her journey from Arizona to the Washington, D.C. area, her involvement with Women in CyberSecurity (WiCyS), and why representation and mentorship are pivotal for bringing more women into the field. She breaks down how behavioral analysis shapes her interest in SOC work and why understanding “why people hack” matters as much as how they do it.The conversation expands into AI as a study companion, fasting and lifestyle discipline, motivation rooted in love, and the importance of self-awareness when entering a high-pressure industry. Brianna's warmth and clarity make this an energizing episode for anyone exploring cybersecurity, career transition, or personal growth.
The year of 2025 was as historic as it gets for the world of comedy. From comics reaching new career heights to worldwide controversy and national headlines, it was a crazy year for comedy news.... and this video is a full recap of everything that happened. From Shane Gillis hosting the ESPYS to Tim Dillon on CNN and all the comedians in Riyhad, this is the Joke WRLD Comedy News year in review.Watch the full episode here: https://youtu.be/WOBdXTz0glY Please Subscribe & Follow Joke WRLD On:Patreon - https://www.patreon.com/jokewrld Instagram - https://www.instagram.com/joke.wrld/Tik Tok - https://vm.tiktok.com/ZMdMus6EG
Support the D.A.W.G.Z. @ patreon.com/MSsecretpod Go See Matt Live @ mattmccusker.com/dates Go See Shane Live @ shanemgillis.com Go See Lemaire Lee Live @ https://lemairelee.fun/ hello0o0o0o0. Hope you've all had a good week. The D.A.W.G.Z. have reunited ... on Shang's bday no less. yayyyy. Hot cast ensued. What did you expect. TGIF. Please enjoy. God Bless. $35 off Carver Mat https://on.auraframes.com/MSSP Visit https://prizepicks.onelink.me/DRENCHED and use code DRENCHED and get $50 in lineups when you play your first $5 lineup! Visit dosedaily.co/MSSP and use code MSSP to get 41% off Learn more about your ad choices. Visit podcastchoices.com/adchoices
In this December 2025 episode, MSSP intern Saadhya Bahudodda interviews Alyssa Dennison-Glasgow, regional program director at Olive Crest in Las Vegas. Alyssa discusses how her early experiences working in juvenile justice and child advocacy shaped her commitment to supporting youth and families and ultimately led her to Olive Crest. She highlights the organization's Teen and Young Adult Independent Living Program, which won the 2024 Aging Out Institute's Small Program award. This unique program provides housing, life-skills coaching, and savings-building opportunities for young people aging out of foster care. Throughout the conversation, Alyssa emphasizes the importance of external mentorship, consistent community partnerships, and individualized support, demonstrating that effective aging-out programs rely on strong, collaborative networks to help young people thrive.
Eric spent 30 years in cybersecurity. Built and sold an MSSP to private equity for hundreds of millions. Then he started Tenex and hit $43 million in revenue in ONE YEAR. This isn't theory. This is a founder who's done it multiple times breaking down exactly how AI-native companies are about to eat every services industry alive. If you're building anything that touches AI, services, or enterprise sales, this is the episode.Why You Should ListenWhy selling outcomes beats selling products every timeHow to close enterprise deals in 60 days instead of 12 monthsThe difference between AI-native and AI-bolted-on companiesWhy founder-led sales is non-negotiable in the early daysHow to build for IPO from day one without slowing downKeywordsstartup podcast, startup podcast for founders, AI startup growth, founder-led sales, zero to one startup, enterprise sales strategy, AI native company, managed services startup, cybersecurity startup, product market fit00:00:00 Intro00:10:29 Selling His Last Company for $100Ms00:15:10 The Origin Story of TENEX00:36:47 How They Hit $43M ARR in Year One00:43:27 The 30 Second Demo That Closes Enterprise Deals00:47:10 Why Selling Outcomes Beats Selling Products00:51:29 The Mechanics of Going From Zero to $40M ARR01:01:09 Go to Market and Founder Led Sales01:05:32 When He Knew He Had Product Market FitRetrySend me a message to let me know what you think!
Support the D.A.W.G.Z. @ patreon.com/MSsecretpod Support Kiss @ https://www.patreon.com/stuffisland WATCH 'Tires' on NETFLIX Go See Matt Live @ mattmccusker.com/dates Go See Shane Live @ shanemgillis.com Yes. Phil. Fambly cast at Casa de Gillis haha. Happy Thanksgiving everybody. We're thankful for all of you - Love you all very much. Please enjoy. God Bless. Visit dosedaily.co/MSSP and use code MSSP to get 41% off Visit https://prizepicks.onelink.me/DRENCHED and use code DRENCHED and get $50 in lineups when you play your first $5 lineup! $45 off Carver Mat https://on.auraframes.com/MSSP p.s. I think it's OK but sorry if it's a little choppy I was rushing to get it up before the holiday:) Learn more about your ad choices. Visit podcastchoices.com/adchoices
Jim McDonald and Jeff Steadman sit down with Mike Reiring of RSM at InfoSec World 2025 to explore how managed service providers are reshaping IT and identity operations. They dig into the differences between MSPs and MSSPs, how to choose the right partner, and how AI is transforming help desks, problem management, and security monitoring. The conversation closes with a fun dive into Mike's passion for photography and how creativity ties into continuous learning in tech.Connect with Mike: https://www.linkedin.com/in/mreiring/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Intro – Live from InfoSec World 202502:00 Meet Mike Reiring of RSM04:30 Evolution of Managed Service Providers06:30 Shared Accounts, Identity, and Security Maturity09:00 Vendor Gaps and Federated Access Challenges11:30 What Makes a Good MSP Partner13:00 The Cost and Effort of Changing Providers16:30 MSP vs MSSP – Key Differences18:30 Coordination Between Managed Providers21:30 Top 3 Questions to Ask Your MSP25:00 Identity Ownership: IT or Security?27:30 Licensing, Active Directory, and Hidden Accounts30:00 RFP Challenges and Procurement Pitfalls32:00 Measuring Risk and Reducing Identity Exposure34:30 Vendor Management and Shadow IT Risks35:00 How AI Is Transforming MSP and MSSP Operations38:30 AI, Problem Management, and the Future of Help Desks42:30 Photography, Creativity, and Continuous Learning48:00 Closing Thoughts and IDAC OutroKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Mike Reiring, RSM, InfoSec World 2025, Managed Service Provider, MSP, MSSP, AI in Cybersecurity, Help Desk, Identity Management, Managed Identity, Partner Transparency, IT Outsourcing, Risk Reduction, Problem Management, Active Directory, DaVinci Resolve, Photography in Tech, Identity Governance, Cybersecurity Podcast
In this episode, we use cybersecurity as a lens to expose a truth that every leader forgets: the biggest threats to your company are the ones you can't see—until they take you down.Scott's career mirrors the evolution of tech itself—from software stores in the '80s to early network integration, to building one of the original managed services models before “MSP” was even a phrase. His latest book, Visible Ops for Cybersecurity, reframes the discipline not as an IT function, but as a visibility function: if you can't see it, you can't secure it… and if you can't secure it, you can't scale it.We break down why ransomware is now franchised, why even the best companies get breached, why cyber insurance is becoming a false safety net, and why every founder—yes, even a team-of-one startup—needs a security-first mindset.This isn't fear-mongering. It's leadership.TL;DR* Assume breach. The #1 mistake founders make is believing they're “too small” to be a target.* Backups are not backups unless they're encrypted, immutable, and air-gapped.* Cyber insurance is not protection—44% of claims were denied in 2024.* Reinvention is mandatory. Tech evolves, threats evolve, your systems must evolve.* Visibility beats bravado. Most failures come from what leaders think is secure, not what actually is.Memorable lines* “Security by obscurity died the day ransomware became a franchise.”* “If the best cybersecurity companies get hacked, your only strategy is resilience.”* “Backups aren't safety—they're hope, unless they're air-gapped.”* “Reinvention isn't optional in tech—it's the price of staying alive.”* “Make the invisible visible, or the invisible will make the decision for you.”Key Ideas We Unpack1. Reinvention as a Survival SkillScott turned retail software into network integration, then into managed services, then into cybersecurity leadership.The pattern:Visibility → Competence → Reinvention.Most founders skip the first step and collapse at the third.2. The Modern Threat Landscape Is IndustrializedRansomware now has:* franchises* training* support hotlines* experts who “close the deal” when an amateur hacker gets stuckThis is organized crime with a customer-service department.3. Backups Are the New LifeboatsThreat actors sit inside systems for 60–365 days before triggering an attack.If your backups are not:* encrypted* immutable* air-gappedyou don't have backups—you have illusions.4. Cyber Insurance Is Becoming a Mirage44% of claims denied.Policies are unregulated.Exclusions keep growing.Insurance is no longer a plan—it's paperwork.5. The Startup Founder Version of CybersecurityIf you're a team of one, your mantra is simple:Be good to your future self.Design tools, workflows, and systems with a security-first mindset from day one.The cheapest hack is the one that never becomes possible.6. Visibility Is a Leadership HabitYou can't manage what you can't see.And almost everything that destroys a business—breaches, failures, slow decay, talent risk—starts in the invisible layer.GuestScott Aldridge — President & CEO of IP Services.Cybersecurity author, technologist, MSSP leader, and early pioneer of managed services.Linkedin: https://www.linkedin.com/in/scott-alldridge-1a976/Website: https://ipservices.com/Why This MattersMost founders underestimate risk because they overestimate visibility.If you want a business that survives the next decade, the job is simple:Design for resilience.Assume breach.Back up reality, not hope.Reinvent before the market forces you to.And make the invisible visible—before someone else does.Call to ActionIf this conversation lit something up for you, don't just let it fade. Come join me inside the Second Life Leader community on Skool. That's where I share the frameworks, field reports, and real stories of reinvention that don't make it into the podcast. You'll connect with other professionals who are actively rebuilding and leading with clarity. The link is in the show notes—step inside and start building your Second Life today.https://secondlifeleader.com This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.dougutberg.com
We weigh the promise and peril of the AI agent economy, pressing into how overprovisioned non-human identities, shadow AI, and SaaS integrations expand risk while go-to-market teams push for speed. A CMO and a CFO align on governance-first pilots, PLG trials, buyer groups, and the adoption metrics that sustain value beyond the sale.• AI adoption surge matched by adversary AI• Overprovisioned agents and shadow AI in SaaS• Governance thresholds before budget scale• PLG trials, sandbox, and POV sequencing• Visualization to reach the aha moment• Buying groups, ICP, and economic buyer alignment• Post‑sales usage, QBRs, NRR and churn signals• Zero trust limits and non-human identities• Breach disclosures as industry standards• Co-sourcing MSSP with in-house oversightSecurity isn't slowing AI down; it's the unlock that makes enterprise AI valuable. We dive into the AI agent economy with a CMO and a CFO who meet in the messy middle. The result is a practical blueprint for moving from hype to governed production without killing momentum.We start by mapping where controls fail: once users pass SSO and MFA, agents often operate beyond traditional identity and network guardrails. That's how prompts pull sensitive deal data across Salesforce and Gmail, and how third‑party API links expand the attack surface. From there, we lay out an adoption sequence that balances trust and speed. Think frictionless free trials and sandboxes that reach an immediate “aha” visualization of shadow AI and permissions, then progress to a scoped POV inside the customer's environment with clear policies and measurable outcomes. Along the way, we detail the buying group: economic buyers who sign and practitioners who live in the UI, plus the finance lens that sets pilot capital, milestones, and time-to-value expectations.We also challenge sacred cows. Zero trust is essential, but attackers increasingly log in with valid credentials and pivot through integrations, so verification must include non-human identities and agent-to-agent controls. Breach disclosures, far from being a greater threat than breaches, are foundational to ecosystem trust and faster remediation. And while MSSPs add critical scale, co-sourcing—retaining strategic oversight and compliance ownership—keeps accountability inside. If you care about ICP, PLG motions, PQLs, NRR, or simply reducing AI risk while driving growth, this conversation turns buzzwords into a playbook you can run.Vamshi Sriperumbudur: https://www.linkedin.com/in/vamsriVamshi Sriperumbudur was recently the CMO for Prisma SASE at Palo Alto Networks, where he led a complete marketing transformation, driving an impact of $1.3 billion in ARR in 2025 (up 35%) and establishing it as the platform leader. Chithra Rajagopalan - https://www.linkedin.com/in/chithra-rajagopalan-mba/Chithra Rajagopalan is the Head of Finance at Obsidian Security and former Head of Finance at Glue, and she is recognized as a leader in scaling businesses. Chithra is also an Investor and Advisory Board member for Campfire, serving as the President and Treasurer of Blossom Projects.Website: https://www.position2.com/podcast/Rajiv Parikh: https://www.linkedin.com/in/rajivparikh/Sandeep Parikh: https://www.instagram.com/sandeepparikh/Email us with any feedback for the show: sparkofages.podcast@position2.com
Podcast: Simply ICS CyberEpisode: S2 E7: ICS/OT Security Operations CentersPub date: 2025-11-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe growing need for visibility and response in industrial environments is driving more organizations to consider ICS/OT Security Operations Centers — but what does that actually look like for small and medium-sized operations?In this episode of Simply ICS Cyber, Don and Tom sit down with Dan Gunter, CEO and founder of Insane Cyber, to discuss how ICS/OT SOCs function, what data truly matters for monitoring, and how incident response changes when operators have (or don't have) the right information at hand.Drawing on experience from the Air Force CERT to founding an OT-focused security company, Dan shares a practical look at the realities of SOC implementation across industries — from utilities with limited staff to large-scale enterprises managing thousands of assets.Listeners will gain insight into how to start building visibility, selecting the right MSSP partners, and managing SOC fatigue — all while keeping industrial operations safe and resilient.⚙️ Tune in to learn how data, process, and people come together to make ICS/OT SOCs work in the real world.Connect with Dan on LinkedIn: https://www.linkedin.com/in/dan-gunter
Tommy Pope sits down with Matt McCusker and Shawn Gardini. Matt has a new Netflix special out "A Humble Offering" Matt McCusker and Shane Gillis also have a podcast Matt and Shane's Secret Podcast. Shawn Gardini can be seen on MSSP and has a monthly show in Austin called Optimum Noctis Comedians Chris and Tommy Pope are making all kinds of Stuff on the paytch. Each week they talk about anything & everything under the sun. Tommy also chefs up some delicious meals. It's a blast, folks. Check out our second channel @LookatDish where Tommy Pope and Chris O'Connor cook elaborate meals with your favorite comedians As always, get your first month of BlueChew FREE Just use promo codeSTUFFISLAND at checkout and pay five bucks for shipping. That's it. Join BlueChew's mission to upgrade humanity one thrust at a time. Head to https://www.BlueChew.com Today, get Huel for FIFTEEN PERCENT OFF with this exclusive offer for New Customers only withcode insertcode at https://huel.com/stuffisland (Minimum $75 purchase). SUB TO PATREON: patreon.com/stuffisland Follow Chris on IG: https://www.instagram.com/achrisoconnor Follow Tommy on IG: https://www.instagram.com/tommyjpope #comedy #comedypodcast #comedians Learn more about your ad choices. Visit megaphone.fm/adchoices
On this episode of The Cybersecurity Defenders Podcast we speak with Hannah Lloyd, Co-Founder and CRO of enhanced.io, about how MSPs can launch, sell and scale security offerings.With 10+ years of channel sales experience, Hannah leads global new business generation and account management to deliver innovative cybersecurity solutions to enhanced.io's MSP partners. As a GTIA EC member (2018) and Chair (2021), Hannah is actively involved in the MSP channel community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
Send us a text
Send us a text
Send us a textIn this episode of Joey Pinz Discipline Conversations, Joey sits down with Scott Fuhriman, cybersecurity veteran and leader at Inveri, live from the MSP Summit in Orlando.Scott shares his 25+ years of cybersecurity experience, explaining how Inveri's runtime integrity technology, born from NSA research, helps MSPs and MSSPs detect hidden in-memory attacks, rootkits, and advanced threats that traditional tools miss. He highlights why protecting this overlooked layer is crucial to preserving revenue, preventing churn, and maintaining customer trust.The conversation also touches on Scott's personal discipline journey — from starting as a young PC tech overwhelmed by information to building a career through self-study, mentorship, and consistency. He and Joey discuss how MSPs can choose the right vendors, strengthen their security stacks, and enable long-term resilience in a competitive market.
Send us a textIn this episode of Joey Pinz Discipline Conversations, Joey sits down with Jeff Hill of Stellar Cyber to explore how MSPs can strengthen their security posture, grow their businesses, and simplify operations. Recorded live at the MSP Summit in Orlando, Jeff shares candid insights on what keeps MSPs awake at night—from cybersecurity breaches to staffing challenges and competitive growth pressures.Jeff explains how Stellar Cyber's multi-tenancy, unified platform, and AI-driven automation help MSPs deliver enterprise-grade security without added complexity. He emphasizes the importance of choosing the right MSSP partners, understanding compliance and cyber insurance requirements, and leveraging open platforms that integrate seamlessly with existing tools.The conversation also highlights how MSPs can turn security into a revenue generator, not just a cost center, while positioning themselves for long-term success or acquisition. Jeff's core message is clear: simplify, stay open, and create value that differentiates your business.Tune in to learn how Stellar Cyber is helping MSPs find their “diamonds in the rough” and why now is an exciting time in the cybersecurity landscape.
Join Josh Israel, MD and Sean Cavanaugh in their video debut as they discuss the Medicare Shared Savings Program (MSSP) results for 2024 released by CMS with Aledade CEO Farzad Mostashari, MD They explore how Aledade Accountable Care Organizations (ACOs) earned more than $1 billion in total savings and continue to improve performance year over year, including substantially reducing hospitalizations. We also sit down with Sandeep Mann, MD, primary care physician and Aledade partner since 2015, to explore how his practice has thrived in value-based care. Watch the full episode Connect with us at acoshow@aledade.com or visit the Aledade Newsroom
Support the D.A.W.G.Z. @ patreon.com/MSsecretpod Support Joe @ https://www.patreon.com/tuesdays Support Nathan @ https://www.patreon.com/pitm Go See Matt Live @ mattmccusker.com/dates Go See Shane Live @ shanemgillis.com Go See Joe Live @ https://www.comedianjoelist.com/ Go to Optimum Noctis 1st and 3rd Tues of Every Month https://www.creekandcave.com/events/optimumnoctis hello. Hope you're all having a good start to your day. This week we got the great Joe List on the cast while the big kahuna is away. It's a hot one. Support Joes casts Tuesday's w/ Stories! and The Regz, and watch his specials on YouTube. Please enjoy. God Bless. Go to armra.com/MSSP or enter MSSP to get 30% off your first subscription order. Visit https://prizepicks.onelink.me/LME0/DRENCHED and use code DRENCHED and get $50 in lineups when you play your first $5 lineup! Learn more about your ad choices. Visit podcastchoices.com/adchoices
Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Send us a textWhat happens when you combine a cybersecurity expert with a volunteer fire chief? You get Tim Weber.
Watch James' standup titled 'HEY AMERICA' now on our YouTube Support the D.A.W.G.Z. @ patreon.com/MSsecretpod Support Jimby @ https://www.jdfmccann.com/ Go See Matt Live @ mattmccusker.com/dates Go See Shane Live @ shanemgillis.com Good Morning everyone. This week we're joined by our beloved James. Watch his new stand up set on our YouTube! Beef Bourguignonnnnnnnnnnn. Please enjoy. God Bless. Visit https://www.betterhelp.com/MSSP to get 10% off your first month If you're 21+, check out https://viiahemp.com/ and use code MSSP for 15% off AND if you're new to VIIA - get a free gift of your choice.