Podcasts about mssps

Today’s headline news for Canadian IT solution providers: Dell PowerStore Elite and the reimagined data center: Yesterday at Dell Technologies World, Dell Technologiesintroduced Dell PowerStore Elite, a new enterprise storage platform delivering up to 3x performance over the prior generation and an industry-best 6:1 data reduction guarantee. The platform packs 5.8 petabytes into a single 3U chassis using standards-based E3 NVMe flash, and introduces Dell Cyber Detect, which identifies ransomware with 99.99% accuracy and pinpoints the last known clean copy for recovery. PowerStore Elite ships in July 2026; Cyber Detect for PowerStore follows in Q3. The broader Day 2 announcement also included 11 new PowerEdge servers, expanded Dell Private Cloud support for Broadcom, Microsoft, and Nutanix stacks, Dell PowerProtect One for simplified cyber resilience, and two new automation products: the Dell Automation Platform and Dell Automation Studio. Jeff Clarke’s tokenomics keynote: In Tuesday’s Day 2 keynote at DTW, Dell COO Jeff Clarke presented a set of ten fundamental shifts from the past year whose through-line is what he called tokenomics. The math: model prices fell 80% per token; token consumption is up 10x; GenAI software spend tripled. Net effect – AI is getting more expensive for most organizations, not less. Clarke illustrated the stakes with a concrete example: one developer running a single agentic use case on the public cloud can burn approximately $3,400 per day in token costs; the same workload runs at zero incremental cost on on-premises infrastructure. Clarke confirmed Dell moved its own operations to on-prem after internal token costs became untenable, and described work underway on what he called “token routing” – an orchestration layer that would automatically direct tasks to either a deskside AI workstation or data center hardware based on workload. He closed with three imperatives: know your token consumption, find your super users, and lead the operating model change or be disrupted by it. Intezer launches Amplify Partner Program: Intezer has officially launched its Intezer Amplify Partner Program, naming channel veteran Mark Daggett as vice president of global channels and alliances. The program formalizes Intezer’s channel investment as demand for AI-driven security operations grows and the talent gap in security operations continues to widen. According to Intezer, the program is designed to help MSSPs and solution providers step in where internal security teams lack the capacity to operationalize AI-powered alert triage and threat investigation, translating the company’s platform capabilities into managed and co-managed service offerings. Check Point agentic network security orchestration: Check Point announced an agentic network security orchestration platform on Monday designed to replace decades of rule-based complexity, reducing network policy management from months of manual effort to minutes of verified, automated action. The announcement is part of a broader Check Point push into agentic security capabilities across its Infinity platform. Zendesk unveils Autonomous Service Workforce: At its annual Relate conference, Zendesk announced the Autonomous Service Workforce, a product vision built around specialized AI agents priced per resolution rather than per seat. Key launches include a no-code Agent Builder, omnichannel coverage with shared context, and a real-time Quality Score applied to every interaction – human or AI. Riverbed extends Aternity AIOps: Riverbed has released new Aternity digital experience (DEX) capabilities positioning AIOps as proactive disruption prevention rather than reactive monitoring, giving IT teams predictive intelligence before end-user experience degrades. WinMagic brings zero trust to legacy OT: WinMagic has introduced Continuous Identity Assurance, a hardware-bound approach to endpoint identity that extends zero trust controls to air-gapped systems and legacy operational technology environments traditionally outside the reach of modern identity platforms. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, May 20, 2026, and here’s what’s happening in the channel today. Continuing coverage from Dell Technologies World in Las Vegas, where yesterday’s Day 2 product announcements shifted the spotlight from the partner program to the infrastructure portfolio. The headline item was Dell PowerStore Elite, which Dell is positioning as a new class of enterprise storage platform built for what it calls an AI-era data center. According to the company, PowerStore Elite delivers up to three times the performance of the previous generation through software-driven improvements, and backs it all with what Dell describes as an industry-best 6:1 data reduction guarantee – up from 5:1 – a number it says carries real weight in today’s supply-constrained flash market. The platform packs up to 5.8 petabytes of effective capacity into a single 3U chassis using industry-standard E3 NVMe flash rather than proprietary drives, giving partners and their customers more flexibility on cost and sourcing. The cyber resilience angle is where it gets interesting for MSPs. Dell is introducing Dell Cyber Detect for PowerStore, which inspects data at the byte level and is positioned as being able to identify ransomware with 99.99% accuracy – surfacing the last known clean copy so organizations can recover fast. That capability will be available in Q3 2026. PowerStore Elite itself is set for global availability in July. The broader data center announcement also included 11 new PowerEdge servers spanning both air-cooled and liquid-cooled environments, expanded Dell Private Cloud support for Broadcom, Microsoft, and Nutanix software stacks, and two new automation products: the Dell Automation Platform, which pairs AI agents with a conversational interface for infrastructure deployment and management, and Dell Automation Studio for building custom, full-stack orchestration workflows. Nearly 20,000 customers already run PowerStore globally, and Dell is emphasizing that existing deployments can cluster with PowerStore Elite without disruption – a meaningful selling point for partners managing live customer environments. The second big story out of Las Vegas yesterday is one that deserves some unpacking. During his keynote, Dell’s chief operating officer Jeff Clarke laid out what he called ten fundamental changes in the past twelve months – and the thread running through the whole list is a single concept: tokenomics. The numbers Clarke presented tell a story that’s easy to miss if you only hear the headline. Model prices have fallen roughly 80% per token in the last year – sounds like great news. Except token consumption is simultaneously up ten times. And GenAI software spend has tripled in twelve months. The net effect is that AI is actually getting more expensive for most organizations, not less. Clarke made it concrete with a single example: one developer, one agentic use case, building a software tool. On the public cloud, that use case can run up roughly $3,400 a day in token costs. Running the equivalent workload on on-premises infrastructure with local models? Zero incremental dollars. Clarke went further and confirmed that Dell itself made the shift to on-premises AI after its own token costs became untenable – which is a different kind of endorsement than anything you hear from a keynote stage. He also flagged something worth watching: Dell is working on what he called token routing, an orchestration layer that would automatically determine whether a given task is better handled by a deskside AI workstation or by data center infrastructure. He was clear it’s still in development, but it signals where Dell sees the intersection of its PC and server businesses heading. Clarke closed his keynote with three actionable imperatives: know your token consumption, find your super users, and lead the operating model change or be disrupted by it. That first one is the real challenge for most organizations – and the one an MSP or trusted advisor can walk into and own. Away from Las Vegas now, and Intezer has officially launched its Intezer Amplify Partner Program, naming industry veteran Mark Daggett as vice president of global channels and alliances to lead the effort. The program formalizes the company’s channel investment at a moment when demand for AI-driven security operations is accelerating. Intezer’s pitch to the channel is essentially a gap-filling argument: internal security teams are drowning in alert volume while the talent required to triage and investigate those alerts remains in short supply. The Amplify program is designed to equip partners to step into that gap, delivering Intezer’s automated alert triage and threat investigation capabilities as a managed or co-managed offering. The appointment of a dedicated channel VP is the clearest signal yet that Intezer is treating the channel as a primary route to market, not a secondary one. Partners building out managed security or MSSP practices looking to differentiate around AI-augmented SOC capabilities have another option worth a closer look. In Brief –  Check Point launches an agentic network security orchestration platform it says collapses months of manual policy work into minutes of verified action.  Zendesk unveils its Autonomous Service Workforce at the Relate conference, introducing per-resolution AI agent pricing and a no-code Agent Builder.  Riverbed announces new Aternity digital experience capabilities designed to shift AIOps from reactive visibility to proactive disruption prevention.  WinMagic introduces Continuous Identity Assurance, anchoring identity verification in hardware to extend zero trust protocols to air-gapped and legacy OT environments.  Full details and links in the show notes or the blog post. Later today on In The Channel, still from the show floor at Dell Technologies World, I sit down with Rob Emsley, director of cyber resilience marketing at Dell Technologies, on why 97% of cyber attacks now specifically target the backup infrastructure – and what it actually means to build a resilience strategy around the concept of the minimum viable company. And if you haven’t heard yesterday’s episode yet, check out my conversation with Alan Ashby, Dell’s senior director of Americas data center presales and specialty sales, on the practical infrastructure realities of the AI boom – from a deskside AI workstation for an SMB to consolidating 13 legacy servers into one. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Enterprises today are managing increasingly complex cybersecurity environments across cloud, AI systems, applications, endpoints, and enterprise networks. As AI adoption accelerates, organizations are under pressure to secure AI-driven environments while responding to faster and more sophisticated threats. In this episode of the Zinnov Podcast, Rajat Kohli, Partner, Zinnov speaks with Michael Khoury, Vice President, Global Ecosystem Partners, Palo Alto Networks, about the shift from point products to platform-led cybersecurity strategies and what it means for enterprises, partners, MSSPs, hyperscalers, and global system integrators. Michael Khoury shares perspectives on how enterprises are navigating cybersecurity complexity in an AI-first world, and how ecosystem models are evolving alongside it. The conversation explores: • Why AI is accelerating platform-led cybersecurity • The rise of MSSPs and cloud marketplaces as key routes to market • How enterprises are reducing security complexity through platformization • What differentiates advanced ecosystem partners in the AI era Tune in now.

Cameron Tousley, director of MSP channels for ESET North America For most MSPs, the quarterly client conversation looks something like this: here are the alerts we handled, here is your uptime number, here is a dashboard of things we blocked. Useful, certainly – but not exactly the stuff of trusted advisor relationships. Cameron Tousley, director of MSP channels for ESET North America, has a phrase for the upgrade: move from statistical talks to threat briefings. In this episode of In The Channel, he and Pedro Kertzman, threat intelligence specialist at ESET, join host Robert Dutt to explain what that actually looks like in practice – and why the window for MSPs to make that transition may be narrowing. Pedro Kertzman, threat intelligence specialist at ESET The occasion is ESET’s eCrime Reports, a threat intelligence offering that tracks cybercriminal activity at the affiliate level – the individuals buying malware-as-a-service and executing the actual attacks. Kertzman explains why that granularity matters: affiliates signal tactical shifts before attacks scale, giving security-forward MSPs a genuine early-warning advantage. Tousley adds the client conversation layer: knowing that a specific threat group is targeting your customer’s vertical via a specific attack method is a meaningfully different conversation than “we blocked 4,000 threats this month.” There’s also an uncomfortable wrinkle for MSPs specifically: as Pedro notes, affiliates increasingly exploit MSP tooling itself as a vector – compromising credentials to access managed environments quietly, hitting dozens of small clients while staying well below the radar of law enforcement attention focused on high-profile infrastructure targets. For the smaller MSP without a dedicated analyst, the entry point is more accessible than it sounds. Indicators of compromise can be automated directly into client firewalls without a full threat intelligence platform. WeLiveSecurity and the live threat feed built into ESET Protect offer a low-barrier starting point for shops that are earlier in their security maturity journey. Tousley’s closing frame is the one worth sitting with: the Canadian MSP market is being reshaped by consolidation at a pace that isn’t slowing. The independents that survive will be the ones having more sophisticated conversations with their clients. Evolve or sell. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Cyber Threat Intelligence, CTI, has long been framed as an enterprise discipline. Dedicated team, security operations center, analysts who live in the data. But the threat landscape doesn’t really respect that boundary anymore. The tooling is getting more accessible, the attacks are getting more targeted at smaller organizations, and as we’ve talked about on the show before, the MSP stack itself has become a threat vector. So the question for the typical Canadian MSP isn’t really “Is threat intelligence relevant to me?” It’s “What do I actually do with it?” To dig into that, I sat down with two people from ESET. Cameron Tousley is director of MSP channels for ESET North America, and he lives squarely in the business conversation around what MSPs need to grow and differentiate. Pedro Kertzman is ESET’s resident CTI subject matter expert, and I’ll note that Pedro usually sits on the other side of the interview chair as the host of his own podcast on threat intelligence. So this was a bit of a role reversal for him. We talked about ESET’s eCrime reports, the idea of tracking cyber criminal activity at the affiliate level rather than just the group level, what proactive threat intelligence actually looks like for a 15-person MSP shop, and what Cameron described as the “evolve or sell” reality facing the MSP market right now. Let’s get right into it. Cameron, Pedro, thanks for joining us. I appreciate it. Cameron Tousley: Thanks for having us. Pedro Kertzman: Great to be here. Robert Dutt: Before we get into what ESET is specifically bringing to market, Cameron, can you give our listeners a sense for where the threat intelligence conversation is right now in the channel? Is this still primarily an enterprise kind of discussion or has something really shifted in terms of how MSPs and MSSPs are thinking about and talking about CTI? Cameron Tousley: I think that the market is evolving as a whole, no matter if you’re in the SMB segment or enterprise. I mean, it’s evolving everywhere. The beautiful thing is technology is getting cheaper, it’s getting more accessible. People are able with the advent of AI to kind of do more with less staff and things like that, and then allow their staff to kind of become more specialized. Enter in the topic of CTI. I just think that there’s an appetite from certain, and probably more evolving larger MSPs, to start incorporating more for their clients. I think they’ve always probably wanted to educate them, but it’s always that, “Hey man, just make sure I have uptime and the help desk is active when I need it.” And that’s the conversation. Fast forward to now and it’s becoming a little bit more relevant to want to consume CTI. So I’ll kind of start there and I’ll take a pause. I don’t know if Pedro’s got any other comments on that. Pedro Kertzman: No, I 100% agree. I think the threat landscape now with the maturity of the CTI offerings, MSPs can see that the things they’re trying to protect their customers against are more clearly explained and delivered in a way that they can see through CTI offerings now. So I think it’s just a natural evolution within the cybersecurity space to start leveraging that expertise as well. Robert Dutt: Without getting too far into pure positioning, how would you characterize what differentiates your approach to threat intelligence, sort of at the methodology level? What’s the philosophy behind how you’re researching and tracking threats and what you’re bringing to market with this CTI package? Cameron Tousley: Yeah, I’d say first off, our reach. We’re a global company. We have a product line, yeah, but we have 11 threat intel centers and those are also R&D centers too. So it’s a wealth of knowledge. Then we have researchers outside of that that are just remote, and so our tentacles are everywhere and that means something for somebody choosing a cybersecurity vendor or a platform because our researchers, they’re looking at a bunch of different avenues. They’re looking at the major threat acting groups. We have an offering we’ll talk about here in a few minutes, that centers on tracking affiliates because malicious activity, malware-as-a-service, is just like MSPs provide a service. So if I’m an affiliate—and I’ll define that real quick, an affiliate being the people that are buying the malware service and then going and distributing it and causing zero-day attacks—those are affiliates. So the real key part is what they do, not necessarily always the major malware-as-a-service group because that’s just one large avenue, but then you can’t predict what your customers are going to go and do on the black market. So yeah, I think we have a really exciting offering on our threat intelligence called eCrime and it comes in a feed and reports and it’s amazing. It really centers on the affiliate level and that is going to help get the conversations to be more quality with customers. It’s going to help an MSP who provides more, let’s call it reactive security at best, generalized services—which no knock against them, that’s just the model—and that’s going to help propel them into the more proactive security and having more quality cybersecurity-forward conversations with their customers of all sizes. Robert Dutt: Let’s delve a little bit more into that. Can you walk me through a scenario, even hypothetical or composite, where that affiliate-level insight would practically change the outcome for an MSP or one of their customers? How does this show up for an MSP basically? Pedro Kertzman: Yeah. So basically, I’ll take a step back a little bit just to explain how this threat ecosystem works. So the affiliates will be the ones really on the end of the line bringing that malware they got from a quote-unquote threat actor market or affiliate programs, more technically speaking per se, but they will be the ones delivering or sending that payload forward to whatever companies that they are trying to attack. So knowing how these guys work is basically going to give the companies, and the MSPs of course working for their security, the ability to stop the attack in the early stages, because the affiliates will be the ones trying to break in, acquire through whatever methods—credentials stolen or compromised credentials. So they are responsible, quote-unquote, within these affiliate programs to get the foot inside the door. So if you’re knowledgeable about how they act, what kind of techniques they use to get that foot in, you’re basically stopping the attacks before they actually become super massive, widespread attacks or super dangerous attacks. It’s kind of the proactive security instead of the reactive security. Cameron Tousley: Yeah, that’s a good comment. And then I’ll just throw one more little thing on that. I was talking about the conversations you can have with your clients, everything Pedro said, plus it’s like, you could have a specific conversation about, “Hey, this is what we blocked this month, but these are the threat acting groups, and here are the patterns, here’s the kind of malware that’s out there right now. By the way, you’re in the healthcare vertical, this threat acting group is targeting healthcare and doing this specific type of attack—happens to be phishing or fileless or whatever the complex attack is.” So they got to get really granular in the conversation. It can’t just be a super high-level one, because then your user’s not going to know what to do with that information. But if you coach them on the end-of-the-line issue and where it’s sourcing from, to Pedro’s point, you get ahead of that attack early, you might even prevent stuff that would have normally been a real headache. Robert Dutt: And you need to position yourself at least somewhat as the hero in so much as you’re saying, “Here’s the people who are attacking you, here’s what they’re doing, here’s what we’re doing proactively to counter that.” Cameron Tousley: Absolutely. Yeah, that’s a huge value to your end customer. The one that normally would have not cared about security and it’s more of an annoyance, now they’re paranoid about it, just like the MSP, just like the vendors, we’re all trying to get ahead of it. So I think that that provides a lot of value, and the average MSP is probably not going to do that. So you don’t necessarily have to go spend a ton of money, you just have to consume the information that’s out there maybe for free, and then maybe some of the paid services like the eCrime reports without buying our full threat intelligence platform, you can just do that. And that is like a huge value on its own to track exactly what we’re talking about right now. Robert Dutt: So taking a step back, I think some of this certainly informs and colors the question we go to ask, but I’m a 15-person MSP somewhere. I’ve got solid endpoint protection, an RMM stack I like, maybe managed SOC coverage, that kind of model. What’s the case, in addition to what we’ve already discussed, for why threat intelligence should be on my radar as a distinct capability I need to think about, bring to my customers and offer? Pedro Kertzman: Yeah, I think especially because again, talking specifically about the eCrime reports, we’re talking about the ones that are really perpetrating the attacks or executing the attacks. When you understand how your adversaries really act, you don’t need to always rely on the expertise of a super senior CTI analyst. There are ways that also, depending on your vendor, you can automate the expertise to just be pumping, let’s say, IOCs or IP addresses into your existing end users’ firewalls. If you manage a bunch of other firewalls for your end users, you can pump that eCrime knowledge into those firewalls in the form of IP addresses, domains, and things like that. But understanding that it’s going to be a proactive approach so they don’t get a foot in the door first, it’s kind of that decision beforehand that will give the MSPs, or MSSPs with 15 or so employees, that kind of extra leverage against those frontline attackers. Robert Dutt: I’m really interested in the idea of using intelligence and these eCrime reports as a client-facing tool, not just something that’s consumed internally, especially for that smaller MSP—something that you’re using in your QBR or whatever business review you have with customers to show your value. I’m curious, is that something you’re seeing happening today or is it a realistic use case, or is it a stretch for most MSPs right now? Cameron Tousley: I think it’s realistic. Now, let’s set the tone here. An MSP, they may not have the budget nor the expertise nor the staff to be buying a full-blown threat intelligence offering even like ours, but they can use certain parts of it like the eCrime reports. So that’s a good jumping-in point for the MSPs that are growing, or if you have 15 people on staff and there’s a good deal of them on the technical side, you may want to run your SOC in-house. Maybe that’s something you want to do. I think for them, the maturing MSP and definitely the MSSP, a threat intelligence offering is something that you will probably want to consume if you’re doing everything in-house. Now, I think there’s an argument for even if you’re going to go out-of-house and use the vendor, I still think there are free sources. We have customers that are using free platforms but running a paid feed through it. This is really dynamic. It’s flexible. It can fit to every different audience for the most part, except for the ones who are just not staffed for it and they’re probably outsourcing everything and they just don’t want to do it. They know that they are never going to be able to staff a 24×7 team and they’re also never going to be able to consume as much information as is coming in. But there are also other free resources, like I said, associated with our threat intelligence platform, like the eCrime reports, but there’s white papers that we produce. There are periodic threat reports. We do all kinds of analysis. And then on our welivesecurity.com blog, we publish all kinds of free information. And the really cool thing for existing ESET customers is through our ESET security platform, ESET Protect, we run a live feed through there and it shows you like, “Hey, here’s the latest news on WeLiveSecurity. Here is something you need to be aware of, there’s a vulnerability in the wild.” So we run some of the security stuff and this news right through a window inside of our platform, which I think is really big value added. Pedro Kertzman: Awesome. Yeah, I would add, if I can, Rob, we do have monthly digests as well on the CTI offerings, even for not super deep-down technical people. Let’s say more executives or CSMs, let’s say account managers on the MSSP or MSP side. It’s kind of an executive-ready type of report. So it’s more about the threat landscape overview. I think it helps them show that they are expanding their offerings on the security side and they’re knowledgeable about it as well. Again, doesn’t need to go in the nitty-gritty like in the weeds of IOCs and all that, but understanding, for example, that now the ecosystem on the other side is somebody providing the malware, somebody going and executing it. So just to show how they see these movements, I think it’s sometimes important enough to show that they are expanding their coverage for their end users. Robert Dutt: The reports, the eCrime reports, have been in the market about a month now, I guess. I’m curious what you’re actually hearing from MSPs and MSSPs as they’re digging into them. Are people using them the way you expected or are there surprises that you’re seeing in how they’re engaging, what they’re doing, how they’re thinking about this information? Pedro Kertzman: That’s a good question. I think because of the name, we got out of the gate with police forces reaching out to us, but in theory, it’s not the best kind of deep analysis that we’re going to give them, because they have a lot of expertise. So then we have the APT reports that would bring more detailed analysis for them. So it was interesting to see that people are kind of eager on the end-user side to see how the threat landscape, especially related to financial crimes or eCrime, are really, let’s say, hot right now. The MSPs are kind of following that trend, not as jumping on like the police forces were, but they are starting to inquire about the new eCrime reports for sure. Cameron Tousley: Yeah, I’d agree. I think the defender agencies, I’ll call them, the ones that are fighting the same battle we are, but maybe physically, but now they’re fighting the eCrime too. As they’re learning, this is a great tool for them. We find that they’re excited about it. It’s relatively new, so we’re going to see more and more adoption of it. But plenty of people who are in evaluation are like, “Hey, can I run a free month of this? I want to check it out and see what I’m going to get.” And we’re getting a lot of good feedback on it right now. I’d say on the MSSP/MSP side, again, it’s new for them too. And they do a lot of different things. So for them, they’re like, “I need to slice out some time to check this out as well because this is interesting. I don’t know if anybody else is really doing anything quite like this.” So for them to be able to check it out and add it to their offering, I think what’s going to happen is that they’ll get hooked on something like that and they’ll want more. And we’re already working on more. So our teams are hard at work. We’re adding new feeds, new reporting structures, new ways to consume it. And reasonably priced packages and things like that. Even ones where you have somebody on retainer where you can go to and get a very long deep dive on what you’re reading periodically throughout any given month. So I think with that, you’ll see a lot of internal IT large agencies adopt it. I think you’ll see some MSSPs adopt it. And you might even see some general MSPs who are evolving up that chain do the same thing. So it’s kind of a report and an offering for everybody there. Pedro Kertzman: Yeah, I think you mentioned something important, Cam. We do offer trials for the eCrime reports as well, right? If they want to test it out. Cameron Tousley: Yeah, try it before you buy it. Yeah. Robert Dutt: It sounds like you’re also thinking about ways that you can slice this, dice this, package it out to that smaller MSP or that MSP who’s not a pure-play security player going forward. I was going to ask, what do you see as coming next in CTI and in your eCrime reports? I think that’s certainly a hint. Anything else that you see sort of in the pipeline or where you’d like it to go, where partners would like to see it go? Cameron Tousley: Yeah, I’ll take a stab at this one because my heart’s near and dear to the MSP community. That’s what I’ve been working in. That’s a segment for quite a long time now for ESET. And so what I’m reading and what I’m theorizing on is that there’s other kinds of technologies that are pretty complex, have gotten more simple in the way that they’re still doing complex processes, like an EDR, right? It’s an investigative tool, and then you pair it with AI and then things become easier for the team managing it. I think it’s going to be the same thing here where you’re going to have an AI paired with it, which we have our own agentic AI agent in this offering now, which is very, very cool, and it’s built in our security platform. But for this, I think it’s going to make consuming information easier, generalizing it, summarizing it, and making sure you can spin it into a quick executive summary. My theory is click of a button, right? So I’m going to have a dashboard. I’m going to say, “Hey, I want an executive summary on this event.” So you’re basically just filtering, and then the end result is you hit that AI generate button and then it generates something that’s quality, and you can do it at various user levels, maybe various role levels. I’ll hit the CTO button or I’ll hit the CEO button and they’ll be a little bit different, obviously. So I think that it’s going to get simpler and managed intelligence as a service, that’s next. It’s already a term that’s being thrown out there a little bit if you look for it. So it’s just not mainstream yet. And I think it will be here in a short period of time. Pedro Kertzman: A hundred percent. And just to double down a little bit as well, Rob. I think especially for the smaller MSPs, let’s say you hit a critical infrastructure, you stop a pipeline or anything like that, you’re going to have federal agencies going after you, right? But then when you hit a mom-and-pop shop, nobody really cares. And those guys are often served through these smaller MSPs. So I think getting a better understanding of the threat landscape that especially targets those small businesses, I think it’s just a natural progression of the change in the threat landscape. Robert Dutt: Well, and you bring up a point that I kind of pulled on a little bit with your friend, Tony Anscombe, not too long ago. There’s so much data about how many attacks right now are taking advantage of the MSP tooling as a threat vector. And so I think that also speaks to a need for an MSP who wants to be mature and responsible about these kinds of things to have a better grip on who’s looking, what they’re looking at, and how that maps to what they’re doing. Pedro Kertzman: A hundred percent. And just to link this specifically about eCrime and affiliates, affiliates would be the ones exploiting those RMM tools, right? Because it’s something that is already deployed in the environment. If they get the credentials that got stolen for whatever reason, they have access to those tools and then they can deploy malware that they bought from those affiliate programs inside of the victim’s networks. Robert Dutt: And it’s funny, almost a reversal of back in the day, I can remember as a Mac user, there was a saying that Apple engaged in security through obscurity. What you describe is almost the opposite of that. It’s insecurity to a degree through obscurity. In that if I’m an attacker, I know that if I go after Colonial Pipeline to use your example, I’m all over the front page and there’s going to be a lot of government agencies who have a lot of serious, serious questions for me. If I take out an MSP tool that gives me access to a bunch of very small clients though, maybe I fly under the radar just a little bit more. Cameron Tousley: Oh yeah. Robert Dutt: This is my last question. If there’s one shift in thinking that you’d want a Canadian MSP to walk away with after this conversation, in terms of how they think about these reports, in terms of how they think about the role of threat intelligence in their business, you know, one thing they should reconsider about how they’re approaching their security practice, what would that be? Pedro Kertzman: So I think first, Rob, that’s kind of more of a mindset type of thing. CTI still sounds super complex to a lot of people. I would say there are two main flavors. One, if you really want to dig into techniques and all that, yes, you can get fairly technical and sophisticated, but there are really simple ways to ingest cyber threat intelligence into existing automated tools. You can, of course, do a POC with one, two, whatever vendors you want to do. Once you find that real value for your customers, your end users, then it’s automated. We’re talking about data feeds ingesting directly into a firewall. If you don’t have a CTI central brain kind of thing, which the market knows as a TIP (threat intel platform), you don’t need to go that route, the sophisticated route. There are simple ways to use threat intelligence. And honestly, it’s super valuable because it’s just, again, automated. You’re outsourcing the knowledge to the vendor directly who’s going to execute that, like a firewall, for example. Cameron Tousley: Yeah, I think that’s some really good commentary. And I have a lot of business conversations with MSP business owners and I follow the market, and the consolidation, there’s tons of it. And there has been for a few years, but it’s just insane right now. And I think that there’s this thing going around, it’s like, look, evolve or sell. Because you have the advent of AI and that’s speeding everything up tenfold. And just don’t be afraid. If you want to continue to run your business, don’t worry, you’re going to have clients out there in your locale that probably love you. But they’re also going to have people calling them as these other MSPs get bigger, and these national ones that swallow other little smaller companies and then their go-to market will be, “Well, let’s go down market, down market,” because we can’t always go up market, that’s pretty hard to do. But down market is like shooting fish in a barrel kind of thing. So that means it’s a risk for the smaller MSPs that are not going to sell out, that want to be in business another 10 or 15 years. So don’t be afraid, utilize AI to research it. They say don’t use AI as Google, I disagree a little bit, but you can use it for a lot of things. This can summarize: what is this offering? Can I use it? Ask it really basic questions to get acquainted, and then take the next step and call your vendor and just have a conversation with them and say, “What are all my options? I am in this locale, I serve these kind of verticals, here’s my sizing, here’s the tools I use.” You’ve got to throw everything out on the table because then your vendor, somebody like a technical or business contact, can jump in and say, “Look, I think that you should check out this part of this larger offering. And here’s what I’ll do for you. And here’s what you’re going to do. We’ll give you a game plan, right? You’re going to trial it in the following ways, we’re going to pair you up with a technical person to teach you a little bit and be your co-pilot—Microsoft gets enough press.” But really kind of jump in, try it out. Don’t be afraid. Because if you want to be around another 10 or 15 years, you have to make the leap. And you don’t have to do anything big, but you have to start adopting some of this security-forward thinking so that you can have threat briefings with your clients and not statistical talks. There was just that MSP summit and there was actually a panel on what the next gen of MSPs is doing. And it was funny to hear it because they’re like, “Well, we’re focused on outcomes.” And I totally agree, but I know some of the older MSPs are like, “Well, we’re focused on outcomes too.” But I think it’s the talk track. You’re all saying the same thing, but you need some more complex tools in some ways to be able to have these more outcome-based discussions. Like, “Hey, I not only blocked X amount of threats, I kept your uptime up in this way, and that allowed you to keep productivity up. So by my clock here, you were able to achieve all those things that you wanted to achieve in our initial meeting, we’re on track.” That’s the conversation you want to have in addition to that little bit of the threat briefings peppered in. Robert Dutt: All right. Some great advice there. Gentlemen, thank you both for taking the time. I appreciate it. Cameron Tousley: Thank you, Rob. Pedro Kertzman: Great to be here. Cameron Tousley: Absolutely. It was a pleasure. Thanks so much. Robert Dutt: There you have it, Cameron Tousley and Pedro Kertzman from ESET. I’d like to thank both Cameron and Pedro for their time. They did exactly what we set out to do with this conversation, kept it firmly in the strategy lane with technical depth in service of the business point rather than the other way around. A few things to leave you with. The framing that stuck with me most was Cameron’s distinction between statistics talk and threat briefings. The idea that your quarterly client review shifts from “here’s how many threats we blocked” to “here’s the specific group targeting your vertical right now. Here’s how their affiliate operates, and here’s what we’ve already done about it.” That’s a real upgrade in how an MSP demonstrates value. It moves you from uptime vendor to trusted advisor and that’s a conversation your competitors probably aren’t having yet. On the technical side, Pedro’s explanation of affiliate-level tracking is worth sitting with. The headline ransomware groups get the attention, but it’s the affiliates, the ones buying malware-as-a-service and doing the actual execution who determine the tactics on the ground. Tracking them is what gives you an early warning before the attack scales. And as I noted during the conversation, there’s a certain logic in how attackers exploit the MSP model specifically. Go after the tooling, stay under the radar, quietly compromise a hundred small clients instead of one high-profile target. Obscurity in that scenario is working against you. For the smaller MSP who’s heard all of this and thought, “I’m not staffed for this,” Pedro’s entry point is worth considering. You don’t need a full threat intelligence platform or a dedicated analyst to start. Automate the ingestion of indicators of compromise directly into your clients’ firewalls. Let the tooling do the work. It’s not glamorous, but it’s real, actionable and it’s a lot more than most of your competitors are doing. And Cameron’s closing thought, “evolve or sell,” is the frame I’d put around all of it. The consolidation wave hitting the MSP market right now is not slowing down. The shops that survive as independents will be the ones that have more sophisticated conversations with their customers. Threat intelligence is one of the things that helps you have those conversations. If you found this one useful, please follow or subscribe to the podcast wherever you listen. We’re on Apple Podcasts, Spotify, YouTube, all the major podcast directories. Ratings and reviews are always appreciated. Until next time, I’m Robert Dutt for ChannelBuzz.ca and I’ll see you in the channel.

Today’s headline news for Canadian IT solution providers: SonicWall is making its Gen 8 security platform available in virtualized environments for the first time with the launch of the NSv XS, a subscription-based virtual firewall purpose-built for MSPs and MSSPs delivering managed security to small and distributed environments. The NSv XS supports VMware ESXi, Hyper-V, KVM, AWS, Azure, and Proxmox and ships in three service tiers designed around recurring revenue models. The top tier adds co-managed security from SonicWall’s SonicSentry NOC team plus embedded cyber warranty coverage through Cysurance. SonicWall’s 2026 Cyber Protect Report found high and medium severity attacks surged 20.8% last year, and with 52% of enterprises now running most of their infrastructure in the cloud, the NSv XS is explicitly designed to close that gap. Huntress and specialty insurance firm Acrisure have launched a new cyber insurance program offering eligible organizations access to Cyber or Tech E&O policies with no deductible and a streamlined application process. Organizations running qualifying Huntress Managed EDR and ITDR solutions may benefit from simplified underwriting – demonstrating active security posture translates to better insurance terms. The two companies are positioning the program as a response to growing AI-driven cyber threats and an alternative to the traditionally complex process of securing adequate cyber coverage. Intruder has released its 2026 Attack Surface Management Index, based on anonymized data from 3,000 customers. The headline number: 26% of organizations have exposed MySQL databases, a known target for ransomware and data extortion. Midmarket companies in the 5,000-10,000 employee range take an average of 56 days to remediate exposures – nearly four times slower than small enterprises. Banks closed gaps in an average of 11 days; insurance and pharma firms averaged more than 40. The report frames this against the emergence of autonomous AI models capable of independently discovering zero-day vulnerabilities – which makes a 56-day remediation window a meaningful risk. ThreatDown has launched identity threat detection and response for MSPs, adding credential-based attack detection to its managed security stack. ITDR joins ThreatDown‘s existing endpoint protection capabilities as attackers increasingly target identity infrastructure rather than devices directly. Cycode has announced new capabilities for AI-driven development, declaring “shift left is dead” and repositioning its application security platform around the AI development lifecycle. The move reflects a broader rethinking of where security fits as AI-generated code accelerates development velocity and introduces new risk vectors. Toronto-based MSP roll-up AYCE Capital has acquired a cybersecurity advisory firm to anchor a portfolio-wide center of excellence in vCISO and managed security operations. The move signals a push to build differentiated security capabilities across its MSP portfolio rather than sourcing them piecemeal. MSPAlliance has launched new service lines under its Cyber Verify program, expanding the compliance and assurance framework available to managed service providers. The additions give MSPs more structured pathways to demonstrate security and operational maturity to enterprise and regulated-industry clients. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, May 13, 2026, and here’s what’s happening in the channel today. SonicWall yesterday announced the NSv XS, a new virtual firewall extending its Gen 8 platform to cloud environments, with managed service providers and MSSPs as the primary target. The product allows partners to deploy firewall security wherever customer workloads run – public cloud, private cloud, branch offices, and distributed infrastructure – under a management model designed for multi-tenant operations. According to SonicWall, the NSv XS carries the same Gen 8 security engine found in its physical appliances into a lightweight virtual form factor, which the company says closes a growing gap as customer environments increasingly span both physical and cloud boundaries that legacy appliances can’t follow. The announcement is a practical one for the channel: a cloud-native firewall with the Gen 8 engine that can be managed centrally simplifies both the sales conversation around security coverage and the operational overhead of delivering it across heterogeneous customer environments. Also yesterday, Huntress announced a partnership with insurance firm Acrisure to connect cybersecurity posture directly to cyber insurance outcomes for eligible organizations. Under the program, customers running the Huntress managed security platform can access Cyber and Tech Errors and Omissions policies through Acrisure with no deductible – with policy terms tied to the customer’s verified security posture rather than a generic underwriting baseline. According to Huntress, the program is built on the premise that organizations that have actually deployed layered security controls should not be underwritten at the same rates as those that haven’t. The arrangement is worth watching for solution providers who have been looking for cyber insurance integrations that go beyond co-marketing – this one appears to operationalize the connection between managed security delivery and insurance terms in a way that could strengthen both the MSP’s value proposition and the client’s risk profile. Intruder rounded out a busy Tuesday by releasing its 2026 Attack Surface Management Index, drawing on anonymized data from 3,000 organizations to assess how quickly companies are identifying and closing their exposed attack surfaces. The headline finding: more than one in four organizations still have MySQL databases exposed and accessible from the internet – a foundational configuration risk that the report says reflects a broader struggle to maintain visibility over sprawling and distributed infrastructure. According to Intruder, the data shows that human remediation is falling further behind the pace of automated exploitation, a trend the company calls the “Mythos Era” – a period in which attacker tooling has measurably outpaced defender workflows. The report gives solution providers a concrete, data-backed framework to bring into client conversations, particularly for customers still relying on point-in-time scanning rather than continuous monitoring. In Brief –  ThreatDown yesterday launched an identity threat detection and response platform, extending its security stack to cover credential-based attacks across Microsoft Entra ID, Okta, and Active Directory.  Cycode is declaring “shift left is dead,” releasing new agentic development lifecycle security capabilities designed to protect AI-driven software pipelines from code generation through deployment.  Toronto-based AYCE Capital yesterday announced the acquisition of a cybersecurity advisory firm to anchor a portfolio-wide security center of excellence.  MSPAlliance last week added Service Lines to its Cyber Verify platform, letting MSPs map audited controls directly to the services they deliver for cleaner, client-ready compliance reporting.  Full details and links in the show notes or the blog post. Later today on In The Channel, we’re sitting down with Steve Petryschuk from Auvik to dig into their 2026 IT Trends Report and what the data reveals about the gap between AI ambition and AI maturity in managed services. And if you haven’t heard it yet, yesterday’s episode is a good one – Joel Abramson from Top Down Ventures joins me to discuss the close of their C$38 million MSP-focused founders fund and why they believe managed service providers are the primary delivery vehicle for AI to the small and mid-market. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Identity is at the center of nearly every modern breach, but when IAM responsibilities are shared with MSSPs, where does trust end and accountability begin? In this episode of CISO Stories, Jessica Hoffman sits down with Dr. Dustin Sachs to explore the human side of identity and access management, including cognitive bias, automation, privilege creep, and the hidden risks of "blind trust" in real-world security operations. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-224

Send us Fan MailSnehal Antani, CEO and Co-Founder of Horizon3.ai, addressed the tactical reality of AI-driven adversary behavior. AI has drastically accelerated the attacker's “OODA loop” (Observe, Orient, Decide, Act), citing a documented case of an autonomous compromise occurring in just 77 seconds. Beyond the technical speed, the discussion touched on geopolitical shifts, including Iranian targeting of dual-use infrastructure and a projected surge in unpatched vulnerabilities (CISA KEVs) for late 2026.To counter these hyper-automated threats, Horizon3.ai is leveraging its channel partners and MSSPs to deploy advanced defensive tactics, such as deception technology and data poisoning. By empowering partners to move beyond traditional scanning and into active, autonomous defense, Horizon3.ai aims to neutralize AI-driven exploits before they can be weaponized against civilian and corporate infrastructure.See our past interview with Horizon3: https://www.e-channelnews.com/horizon3-ai-grows-its-global-partner-program/Horizon3.ai recently released new research on how organizations measure security—and whether those metrics reflect real resilience against attackers. The findings reveal a clear gap between tracking completed work and actually stopping real-world threats.Key findings include:Only 11% of practitioners validate or patch within 24 hours of a CISA or ENISA known exploited vulnerability alert, many take a week or more to confirm if they're even exposed93% of CISOs say they could prove their organization took reasonable, validated steps to prevent a breach, yet only 30% patch and then test to confirm the risk was actually removed97% of CISOs are confident their endpoint protection would detect lateral movement or privilege escalation, yet only 12% have validated EDR effectiveness in the last three months

Tim Coach, chief evangelist at Cynomi For most managed service providers, the security services story has followed a familiar arc: endpoint protection, email security, security awareness training. Each category added value, then became table stakes. Third-party risk management – TPRM – is what comes next, and according to Cynomi Chief Evangelist Tim Coach, it may be the stickiest revenue category yet. The case is straightforward. Every business relies on a web of vendors, software providers, and service partners. Each one is a potential vulnerability. And most SMBs have no formal process for knowing how well those third parties are managing their own security – or what happens to them downstream if one of those vendors gets breached. Research from Cynomi suggests 45 percent of organizations will face supply chain attacks, and 30 percent of data breaches already involve a third party. The attack surface has shifted to the things organizations trust most. For Canadian MSPs, the regulatory pressure is specific and near-term. OSFI’s Guideline E-21, with a September 2026 compliance deadline for federally regulated financial institutions, puts third-party oversight explicitly on the agenda. The cascade effect on their vendors – and the MSPs serving those vendors – is already in motion. Perhaps the sharpest signal in this conversation: cyber underwriters are now denying SMB coverage not because of anything the SMB did, but because they are connected to an MSP. The managed service provider, long positioned as the path to better insurance outcomes, has become a risk factor in its own right. Coach’s recommended first move for any MSP building into TPRM isn’t a vendor questionnaire – it’s a Business Impact Analysis. Understand how the client actually makes money, which vendors are critical to those revenue processes, and what an hour of downtime costs. That reframes the conversation from technical widgets to revenue, cost, and risk – the language every business owner speaks. – UPLOAD AUDIO Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, your host for the show. My guest today is Tim Coach, Chief Evangelist at Cynomi, a vCISO platform purpose-built for MSPs and MSSPs. Tim brings an unusually grounded perspective to the space. He’s an engineer by training who spent nearly two decades building, running, and consulting on managed service practices before landing at Cynomi after seeing the platform first-hand and recognizing it could have solved one of his biggest operational headaches as an MSP owner – the CISO bottleneck, the point at which growth stalls because the security function can’t scale without adding expensive headcount. That personal history shapes everything he thinks about TPRM, third-party risk management, which is increasingly being talked about as the next major revenue category for MSPs after human cyber risk. Today we’re talking about what building a TPRM practice actually looks like, why cyber insurance has quietly flipped the MSP value equation, and why the right starting point isn’t a vendor questionnaire at all. Let’s get right into it, my chat with Tim Coach. Tim, thanks for taking the time. I appreciate it. Tim Coach: I absolutely love to be on. Thanks so much for having me, and for having Cynomi on your webinars. We’re always happy to do these things and educate the community. Robert Dutt: You’ve spent a long time in and around the MSP community. How did you end up at Cynomi specifically, and what was it about the opportunity around TPRM that pulled you in? Tim Coach: TPRM was eventually in the process – let me back up. What got me into the community was my engineering background. I went to college for what was called network communications back in those days. Basically I’m a network guy – I always point at the front-end programming guy and say, “It’s your fault,” and the programming guy says, “No, no, it’s the network’s fault.” So I did that for a large-scale nationwide company for many years, and then I fired my MSP. The owner was like, “Well, if you’re so good, why don’t you come over here and run this?” And I said okay. It took me about 24 hours to realize I didn’t have a clue what was going on – the place was chaos. But through process and procedure, and a military background, I knew I could get it under control. I ended up with a business partner from that experience, and we spent about 20 years rebuilding and consulting with MSPs. About five years ago, I just needed something different. The kids were a little older. I started looking at what else was out there, talked to a couple of mentors in the space – I’m sure if I mentioned their names everyone would know them – and they said, “You should come over and do this.” So I jumped. I went to work for a Canadian company, grew them quite a bit in the first year, then moved to an Australian company, grew them, and then went back to consulting for a short time. David from Cynomi was recommended to me as a consulting connection. We were going back and forth and he said, “Why don’t you come on board?” And I said, “I’m not really interested in selling a widget” – and it’s a security widget, right? There are so many great widgets and great personalities in the security space already. Probably not my jam. But he said, “No, no – let’s look at it.” And he showed me what Cynomi did, and I was blown away. The reason I was blown away is that at my most successful MSP, we hit a stopping point in our growth. The reason was our CISO – and this was before CISO was even a cool term. He was our bottleneck. Not because he was inefficient as a person, but because of the way he had to work: 80 pages of Excel spreadsheets and hours and hours of questionnaires. When I first saw Cynomi, I thought, “Here’s a way I could have doubled the size of my company with the same staff, the same CISO.” That’s what really inspired me to come on board – seeing that dashboard and connecting it to the personal pain I’d experienced around the security bottleneck. Now with the addition of TPRM, that excites me even more, because back in my MSP days I had a lot of bank clients, and banks are SOC 2 all over the place. Part of SOC 2 is that you have to have TPRM – you have to be responsible for everybody in the chain. So now we’ve built out a platform that lets the MSP, MSSP, ITSP, or whatever SP you want to put in front of those letters, easily manage vendor relationships and understand where clients are in their security posture. Robert Dutt: You may not feel it’s cool, but it’s certainly foundational security. Tim Coach: And that’s the problem, right? That’s why we’re still talking about security – because nobody knows how to talk business. They all talk widgets, bits and bobs: here’s this cool firewall, MDR, XDR. But you know what your clients don’t care about? The widgets. They care about being secure. Until we can bridge that gap – until Cynomi brings something that says, here’s an easy way to get to the data and details you need, here’s CISO-level intelligence so the MSP can translate it into business terms for the doctor’s office, the manufacturing company, whatever vertical you want – we’re going to keep having this same conversation. Robert Dutt: Let’s do a little bit of that with TPRM itself. Let’s take a step back and look at it from the viewpoint of an MSP who’s heard the acronym but hasn’t really dug in yet. Third-party risk management – what are we actually talking about, and what problem does it solve? Tim Coach: What a lot of people need to understand – and I try to say this in a way that’s easy to grasp – is: manage security first, and compliance becomes a default. What I mean is that you need a baseline, whether it’s CIS Controls, Cyber Essentials Plus, CMMC 2.0, one of the financial frameworks, HIPAA, whatever applies. You need a baseline you’re actively managing your security against. In the process of meeting that baseline, compliance follows. What we’re increasingly seeing is that certification bodies, auditors, and insurance underwriters all want to see that your solutions and partners are just as secure as you are. I was at Canalys Barcelona last year and someone made a statement that blew me away: for the first time ever, we’re seeing insurance underwriters deny coverage to an SMB because they’re connected to an MSP – and the MSP is what they consider the risk. We went from being the most important people in the room, essential workers, to being the risk factor. And on top of that, helping clients with their insurance has been one of our foot-in-the-door conversations for the last decade. That’s where TPRM comes in. The frameworks and insurance underwriters now want to see not just that you’re secure, but that everyone you’re working with is secure. The problem has always been how you manage that. Back in my day, you had to call the vendor, find the right person, ask for evidence of their SOC 2 compliance, get bounced around, end up with legal, sign an NDA, and eventually get the report. Now people share that information a bit more freely, but you still need a central place to manage it – so when an auditor or insurance broker asks, you can point to it and say, “Here it is.” We do a community call every Wednesday at noon Eastern, and we’ve had a gentleman on a couple of times who has written books specifically on TPRM. He’s sounding the alarms – not bad alarms, just “it’s coming.” But like a lot of SMBs, MSPs are having to drag their clients toward where they need to be. Once you make it easy for the MSP, you make it easy for the SMB, and you finally have a way to prove you’re taking those measures. Robert Dutt: Supply chain attacks have certainly been a theme in the channel for a while – Kaseya, SolarWinds, MOVEit. But TPRM as a formal managed service element feels newer. The insurance side sounds like a big driver. What else changed to make it go from a theoretical concern to something MSPs can actually build a practice around? Tim Coach: I firmly believe you cannot be a business partner without knowing how your partner makes money and how you need to protect them. I can’t protect them if I don’t know what they’re using. It’s the old adage: if two people are managing something, nobody’s managing it. TPRM is really the next step for the ITSP to move from a transactional relationship to a true business partnership – ensuring that everyone your clients are using is also protected. Because what happens is what always happens: it doesn’t matter what you have hard-coded in the contract about not being responsible for X. When something goes wrong, the SMB comes back and says, “But I thought you were managing this.” We go over it in the contract reviews, sure, but the conversation still happens. When you’re genuinely talking business – saying, “I’m going to protect how you operate quarter after quarter, year after year” – you’re protecting their entire environment, not just your piece of it. That’s when you move to a real business relationship instead of a sales relationship where every conversation is an upsell or a cross-sell. We’ve done it to ourselves a little bit, honestly. It’s like an insurance agent in Oklahoma trying to sell hurricane insurance. That’s not what we should be doing as business partners. TPRM allows us to have a full understanding of the client’s environment and make sure everything is protected – or at minimum, that the gaps are known by everyone. Robert Dutt: Cynomi has described TPRM as the next major revenue category after human cyber risk. Can you walk me through what the recurring revenue model actually looks like, and what makes it sticky? Tim Coach: Everything leads to MRR – that’s business. But you have to start with a project. You need to understand where the client is in their security journey before you can manage them ongoing. SMBs don’t do things for free, and neither do our partners. This is a revenue generator. But it’s a revenue generator because it actively has to be managed. I always say: I can’t throw a server at security. I can’t throw a firewall at it and declare myself secure. The best analogy I’ve heard for security is a block of Swiss cheese. There are holes, and you can stick a fork through those holes quite a way. But if you slice that block and turn every slice 90 degrees, the holes are still there – they’re just not as deep or vulnerable. That’s TPRM. There is no set-it-and-forget-it. It has to be actively managed, and that active management is where the recurring revenue lives. Robert Dutt: What does a typical engagement look like early on, for an MSP starting from zero with a client? Where does the work begin, and what surprises people about the scope as they go deeper? Tim Coach: Everything begins with an assessment. With Cynomi’s tools, we can use Cyber Essentials Plus or CIS Controls as a self-regulating baseline and add a couple of hours to the initial assessment to incorporate the security piece. We all do assessments upfront to understand what we’re getting into – or what needs to be fixed before we really dig in. Once you’re in the security layer, the next step is TPRM. And TPRM brings with it something I think is critically important: the Business Impact Analysis. It’s not enough to ask, “What does your client do?” They make dog food – do they? Or is that just the end product? When I was an MSP, I had a metal manufacturer that cut and stamped metal. But if you asked their CFO what the business was, he’d say, “Making pallets – I make more on pallets than on the stamping work.” I used this example in a presentation just yesterday. Years ago I was walking through a manufacturer’s facility and asked about a machine: “What does that one do?” “That runs the software that completes our product.” “Why isn’t it plugged into the network?” “It’s a Windows 98 machine.” “Why are you still running that?” “Because it runs decade-old German software that costs ten million dollars to replace. And we only have that one machine.” If you’re not walking through and genuinely understanding how they make money, you don’t know where the risks are. And that’s what TPRM forces you to do. Ideally, I’d love to sell a project that includes a full security assessment, a BIA, TPRM, BCP, IR planning, all of it from day one. But it doesn’t happen that way. You have to phase it. Once you understand the BIA and what they’re actually doing, you understand where the software and systems that carry real business risk are, and you can start building that into their security posture. It’s the same principle: why hack an individual when you can hack the software that manages all the individuals? Why try to crack one account when you can compromise an MSP’s RMM tool and get access to everybody? If you go into a business without understanding their software environment and vendor posture, you at minimum need to be able to tell them where the risks are. Because the language they speak is revenue, cost, and risk. TPRM is a risk if it’s not being managed – and that’s why we’re seeing so much attention on it lately, even though some of us have been doing this for decades. We just used to call it vendor management. Robert Dutt: We’ve talked a lot on the show about MSP tools as an attack surface – RMM agents, remote access tools, backup platforms. The MSP is supposed to be managing the client’s vendor risk, but the MSP’s own toolchain is also someone else’s third-party risk. How should MSPs be thinking about that? Tim Coach: It comes back to the BIA again. What are they using? What’s creating the security gaps, and how do you build better overall management around it? There’s a project in there, but every project should lead to MRR – period. It still has to be managed. Remember when Exchange servers went away and everyone panicked about where the revenue was going to go? There was still an entire environment to manage. We always made some revenue on hardware, though that’s gotten harder – the real money is in managing the ongoing environment. TPRM is the same thing: it’s a significant security gap in the overall posture of your clients, and that gap has to be actively managed. Robert Dutt: Pushing on that a little further – TPRM platforms are pulling in a pretty comprehensive map of an organization’s vendor ecosystem: the gaps, what’s been remediated, basically a full picture of the landscape. If one of those platforms gets compromised, that’s not just a breach – that’s a pretty rich target list for an attacker. How do you think about that? Tim Coach: Think about a CNC factory. Their job is building molds to produce a specific part, and the software on their server has all the schematics fully built out. What happens if that software gets hacked? You lose all the schematics for the CNC machine – so suddenly you can’t produce anything. And if the attacker gets in early enough in the process, the downstream supply chain impact goes way beyond that one facility. That’s the risk. If you’ve got $200,000 five-axis CNC machines – and I may have a little experience with this – and you’re not protecting the software running them, and you don’t understand from a TPRM perspective what the vulnerabilities look like, that’s an ongoing, persistent risk. You always have to be managing it. Robert Dutt: Sitting where Cynomi is, how do you think about the security side of running a TPRM solution, and what should MSPs be asking vendors in this space about that? Tim Coach: Efficiency. How efficient can you make it? I’ll probably get in trouble for saying this, but we’ve essentially stupid-proofed the first few levels. We’ve built it out for you. And look – I know AI is a word we’ve managed to avoid for about the last half hour, but AI is meant to enhance the human. It’s a tool. What we’ve done at Cynomi is build AI agents and intelligence into the platform to make this work manageable at a lower labor level. If I can take work that previously required a CISO – an expensive asset – and bring it down to a tier-two technician, my margins go up because my labor costs go down. That said, we’re not replacing the CISO. I used to work with a company that built a component for Apache helicopters – no public-facing anything. If a tier-two tech runs a report showing no web security for that client and flags it as a critical gap, the CISO might be the only person who knows that client has no public-facing presence by design. That context matters. The CISO still needs to be the final approval layer. What Cynomi has done is open up bandwidth for other people to do the groundwork, so you can grow your company without adding another six-figure salary. When your staff becomes more efficient, the CISO is less of a bottleneck – which was the original problem we started with. Robert Dutt: For the Canadians listening, there are some very specific regulatory drivers on the table right now. OSFI’s Guideline E-21 has a September 2026 compliance deadline for federally regulated financial institutions. Can you talk about the role you see TPRM playing in responding to that kind of regulation? Tim Coach: What we’re seeing is that the insurance underwriters, auditors, and regulators are the ones setting the standard, and the industry has to meet it – but the industry isn’t yet at a point where it can easily meet a TPRM standard. So what will probably happen, whether it’s Canada, the US, the UK, or EMEA, is a pattern we’ve seen before: they’ll release a guideline, there’ll be a period of voluntary adoption, and then they’ll give it teeth. Like HIPAA – they threw it out there, and eventually it got enforcement. The thing I’ve always loved is watching the auditors, because they’re typically running a couple of years ahead of the regulation. If you stop treating auditors like your mortal enemy – “they’re here to expose everything I’m doing wrong” – and start paying attention to what they’re flagging, you can get ahead of the game. Auditors are a leading indicator. It’ll always come down to government forcing the policy, and then insurance trying to find a way out of paying claims when it’s not followed. But if you’re watching the auditors and TPRM is showing up in their reviews, you already know what’s coming. Robert Dutt: For an MSP listening to this and thinking, “I should be doing this” – what’s the realistic first move? Not the ideal end state, but the practical starting point? Tim Coach: Start with the BIA – the Business Impact Analysis. Research suggests every SMB has three to five critical processes that drive about 80% of their revenue. Do they actually know what those are? Probably not. They make dog food. They take care of kids. Whatever it is – they don’t actually know how they make money. I have an old client who’s also a friend – he works in retirement planning. If you asked how he makes money, you’d assume it’s from managing portfolios. It’s not. He makes money by selling the policy, and the insurance company pays him a commission on that. If you don’t start by understanding the BIA, you don’t really know what solutions your clients are dependent on. Start with: who is your critical software outside of us? Who maintains it? Do we have a relationship with them? Does it connect directly to how you make money? And tie it to cost of downtime. If a doctor’s office goes down for four hours – and in a medical practice you call them providers, not doctors, right? Speaking their language, not ours – what does that cost? If the pallet machine on an assembly line goes down, and that pallet machine is the only thing holding product so the rest of the line can keep moving, what’s the cost per hour? If you don’t know that, you don’t actually understand how to service your client. You’re still talking bits and bobs instead of revenue, cost, and risk. Robert Dutt: Future-looking question to wrap up: where do you see this category going over the next couple of years? Is TPRM a standalone practice, or does it fold into a broader vCISO or governance offering? Tim Coach: I think it’s going to be both. For more mature MSPs, it’ll be baked right into their silver, gold, and platinum packages – TPRM is just part of what you get at a certain tier. For others, especially those that aren’t at a full vCISO-as-a-service level yet, it’ll be available as a standalone – a meaningful piece of the security posture they can deliver to clients without committing to the full stack. Growth and maturity, right? As people build their practices, the more advanced will have it embedded. But there’s also a real path for someone starting out to say, “I need to at least get this piece right, because it’s critical to the overall security posture of my clients.” Robert Dutt: Fascinating. It’s an interesting area of technology and – to your greater point – business. I appreciate you taking the time to share some thoughts on how service providers can get involved. Tim Coach: Thanks for having me on. I always appreciate it. Robert Dutt: There you have it – Tim Coach from Cynomi. I’d like to thank Tim for taking the time today. He’s been around the MSP space long enough that when he points at something and says it’s the next thing, it’s worth listening. A few things I want to make sure land from this conversation. The first is the Business Impact Analysis as the true starting point. Before you think about vendor questionnaires or risk scoring tools, you need to understand how your client actually generates revenue – which processes drive the majority of the business, and which vendors are load-bearing in that equation. That’s not a security conversation. That’s a business conversation. And that’s the shift that moves an MSP from tool vendor to genuine business partner. The second is the insurance signal. When underwriters start denying SMB coverage not because of something the SMB did, but because they’re connected to an MSP – that’s a warning and an opportunity in the same breath. MSPs who can demonstrate they’re actively managing their clients’ third-party risk have a new and better story to tell. And the frame to carry with you: security first, compliance becomes a default. Build the practice to the right security baseline and the compliance checkboxes largely take care of themselves. In The Channel is available on Apple Podcasts, Spotify, YouTube, and most major podcast directories. If you’re finding value here, ratings and reviews are always appreciated – they help other people in the Canadian IT channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Michael Khoury, vice president of Global Ecosystems Programs at Palo Alto Networks When Palo Alto Networks announced the first comprehensive overhaul of its NextWave partner program in more than three years this February, it raised a lot of questions for partners. What does the shift from transactional incentives to platform adoption rewards actually look like day to day? What happens to loyal, firewall-heavy partners who now face a diversification requirement? And is the promise of dramatically improved economics real, or is it marketing math? Michael Khoury, vice president of Global Ecosystems Programs at Palo Alto Networks, is the architect behind the changes. He joined the company, conducted an extensive listening tour with partners across markets, and built the revamp around the specific frustrations he heard: over-reliance on Palo Alto staff for routine tasks, managed services being valued like resale, incentive structures that looked good on paper but didn’t pay out, and training that wasn’t keeping pace with the platform’s evolution. In this conversation, Michael walks through the mechanics of the new program in detail. He explains why Platinum and Diamond partners will need to generate 20 and 30 percent of their business, respectively, from non-firewall product lineswithin 18 months, and why he believes most strategic partners are already within striking distance. He shares data showing the elimination of discount caps has resulted in 2-to-4x earnings improvements based on modeled past bookings, and explains why they timed the rollout to prevent partners from holding back orders. He discusses how the $25 billion CyberArk acquisition creates a new identity security practice path that counts toward diversification targets, the new Partner Development Fund that reinvests rebate earnings into partner growth, and what Canadian partners specifically should know about how their market stacks up. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If you’re a Palo Alto Networks partner, or you’ve been thinking about becoming one, you’ve probably been hearing about the NextWave Partner Program revamp that launched in early February. It’s being called the first ground-up redesign of the program in about three and a half years, and the changes are significant. A shift from rewarding transactional volume to rewarding platform adoption, the elimination of discount caps that were leaving money on the table for partners, new diversification requirements, and a whole new approach to how Palo Alto thinks about managed services. My guest today is Michael Khoury, Vice President of Global Ecosystems Programs at Palo Alto Networks. Michael is essentially the architect of these changes. He joined the company, did a listening tour of what partners were actually frustrated about, and the revamp is his answer to what he heard. We got into the details of what changed and why, the real economics of the new incentive structure, what the 30% non-firewall requirement means for partners who’ve built their business around firewalls, how mid-market MSPs and resellers fit into a program that could easily be optimized for global SIs, and what the recent CyberArk acquisition means for the partner ecosystem going forward. Michael brought real data and real candor, and I think you’ll find it genuinely useful. Let’s get right into it, my chat with Michael Khoury. Robert Dutt: Michael, thanks for taking the time. I appreciate it. Michael Khoury: Thank you, Rob. Great to be here. Thanks for having me. Robert Dutt: It’s been about three and a half years, I guess, since the last major partner program update for you guys. What changed in the landscape, or in what you’re hearing from partners, that made this the moment to do a kind of ground-up revamp rather than a refresh and update kind of motion? Michael Khoury: Yeah, great question. Rob, I joined Palo Alto Networks about 18 months ago, and what I did, in addition to getting the internal feedback obviously from the various team members and various stakeholders, I made sure to go out on basically a tour, a listening tour, meeting with partners and getting their input frankly about our program at the time and what are the areas we needed to address. It was obvious to me in a lot of areas we had some challenges that we needed to address as a company. I’d put these things in a way – it’s not like what we had was necessarily bad, but it just didn’t evolve with the way the business kept transforming and evolving. So we needed to update. And if you’ve seen this, probably you’ve seen it with other vendors – it’s kind of common in our industry that every few years you need to evolve the program to keep pace with the business needs ever changing. And as I met with partners – and I met with partners across the globe, various regions, some of them were virtual, other meetings were in person, some of the meetings were larger like partner events that we hosted – the consistent feedback that I kept hearing was this. Number one, it was around “Hey Palo Alto Networks, that’s great that you have a program, but it feels like we need you for everything. We need someone at Palo Alto Networks to do anything with you. So we’re always relying on you to get things.” And those things can be as simple as if we needed to get a quote, if we needed to get a price, if we needed access to more training – we always needed someone at Palo Alto to give us that access. That was consistent feedback number one. Number two, obviously when we got into the program it was particularly with the managed services motion, because that motion has been growing for us at a much faster rate – and I’ll give you some percentages in just a minute – but that motion has been growing at a much faster rate than the traditional VAR motion. So when we discussed with the managed services partners, they were like “Hey, you kind of have a managed service program, but it kind of works like resale, not like truly like a managed service.” So we needed to revisit that. And then obviously the other areas that our partners care about – for partners who provide services, how do we ensure we’re leveraging more of their capability and training them and giving them the right support from a training and enablement perspective so they can build not just a go-to-market motion but also their services around Palo Alto Networks. And lastly, the last area was around the incentives. It was only two years prior to me joining the company that the company – and you’re right, you said three and a half years ago – which was the time when the company launched their first rebates program to partners. However, the feedback that I heard from partners, they said “Michael, you have rebates, you have these incentives for us, but they’re mostly on paper. It seems like it’s very hard for us to earn these incentives.” So we had to open that up and revisit that. So overall, Rob, those were the big themes that I heard from partners and why we needed to evolve the program with bigger changes, and why we did the things that we did and we launched the recent program. Robert Dutt: You’ve talked about moving from rewarding transactional volume to rewarding the platform and selling across that. Can you walk me through what that shift looks like concretely for a partner? If I’m a reseller who’s been doing well selling Palo Alto firewalls, what’s different about how I engage with you guys under this new program versus the old one? Michael Khoury: I found – and this is by the way common across the industry – because sometimes a vendor builds a program and sometimes they look at it almost like a static thing. “Oh, we built it, here’s the requirement.” And sometimes you have to also look at where your own field sellers are measured on and what they need to do. Because if you have the company field sales organization and the partner organization that are not in perfect harmony in terms of what they focus on and what they need to work on, then you end up having more friction. So as we evolved the program, we looked at our expectations from our sales teams and we said “Look, we expect our sellers not just to sell our firewall, but we expect them to support the platformization strategy,” which Nikesh talked about a few years ago. And now every company says “Oh, I have a platform too.” But if you think about that concept of we’re not just a firewall company – yes, that is our history, that’s our legacy, that’s where the company started – but when you evaluate our business, when you look at our next-gen security growing around 34-35% year on year, that’s been a big growth engine for us. So as our field sales organization started to focus on embracing the platform, which means if you look at our product platforms, you have the network security, the NetSec part of the house, where you have the firewall, but you also have SASE, which includes SD-WAN and Prisma Access. And also you have what we call our SOC transformation, which is our Cortex product, which is also part of our next-gen security. And under Cortex you have XSIAM, which is the next-generation SIEM. You have XDR, which is around endpoint detection. And then recently we added identity as well, as you know, with the CyberArk acquisition closing last month. So as we looked at all these things that our field sales organization is going to be measured on, when I looked at our program, there were no requirements toward those next-gen security platforms. It was mostly like if you can do firewall and keep doing firewall – which is not bad, it’s totally fine, we love those partners who continue to embrace us on the firewall side – but we also said in the new program, if you want to be driving bigger growth with us and being more aggressive, you need to do more across the platform. Meaning you need to embrace our SASE, you need to embrace next-gen security around Cortex, you now need to also embrace identity. So now the partners who play with us across the platform can unlock better benefits and have more leverage. And we continue to say, look, if you focus only on one area of the business you can excel, whether you focus on identity or you focus only on firewall, you can excel with us, but that will be your lane. That will be kind of your swim lane. Obviously the partners who are more strategic, who embrace the platform, will be able to unlock more. So what we simply did in the program, Rob, is we said now partners have requirements where they have to meet toward the next-gen security, where in the past there were no requirements. We put specific requirements. It’s very clear what they need to do. And then secondly, what we also did in addition to requirements, we also built the incentives and the rebates that support that motion. So we’re basically telling our partners we’re looking at both sides of the puzzle. And I’ve always talked about programs – people ask me “Michael, what is a partner program?” Frankly, for me it’s a value exchange. On one side you have the requirements of what we expect as a vendor from our partners. And on the other side, what do we offer them in return? What’s in it for them? And the way I look at this, where the two meet in the middle – where the requirements meet the benefit and the incentive – that’s the program. So every program, in order to be successful, needs to have both sides. We made sure in our program we updated the requirements, but we also updated the incentives that go with that. Robert Dutt: A couple of things coming out of that in different lanes. You mentioned setting those goals that folks have to reach outside of firewall and making that a requirement for the first time. You’ve said that 30% of revenues need to come from non-firewall lines of business within 18 months for you to reach both Platinum and Diamond, if I’m remembering correctly. That’s a real requirement. What happens to a longtime, loyal firewall-heavy partner who can’t or doesn’t get there? You say they have their lane, but what does that path look like? And the other side of that – is 18 months realistic for partners who need to build new practices around Cortex or Prisma or the other next-gen areas? Michael Khoury: So look, we’ve done the analysis across our partner ecosystem. And what I found when we did the analysis, even over a year ago versus when we did it recently, we already saw a shift. We already saw an increase over just the first year, even before we launched the program, because we started to signal especially to our key, bigger strategic partners. And you’re right – at the Diamond level we require 30% of their business to come from next-gen security. But the Platinum level is a little bit lower, it’s 20%. So it’s not as high of a bar. And obviously for the Innovator level, we did not put a specific requirement. We felt those partners are smaller in nature, maybe they’re focused on a specific area, they’re still building their business model. We didn’t feel we needed to necessarily be very prescriptive with our requirements in that area. In terms of the 18 months, when we looked at our partners – if I have a partner who’s already, let’s say, a Diamond and doing 20% of their business toward next-gen security, and now by adding identity as well, that adds to that percentage. So some of them actually have an identity practice that they can leverage as well. We know the vast majority of our strategic partners are within striking distance. Yes, they may need to stretch. Yes, they may need to do a little bit more work to get there. But look, this is why we gave the 18 months. This is why we enable our CBMs, our field team, to work with these partners early on to start having those plans. And I think overall, the partners who are committed to us, who are not ad hoc, opportunistic – “Oh, this deal I’ll work with Palo only, I’m not fully invested in them” – I get it, those partners may not get there. But frankly, those partners in the first place, they were not driving that much business and that much impact for us to begin with. They were opportunistic, they were bringing some deals, which is totally fine, but we’re not going to necessarily limit our program evolution and requirements based on those. Overall, I feel pretty confident that our strategic partners will be able to meet those requirements come the 18 months. And here’s what I’ll say – last time I did this when I was at ServiceNow and I evolved their partner program, it’s funny how things happen sometimes in the same way. I was there about 18 months before we launched the program. Somehow it worked out to be about 18 months. I don’t know why, it seems like that’s the magic number. And I recall at the time we gave about 18 months and the vast majority of partners ended up getting to where we expected them to go. Yeah, we had a few we had to work with and figure out a way how they can get there in a few more months, but overall it ended up moving that ecosystem in that direction. Now I understand cybersecurity is different than a workflow optimization company, but at the same time, I’ve done these things when I was at Cisco. I’ve done them at ServiceNow and I feel like this is the right move for us at Palo Alto. And I’m encouraged by what I’m seeing early on. The feedback from our partners seems like “Okay, we like this because it’s going to allow our unique partners to stand out.” And if you have too many that are all special, then no one is special. You know how that goes. So we believe 18 months is the right time and the early indication seems to support that. Robert Dutt: It’s funny how, as they say, history rhymes with the 18-month cadence for you across new roles. Switching to the incentive side of things, you’ve eliminated the discount caps that used to lock partners out of earning a rebate on heavily discounted deals. That sounds like a pretty big one for partners. Can you give me a sense of the magnitude here? You’ve said that some partners could be earning two to four times what they were earning before. Is that the aspirational number, or is that broadly achievable? Michael Khoury: That is the actual data. When I said that two to four times, it was actually based on actual data that we modeled based on last year’s performance. So as a matter of fact, when I’m looking at partners, we are more than halfway into our fiscal year ’26, which you know will end in July. So fiscal year ’27 will start August 1st. When I look at our performance for FY26, which we launched the program only in February, so we’re talking about only the second half of the year where these things are making an impact – as a matter of fact, when it comes to the rebates, we changed it in the last two weeks of the second quarter. We didn’t want to finish the second quarter where partners may be holding back on some orders to wait for Q3 where they can earn more rebates. So we made a decision to say “Hey, we’re just going to do it in the last two weeks of the quarter so we don’t hurt our Q2 numbers.” And it turned out to be a good decision because our data was very strong in Q2. So that was great. But it’s a great question. It’s not aspirational. It’s the actual data on past bookings. And what’s really exciting about it – when you look at our next-gen security, around SASE, Cortex, and obviously identity we’re going to address later – but when you look at SASE and Cortex, for us there were a lot of deals our partners were driving but they were not earning those incentives. And here’s one interesting fact. As we started to make that shift and we started to talk about it, all of a sudden in our deal registration – which means mostly the business that our partners obviously source and bring to Palo Alto – our next-gen security deal registration percentages were not as high. And once we started to make that shift and we’re tracking this, you won’t believe it, all of a sudden we’re starting to see an increase in our deal registration and partner-sourced business for us. So that tells me, even though with only one month or one month and a couple of weeks, because we did that change two weeks into the quarter, I’m starting to see the pipeline. I’m starting to see more booking toward that next-gen security. So it’s a good early indication. Obviously I need to wait a couple more quarters. I’m not going to claim victory only in six weeks that we’ve had this. But the early indication, Rob, seems to show that as we made the changes toward these incentives, especially with next-gen security – because in the past a lot of partners, because of the market and competitive dynamics and the way our list pricing model was set up, they were not able to earn incentives on next-gen security – but now they are. So that’s starting to show early indication of pipelines, early indication of deal reg percentages, and so on. So I’m encouraged by where we’re going to finish the year, but I’m more encouraged for next year. Because it’s funny, every time we do these things, when you launch something new it takes about a couple of quarters for the ecosystem to kind of understand, fully adopt, embrace, and put it into an operational vehicle so they can execute on it. And then you start to see in that third and fourth quarter it starts to get much better, and by the fifth and sixth quarter, that’s when you start reaching a higher level. So again, I don’t know why, but somehow things always end up working toward that 18-month kind of trajectory. Because you’re right, the ecosystem cannot pivot right away. They need time to adjust. But that’s what I’ve seen over the years dealing in this for a long time. That’s typically what it takes to get to a higher level. So I’m really excited about where we’re going to end up in ’26 and even more in fiscal year ’27. Robert Dutt: A lot of the audience are mid-market MSPs and resellers, the 15, 20, 50-person shops. When you designed this program, how much were you thinking about that sort of long tail of smaller partners who aren’t at global SI scale? The platform approach – I understand it, it sounds good in theory – but building specializations across the different areas, across network, across cloud, across SOC, requires investment that might be a reach for a smaller partner. What’s the path for that small partner MSP? Michael Khoury: That’s great. First of all, I said it earlier but I didn’t share the percentage with you. I will share it now. Our managed services route to market is growing over 60% year on year. So I can tell you that that’s where we’re seeing a lot of growth. Even traditional VARs, a lot of the traditional VARs are starting to build and deliver managed services. So the business has shifted from just resale, traditional VAR, to managed service. Regarding what we’re offering to that smaller VAR – or that smaller managed service partner, I should say, but it also applies to even our resellers if they want to build a business and go-to-market motion around Palo Alto Networks – we just launched, actually, as part of this program redesign, the ability to have access for all of our partners with on-demand learning experience. Not just for pre-sales and technical sales, which we had always available as on-demand learning, but we just expanded it for post-sales. So now if you’re a smaller partner, you’re going to have access to on-demand learning experience across sales, technical pre-sales, architect roles which are kind of more pre- and a little bit post-sales, across engineer roles for delivery, and across analyst roles for support. So now they have access to on-demand learning experience across all products, which we started with this quarter, and we’re adding more products within the next quarter as well. So that’s number one. Number two, we now incorporate as part of our training for partners an AI roleplay that is also available to them. And the early feedback from partners – we had solution architects from partners come in and do this AI roleplay not prepared. And their feedback initially was “Michael, it kicked my butt, I wasn’t ready.” And now they feel like it gave them an indication of what they need to do better. The new AI roleplay is enabling our partners’ sellers and technical pre-sales to help them position the product. And it’s also enabling the post-sales engineers, architects, and analysts as well. So we’re giving them access across all of that on the portfolio. In addition, once they have access to the on-demand learning experience, part of the ongoing certification model now includes a roleplay. But they also now have access to labs across the entire portfolio. That’s also available to them through that on-demand learning experience. And in addition to that, we just launched Demo Zone, which is also available through the Learning Center. So they can do demos across the product line, they can come in, get training for about an hour, hour and a half, and be able to do demos for customers, really without needing help from a sales engineer or solution consultant at Palo Alto Networks. I touched on this early on when we started – that was one of the key changes we needed to make. Sure, our partners need to have access to the right training, to the right enablement, so they can be self-sufficient. So technically, if you have a smaller partner who’s embarking on their journey with Palo Alto, they’re going to have access to really a lot of content, training, and capability across all roles, available to them on demand. It’s going to allow them to invest and grow and drive that business growth like never before. And obviously with MSSPs, we provide them with programmatic front-end discount that helps them win in that commercial segment, that mid-market that you touched on, without needing a lot of help from Palo Alto. So in a way, we’re giving them access to the training, the enablement, the tools, and also to the programmatic element from a front-end discount, and to the back-end rebate as well, to ensure they can grow and develop that go-to-market motion. So I’m really excited – even though our managed services was growing at 60%, I’m really excited about where it’s going to go a year from now, because I don’t think we’ve touched its full potential. A lot of those managed services partners are going to be able to reap a lot of benefits across the board, across the entire portfolio. Robert Dutt: The AI roleplay tool – that’s something that I thought was really interesting, really fun to see in there. It’s been interesting seeing AI start to find its way into partner programs. Sticking with the sort of idea of resources and smaller partners, are there any Canadian-specific resources or team support that smaller Canadian partners of Palo Alto should know about? Michael Khoury: Look, in Canada we have a very strong managed service motion with partners. And when I look at just the ratio of percentage of Canadian partners and the investment, I see that our Canadian partners actually invest – just from a percentage of resources to booking and revenue – I see our Canadian partners invest more in technical pre-sales roles and training for individuals than in other markets. So I’m very encouraged to see that in Canada, not just are we driving a strong managed service motion, but we also have more investment from a resources perspective. Because when I look at a partner, I don’t just look at how much booking you did with us, because to me booking is more of a lagging indicator. I look at the investments, and not just by the number of certifications they have – I look at the number of individuals. Because obviously you can have one individual sometimes accumulate multiple certifications. So I do look at the number of certifications by product, but we also look at the number of individuals that a partner has invested in. And I’m encouraged to see that in Canada, particularly in our managed service motion and even in our resale motion, I see more and more partners investing in sales and technical and obviously post-sales as well. I found that was interesting data that I uncovered as I was comparing, for example, US partners to Canadian partners. So that’s encouraging. That means our partners in Canada will be able to have, over time, as they leverage the new program, even bigger market share and better representation. Because the data is very clear – partners who invest more in their enablement and their certification, who really go on that journey, their revenue tends to be much higher than partners who don’t make that same commitment. And that’s why we have something that we’re now making available – it’s called our Partner Capacity Dashboard, something brand new. We’re making it available to our Channel Business Managers first for this year. Next year we’ll make it available to partners so they can have clear visibility on all the individuals, the training, the demos, the AI roleplays, all the things that their people are doing. And we also look at their projection for the year’s business and give them guidance on whether they have enough individuals, enough people who are certified. So it’s going to help them really with their business planning for the future. I’m excited about giving this first to our Channel Business Managers. We have a few things to work through, and then by beginning of ’27 we’re going to make it available to partners to help them on that journey. So that’s another one of those things that we’ve evolved and changed. Robert Dutt: You touched on this a couple of times, let’s discuss it now. The CyberArk acquisition closed in February, $25 billion, added identity security into the fold. And that’s something that we’re hearing a lot more about across the industry and throughout the channel. What does CyberArk being in there mean for partners right now? Is there a NextWave path for identity? And how quickly do you think partners are going to be able to build their capability there, particularly with Palo Alto? Michael Khoury: So this was my message probably a week before we closed the CyberArk deal. I went to a CyberArk event, their global sales kickoff, where we had about 200 or so partners. And one of my messages to those partners in the room, I said “Look, if your business is resale, managed service, or consulting implementation on identity only, that’s totally fine. That is a home for you at Palo Alto Networks.” Now it turns out, when we looked at the data, the vast majority of our partners are joint partners, meaning they are both a CyberArk partner and a Palo Alto Networks partner. We had a very small number of partners who are CyberArk-only partners. And those partners, we were in the process of ensuring we onboard them in the next few months before the new fiscal year starts. So the journey for those partners is, if you’re going to continue with identity, we’re going to give you all the support, all the things that I talked about earlier – from access to training, enablement, demos, AI roleplay, tools – all of that is going to be available for identity. All the incentives that I talked about, which today are not available in the CyberArk portfolio, we are going to be working on that for identity for the new year as well. So partners can be even more profitable when they do business on identity. And both CyberArk and Palo Alto, we both embrace partner delivery and support services as well. Between us and them, we have over 90% of the delivery on CyberArk – and a similar thing on Palo Alto – done by partners. So it’s not just the managed services motion or the support motion, but even the delivery motion as well is done by partners. So there will be a path if you just do identity – and again, those are a small percentage – there’ll be a path for those partners to be able to continue to invest in identity. And they’ll have plenty of time to adjust. And if they don’t ever want to go beyond identity, that’s fine. But again, the majority of our partners are actually joint partners between the two companies. So there is a lot more synergy there. When you start looking at data, you start looking at which partners drive the TCVs and the bookings on Palo Alto, there is a lot of overlap. And we’re rationalizing the rest of our ecosystem as well. But I’m excited about adding identity and being able to incentivize and give more support to those identity partners. And I’m glad to say, by having such a large joint overlap, I think that in itself will open up more business for them and more opportunities for us. And frankly, for the Palo Alto partners who do not sell identity – because we have more of those, Palo Alto partners who do not sell identity – this is going to be a great opportunity for them to embrace identity, get the right training, get the right certification and specialization, and be able, if they want to expand beyond what Palo Alto offers, into the identity space. That’s the bigger area of opportunity. Because as I said, the joint customers – all of the CyberArk partners are actually Palo Alto partners – but we had more Palo Alto partners who are not CyberArk, who don’t sell and support identity. And that’s where I feel there is a big potential for growth in that area. Robert Dutt: Do you have any kind of feel for how many of those partners that you describe, who are Palo Alto but not CyberArk, have made identity bets elsewhere? Michael Khoury: That’s a great question. I don’t have that top of mind to share with you as a percentage. Identity tends to be an area where you need to invest deeper. Let me give you an example – a certified delivery engineer at CyberArk is a minimum six-to-nine-month type investment. So it’s not as easy for a partner to pick it up overnight and say “Yeah, I’m ready to go down that path” unless it is part of their go-to-market motion and they have a plan for it. Now, the way we see the future, with more agentic AI and privileged access going to play a bigger role, we believe identity and the privileged access space is going to be an even more key component of that. So I’m going to see more and more partners – not just the joint partners, but more and more partners are going to start to embrace that. But I don’t have the exact percentage top of mind of, hey, if you are Palo Alto only, have you invested with another company versus us. I think they’re going to find very quickly, with all the things we’ve changed in the new program and implementing those with identity and incentivizing more on identity, I think it’s going to be very difficult for them to turn away, even if they were investing with another vendor, not to come to Palo Alto Networks and invest with our identity solution. Especially as we integrate the products and there’s going to be a lot more capability from a platform perspective by having identity. I think it’s going to be more and more difficult to say “Oh, I’m just going to keep working with another company on this one product only.” I think they will see the value, even if I don’t do all the great things I talked about in the program, which we are doing for identity. But from a product and a technology perspective, I think there is a lot of value there. Robert Dutt: My last question – if we’re sitting here a year from now, what does success look like for this program? What’s the metric or the outcome that tells you this revamp worked? Michael Khoury: Yeah. I mean, if I look at the key metrics that we’re looking for – and I think you heard me talk about them already – I’m going to look at how many more partners have trained individuals on Palo Alto Networks, how many more certifications across next-gen security, how much more booking is coming from that side of the house, what percentage more of deal reg is initiated by partners. I’m going to look across various elements to say, did we actually hit the mark? And obviously the other piece is we’re investing in those partnerships as well. All these things that I talked about to make available for partners, it’s an investment on our part. So I need to have that direct correlation to all these key success metrics. And so far the early indication says we’re heading in the right direction. There is one item we haven’t talked about and I want to mention this. Part of our incentive redesign, we also created a program called the Partner Development Fund. So partners will not just be able to earn rebates from us, but also part of the investment they earn will go into a Partner Development Fund that helps them invest in their future growth. So when I look at that future growth and all the activities that partners can drive with us – whether it’s investment in training, investment in headcount, investment in migration services, competitive takeout, whatever the case may be – they’re going to have funds available to them to make that investment in future growth. So one metric I’m going to be looking at is all these partners – how fast they’re growing, where were they growing with Palo Alto Networks as a percentage of business with us, and how fast that is growing now a year later, as we launch this new program with basically adding fuel to that fire and having a flywheel effect. The better job you do, the more we reward you. And the more we reward you, you have more funds to help you reinvest more in that growth. That part is really going to be a key differentiator for us and for those partners. In addition, frankly Rob, our platform strategy across these different products is going to give them a very real competitive advantage. So when you take all that holistically – from a technology perspective, from a program strategy, from a go-to-market motion – all of that combined with access to more training, more enablement, more funds, more support, I think the story is going to look a lot more positive across all these metrics. So I’m looking forward to, by end of fiscal year ’27, which will be the 18-month mark, seeing how this is going to play out. Robert Dutt: All right, I appreciate that, and certainly a lot going on with the NextWave redesign. I appreciate your walking us through some of your thinking around building the program and getting it out there. Michael, thank you. Michael Khoury: Thank you, Rob. Thanks for having me and great to be here. Appreciate the time. Robert Dutt: There you have it, Michael Khoury from Palo Alto Networks. I’d like to thank Michael for his time. He was generous with it, and more importantly, he was generous with specifics, which is not always the case when you get into a partner program conversation. A few things that stuck out for me with this one. First, the listening tour approach. Michael came in, asked partners what was working, and built the revamp around those answers. That sounds obvious, but it’s rarer than it should be. The four pain points that he identified – partners over-relying on Palo Alto staff for basic tasks, managed services being treated like resale, training and enablement that wasn’t keeping up, and an incentive structure that was, in his words, “mostly on paper” – those are complaints I’ve heard from partners across vendors over the years. The question is whether the new program actually fixes them, and the early signals are encouraging. The two-to-four-times earnings improvement isn’t a projection – it’s based on actual past booking data, and they’re already seeing increased deal registration for next-generation security lines within weeks of launch. Second, the diversification requirement. If you’re a firewall-heavy partner, the 30% non-firewall threshold for Diamond level is real, and the clock is ticking. But Michael made a reasonable case that most strategic partners are already within striking distance, and the CyberArk identity practice now counts toward that number, which opens up a path that didn’t exist six months ago. And third, for the audience here in Canada specifically, Michael noted that Canadian partners invest more per resource in technical pre-sales and certifications than partners in other markets. That’s a competitive advantage worth knowing about and leaning into. Thank you for listening. If you found this one useful, I’d appreciate it if you’d follow or subscribe. You can find the In The Channel podcast on Apple Podcasts, Spotify, YouTube, and most podcast directories. And if you have a moment to leave a rating or a review, that goes a long way to helping other channel pros find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Faraz Siraj, vice president of global channels and alliances at Fortra Faraz Siraj, vice president of global channels and alliances at Fortra, joins the podcast to talk about what it looks like to build a channel program around a cybersecurity platform assembled through more than 20 acquisitions – and why MSPs should be paying attention now. Fortra’s portfolio spans offensive security tools like Cobalt Strike and Core Impact, data protection through Digital Guardian, and security awareness training via Terra Nova Security. It’s a wide footprint, and as Faraz acknowledges, many partners still know the acquired brands without realizing they’re all under one roof. The Fortra Protect partner program, launched in 2025 with guaranteed margins and a single FortraOne partner agreement, is the company’s answer to the fragmented discount structures and multiple contracts that came with all that M&A. The conversation also digs into Fortra’s recent decision to sell its Alert Logic managed detection and response services to LevelBlue – a deliberate move to position the company as a software provider, not a services competitor to its own partners. Faraz is candid about where offensive security capabilities realistically fit into an MSP’s stack and where they don’t, and offers a practical on-ramp for Canadian partners through Fortra’s acquisitions of Ottawa-based Titus and Montreal-based Terra Nova. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If I say the name Fortra, there’s a decent chance you might not immediately place it. But if I say Cobalt Strike, or Digital Guardian, or Alert Logic, or Titus, especially if you’re in Ottawa, those might ring a bell. Fortra is the company that’s been quietly acquiring cybersecurity companies for the better part of a decade. More than 20 acquisitions in all, and now they’re trying to stitch it all together into a unified platform, pointed squarely at MSPs and MSSPs. What makes this story interesting right now is they’ve recently made some moves that signal where they think they fit into the ecosystem. They sold off their Alert Logic managed services business to LevelBlue, which is a pretty clear statement. We make software, we’re not going to compete with you on service delivery. And they’ve rolled out a new partner program called Fortra Protect with guaranteed margins and a single partner agreement that covers the whole portfolio. My guest today is Faraz Siraj, Fortra’s Vice President of Global Channels and Alliances, and I wanted to talk to you about what it looks like to build a channel program around a platform that was assembled through acquisition, how MSPs should think about the balance between offensive and defensive security capabilities, and whether there’s a Canadian go-to-market story here. Let’s get right into it. My chat with Faraz Siraj. Faraz, thanks for taking the time. I appreciate it. Faraz Siraj: Great to be here. Robert Dutt: Fortra has been built through a bunch of acquisitions. 20+, 25+ I think? For MSPs who know Cobalt Strike or Digital Guardian but don’t necessarily know the umbrella brand of Fortra, what’s the pitch for why they should think of you guys as a platform rather than sort of a collection of tools? Faraz Siraj: Great question. Well, all of these products that we acquired over a, I’d say, a five-year period, it was around a little over 20 companies, we are going to platformization, and all of these will be available via the platform. And the platform provides a variety of tools to manage, and so MSPs would probably want to welcome that opportunity to utilize a single platform with multi-tenancy to help manage those solutions for their customers. It’s just a natural fit, and rather than having multi-screens, multiple interfaces to be able to provide those types of managed services, so it’s a very, very powerful way of bringing it all together. Robert Dutt: For that MSP market, you guys sold off Alert Logic’s managed services business to LevelBlue a couple of months ago. What does that signal to MSPs about where you see Fortra sitting in the ecosystem moving forward, in terms of trying to be a technology brand behind the MSP? Faraz Siraj: Well, that’s a perfect fit. I think we realized that the managed service business is not really what our strong suit is. And we aligned our Alert Logic business with a suitor that can take full advantage of that kind of business, and they’re very good at it. We, over time, realized that if you want to do that business, you have to really focus in on it, whereas we had other priorities. And so what that tells the market and other partners out there is that we need our partners to be able to provide those managed solutions. We truly are in the business of making and providing software. We do not want to be in the services game. We want to have our partners provide those services, whether it is managed services or whether it’s installation services, optimization services delivery, we need our partners to do that. And that’s what creates opportunity. And that’s what I’m really excited about with our platform play, as well as where our future direction is as a company around the products that we provide. Robert Dutt: One of the most interesting things I think you guys talk about is the idea of MSPs balancing offense and defense. And I guess I want to dig into what that actually looks like in terms of the service delivery level. Where does offensive insight realistically show up in the day-to-day stack for an MSP? Faraz Siraj: Well, it shows up everywhere, whether you realize or not. It is in whether it is vulnerability management, it’s in offensive security tooling, it is in pen testing, it is in simulations. That takes some knowledge and ability to provide those services around those capabilities. And that’s just from an offensive side. There is a need for support for those particular product sets. On the defensive side, it’s pretty simple. I mean, we have a lot of those defensive protection products, and we need our partners to be able to provide solutions around it. Robert Dutt: Yeah, and MSPs, most I would dare say at this point, are defensive operators by nature. Prevent, detect, respond, deal with the problem. What can MSPs realistically do with offensive capabilities, and where should they not be trying to operationalize offensive capabilities in their stack? Faraz Siraj: Well, the first thing that I would tell them is be comfortable with what you’re providing. Be comfortable with your capabilities that you can go to your market with, with your customers. If you don’t know it, you can certainly learn, but you don’t want to try to pigeonhole yourself into a technology that you’re unfamiliar with. We can help with that. We have a lot of training. We have a lot of classes available through our Fortra Academy that can help them, and we have onboarding that we can help partners with. Again, it would be, I would think about the customer and work backwards. You would want to qualify the customer and qualify their needs. And if offensive security is something that is a pain point for your customer, then investigate it. And sometimes it’s not. And if it’s not needed, why would you want to venture and invest in an area that you’re unfamiliar with? Now I’d love for all of them to do it, but I’m an honest person. Sometimes it doesn’t make the right business sense. Robert Dutt: You guys acquired Red Macros Factory to enhance Outflank Security Tooling. Cobalt Strike is used by red teams worldwide, but it’s also used by threat actors who are probably using cracked copies. That led Fortra and Microsoft to take joint legal action in the past. How do you talk to partners about selling offensive tools when some of those tools have been weaponized against their customers? Faraz Siraj: It’s a discussion point. It’s also sort of a proof of concept in a twisted sort of way. Well, we do not support any illegal use of our products. We do not support using it for the wrong reasons, so to speak. We have strict legal language on it and we have gone to legal with Microsoft about those kinds of things, because we have strict requirements of how you’re going to utilize this tool. If we find out that you’re using it for the wrong reasons, weaponization, we cut it off. And that’s part of the qualification. And that’s also part of the execution and inspection that we look at. These are very powerful tools and they are not for that purpose. And just as another example is when we provide NFR gear, it’s meant for testing purposes and lab gear. You cannot be utilizing it to provide protection from as a customer standpoint, even though it’s not the same completely. It’s similar. And we just, we have to be very transparent and upfront about what these tools are about and how they’re supposed to be used. Robert Dutt: Let’s talk about the program and what you guys are doing there. You’ve introduced guaranteed margins with Fortra Protect and the FortraOne agreement. What problem were you specifically trying to solve with that model and what was sort of the problem with how partners were engaging with Fortra before? Faraz Siraj: Yeah, there’s several problems that we were addressing and yet we came to an innovative way on how to address it. So let’s look at a little history. When you acquire so many companies, your discount structure is all over the place. In Fortra transparency, we had discounts that were in the low 20s and going way north into the higher discounts. And when partners want to work with you, they expect a certain discount table for all products. And when you’re all over the map, you can’t really do that. Additionally, we wanted to encourage our partners to look at the entire portfolio and be encouraged by representing all Fortra. We had different agreements and we had different programs by product lines and we needed to bring it all together. And so as I joined, we did the FortraOne agreement, which brings everything into one unified legal agreement to be able to represent our products. And that’s the easy part. Second, we wanted to provide incentives to our partners to represent not only the products they’re familiar with, but all the other products that we had. And guaranteed margin was the best way to do it. Now there’s no guesswork on partner profitability. You know what you’re going to be making. And when you know that upfront, you can now focus in on the real problem at hand is providing customer solutions. We can work on it jointly. I can tell you I’ve been in the industry long enough where I continuously talk to partners and their pain points are around profitability and the unknown. Working deals and then being squeezed or not knowing what they’re going to make until the very end. And you’ve spent all this time working on these solutions and then you are not going to kind of have that profitability that you want. That’s a big deal. And we took the guesswork out of it. And now let’s focus on the customer, which is quite from what I hear the most important thing. Robert Dutt: I’ve heard the same thing, believe it or not. What do you see as sort of the, as you’re looking at the platform structure and trying to make it easier and more smooth for partners to sell across that, what are kind of the one or two top entry points for partners? And what do you see as sort of the next adjacencies that partners naturally gravitate towards as they get to know what all you guys are doing and get comfortable with the model? Faraz Siraj: Yeah, I think the best entry point would be around data protection. And we offer so many varieties of security solutions, but the best way is around data protection. And let’s face it, data has been exploding and will continue to explode. There is a fun new variable out there called AI that is in the forefront of everybody’s minds. And it’s being utilized for the right reasons and the wrong reasons. And whatever your case is, you need to protect your data with however which way it’s exposed. And so we have data protection solutions that will be enhanced by AI, but also will protect against AI because your data is the most valuable commodity that you have as a company. And so with our data protection, such as our DLP solutions, our data classification solutions, DSPM, that’s a great entry point. And then you can expand from there with the use of the platform. But that’s what I highly recommend for partners that are just getting into this. Robert Dutt: You joined Fortra in late 2024, and this is being described as kind of the company’s first dedicated channel push. For Canadian MSPs who aren’t in the ecosystem currently, what’s the realistic on-ramp for working with you guys? And I’m curious where you’re at in the Canadian market in terms of is there a distribution and go-to-market story here, or is it sort of primarily still being built around the US model? Faraz Siraj: No, it’s a true North American model. By the way, we acquired a few Canadian companies, and we have several Canadian MSPs already that we work with. We are always looking to expand within the Canadian market. Companies that we acquired that are well-known in Canada, such as Terra Nova and Titus. Terra Nova out of Montreal. Titus was out of, I believe, Ottawa. Terra Nova, by the way, human risk management or security awareness training, if you want to call it, is an MSP’s dream. It can be branded by a partner, and it can be run as if it were the partner’s business. And we actually go to market heavily with a lot of Canadian companies for that particular product line. If you ever wanted the easy button to get involved with Fortra, it would really be the Terra Nova product, human risk management, because everybody needs security awareness training. I go through it every six months at Fortra ourselves. I’m a user on product, but you need to have that refresher, because in the simplest forms, we are exposed to crazy stuff that comes to us, and you need to be trained on it. So that’s where I would go from a market perspective, but we love our Canadian companies, and we’ll continue to operate that way. Robert Dutt: It sounds like you’re open to adding additional MSPs, obviously. What do you find are some of the common threads among successful Fortra MSPs? Faraz Siraj: It really is around providing good customer joint solutions. We obviously want to be in the software business, but we also want to be with partners that align to that software as well as providing the customer satisfaction. And so the ones that do it well are the ones that are able to bolt onto their services on top of the solution and do it well. And we’re not hearing about issues. In fact, the successful ones are the ones that are expanding those solutions and going into more and more customers. The other piece of it is being able to be creative with billing for the partner so that it entices them to go out and obviously have partner profitability. Robert Dutt: If an MSP is listening to this and they’re doing the standard defensive stack – EDR, SIEM, firewall – but they’ve never really offered anything on the offensive side, what’s the first conversation they should be having with customers? And how do they avoid turning offense into, you know, the once-a-year pentest PDF and call it a day kind of thing? Faraz Siraj: Yeah, well, it really goes back to understanding the customer. Now, it starts with, yes, pen testing is very important, but it’s not just once a year. Given today’s threat landscape, you need to do that a lot more often. Vulnerability management, those are the two major entry points. We built our vulnerability management tool from a mixture of six different technologies from six different companies, and we fused it together to make our own Fortra vulnerability management tool. Such companies like Tripwire, Digital Defense, Beyond Security, even a little bit of Alert Logic that was in there and there’s a couple others that I’m forgetting, but when you’re able to do that, it makes for a great value product. Robert Dutt: Interesting conversation. I appreciate the colour around the partner program and I appreciate the idea of adding offensive capabilities to the MSP stack. I think that’ll be an interesting space to watch. Faraz, thank you very much for joining us. Faraz Siraj: Oh, you bet. Thank you, Robert. Robert Dutt: There you have it, Faraz Siraj from Fortra. I’d like to thank Faraz for his time. I appreciated his candor, especially on the managed services exit and the reality of what MSPs should and shouldn’t try to take on when it comes to offensive security. Thank you for listening today. A couple things that stuck with me from this conversation. First, the Alert Logic move. When a vendor sells off their managed services business and tells you straight up, we’re in the business of making software and not competing with you on services, that’s worth paying attention to. Doesn’t guarantee anything, but it’s the right signal. And in a market where MSPs are constantly wondering which vendors are going to show up as competitors, it matters. Second, the platform story. 20-plus acquisitions is a lot of integration work. And I think the jury’s still out on how seamless that experience actually is for partners day to day. But the FortraOne agreement and the guaranteed margin model suggest they’re at least thinking about the partner experience at the business level, not just the technology level. And for Canadian MSPs specifically, the Terra Nova and Titus acquisitions mean there’s a local footprint here that a lot of people might not realize. If you’re not subscribed to the ChannelBuzz.ca podcast, now’s a great time. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. If you’re finding value in these conversations, a rating or review goes a long way. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

This week on Defender Friday we are joined by Andrew Cook, CTO of Recon InfoSec, to talk about what it means to build a strong security team and why hiring builders is always a good bet.As the CTO of Recon InfoSec, a leading provider of managed security operations, Andrew oversees the technical vision, strategy, and execution of their services and solutions. He has more than a decade of experience in threat hunting, digital forensics, network defense, and capability development.Andrew's mission is to provide customers with the expertise they need to confidently and effectively respond to incidents, protect their organizations, and enhance their resilience. He has a proven track record of delivering high-quality results, leading and mentoring teams, and collaborating with partners across the industry and the government. Andrew is also a former Air Force officer, with national-level contributions and a passion for technical leadership.Learn more at reconinfosec.comRegister for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

RSA Conference 2026 produced hundreds of announcements from San Francisco’s Moscone Center this week. We curated the ones that matter for Canadian IT channel partners into three themes: agentic AI as the new attack surface, identity and hardware resilience, and partner economics. The big theme: agentic AI is the new attack surface The dominant message from RSA 2026 was clear — AI agents are a brand new attack surface, and the security industry arrived with its first wave of answers. Cisco extended its Zero Trust framework to treat AI agents as a new identity type, with visibility, access controls, and real-time monitoring for autonomous agents operating on the network. CrowdStrike launched Next-Gen SIEM support for Microsoft Defender for Endpoint with no Falcon sensor required, plus Shadow AI Discovery and AI Runtime Protection for finding unauthorized AI tools across client environments, and Agentic MDR for managed detection and response at machine speed. Proofpoint unveiled its AI Security platform and Agent Integrity Framework, defining a new standard for governing autonomous AI agents in the enterprise, alongside email and data security updates for the agentic workspace. Black Duck brought Signal to general availability, an agentic application security platform designed to secure AI-generated code in autonomous development workflows. Other notable RSA announcements along the agentic AI theme included Arctic Wolf’s Aurora Agentic SOC, Darktrace’s managed email security offering for MSSPs, and Huntress expanding ITDR coverage to Google Workspace while surpassing 10 million Microsoft 365 identities protected. Identity and resilience RSA launched ID Plus Sovereign Deployment, fully air-gapped, on-premises identity security for environments where cloud isn’t an option — directly relevant for Canadian organizations navigating data sovereignty requirements. RSA also announced an expanded partnership with Microsoft around M365 E7 and passwordless authentication, going deep on cloud integration at the same time as the sovereign deployment — both directions simultaneously. Dell Technologies expanded cybersecurity and resilience for the AI era and emerging quantum risks, including quantum-ready commercial PCs with post-quantum cryptography at the firmware level, AI-powered ransomware recovery for PowerProtect, and MDR extended to AI data platforms. HP launched TPM Guard from their Imagine event in New York, a hardware-enforced security feature protecting TPM-to-CPU communications from physical attacks — a similar hardware-level security play announced the same week. And here’s what you can sell Barracuda advanced the BarracudaONE cybersecurity platform alongside updates to the Partner Success Program, investing in both platform and partner program at the same time. Sectigo introduced an industry-first multi-tenant partner platform for certificate lifecycle management as a managed service, designed to help MSPs turn the shift to shorter certificate lifespans — now 200 days and eventually shrinking to 47 days by 2029 — into a scalable, recurring revenue stream. Further reading SecurityWeek’s RSAC 2026 Day 1 announcements summary SecurityWeek’s RSAC 2026 Day 2 announcements summary CRN: 10 hot new cybersecurity tools announced at RSAC 2026 Read Full Transcript Hello and welcome to a special midweek edition of In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, and this week, RSA Conference 2026 took over San Francisco’s Moscone Center. Hundreds of announcements, dozens of press releases, and a whole lot of noise. So we went through the pile and pulled out what we think actually matters for Canadian IT channel partners. Let’s get into it. If there was one defining message from RSA this year, it’s this: the AI agents your clients are starting to deploy? They’re not just productivity tools. They’re a brand new attack surface, and the security industry just showed up with the first wave of answers. Cisco made the biggest splash, extending their Zero Trust framework to treat AI agents as a new identity type. Their pitch: if an AI agent can browse, query, and act on behalf of a user, it needs the same visibility, access controls, and real-time monitoring as any human on the network. CrowdStrike came in heavy across multiple days. Their Next-Gen SIEM now ingests Microsoft Defender for Endpoint telemetry with no Falcon sensor required — which is a big deal for MSPs managing mixed Microsoft environments. They also launched Shadow AI Discovery, which finds unauthorized AI applications running across client environments. If you’ve ever had to track down rogue SaaS subscriptions, imagine that problem, but with AI tools that can actually take actions on behalf of employees. CrowdStrike also introduced Agentic MDR — managed detection and response that operates at machine speed against AI-driven threats. Proofpoint went after the same problem from the email and collaboration side, launching their AI Security platform and Agent Integrity Framework. Their angle: securing the “agentic workspace” where humans and AI agents are operating side by side across email, cloud, and collaboration tools like Teams and Slack. And Black Duck brought their Signal platform to general availability — agentic application security designed specifically for AI-generated code. When your developers are using AI to write code, who’s checking the AI’s work? That’s the gap Signal is designed to close. They weren’t alone. Arctic Wolf launched what they’re calling the world’s largest commercial agentic SOC. Darktrace rolled out a managed email security offering for MSSPs. Huntress expanded their identity threat detection to Google Workspace. The message from the industry was unanimous: agentic AI security is not a future problem. It’s a right-now problem. If you’re advising clients on AI adoption, the security conversation just got significantly more complex. And that complexity is an opportunity — because your clients are going to need help navigating it. RSA — the company, at their own conference — made two announcements that pulled in opposite directions, and that was the point. They launched ID Plus Sovereign Deployment — fully air-gapped, on-premises identity security for environments where cloud is not an option. Think regulated industries, government, anyone with serious data sovereignty requirements. For Canadian partners dealing with OSFI E-21 or federal procurement, that’s directly relevant. At the same time, they announced an expanded Microsoft partnership around M365 E7 and passwordless authentication. So RSA is going both directions: as sovereign as you need on one end, as deeply cloud-integrated as you need on the other. On the hardware side, Dell announced quantum-ready commercial PCs with post-quantum cryptography built into the firmware, AI-powered ransomware recovery for their PowerProtect line, and an extension of their managed detection and response service to cover AI data platforms like PowerScale. HP made a similar hardware security move from their own event in New York this week, launching TPM Guard to protect TPM-to-CPU communications from physical attacks. The common thread: the security conversation is moving below the operating system and into the silicon. Two announcements that translate directly to partner economics. Barracuda — a hundred percent channel company — advanced their BarracudaONE cybersecurity platform alongside updates to their Partner Success Program. Platform investment and partner investment at the same time. That’s the kind of announcement that tells you a vendor is serious about the relationship, not just the product. And Sectigo launched a new partner platform built around the reality that SSL certificate lifespans that are already shrinking and headed to 47 days. When certificates need to be renewed every 47 days instead of every year, that’s either a massive headache or a recurring revenue opportunity. Sectigo is betting that partners who automate the process will turn a compliance burden into a managed service. That’s RSA Conference 2026 through the Canadian channel lens. Agentic AI security dominated the conversation. Identity and hardware resilience matured. And a couple of vendors made moves that directly affect your bottom line. Links and details for everything we covered are in the show notes. We’ll be back on Monday with the regular edition of ICYMI. Until then, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Today is Monday, March 23, 2026. Welcome to In Case You Missed It, our weekly five-minute rundown of important channel news stories that might have flown under the radar last week. This episode of In Case You Missed It is brought to you by ESET Canada. ESET's Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8. Learn more and apply. On this episode: Bell Canada bets big on AI in Saskatchewan. Bell Canada and the Government of Saskatchewan announced a 300-megawatt AI data center outside Regina — Canada’s largest purpose-built facility, projected to generate up to $12 billion in economic value for the province. Cerebras Systems and CoreWeave are signed on as anchor tenants. For the Canadian channel, the downstream opportunities in connectivity, edge infrastructure, and AI professional services are worth watching, as is the data sovereignty angle of keeping AI compute on Canadian soil. The Globe and Mail’s take on what this signals about Bell’s broader AI strategy. WBM Technologies says buy your RAM now. WBM’s March IT Procurement Update is the most useful thing a Canadian partner has published this month. Every vendor category is listed as constrained. HPE has seen a 24-30% list price increase in March alone. Fortinet is implementing monthly 10% price increases. HP is coming with another 10%+ increase April 1. WBM’s recommendation: buy the RAM and storage you need for the lifetime of the system. Nature magazine is calling it “RAMmageddon.” AWS brings AI agents to partner selling. At its Global Partner Summit, AWS announced AI-powered sales agents in Partner Central, built on Amazon Bedrock AgentCore. Partners can upload meeting notes, auto-update opportunity records, check funding eligibility, and generate draft MAP funding requests. AWS reports 15% higher win rates and 44% faster close times from its solution matching engine. Another signal that vendors are using AI to fix the administrivia of partner selling. Exabeam launches new MSSP commercial framework. Exabeam expanded its APEX Partner Program with two new licensing models for MSSPs: a single pooled multi-tenant option and a federated subscription model. For partners building or scaling MSSP practices, it’s designed to offer more flexibility in packaging and pricing Exabeam’s SIEM and analytics platform. This week on In The Channel: Canadian MSPs plan the lowest pay increases of any region, and that might not be a bad thing (Tuesday) Most MSP contracts wouldn’t survive a courtroom — here’s where to start fixing that (Wednesday) Cisco Canada sees a “perfect storm” driving multi-year infrastructure refresh (Thursday) From NetSuite President’s Club to grain-to-bottle whisky in the Eastern Townships — our first Life After the Channel episode (Friday) Read Full Transcript Welcome to In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca. Today is Monday, March 23rd, 2026. Let’s get your week started right. This week’s In Case You Missed It is brought to you by ESET Canada. ESET’s Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8th. Learn more and apply at eset.com/ca. ESET – protecting progress. The biggest Canadian tech infrastructure story in a while landed last week, and it didn’t come from Toronto or Montreal or Vancouver. Bell Canada announced a partnership with SaskTel and SaskPower to build a 300-megawatt AI data center outside Regina, Saskatchewan. The facility is projected to generate up to $12 billion in economic value for the province, and it’s being positioned as Canada’s largest purpose-built data center. The anchor tenants tell you where this is headed: Cerebras Systems and CoreWeave, two of the biggest names in AI compute infrastructure, are signed on. This isn’t a general-purpose facility — it’s built for the kind of GPU-dense, power-hungry workloads that AI training and inference demand. For the Canadian channel, there are a few things to watch. Local IT providers in Saskatchewan and Western Canada could see downstream opportunities in connectivity, edge infrastructure, and professional services around AI deployments. The data sovereignty angle is real — keeping AI compute on Canadian soil is increasingly a selling point with public sector and regulated-industry customers. And the scale of this investment signals that Canada is becoming a serious destination for AI infrastructure, not just a market that consumes AI services built somewhere else. If you’re quoting hardware right now, you need to see WBM Technologies’ March procurement update. It’s the most useful thing a Canadian partner has published this month, and the message is blunt: They're telling customers to buy the RAM and storage you need to support your systems for the lifetime of that system. Every single vendor category WBM tracks is now listed as constrained. HPE has seen a 24 to 30 percent list price increase in March alone, with quote validity down to just 14 days. Fortinet is implementing monthly 10 percent price increases. Dell expects further adjustments on March 30th. And HP is coming with another minimum 10 percent increase on April 1st. WBM is linking to Nature magazine, which is calling this “RAMmageddon.” If you’ve been following our coverage of the component shortage over the past few weeks, this is the same story, but it’s accelerating. We’ll have a link to the full WBM update in the show notes. It’s worth bookmarking. Two weeks ago on this podcast, we talked about Ingram Micro’s AgenTeq platform and the push to bring agentic AI into the distribution workflow. Now AWS is doing something similar inside Partner Central. At its Global Partner Summit, AWS announced AI-powered sales agents built on Amazon Bedrock AgentCore. Partners can upload meeting notes and have opportunity records auto-updated. The agent flags whether a deal qualifies for AWS funding programs like MAP and can generate draft funding requests pre-filled with deal details. AWS says partners using its solution matching engine are seeing 15 percent higher win rates and 44 percent faster close times. The pattern is becoming clear: vendors are using AI to fix the messy middle of partner selling — the admin, the quoting, the funding applications, the administrivia. Worth watching how quickly this becomes table stakes. And finally, Exabeam launched a new commercial framework for MSSPs last week, offering two licensing models: a single pooled multi-tenant option and a federated subscription model. The idea is to give managed security service providers more flexibility in how they package and price Exabeam’s SIEM and analytics platform for their customers. For partners building or scaling MSSP practices, it’s worth a look. We’ll have a link in the show notes. Those are some of the things we were paying attention to last week.  Big week ahead on In The Channel.  Peter Kujawa from ConnectWise’s Service Leadership practice on why Canadian MSPs are planning the lowest pay increases of any region — and why that might not be a bad thing.  Rob Scott from Monjur on why most MSP contracts wouldn’t survive a courtroom.  Cisco Canada on the perfect storm driving a multi-year infrastructure refresh.  And our very first Life After the Channel episode, with Martin McNicoll, who went from NetSuite President’s Club to making grain-to-bottle whisky in the Eastern Townships.  For ChannelBuzz.ca, I’m Robert Dutt. Have a great week, and I’ll see you in the channel.

David Burkett, Cloud Security Researcher at Corelight, is back on Defender Fridays this week to discuss thinking in pipelines for AI agents.As a dedicated and highly experienced Cloud Detection Engineer and Security Architect, David has the privilege of working at a Fortune 50 Company where he leverages his extensive background in cybersecurity to protect digital assets. With a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers.David's expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. He's proud to have been part of a large overall security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. Our security operations center was recognized as being among the top 1% of cybersecurity programs for all cleared facilities.In addition to his hands-on experience, David has consulted for over 40 Fortune 500 Companies and Large Federal Organizations, helping them manage their SOAR platforms and playbooks. As a strong believer in knowledge sharing and collaboration, he's also an active contributor to the open-source detection security project known as Sigma. Learn more at https://corelight.com/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Jeff Collins, CEO of WanAware The last time the channel faced a shift this fundamental was the rise of the hypervisor. That transition reshaped everything, but it happened inside the four walls of the data center. What’s different about the current moment, argues WanAware CEO Jeff Collins, is that AI workloads, inference nodes, IoT, and SCADA infrastructure are being bolted onto customer environments without the kind of formal network redesign that virtualization demanded. The result is a growing visibility gap that most MSPs don’t realize they have. Collins points to a striking finding from a WanAware survey conducted in late 2025: when business leaders were asked about their visibility gap, they rated it extremely high. When IT was asked the same question, they rated it low. Both were technically right. IT was measuring visibility against the machines in their purview – Active Directory, database servers, web front ends. The business was measuring it against everything else: Kubernetes workloads, cloud functions, agentic AI processes, and infrastructure that might not exist tomorrow. That disconnect is why MSPs can show perfect MTTR and SLA performance while the customer is saying you’re failing. The conversation covers where traditional monitoring breaks down, why 30% false positive rates persist even after major platform investments, and how ephemeral workloads designed to disappear create alerts that will never resolve. Collins makes a compelling case that MSPs need to push visibility up the OSI stack, from layers one through three into the application and business logic layers where margin is significantly higher. He shares a practical framework for how to start, using vertical industry knowledge – particularly in sectors like Canadian oil and gas, where SCADA networks and AWS IoT Core infrastructure represent opportunities to grow a $1,000-a-month customer into a $30,000-a-month engagement. Read Full Transcript Robert Dutt: Hello and welcome to the ChannelBuzz.ca podcast, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and still your host for the show. Today we’re talking about a problem a lot of MSPs and channel partners are starting to feel, even if they don’t always have a name for it yet, and that’s visibility. As AI workloads, hybrid architectures and distributed endpoints become the norm, network traffic is changing faster than the tools that many partners rely on to understand what’s actually happening inside their customers’ environments. My guest today is Jeff Collins, CEO of WanAware. Jeff spends a lot of time with service providers and enterprise teams dealing with this shift, where accountability for performance, security and uptime is increasing, even as environments become harder to see and harder to diagnose when something goes wrong. WanAware operates in the network and infrastructure visibility space, but this conversation isn’t about the tools, the dashboards. It’s about how blind spots form in modern networks, why they’re easy to miss until there’s an outage, a security issue, or an SLA failure, and what partners need to understand as AI-driven infrastructure quietly reshapes traffic patterns and dependencies. In this discussion, we’re going to explore where traditional monitoring starts to fall apart, how partners can rethink what good visibility really means today, and why the ability to see what’s happening across distributed environments is quickly becoming both a risk issue and a business opportunity for MSPs. If you’re responsible for customer outcomes, but you don’t always feel confident you can see everything that matters, this conversation is for you. [MUSIC] Robert Dutt: Jeff, thanks for taking the time. I appreciate it. Jeff Collins: Thanks, Rob. Thanks for having me on. Robert Dutt: You’ve been advising partners, MSPs, VARs, these types of folks through a lot of change over time. Why does this moment with the rise of AI workloads and the continuing trend of hybrid networks feel like a real inflection point rather than sort of just the next evolution of the way things look? Jeff Collins: I think one of the biggest reasons why is because it’s so transformational to what MSPs and resellers and VARs and distributors have dealt with for, let’s say, the last 25 years. If we think about the last major inflection point that they dealt with was really kind of the realm of the hypervisor, this ecosystem where no longer did we have to have a server running an operating system, and that created kind of the whole ecosystem we deal with today. It created cloud, it created containers, all those things were built off this concept of a hypervisor. That was really the last major transformational thing that has happened. Now we fast forward to today and we’ve got this era of AI. We’ve got this era where we’re now taking agentic approaches, generative approaches, to things that our customers deal with every day. When I talk about our customers, those are the customers of the MSP, those are the customers of the reseller, the distributor. Not only are they dealing with that, they’re dealing with this massive evolution in the customer base, but they’re also having to do that same evolution in their own environments. If you’re an MSP and you’re focused on infrastructure, or you’re an MSP and you look more like an MSSP where you’re focused on security, now you’re starting to have to deal with, “Okay, I’ve got these tools, I’ve got these people, I’ve got these agents, I’ve got all these entities inside of my business that are doing something for my customer.” But now I have to think about how am I going to do that faster? How am I going to do that better? How am I going to do that more effectively? Because our customers are getting much more advanced. That’s really one of the biggest things that I see that we’re seeing a lot of, that “Where do I start?” from the channel partner community. When we think about the channel, we know all this stuff is going on, but it seems like such a Herculean lift that I think sometimes it’s hard to know where we make that first step. Robert Dutt: That makes sense. A lot of this, a lot of AI especially, and to a degree sort of the hybridization of the network, that complexity has come on without kind of a formal network redesign. Like you mentioned the transition to hypervisors and that necessitated rethinking how things were done because it was a physical change. Whereas a lot of, especially with AI, it’s kind of being bolted in, added on as you go. Why does that make the environment today harder to understand than maybe it was for past transitions when you’re sitting there watching it as an MSP or other partner? Jeff Collins: Well, I think one of the biggest reasons why this era is so much more difficult than the last transition is because we’re not bound by the four walls of our proverbial house. If we think about when we dealt with the last transition, every customer, their physical server sat inside of something they control. So we’ll refer to it as their house because that’s the easiest kind of comparison we can do. In today’s world, there’s certainly a lot that exists in our customers’ houses and in the houses that the MSP or the reseller or the channel partner or whomever it is are engaged in. But so much of that’s going outside of those walls. And when we think about AI, AI is certainly outside of those walls. I mean, we might be dealing with Anthropic, we might be dealing with ChatGPT or Gemini or the thousand other agentic or generative approaches that are out there. Those are all over the place. And now we’re asking these entities to take oftentimes a process-driven approach that they’ve had for 20, 25 years. And how do you change that process-driven approach when you don’t really know where those workloads, where those assets, where that data is going to reside either today or tomorrow, or even if that data that we’re looking at is even going to exist tomorrow. That’s this whole realm. I mean, we’ve been talking about ephemeral workloads for, you know, let’s call it 14 years, 15 years since really the rise of AWS. But now we’re starting to deal with these ephemeral workloads, not just in the realm of infrastructure, but also in data, in generative concepts, in agents. You know, historically, we had Bob Smith, who might have worked in the NOC. Well, tomorrow, Bob Smith is an agent. What does that look like? It’s AI. What did Bob Smith do yesterday? Did Bob Smith, the new agentic version of Bob Smith, did that person do the right thing, the wrong thing, the incorrect thing? How do we manage that? How do we deal with that? How do we process that? Those are all the things that are across the board, just happening at massive rapid scale. And so, you know, it’s a really difficult time right now to be an MSP or a channel partner, but it’s also an amazing time to be an MSP or channel partner. You know, our world, our capabilities are advancing so fast. You think about one of the simplest use cases that’s out there that all of us think is simple, that MSPs deal with every day, is a circuit outage. You know, a telecom circuit goes down and it’s connected to SD-WAN or it’s connected to a router or it’s connected to some type of device that’s out at the prem. And historically, every MSP on the planet’s dealt with it kind of in a similar way. We get an alert from a monitoring system that feeds a ticketing system. It pops up on a tier one agent’s dashboard. The tier one agent looks at it, they verify power, they verify if the router’s operational, and then they open a ticket with a carrier. And then they, and that’s the hurry up and wait type of world. Well, now in the era of AI, that changes that quite a bit, because every one of those things are very process driven. We don’t need people for that anymore. So now we can have a system take that process flow on, do that. Now, historically, we could use a system to do that. We could write automation and a lot of MSPs did that historically, but the problem with automation is automation is static. When we leverage AI, we can leverage enrichment that helps influence that agentic approach. And so now if there’s a nuance going on, let’s say an example is there’s a global power outage. So let’s say there’s a power outage in the entire Vancouver area. We know that. Well, historically, if we’re looking at that, we see all these customers that are down, we might through a tier one agent approach, a person-based approach that following a process, or even an automated approach, not really correlate that. Because if the MSP is in, let’s say, Montreal, they might not realize there’s a large scale power outage in Vancouver, which is thousands of kilometers away. And so when we think about that, that’s really where these things can change a lot from an agentic perspective. And then the MSP gets the joy of being able to repurpose that person to be much more valuable to their organization, that tier one person can become tier two, and that can really start changing that dynamic a lot. Robert Dutt: Most MSPs would have historically said we have good visibility across what our customers are doing. And probably I would say most believe they have good visibility today. Where does that confidence most often turn out to be misplaced or to start to break down as the model shifts? Jeff Collins: Yeah, so I would 100% agree that most MSPs, when workloads are static, have great visibility. The problem is that in today’s world, so many workloads are becoming dynamic. And we see that change happening consistently. You know, customers, you know, historically MSPs had problems monitoring services inside of a cloud provider. You have ephemeral workloads, you have workloads that aren’t necessarily a server, they’re much more like a service. So you have things that might be a Kubernetes instance, they might be a Kubernetes runtime instance, they might be a function. Those are all things that are crucial to the operation of a customer. They’ve taken those workloads that historically operated on a machine. And they’ve taken those workloads and now they’re in some type of small form factor instance that exists for a very short period of time. That’s been very difficult for MSPs to deal with across the board. But now we take that same concept and that same concept goes outside of the cloud providers. We now have that moving into inference nodes. We now have that moving into IoT and IIoT and OT, where we’re starting to deal with these ecosystems where these workloads are very ephemeral by nature. They might exist for a short period or components of those might exist for a short period, or the way that those are correlated and analyzed might exist. But if you think about inside of a customer from a business risk perspective, those actually carry the highest business risk. An individual Windows 2012 server has some level of business risk. If it’s running SAP, probably a higher level of business risk. But if it’s one Active Directory node and the customer has 100 machines in Active Directory, it doesn’t really matter in the scheme of the world. And so those are the realities of what happens as we kind of think through this stuff. And so for MSPs, this really drives that visibility gap. You know, we did a survey earlier this year, or actually late last year, sorry, in 2025. We did a survey across the board asking business leaders really what the visibility gap was and what they believed. And we asked business leaders and we also asked IT. It was really interesting to see kind of the dichotomy. When you ask the business what the visibility gap was, it was extremely high. When you ask technology what the visibility gap is, it was really low. Now they were both technically right. And here’s why. So IT was thinking about the visibility gap of the machines that they understand, the machines in their purview. So those might be, you know, an Active Directory server, a database server, maybe you have a web front end. Those are all there. And those are 100% being monitored to that IT team or to that MSP. The problem is, is the business itself is operating on a whole bunch of additional workloads that IT doesn’t necessarily have purview to. And so because of that, we start ending up with this difference of visibility. And that’s why oftentimes when you’ll go and you’ll talk to a customer or you’ll go and you’ll talk to the business itself. And the business is saying, why do we have this MSP who works for us? This MSP isn’t doing anything. And the MSP is coming back with these great reports that are showing MTTR is consistently dropping. You know, initial response time, triage time is consistently dropping. We’re blowing out every single metric that we provided you in an SLA or an SLO. And the business is coming back and saying, but you’re failing. And the MSP is saying, I don’t understand. We are not. And here’s all the metrics. And it’s because of this difference in resources that exist, that is what is happening. And so I think that’s one of the big areas that we always have to think through is, you know, as we’re looking at things and as MSPs look at things, they have to continue to be pushing upward inside of the business to understand all those areas that the business is driving that IT, who they’ve historically sold to, may not know about those resources, especially in a lot of these other spaces, AI, IoT, IIoT, OT, ephemeral workloads, cloud workloads, those types of things that are often outside of that scope. Robert Dutt: Yeah. I guess when you’re looking at sort of your visibility stopping basically at the edge of the organization, you’ve got all of this out there, pretty significant impacts on real world issues like latency, like security exposure, like the ability to meet those SLAs that you signed up for, those kinds of things. Jeff Collins: Yeah. Yeah. 100% agreed. And, you know, when you think about the core components that an MSP does, you know, MSPs generally deal with availability and they deal with performance. When you add in the MSSP, now we add in the security component. And some MSPs and MSSPs are more hybrid-based approaches. They may deal with all three. But as you kind of look at those, those core tenant areas have become much more difficult, especially in the last 10 years, certainly in the last year. I mean, the last year has been so disruptive for all that we do. And it’s because those pieces have become much less simple. You know, if I go back 25 years or even 20 years, customers by and large used MPLS networks, rather simple to monitor. You have guaranteed jitter, you have guaranteed latency, you have, you know, all these things that are very easily assumed by an MSP. So if latency exceeds 74 milliseconds between these two individual locations, that breaks the SLA that the provider provides and it’s an easy conversation. You need to go fix this. This is not okay. Well, in today’s world, most of our customers don’t have MPLS networks. Most of them have, you know, sometimes now it’s satellite. They might have Starlink for LEO. They might have 4G or 5G, depending on what portion of the world they’re in. They might have some type of broadband service, fiber broadband, or copper broadband, or some other type of realm. Well, those don’t necessarily have SLAs for that in any way, shape, or form. We may luck out and they have an availability SLA. Maybe it’s three nines or two nines, or maybe not even two nines, depending on what type of service that is. And then when we start moving inside of the network, outside of the service provider, outside of the circuit provider itself, we start moving into other arenas that look like this. You know, historically we had a Dell server, an HP server that had a mean time before failure. Well, that’s pretty easy to understand. If I have a server and it’s going to run for 25,000 hours, it’s easy to understand that life. But when now we’re starting to get services that have an expected failure, and that expected failure is generally measured in less than a year, because the assumption is that the software, the application, resolves that issue. If you’re an MSP and you’re not monitoring the application and you don’t understand the application, you’re now chasing outages that don’t matter. And that’s one of the other things that’s really hard. And we see this all the time. You know, I’ll talk to MSPs and they’re like, “Jeff,” and it goes back to that same conversation we had before of not knowing the business. “Jeff, we get, today we have 30% of our tickets that become false positives. What do we do about that? We’ve gone out and we’ve bought the newest monitoring platform. We’ve implemented AI. We’ve implemented all this automation. We spent $20 million doing that.” These are all real things that I have in conversations with MSPs. And at the end of the day, they still have 30% false positives that they’re working. And the reality is, is because it’s certainly an outage. There was 100% an outage that happened. But the reality is that outage was never going to get restored because the outage was designed. You know, that workload disappeared. A DevOps team or a DevSecOps team deployed a new environment and that workload is now gone. And there’s a brand new workload that you’re not monitoring right now. You know nothing about it. And those are the things that we all collectively have to continually evolve to. It’s that driving up the stack. You know, one of the things that I often see is, you know, we have this proverbial thing that we’ve all dealt with, the OSI model. You know, there’s seven layers to that OSI model. So often in MSPs, we focus on four of them. The problem is, and most MSPs only focus on the first three. They don’t even focus on the fourth one. The issue is, is there’s three more. And those three more are what get driven by the business. And so the more that we can focus on visibility within those three, understanding that, bringing that into our tools, that drives additional value. It also drives significantly larger margin. You know, if we think about margin contribution at monitoring a telecom circuit, that’s a pretty low margin at this point in time. There’s a lot of automation around that. Monitoring a server – that world used to be high-margin, but it’s compressing. Customers are increasingly doing more of this themselves. They’re doing automation directly into their CI/CD pipeline. So it becomes this knife fight. And there’s more and more MSPs that are out there that are also fighting for that same share of market. And so the key is, the more that MSPs can go up market, they can understand, you know, I hate to use this term digital transformation because it literally gets overused every day by every marketing team on the planet. But the reality is, is that if we go behind this marketing abomination of this term, and we actually look at what happens, there’s a ton of value that we can go after. And if we go after that value, and we go after what people are trying to do, we align with that, we can now take those same products, those same processes that we’ve historically had as MSPs, and we can really start evolving that. Moving upward, driving in significant value, taking our tool sets that we may have today, maybe those can evolve with us, maybe we have to make new changes in our tool sets. But the reality is we’re driving that margin upward. So we’re going from maybe our contribution margin to our business today is 30%, let’s say, we can start moving back up into 60, 70, 80% contribution margin from a managed services perspective, which is where we all want to be. We don’t want to be fighting knife fights for 30%. It’s just hard, it’s difficult. Our customer acquisition costs are still generally high. We have salespeople, we have marketing efforts, we have all those things that we’re burning through every day. And we need more and more market share, we need more and more assets that we’re monitoring. And as a result of that, we need better ways that can contribute higher margin and create stickier customers that we’re not in those knife fights with. Robert Dutt: The situation seems to be putting MSPs in a situation where they’re increasingly accountable for outcomes that they can’t fully see the contributing factors of. Before you move on, I just wanted to double click on that just a little bit and just ask, how does that change kind of the risk profile for an MSP when you’re accountable for those things that you don’t completely understand or have complete control over? Jeff Collins: Yeah, I would say a lot of that. And one of the things that MSPs have to think through is a lot of that starts at the sales cycle. If you don’t ask the right questions at the sales cycle stage, oftentimes you get pushed into that ecosystem. When you’re looking at the core functional plumbing behind what a customer is trying to do, and that’s the only thing you’re looking at, you often get siloed into that ecosystem. You’re looking at a server, you’re not looking at SAP. One server going down in SAP doesn’t necessarily mean SAP has a problem. But if that one server is the only HANA server in SAP, that’s catastrophic. You know, it’s this realm of contextual knowledge. Historically MSPs have that contextual knowledge, but it’s all the way at tier three and tier four. That contextual knowledge has to move to tier one. If MSPs want to get to the arena where that is no longer a problem, the contextual pieces have to move downward. You have to go from a hero-based MSP to a process-driven MSP. So many MSPs are built on heroes. It’s really hard to build a scalable business off heroes. You have to have heroes. Heroes are the people that when everything breaks and the world is on fire, they’re the ones who carry you through. And those heroes we want to have, we want to empower them, but they can’t be doing the stuff that should be done at tier one. So if we take that exact same question that you had, Rob, that question is, you know, how do we make, at the end of the day, how do we make MSPs more relevant to their clients and much more aligned with what the client’s trying to do? And that’s by taking the contextual knowledge of what the customer is trying to do, aligning that with the tactical approaches that the MSP is trying to do, and having a very crystal clear playbook of how this tactical component makes up this strategic initiative inside of the business. So we’ll take that, we’ll take that simple example. I shouldn’t say simple. SAP is far from simple. But the reality is, is that SAP is something that customers rely on. And when they rely on that, if SAP goes down the business goes down. And if you have an MSP that’s monitoring that, and at the same second of the same day, the MSP gets 36 tickets. We’ll just pick a random 36 number. 36 severity one tickets come in at that point in time. One of those severity one tickets is for SAP HANA. And the customer only has one instance of that. And that is taking down a large company. So that’s the first ticket. The next 35 tickets are for ephemeral workloads that the customer migrated off of, you got the alert, they migrated to a brand new ephemeral workload. And the 35 don’t matter. They’re false positives. But the one fully matters. In every single MSP on the planet, those 36 tickets are eligible for the same response interval. That’s a pretty tough average to be able to. Are you going to luck out and get the one? Or are you going to luck out, or not luck out, for lack of a better term, and work 35 false positives before you get to the one that matters? Now, most MSPs are going to tell me and they’re going to tell us that, well, we have more than one tier one path. That’s great. But the reality is you need to be responding to that one ticket right now. And you need to understand that that one ticket matters. And the only way you can do that is by starting at the beginning, starting with the sales cycle, understanding what customers are doing. If you’ve already gone down the path and the customer’s embedded, use your customer support teams. Understand what your customers are doing, start layering in that context, start enriching that data, knowing what that actually feeds, and understanding the dependencies and interdependencies inside of that. So if that server goes down, certainly you could by virtue say a database server going down is a SEV-1, but it may not be. If they have four database servers, they’re running in a high availability group, who cares? If one goes down, not the end of the world, go fix it tomorrow. That’s where context, that’s where understanding those dependencies is so crucial. And I mentioned at the beginning of this is how do you take that first step forward? We always take this first step forward and how I instruct MSPs is start doing things like this, take this step forward, break this down into simple programmatic approaches. And when we think about AI, it’s the exact same idea. We move steps forward, we have agentic, we have generative. Pick one, pick an area you want to focus on with your customers, understand the business outcome they’re trying to do. And if you have an inference engine, that’s going to be really crucially important here. So let’s understand that. Let’s monitor that. Let’s understand the intricacies related to how that customer is leveraging it, why it’s important. Are there latency constraints? Are there packet loss constraints? Those types of things. Let’s monitor to that and let’s understand how that happens. And if a customer has an application on the back end, you know, maybe they have New Relic or they have AppDynamics or they have some type of APM toolset, great. Let’s start bringing those into our monitoring. Let’s start bringing that intelligence in, understanding application flows, understanding dependencies, building that to be part of our story. And now we create so much more opportunity for us as an MSP driving that contribution margin northbound. Robert Dutt: So it sounds like we’re kind of defining good visibility in a modern environment and kind of setting up for looking forward as understanding what actually matters to the customer and understanding what kind of flows into it, what all results in that thing that’s important to the customer still being up, still being running, still being functional, and kind of work backwards from there as opposed to the more “this machine is working, this machine is not” kind of approach. Jeff Collins: Yep. Yeah. You want to go from tactical to transformational. That’s really the idea. Robert Dutt: And you shared kind of the idea of the first step to do towards that. I guess as you’re moving towards that first step, you know, is there any one question or kind of mindset that you find works for MSPs to have in mind or asking customers to surface those blind spots and really start to understand what that context is that they have to have? Jeff Collins: Yeah, that’s a really good question, Rob. And, you know, there’s some things that I do tell MSPs to start with before you ever ask that first question. One of them is kind of some of the simple, let’s call it research that you can do before you ever reach out to your customer. One of the easiest things you can do is start by what industry are they in. You know, in Canada, Canada has a lot of oil and gas, lots and lots of oil and gas companies exist in Canada. And so if you have an oil and gas company, we can start right off the bat with a lot of the things that oil and gas companies live and die with. And we’ll just pick on this one as an example. So oil and gas companies have SCADA networks. They have industrial IoT devices that are out there. They’re processing massive amounts of data. That data may be going into the cloud. It may be going into a data center. It may be going into some type of vault or something like that, depending on what they have. But each one of those are things that, as an MSP, you can start out before you ever ask your customer anything. You know that those are the things that exist in their environment. And you can quickly look and see, well, am I monitoring any of those? Well, no, I’m only monitoring Active Directory. Okay, Active Directory is probably important to the oil and gas company. But if it goes down, do they quit producing oil? The answer is probably no. And so if your answer is ever no, you know right off the bat that you’re not monitoring something that’s strategic to your customer. And so the first thing that you should always think about is, okay, if we have this industry, we should be monitoring the things that are strategic. Well, how do we do that? Well, we start with that one step forward. The first thing we talk to them about is just like when we went out and we sold that initial monitoring of Active Directory, they did it because they didn’t have time for it. There’s no oil and gas company on the planet that has time to be monitoring their SCADA networks. They just don’t. They may tell you that they do, but they don’t. So leverage your relationships, leverage your engagement with them and go after those pieces. Understand, you know, if they’re in AWS IoT Core, understand what that looks like. Understand who’s monitoring that. Understand how DevOps is working within that space. Maybe it’s DevSecOps inside of that environment. Understand that convergence of the teams and then start building a story around, you know, let’s take that on for you. Let’s start changing that. Let’s use the same paradigm that we’ve done, driving MTTR down, driving availability up, driving resolution times down, all those types of things. Let’s bring that into the era of SCADA networks, IoT, our core infrastructure. That’s where we start changing the value inside of our customer engagements. And that’s really where I see a huge opportunity for MSPs across Canada, where you can take that environment, you can take those opportunities you already have, and you can grow them from, you know, maybe you bill that customer $1,000 a month. You can grow it to billing them $20,000 or $30,000 a month, but it’s the most crucial $30,000 they spend. Because, you know, if that offshore environment or that, you know, oil sands environment or whatever it might be within the oil and gas space or in the energy sector, whatever it might be, those things are crucial to their business. And so the more that MSPs can kind of make that step forward, and then also start incorporating AI, every single one of those entities is incorporating AI. They’re incorporating it directly into their pipelines. They’re incorporating it directly into their data pipelines, not just the oil and gas pipelines, but each one of those, the more you can incorporate that, the more you can monitor, the more you can show value of everything that you do amazing as an MSP, that’s really where you start creating that intrinsic strategic value and you get out of that tactical approach. Robert Dutt: And the good news is for a lot of these folks in the MSP space, presumably they have some of these pieces already in place, just not necessarily connected up to the technical side, i.e. sales and marketing have been focused on a vertical. And even if they haven’t, because they have customers in this space, they’ve built some of that muscle memory, some of that knowledge of what really matters. Now it’s just a matter, hopefully, of connecting it into the services that they’re offering. Jeff Collins: Yep, totally agreed. Robert Dutt: All right. Well, it’s been a really interesting look at sort of where visibility is at. And I think a real interesting opportunity that you’ve surfaced in terms of how it can be turned into a value conversation. I appreciate your taking the time. Jeff Collins: Sounds great. Thanks so much for having me on, Rob. Robert Dutt: There you have it, my chat with Jeff Collins from WanAware. I’d like to thank Jeff for sharing his insights. The thing that stuck with me from this conversation is how much of what’s changed in the modern network hasn’t been designed in, it’s been bolted on. AI workloads, hybrid architectures, IoT, SCADA, all of it layered into environments without the kind of formal rethinking that happened when we moved to virtualization. And Jeff made a really compelling case that for MSPs, closing that visibility gap isn’t just a risk management play, it’s a revenue opportunity, and potentially a significant one, especially in verticals like energy and critical infrastructure where visibility is tied directly to uptime, safety, and compliance. We’ll be back on Monday with In Case You Missed It, your weekly news roundup. Thanks for listening. I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Every vendor at RSAC Conference 2026 will have an autonomous SOC story. Subo Guha, Senior Vice President of Product Management at Stellar Cyber, has been building the real thing for over a decade -- and he has one question every buyer should ask at every booth: can your platform explain why it reached its verdict? Stellar Cyber's autonomous SOC provides a full case summary for every true positive, showing the forensic evidence chain, threat intelligence correlations, and specific observables that led to the conclusion. SOC analysts can review, challenge, or override -- and that feedback loop is how the system improves. The threat landscape has shifted in ways that validate Stellar Cyber's original architecture. LLM-generated attacks have collapsed the time to launch a sophisticated phishing campaign from weeks to minutes. Stellar Cyber was built to serve the mid-market and the MSSPs that protect it -- organizations that face identical threats to enterprises but without enterprise resources. A unified, multi-tenant platform means MSSPs onboard new customers in minutes. An open data ingestion engine works with whatever tools are already in place -- no EDR lock-in, no rip-and-replace. At the center of the platform is a correlation engine that transforms thousands of individual alerts into a manageable set of high-confidence cases. An identity compromise driving lateral movement across dozens of alerts becomes one case with a clear recommended action. Subo describes this as the difference between drowning in noise and focusing on decisions that actually require human judgment -- and it is the foundation the autonomous SOC layer is built on. Subo is direct about what the hype gets wrong: the claim that organizations can dramatically cut SOC headcount because AI has it covered is not happening. The realistic version of autonomous SOC is a force multiplier -- digital agents handle the continuous, high-volume triage work that consumes analyst hours, freeing humans for the cases that require context and institutional knowledge. A system that automates without explainability does not reduce risk. It relocates it. Stellar Cyber will be at booth S327 in the South Hall at RSAC Conference 2026, right at the bottom of the escalator. Live autonomous SOC demonstrations will be running throughout the event, with real-world results from customers already in production. The team also has a barista on site -- a detail Subo was particularly keen to mention for Marco Ciappelli. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Subo Guha, Senior Vice President of Product Management, Stellar Cyberhttps://www.linkedin.com/in/suboguha/ RESOURCES Learn more about Stellar Cyber: https://stellarcyber.ai RSAC Conference 2026 Coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, autonomous SOC, Open XDR, MSSP security platform, AI-driven security operations, agentic AI cybersecurity, threat detection and response, RSAC Conference 2026, SOC analyst tools, multi-tenant security platform, LLM-generated attacks, security operations center, SIEM NDR unified platform Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of Channel Chat, host Marc Sumner is joined in the studio by Andy Bristow, Senior Sales Director for MSS & CSE at Sonic Wall.  With nearly four decades in technology - from Digital Equipment and Compaq to cyber security and defence - Andy shares his journey through the evolution of IT and why managed security services represent one of the biggest opportunities in the channel today.  The conversation explores why most partners struggle to scale security, how MSPs can transition into MSSP models without massive overhead, and what role AI is playing in both cyber defence and cyber attacks.  In this episode, we cover:  Andy's career journey from early enterprise tech to cyber security Why MSS is "a game of scale"  The real cost and complexity of becoming an MSSP How MSPs can deliver 24/7 security without building a SOC Why "hackers aren't breaking in - they're logging in"  The shift from perimeter security to could-first protection  AI's role in modern security operations What success looks like for the channel in 2026 A practical, straight-talking conversation for MSPs, MSSPs, and channel leaders growth, security, and scale in a rapidly changing market. 

Saurabh Shintre, Founder and CEO of Realm Labs, is on Defender Fridays today to discuss securing AI from within.Saurabh previously led the AI security research at Splunk and Symantec. He has been at the forefront of AI security research for nearly a decade with multiple publications and patents and regularly features on public forums on issues regarding security and AI. Saurabh holds a PhD from Carnegie Mellon. Learn more at https://www.realmlabs.ai/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

John V, AI risk, safety, and security at the Institute for Security and Technology (IST), joins Defender Fridays today. John's work spans AI red teaming, adversarial machine learning, AI evals and validation, and AI risk assessment, including policy work at the intersection of AGI and nuclear strategic stability. Learn more at https://securityandtechnology.org/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTSubo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedInRESOURCESLearn more about Stellar Cyber: https://stellarcyber.aiAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSSubo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTSubo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedInRESOURCESLearn more about Stellar Cyber: https://stellarcyber.aiAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSSubo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This week on Defender Fridays, Farshad Abasi, Founder and CEO of Forward Security and Eureka DevSecOps, discusses how AI can help us set a new standard in app and cloud security. Farshad brings over 27 years of industry experience to the forefront of cybersecurity innovation. His professional journey includes key technical roles at Intel and Motorola, evolving into senior security positions as the Principal Security Architect for HSBC Global, and Head of IT Security for the Canadian division. Farshad's commitment to the field extends to his role as an instructor at BCIT, where he imparts his wealth of knowledge to the next generation of cybersecurity experts. His diverse experience, which spans startups to large enterprises, informs his approach to delivering adaptive and reliable solutions.Engaged actively in the cybersecurity community through roles in BSides Vancouver/MARS, OWASP Vancouver/AppSec PNW, and as a CISSP designate, Farshad's vision and leadership continue to drive the industry forward. Under his guidance, Forward Security is setting new standards in application and cloud security. Learn more at https://www.eurekadevsecops.com/ and https://forwardsecurity.com/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

This week Brandon Min, Founder and CEO of Herd Security, joins Defender Fridays to discuss how human risk management needs to rebrand with empathy.Brandon is the co-founder and CEO of Herd Security, where they help security teams drive employee engagement in security, making a more resilient organization. Humans have been the #1 target of organizational cyber attacks; however, security teams, organizations, vendors, and leaders have vilified them. At Herd, they believe security should be led with empathy and care. Building trust amongst users that will drive their engagement in security. Building herd immunity from cyber attacks. Learn more at https://herdsecurity.io/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Send us a textThe weakest link is often sitting on the edge, blinking away with expired firmware and no vendor support. We kick off with a blunt reality check on outdated firewalls, load balancers, and IoT gateways, and why waiting two years to retire them is a gift to attackers. From there, we guide you through Domain 7.7 with a practical blueprint for operating and maintaining detective and preventive measures that actually hold up under pressure.We unpack firewall fundamentals with clear, real‑world tradeoffs: when a simple packet filter is enough, when stateful inspection and deep packet inspection earn their keep, and how a WAF stops the web attacks your L3/L4 controls will miss. You'll hear how RTBH can deflect denial‑of‑service floods upstream, and why segmentation is your best friend for reducing blast radius—whether you use internal segmentation firewalls for R&D, Purdue‑style tiers for industrial networks, or controlled air gaps for the most sensitive systems. In the cloud, we separate security groups from true firewalls and show how to stitch policies across hybrid environments without creating blind spots.Detection makes prevention smarter, so we break down IDS versus IPS in plain language. Baseline first, then block with intent to avoid outages. We compare host‑based and network‑based sensors, explain where to place them, and share tactics for cutting alert noise. You'll also get straight talk on allowlists and blacklists, the right way to maintain them, and why stale entries cause the ugliest outages. We explore sandboxing for safe detonation and learning, and give an unvarnished take on honeypots and honeynets—where they help, where they waste time, and what legal lines to respect.Not every team can build a 24x7 SOC, so we outline how MSSPs can extend your coverage with clear SLAs and ownership. Endpoint anti‑malware remains non‑negotiable, but tool sprawl is a trap—choose a strong EDR and manage it well. Finally, we dive into AI and machine learning: how they supercharge detection, triage, and response—and how adversaries use them too. The throughline is simple: shrink attack surface, raise signal quality, and respond faster than threats can pivot. If this helps you secure one more edge box or tune one more control, share it with a teammate, subscribe for more practical walkthroughs, and drop a review so we can keep raising the bar together.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Most orgs have a major blind spot: the browser.This week on Defender Fridays, we're joined by Cody Pierce, Co-Founder and CEO at Neon Cyber, to discuss why browser security remains a critical gap, from sophisticated phishing campaigns that bypass traditional controls to shadow AI tools operating outside your security perimeter.Cody began his career in the computer security industry twenty-five years ago. The first half of his journey was rooted in deep R&D for offensive security, and he had the privilege of leading great teams working on elite problems. Over the last decade, Cody have moved into product and leadership roles that allowed him to focus on developing and delivering innovative and differentiated capabilities through product incubation, development, and GTM activities. Cody says he gets the most joy from building and delivering products that bring order to the chaos of cyber security while giving defenders the upper hand.About This SessionThis office hours format brings together the LimaCharlie team to share practical experiences with AI-powered security operations. Rather than theoretical discussions, we demonstrate working tools and invite the community to share their own AI security experiments. The session highlights the rapid evolution of AI capabilities in cybersecurity and explores the changing relationship between security practitioners and automation.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Join us for a special Defender Fridays Office Hours session where the LimaCharlie team demonstrates the new Agentic SecOps Workspace (ASW) and explores what's possible when AI agents operate security infrastructure directly.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.What We'll DiscussIn this hands-on session, we showcase real working implementations of AI in cybersecurity operations. From reverse engineering malware to automated rule tuning and infrastructure management, we demonstrate how AI agents are transforming security workflows from concept to production-ready tools in hours instead of days.Key TopicsAutomated malware analysis and decompilation without traditional manual reverse engineering workflowsRule tuning at scale: Investigating noisy detections, writing false positive rules, and deploying them autonomouslyInfrastructure automation: Setting up data sources, configuring tenants, and managing security operations through AI agentsThe permission model: Balancing AI capability with human oversight and approval workflowsReal-world applications: Custom reporting, detection coverage analysis, and operational time savingsAbout This SessionThis office hours format brings together the LimaCharlie team to share practical experiences with AI-powered security operations. Rather than theoretical discussions, we demonstrate working tools and invite the community to share their own AI security experiments. The session highlights the rapid evolution of AI capabilities in cybersecurity and explores the changing relationship between security practitioners and automation.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Multi‑stage AiTM phishing and BEC campaign abusing SharePoint SmarterMail auth bypass flaw now exploited despite patch The problem of AI agents emerges at Davos Huge thanks to our sponsor, Dropzone AI All week we've talked about alert fatigue, MTTR, and the math that's breaking your SOC. Here's the proof. Dropzone AI is trusted by over 300 global enterprises and MSSPs. Named a Gartner Cool Vendor. Recognized in the Fortune Cyber 60. And backed by $37 million in Series B funding. But they're not stopping at a single agent. They're building toward fully agentic SOC teams where human engineers are augmented with specialized AI agents for threat hunting, detection engineering, and forensics. Your team deserves a backup that never sleeps. Book a demo at dropzone.ai. Find the stories behind the headlines at CISOseries.com.

First Topic - Podcast Content Plans for 2026 Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode. With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for GenAI. Three years after the release of ChatGPT, I think we've hit peak GenAI hype and folks are ready for it to put up or shut up. We'll see winners grow and get acquired and losers pivot to something else. More than anything, I want to interview folks who have actually seen it work at scale, rather than just in a cool demo in a vendor sandbox. Also on the agenda for this year: The battle against infostealers and session hijacking: we didn't have a good answer in 2025. When is it coming? Will it include Macs, despite them not having a traditional TPM? The state of trust in outsourcing and third party use (Cloud, MSSPs, SaaS, contractors): 2025 was not a good year for third parties. Lots of them got breached and caused their customers a lot of pain. Also, there's the state of balkanization between the US and... the rest of the entire world. Everyone outside the US seems to be trying to derisk their companies and systems from the Cloud Act right now. Vulnerability management market disruption: there are half a dozen startups already plotting to disrupt the market, likely to come out of stealth in 2026 Future of the SOC: if it's not AI, what is it? What else??? What am I missing? What would you like to see us discuss? Please drop me a line and let me know: adrian.sanabria@cyberriskalliance.com Topic 2: The state of cybersecurity hiring This topic has been in the works for a while! Ayman had a whole podcast and book focused on all the paths people take to get into security. Jackie worked with WiSys on outlining pathways into a cybersecurity career. Whether you're already in cyber or looking for a way in, this segment crams a lot of great advice into just 15-20 minutes. Segment resources: Ayman's personal guide for getting into security https://www.wicys.org/wp-content/uploads/2025/10/WiCyS-Pathways-in-Cyber-PDF-9.24.25.pdf News Finally, in the enterprise security news, Fundings and acquisitions still strong in 2026! Santa might be done delivering gifts, but not protecting Macs! ClickFix attacks Weaponized Raspberry Pis MongoDB incidents for Christmas Top 10 Cyber attacks of 2025 US gets tough on nation state hackers? Brute force attacks on Banks An AI Vending Machine All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-441

First Topic - Podcast Content Plans for 2026 Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode. With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for GenAI. Three years after the release of ChatGPT, I think we've hit peak GenAI hype and folks are ready for it to put up or shut up. We'll see winners grow and get acquired and losers pivot to something else. More than anything, I want to interview folks who have actually seen it work at scale, rather than just in a cool demo in a vendor sandbox. Also on the agenda for this year: The battle against infostealers and session hijacking: we didn't have a good answer in 2025. When is it coming? Will it include Macs, despite them not having a traditional TPM? The state of trust in outsourcing and third party use (Cloud, MSSPs, SaaS, contractors): 2025 was not a good year for third parties. Lots of them got breached and caused their customers a lot of pain. Also, there's the state of balkanization between the US and... the rest of the entire world. Everyone outside the US seems to be trying to derisk their companies and systems from the Cloud Act right now. Vulnerability management market disruption: there are half a dozen startups already plotting to disrupt the market, likely to come out of stealth in 2026 Future of the SOC: if it's not AI, what is it? What else??? What am I missing? What would you like to see us discuss? Please drop me a line and let me know: adrian.sanabria@cyberriskalliance.com Topic 2: The state of cybersecurity hiring This topic has been in the works for a while! Ayman had a whole podcast and book focused on all the paths people take to get into security. Jackie worked with WiSys on outlining pathways into a cybersecurity career. Whether you're already in cyber or looking for a way in, this segment crams a lot of great advice into just 15-20 minutes. Segment resources: Ayman's personal guide for getting into security https://www.wicys.org/wp-content/uploads/2025/10/WiCyS-Pathways-in-Cyber-PDF-9.24.25.pdf News Finally, in the enterprise security news, Fundings and acquisitions still strong in 2026! Santa might be done delivering gifts, but not protecting Macs! ClickFix attacks Weaponized Raspberry Pis MongoDB incidents for Christmas Top 10 Cyber attacks of 2025 US gets tough on nation state hackers? Brute force attacks on Banks An AI Vending Machine All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-441

First Topic - Podcast Content Plans for 2026 Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode. With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for GenAI. Three years after the release of ChatGPT, I think we've hit peak GenAI hype and folks are ready for it to put up or shut up. We'll see winners grow and get acquired and losers pivot to something else. More than anything, I want to interview folks who have actually seen it work at scale, rather than just in a cool demo in a vendor sandbox. Also on the agenda for this year: The battle against infostealers and session hijacking: we didn't have a good answer in 2025. When is it coming? Will it include Macs, despite them not having a traditional TPM? The state of trust in outsourcing and third party use (Cloud, MSSPs, SaaS, contractors): 2025 was not a good year for third parties. Lots of them got breached and caused their customers a lot of pain. Also, there's the state of balkanization between the US and... the rest of the entire world. Everyone outside the US seems to be trying to derisk their companies and systems from the Cloud Act right now. Vulnerability management market disruption: there are half a dozen startups already plotting to disrupt the market, likely to come out of stealth in 2026 Future of the SOC: if it's not AI, what is it? What else??? What am I missing? What would you like to see us discuss? Please drop me a line and let me know: adrian.sanabria@cyberriskalliance.com Topic 2: The state of cybersecurity hiring This topic has been in the works for a while! Ayman had a whole podcast and book focused on all the paths people take to get into security. Jackie worked with WiSys on outlining pathways into a cybersecurity career. Whether you're already in cyber or looking for a way in, this segment crams a lot of great advice into just 15-20 minutes. Segment resources: Ayman's personal guide for getting into security https://www.wicys.org/wp-content/uploads/2025/10/WiCyS-Pathways-in-Cyber-PDF-9.24.25.pdf News Finally, in the enterprise security news, Fundings and acquisitions still strong in 2026! Santa might be done delivering gifts, but not protecting Macs! ClickFix attacks Weaponized Raspberry Pis MongoDB incidents for Christmas Top 10 Cyber attacks of 2025 US gets tough on nation state hackers? Brute force attacks on Banks An AI Vending Machine All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-441

First Topic - Podcast Content Plans for 2026 Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode. With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for GenAI. Three years after the release of ChatGPT, I think we've hit peak GenAI hype and folks are ready for it to put up or shut up. We'll see winners grow and get acquired and losers pivot to something else. More than anything, I want to interview folks who have actually seen it work at scale, rather than just in a cool demo in a vendor sandbox. Also on the agenda for this year: The battle against infostealers and session hijacking: we didn't have a good answer in 2025. When is it coming? Will it include Macs, despite them not having a traditional TPM? The state of trust in outsourcing and third party use (Cloud, MSSPs, SaaS, contractors): 2025 was not a good year for third parties. Lots of them got breached and caused their customers a lot of pain. Also, there's the state of balkanization between the US and... the rest of the entire world. Everyone outside the US seems to be trying to derisk their companies and systems from the Cloud Act right now. Vulnerability management market disruption: there are half a dozen startups already plotting to disrupt the market, likely to come out of stealth in 2026 Future of the SOC: if it's not AI, what is it? What else??? What am I missing? What would you like to see us discuss? Please drop me a line and let me know: adrian.sanabria@cyberriskalliance.com Topic 2: The state of cybersecurity hiring This topic has been in the works for a while! Ayman had a whole podcast and book focused on all the paths people take to get into security. Jackie worked with WiSys on outlining pathways into a cybersecurity career. Whether you're already in cyber or looking for a way in, this segment crams a lot of great advice into just 15-20 minutes. Segment resources: Ayman's personal guide for getting into security https://www.wicys.org/wp-content/uploads/2025/10/WiCyS-Pathways-in-Cyber-PDF-9.24.25.pdf News Finally, in the enterprise security news, Fundings and acquisitions still strong in 2026! Santa might be done delivering gifts, but not protecting Macs! ClickFix attacks Weaponized Raspberry Pis MongoDB incidents for Christmas Top 10 Cyber attacks of 2025 US gets tough on nation state hackers? Brute force attacks on Banks An AI Vending Machine All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-441

The threat that puts you out of business probably won't look like a movie hack, it'll look like a normal email from your CEO.   In this episode of the Registered Investment Advisor Podcast, Seth Greene interviews Scott Alldridge, CEO of IP Services and bestselling author of the VisibleOps series, who explains how modern cybercrime actually works and why most small and mid-sized companies are far more vulnerable than they think. Scott shares real breach stories, including how something as simple as leaving a printer password as “1234” led to a $187,000 theft and forced a firm into a merger. He breaks down why cybersecurity is now a board-level issue, how AI is being weaponized by attackers, and what leaders need to be doing right now to protect their data, their money, and their survival.   Key Takeaways: → Most companies think “we're too small to be a target,” but attackers actively go after businesses with as few as 100 employees — and even under $1M in revenue. → Only about 1 in 7 cybersecurity breaches ever gets reported, so what you read in the news is a tiny fraction of what's actually happening. → A single weak password (like “1234” on a networked printer) can give a threat actor a doorway into your entire system. → Attackers don't smash and grab; they sit quietly for weeks or months, watch how you communicate, then imitate leadership to trigger wire transfers that look totally normal. → The “human layer” is still the biggest risk: phishing, social engineering, and reused or weak credentials are where most compromises begin.   Scott Alldridge has spent three decades on the frontlines of cyber warfare—turning escalating threats into competitive advantage for business leaders. As co-founder of the IT Process Institute and creator of the globally adopted VisibleOps framework (400,000+ copies sold), he shaped how enterprises worldwide secure and scale technology.   His Amazon bestseller, VisibleOps Cybersecurity, is the definitive roadmap for integrating Zero Trust principles into real business results. Today, as CEO of IP Services, one of America's most trusted MSSPs, Scott helps executives verify—not just trust—their cybersecurity posture.   Driven by both expertise and altruism, Scott's mission is to ensure businesses of all sizes are resilient and protected—not only to safeguard revenue, but to prevent the devastating personal and professional fallout of cyberattacks. A globally recognized thought leader with 618K+ social media followers, he leverages his platform to raise awareness, share real-world breach stories, and arm leaders with actionable strategies that save companies before it's too late.   Connect With Scott: Website: https://ipservices.com/ Instagram: https://www.instagram.com/scottalldridge1/ LinkedIn: https://www.linkedin.com/in/scott-alldridge-1a976/ FREE OFFERSText "Secure25" to 1-541-359-1269 to receive your free Visible Ops Executive Companion book and a free Penetration Scan Test (first 3 listeners only) Learn more about your ad choices. Visit megaphone.fm/adchoices

Discover how industry veteran Larry Meador, Cavelo's new Channel Chief, is transforming the MSP channel. Cavelo empowers Managed Service Providers with a unified Attack Surface Management and Data Security Posture Management platform—offering automated data discovery, classification, vulnerability management, and compliance-ready solutions. Built for MSPs and MSSPs, Cavelo helps partners reduce cyber risk, streamline operations, and deliver scalable, data-first security services that boost profitability and client trust.   Full Video Podcast Link: https://youtu.be/D6xFmrlUXDY --------------------------------------------------- Connect with us! --------------------------------------------------- MSP Unplugged https://mspunplugged.com/ Paco Lebron from ProdigyTeks:Powered by MSP Owners Group Email: paco@mspunplugged.com Rick Smith from Renactus Technology  Email: rick@mspnplugged.com Justin Gilliam from Bacheler Technologies https://www.linkedin.com/in/justin-gilliam-96288a56

Building a cyber security team isn't optional anymore; it's the difference between recovering from ransomware and going out of business. In this episode, Curtis and Prasanna explain why hardening your backup infrastructure is only half the battle. You need professionals who know how to configure XDR systems without drowning you in false positives, blue teams to defend your environment, and red teams to test whether your defenses actually work. They cover the role of MSSPs, incident response planning, cyber insurance requirements, and why attempting ransomware response on your own is like those old TV warnings: "Don't try this at home." If you've been following their series on backup basics and system hardening, this episode ties it all together with the human element that makes or breaks your recovery plan.

All links and images can be found on CISO Series. Check out this post by Christofer Hoff of Truist for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Caleb Sima, builder, WhiteRabbit. Joining them is Crystal Chatam, vp of cybersecurity, Speedcast. In this episode: Understanding the fundamentals The grift of superficial expertise Hands-on experience matters  A vulnerability at the leadership level Huge thanks to our sponsor, Stellar Cyber By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to see incoming attacks, know how to fight them, and act decisively – protecting what matters most. Stellar Cyber's award-winning open security operations platform includes AI-driven SIEM, NDR, ITDR, Open XDR, and Multi-Layer AI™ under one unified platform with a single license. With ⅓ of the global top 250 MSSPs and over 14,000 customers worldwide, Stellar Cyber is one of the most trusted leaders in security operations. Learn more at https://stellarcyber.ai/.  

Jim McDonald and Jeff Steadman sit down with Mike Reiring of RSM at InfoSec World 2025 to explore how managed service providers are reshaping IT and identity operations. They dig into the differences between MSPs and MSSPs, how to choose the right partner, and how AI is transforming help desks, problem management, and security monitoring. The conversation closes with a fun dive into Mike's passion for photography and how creativity ties into continuous learning in tech.Connect with Mike: https://www.linkedin.com/in/mreiring/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Intro – Live from InfoSec World 202502:00 Meet Mike Reiring of RSM04:30 Evolution of Managed Service Providers06:30 Shared Accounts, Identity, and Security Maturity09:00 Vendor Gaps and Federated Access Challenges11:30 What Makes a Good MSP Partner13:00 The Cost and Effort of Changing Providers16:30 MSP vs MSSP – Key Differences18:30 Coordination Between Managed Providers21:30 Top 3 Questions to Ask Your MSP25:00 Identity Ownership: IT or Security?27:30 Licensing, Active Directory, and Hidden Accounts30:00 RFP Challenges and Procurement Pitfalls32:00 Measuring Risk and Reducing Identity Exposure34:30 Vendor Management and Shadow IT Risks35:00 How AI Is Transforming MSP and MSSP Operations38:30 AI, Problem Management, and the Future of Help Desks42:30 Photography, Creativity, and Continuous Learning48:00 Closing Thoughts and IDAC OutroKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Mike Reiring, RSM, InfoSec World 2025, Managed Service Provider, MSP, MSSP, AI in Cybersecurity, Help Desk, Identity Management, Managed Identity, Partner Transparency, IT Outsourcing, Risk Reduction, Problem Management, Active Directory, DaVinci Resolve, Photography in Tech, Identity Governance, Cybersecurity Podcast

We weigh the promise and peril of the AI agent economy, pressing into how overprovisioned non-human identities, shadow AI, and SaaS integrations expand risk while go-to-market teams push for speed. A CMO and a CFO align on governance-first pilots, PLG trials, buyer groups, and the adoption metrics that sustain value beyond the sale.• AI adoption surge matched by adversary AI• Overprovisioned agents and shadow AI in SaaS• Governance thresholds before budget scale• PLG trials, sandbox, and POV sequencing• Visualization to reach the aha moment• Buying groups, ICP, and economic buyer alignment• Post‑sales usage, QBRs, NRR and churn signals• Zero trust limits and non-human identities• Breach disclosures as industry standards• Co-sourcing MSSP with in-house oversightSecurity isn't slowing AI down; it's the unlock that makes enterprise AI valuable. We dive into the AI agent economy with a CMO and a CFO who meet in the messy middle. The result is a practical blueprint for moving from hype to governed production without killing momentum.We start by mapping where controls fail: once users pass SSO and MFA, agents often operate beyond traditional identity and network guardrails. That's how prompts pull sensitive deal data across Salesforce and Gmail, and how third‑party API links expand the attack surface. From there, we lay out an adoption sequence that balances trust and speed. Think frictionless free trials and sandboxes that reach an immediate “aha” visualization of shadow AI and permissions, then progress to a scoped POV inside the customer's environment with clear policies and measurable outcomes. Along the way, we detail the buying group: economic buyers who sign and practitioners who live in the UI, plus the finance lens that sets pilot capital, milestones, and time-to-value expectations.We also challenge sacred cows. Zero trust is essential, but attackers increasingly log in with valid credentials and pivot through integrations, so verification must include non-human identities and agent-to-agent controls. Breach disclosures, far from being a greater threat than breaches, are foundational to ecosystem trust and faster remediation. And while MSSPs add critical scale, co-sourcing—retaining strategic oversight and compliance ownership—keeps accountability inside. If you care about ICP, PLG motions, PQLs, NRR, or simply reducing AI risk while driving growth, this conversation turns buzzwords into a playbook you can run.Vamshi Sriperumbudur: https://www.linkedin.com/in/vamsriVamshi Sriperumbudur was recently the CMO for Prisma SASE at Palo Alto Networks, where he led a complete marketing transformation, driving an impact of $1.3 billion in ARR in 2025 (up 35%) and establishing it as the platform leader.  Chithra Rajagopalan - https://www.linkedin.com/in/chithra-rajagopalan-mba/Chithra Rajagopalan is the Head of Finance at Obsidian Security and former Head of Finance at Glue, and she is recognized as a leader in scaling businesses. Chithra is also an Investor and Advisory Board member for Campfire, serving as the President and Treasurer of Blossom Projects.Website: https://www.position2.com/podcast/Rajiv Parikh: https://www.linkedin.com/in/rajivparikh/Sandeep Parikh: https://www.instagram.com/sandeepparikh/Email us with any feedback for the show: sparkofages.podcast@position2.com

The threat that puts you out of business probably won't look like a movie hack, it'll look like a normal email from your CEO.   In this episode of Sharkpreneur, Seth Greene interviews Scott Alldridge, CEO of IP Services and bestselling author of the Visible Ops series, who explains how modern cybercrime actually works and why most small and mid-sized companies are far more vulnerable than they think. Scott shares real breach stories, including how something as simple as leaving a printer password as “1234” led to a $187,000 theft and forced a firm into a merger. He breaks down why cybersecurity is now a board-level issue, how AI is being weaponized by attackers, and what leaders need to be doing right now to protect their data, their money, and their survival.   Key Takeaways: → Most companies think “we're too small to be a target,” but attackers actively go after businesses with as few as 100 employees — and even under $1M in revenue. → Only about 1 in 7 cybersecurity breaches ever gets reported, so what you read in the news is a tiny fraction of what's actually happening. → A single weak password (like “1234” on a networked printer) can give a threat actor a doorway into your entire system. → Attackers don't smash and grab; they sit quietly for weeks or months, watch how you communicate, then imitate leadership to trigger wire transfers that look totally normal. → The “human layer” is still the biggest risk: phishing, social engineering, and reused or weak credentials are where most compromises begin.   Scott Alldridge has spent three decades on the frontlines of cyber warfare—turning escalating threats intocompetitive advantage for business leaders. As co-founder of the IT Process Institute and creator of the globally adopted VisibleOps framework (400,000+ copies sold), he shaped how enterprises worldwide secure and scale technology.   His Amazon bestseller, VisibleOps Cybersecurity, is the definitive roadmap for integrating Zero Trust principles into real business results. Today, as CEO of IP Services, one of America's most trusted MSSPs, Scott helps executives verify—not just trust—their cybersecurity posture.   Driven by both expertise and altruism, Scott's mission is to ensure businesses of all sizes are resilient and protected—not only to safeguard revenue, but to prevent the devastating personal and professional fallout of cyberattacks. A globally recognized thought leader with 618K+ social media followers, he leverages his platform to raise awareness, share real-world breach stories, and arm leaders with actionable strategies that save companies before it's too late.   Connect With Scott Aldridge: Website: https://ipservices.com/ Instagram: https://www.instagram.com/scottalldridge1/?hl=en LinkedIn: https://www.linkedin.com/in/scott-alldridge-1a976/ Learn more about your ad choices. Visit megaphone.fm/adchoices

The threat that puts you out of business probably won't look like a movie hack, it'll look like a normal email from your CEO.   In this episode of Sharkpreneur, Seth Greene interviews Scott Alldridge, CEO of IP Services and bestselling author of the Visible Ops series, who explains how modern cybercrime actually works and why most small and mid-sized companies are far more vulnerable than they think. Scott shares real breach stories, including how something as simple as leaving a printer password as “1234” led to a $187,000 theft and forced a firm into a merger. He breaks down why cybersecurity is now a board-level issue, how AI is being weaponized by attackers, and what leaders need to be doing right now to protect their data, their money, and their survival.   Key Takeaways: → Most companies think “we're too small to be a target,” but attackers actively go after businesses with as few as 100 employees — and even under $1M in revenue. → Only about 1 in 7 cybersecurity breaches ever gets reported, so what you read in the news is a tiny fraction of what's actually happening. → A single weak password (like “1234” on a networked printer) can give a threat actor a doorway into your entire system. → Attackers don't smash and grab; they sit quietly for weeks or months, watch how you communicate, then imitate leadership to trigger wire transfers that look totally normal. → The “human layer” is still the biggest risk: phishing, social engineering, and reused or weak credentials are where most compromises begin.   Scott Alldridge has spent three decades on the frontlines of cyber warfare—turning escalating threats intocompetitive advantage for business leaders. As co-founder of the IT Process Institute and creator of the globally adopted VisibleOps framework (400,000+ copies sold), he shaped how enterprises worldwide secure and scale technology.   His Amazon bestseller, VisibleOps Cybersecurity, is the definitive roadmap for integrating Zero Trust principles into real business results. Today, as CEO of IP Services, one of America's most trusted MSSPs, Scott helps executives verify—not just trust—their cybersecurity posture.   Driven by both expertise and altruism, Scott's mission is to ensure businesses of all sizes are resilient and protected—not only to safeguard revenue, but to prevent the devastating personal and professional fallout of cyberattacks. A globally recognized thought leader with 618K+ social media followers, he leverages his platform to raise awareness, share real-world breach stories, and arm leaders with actionable strategies that save companies before it's too late.   Connect With Scott Aldridge: Website: https://ipservices.com/ Instagram: https://www.instagram.com/scottalldridge1/?hl=en LinkedIn: https://www.linkedin.com/in/scott-alldridge-1a976/ Learn more about your ad choices. Visit megaphone.fm/adchoices

I used to think "Always Be Closing" was outdated, sleazy sales advice, but I've completely changed my mind. In this video, I break down why ABC is actually the foundation of consultative selling for MSSPs and B2B sales. The truth is, every single step in your sales process—from discovery calls to assessments to proposals—should be designed with one goal: moving the deal forward and closing the sale. I'll show you the simple framework I use to redesign sales processes, explain why most salespeople are treating discovery and assessments like information gathering instead of closing opportunities, and reveal the biggest mistake I see during proposals that kills deals. If you're in MSP sales or any B2B selling, this reframe will change how you approach every interaction with prospects.//Welcome to Repeatable Revenue, hosted by strategic growth advisor , Ray J. Green.About Ray:→ Former Managing Director of National Small & Midsize Business at the U.S. Chamber of Commerce, where he doubled revenue per sale in fundraising, led the first increase in SMB membership, co-built a national Mid-Market sales channel, and more.→ Former CEO operator for several investor groups where he led turnarounds of recently acquired small businesses.→ Current founder of MSP Sales Partners, where we currently help IT companies scale sales: www.MSPSalesPartners.com→ Current Sales & Sales Management Expert in Residence at the world's largest IT business mastermind.→ Current Managing Partner of Repeatable Revenue Ventures, where we scale B2B companies we have equity in: www.RayJGreen.com//Follow Ray on:YouTube | LinkedIn | Facebook | Twitter | Instagram

Send us a textIn this episode of Joey Pinz Discipline Conversations, Joey sits down with Scott Fuhriman, cybersecurity veteran and leader at Inveri, live from the MSP Summit in Orlando.Scott shares his 25+ years of cybersecurity experience, explaining how Inveri's runtime integrity technology, born from NSA research, helps MSPs and MSSPs detect hidden in-memory attacks, rootkits, and advanced threats that traditional tools miss. He highlights why protecting this overlooked layer is crucial to preserving revenue, preventing churn, and maintaining customer trust.The conversation also touches on Scott's personal discipline journey — from starting as a young PC tech overwhelmed by information to building a career through self-study, mentorship, and consistency. He and Joey discuss how MSPs can choose the right vendors, strengthen their security stacks, and enable long-term resilience in a competitive market.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Bridging Military and Civilian Cybersecurity: Leadership, Skills, and Lifelong Learning with Christopher RossPub date: 2025-09-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with cybersecurity leader and National Guard threat hunt team lead Christopher Ross, diving into the real-world experiences that shape careers in the intersecting worlds of IT and OT security. Chris shares his 18-year journey from joining the military with a passion for computers to leading critical infrastructure cybersecurity efforts - both in uniform and in the private sector. Together, Aaron and Chris break down myths about gatekeeping, discuss the unique challenges of military versus civilian roles, and highlight lessons learned along the way. From imposter syndrome to servant leadership, the conversation unpacks how effective communication, continuous training, and the willingness to learn from failure fuel professional growth. Chris also reflects on how military training instills risk mitigation and teamwork, and how those skills can translate - and sometimes clash - with civilian cybersecurity cultures. They talk certifications, hands-on learning, the importance of meaningful tabletop exercises, and the evolving landscape as AI powers both attackers and defenders. Whether you're a veteran, a fresh analyst, or just passionate about cybersecurity, this honest and energetic exchange will leave you motivated to keep learning, keep growing, and keep protecting it all. So grab your energy drink and tune in for a conversation that proves everyone in cyber, no matter their path, has wisdom worth sharing.   Key Moments:  05:30 Military Adventures Surpass Civilian Opportunities 07:28 Military vs. Civilian Leadership Dynamics 10:42 Clarifying Civilian vs Military Missions 12:22 Leadership: Addressing Miscommunication & Misalignment 15:45 Toxic Leadership and Military Transition 20:01 Reliance on Tools vs. Core Skills 22:29 "Forgotten Skills Fade Over Time" 25:13 Boosting Confidence in New Roles 29:42 Interactive Training and Environmental Protection 32:37 Purple Teaming Strategy Insights 36:15 Persistence in Skill Development 39:04 Soft Skills Matter for Career Growth 42:44 "Technical & Business Acumen Fusion" 44:41 Military: Career Value and Benefits 48:09 "Cyber Education for K-12" Resources Mentioned :  https://www.ransomware.live/ comprehensive resource that tracks and monitors ransomware groups and their activities. https://ransomwhe.re/ tracks ransomware payments by collecting and analyzing cryptocurrency addresses associated with ransomware attacks.  https://www.ransom-db.com/ real-time ransomware tracking platform that collects, indexes, and centralizes information on ransomware groups and their victims.  About the Guest :  Christopher Ross is a veteran and cybersecurity leader with over 15 years of experience in Security Operations, Incident Response, and threat hunting across defense and fintech. A Chief Warrant Officer in the Army National Guard's Cyber Brigade, he has led blue and purple team operations, translating military discipline and teamwork into enterprise cyber defense strategies.   In his civilian career, Christopher has built and led SOC teams, integrated MSSPs, and driven automation to strengthen detection and response capabilities at organizations including MACOM, CFGI, Draper, and Abiomed. He holds a Master of Science in Information Security Engineering from the SANS Technology Institute and more than a dozen GIAC certifications. An Order of Thor recipient from the Military Cyber Professional Association.    Christopher is passionate about developing playbooks, advancing training pipelines, and mentoring the next generation of defenders. Sharing lessons from his veteran-to-cyber journey, practical insights on certification paths and ROI, and real-world stories from blue-team operations and purple-team collaboration.   Visit  https://public.milcyber.org/ The Military Cyber Professionals Association is the only U.S. military professional association with cyber at its core. It connects, supports, and elevates those who serve in or support the military cyber domain, while investing in future generations through education and mentorship. Connect Christopher : https://www.linkedin.com/in/christopheraross-ma/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

"The whole is far greater than the sum of the parts—especially when telcos and satellite operators work together." — Gareth Kentish, Alvatross In this episode of Technology Reseller News, Publisher Doug Green speaks with Gareth Kentish of Alvatross about how the company is enabling global connectivity through the convergence of terrestrial and satellite communications—powered by open standards, modular software, and strategic industry collaboration. Alvatross, a five-year-old startup backed by Spanish systems integrator Satec, blends the agility of a tech disruptor with the resources and telecom experience of an established player. Kentish explains that Alvatross' “Lego block” approach to operational support systems allows telcos and satellite operators to add, modify, and scale services without costly, monolithic system overhauls. A key focus is enabling hybrid terrestrial-satellite models to ensure continuity of communications—even in disaster scenarios—through projects such as TM Forum's “Tech for Good” Catalyst, which demonstrated how first responders could rapidly activate connectivity via a user-friendly marketplace. Kentish highlights several industry drivers: The growing importance of LEO satellite constellations and seamless integration with terrestrial networks Open digital architectures to reduce cost-to-serve and accelerate service innovation The role of AI in enhancing operations—provided operators first address data quality The need for collaboration to unlock opportunities across telecom and satellite ecosystems Looking ahead, Kentish sees major opportunities for MSPs, MSSPs, and service providers who embrace convergence, modularity, and partnerships. He emphasizes that success will depend not just on technology, but also on cultivating the right culture, collaboration, and consensus—both within companies and across the industry. To learn more, visit www.alvatross.io.

Why Exclusive Networks says modern cybersecurity requires more than “pick, pack, and ship” “We're not just a distributor. We're a channel services aggregator — an extension of our partners' businesses.” — Jason Beal, President, Americas, Exclusive Networks In this episode of Technology Reseller News, publisher Doug Green sits down with Jason Beal, President, Americas, and Andrew Warren, VP of Sales and Marketing, North America, to explore how Exclusive Networks is rewriting the rules of cybersecurity distribution in North America. More than just moving product, Exclusive Networks delivers white-glove service, certified expertise, and true channel partnership — simplifying cybersecurity sales and delivery for MSPs, MSSPs, and solution providers. With over 45 country operations and reach into 170 markets, the company now brings its global playbook to North America with fresh investments, expanded services, and a unique partner-first approach. Key Highlights from the Conversation: Partner Empathy as Philosophy Exclusive Networks builds programs around the real-world needs of partners — from helping an MSP with student-powered hiring programs to assisting with complex financing, logistics, and field deployment. From MSP to MSSP, Cyber Expertise at Every Step Whether you're a security-focused MSP or a fully-fledged MSSP, Exclusive offers domain expertise, hands-on technical support, and services like SASE implementation, firewall deployment, and SOC augmentation through its CloudRise acquisition. Training & Certification Simplified With global training centers and relationships with top vendors like Fortinet and Palo Alto Networks, Exclusive lowers the barrier for entry but offers high benefits for those who commit to deep certification and specialization. Demand Generation for End Users and Partners Exclusive not only helps vendors reach the market — it also helps partners generate demand directly from end users, creating new revenue opportunities across the lifecycle. A New Kind of Distributor Exclusive Networks calls itself a “channel services aggregator”, offering a full lifecycle of services — from sales support and technology enablement to post-sales adoption and renewals — redefining what a modern cybersecurity distributor should be. What's Next? Expect new vendor partnerships, expanded services, and continued investment in dedicated local support across the U.S. and Canada — all backed by the belief that “people still do business with people.” Learn more at: www.exclusive-networks.com

"Internet connectivity is no longer a nice-to-have—it's a have-to-have. Without it, your business stops." — Jake Jacoby, TELCLOUD In the latest episode of the POTS and Shots podcast series from TELCLOUD, Technology Reseller News Publisher Doug Green is joined by Jake Jacoby of TELCLOUD and Christian Hernandez, Customer Success Manager at ATEL, for a conversation that goes beyond POTS replacement—it's about next-generation connectivity and opportunity for resellers. As legacy copper lines continue to disappear, the pressure is on for MSPs, MSSPs, and telecom resellers to find reliable, scalable, and forward-looking solutions. According to Hernandez, that's exactly what ATEL is delivering. A U.S.-based OEM with a global backbone, ATEL has developed rugged 5G routers like the PW550, designed to meet the growing demands of modern connectivity—including the ability to move antennas up to 250 feet away from the telco room to achieve higher signal quality. Jacoby underscored why TELCLOUD partnered with ATEL: “We're done with LTE. 5G is the future. And it's not just about replacing a phone line—it's about building in redundancy and giving businesses the internet resilience they need to operate.” This podcast highlights why 2025 is shaping up to be the year of POTS replacement. TELCLOUD and ATEL are helping resellers modernize customer environments while keeping costs down and reliability up. And with TELCLOUD's full commitment to 5G and flexible outdoor/indoor router deployments, resellers have a real shot at transforming POTS into a growth engine. To celebrate, the crew closed out the episode with a taste of ATEL's own 20-year anniversary aged tequila—a smooth extra añejo with hints of bourbon, coffee, and chocolate. As Jacoby joked, “You can't buy this one on the street… you've got to come visit.” Learn more: ATEL TELCLOUD | 844-900-2270

"We're not just enabling secure outcomes — we're simplifying how partners deliver them." — Brian Feeney, VP of Global Partner Security Sales, Cisco At Cisco Live 2025 in San Diego, Technology Reseller News publisher Doug Green sat down with Brian Feeney, Vice President of Global Partner Security Sales at Cisco, to explore how the company is aligning security innovation with real-world partner needs in an era dominated by AI and complexity. Feeney, whose two-year-old role was created to consolidate and scale Cisco's global partner strategy for security, leads a team of over 260 professionals dedicated to helping Cisco's VARs, MSPs, MSSPs, cloud providers, and global partners navigate a rapidly evolving cybersecurity landscape. Cisco's Three-Pillar Security Strategy: Hybrid Mesh Firewall Universal ZTNA (Zero Trust Network Access) The SOC of the Future (with Splunk Integration) All three areas are now AI-infused by design, not bolted on — a shift exemplified by Cisco's autonomous firewall assistant, which reduces human effort while improving policy execution. Key Cisco Live Announcements: Free Splunk ingestion for Cisco firewall customers, addressing cost concerns and earning applause during the keynote. Streamlined portfolio: Cisco has consolidated 30+ point products into 3 strategic solution sets — user, breach, and cloud — dramatically simplifying the sales and adoption process for partners. Enhanced partner support tools like a “concierge deal registration desk” — offering one-click access to technical, sales, and promotional resources. “This isn't about selling more SKUs,” Feeney said. “It's about helping partners win with less complexity, more margin, and stronger customer outcomes.” Feeney emphasized Cisco's commitment to AI enablement, noting that while only 4% of enterprises are “AI-ready,” partner demand for both securing AI infrastructure and leveraging AI for defense is surging. Cisco is delivering: Expert-led deep dives for top AI-focused partners Scalable enablement through Talos threat intel, learning platforms, and continuous updates AI integrated throughout the security stack — from SOC automation to endpoint visibility The interview concluded with Feeney highlighting Cisco's investment in making security more accessible, operationally efficient, and partner-friendly, even for small or emerging partners. “We want to be the voice and the resource our security partners trust — not just with technology, but with outcomes.” To learn more, visit cisco.com/security.

In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security® (CIS®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution. Here are some highlights from our episode:00:40. Stephanie Gass, Sr. Director of Information Security at CISHow to start creating a policy and make it effective through implementation processesA transition to an approach integrating mappings for CIS security best practicesThe use of GenAI and security champions to make this transition04:08. Brad Bock, Director of Product Management at ChainguardBuilding and compiling security from the ground up in open-source container imagesTrusting pre-packaged software in an increasingly complex worldSupport of customer compliance with attestation, SBOMs, and vulnerability remediation07:43. Stephane Auger, Vice President Technologies and CISO at Équipe MicrofixCustomer awareness and other top challenges for MSPs and MSSPsThe use of case studies and referrals to communicate the importance of cybersecurityA growing emphasis on cyber risk insurance as media attention around breaches grows11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLCHow the CIS Critical Security Controls facilitates a consultative approach to customersThe importance of knowing where each company is in their use of GenAIMapping elements of a portfolio to CIS security best practices17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CISThe use of learning and research to investigate GenAI's utility for CISAn aspiration to scale efficiency and drive improvements with GenAI trainingA reminder to augment human thought, not replace it, with GenAIResourcesEpisode 63: Building Capability and Integration with SBOMsMapping and ComplianceCybersecurity for MSPs, MSSPs, & ConsultantsEpisode 130: The Story and Future of CIS Thought LeadershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

DORA, Risk, and Resilience: What Carriers, MSPs, and MSSPs Need to Know Now, "DORA, Risk, and Resilience: What Carriers, MSPs, and MSSPs Need to Know Now" “You can outsource the function — but you can never outsource the risk.” That's the stark reminder from Jenna Wells of Supply Wisdom, who joins Technology Reseller News Publisher Doug Green for a timely and wide-ranging conversation on the Digital Operational Resilience Act (DORA). Though it's an EU regulation, DORA's scope reaches far beyond Europe, impacting financial institutions, carriers, MSPs, MSSPs, and enterprises worldwide. Now in effect since January 2025, DORA requires firms to actively monitor and manage their third-party information and communications technology (ICT) providers — vendors that store, create, or share data. That's a tall order in a hyper-connected world where cloud services, telecom carriers, and AI infrastructure are interwoven into every business process. Wells explains that DORA compliance begins with full visibility into your outsourced ecosystem. Organizations must first identify their entire vendor population, then drill down to understand which of those suppliers are truly critical. From there, they must implement continuous monitoring — not just annual risk reviews — and prepare robust backup plans to ensure operational continuity if a vendor falters. The implications for carriers and MSPs are particularly acute. These organizations are linchpins of global communications and critical infrastructure — and often rely on their own layers of third-party vendors. Wells stresses that identifying service concentration risks, establishing redundancies, and planning for hot rollovers are essential steps to avoid costly downtime and regulatory exposure. Drawing on her experience managing third-party risk at Iron Mountain, Wells underscores how tools like Supply Wisdom can simplify the path to compliance. By automating risk monitoring and surfacing early warning signs of disruption, organizations not only stay ahead of regulation — they gain a powerful competitive edge. With enforcement timelines progressing, Wells offers a clear message: DORA compliance is no longer a future issue. It's here. And those who act now will be better protected, more resilient, and more trusted by their customers and partners. Learn more: https://www.supplywisdom.com

In this episode, Subo Guha, Vice President of Product Management at Stellar Cyber, shares how the company is reshaping cybersecurity operations for managed service providers (MSPs) and their customers. Stellar Cyber's mission is to simplify security without compromising depth—making advanced cybersecurity capabilities accessible to organizations without enterprise-level resources.Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint and network tools they already use—such as CrowdStrike or SentinelOne—without being locked into a single ecosystem. This flexibility proves especially valuable to MSSPs managing dozens or hundreds of customers with diverse toolsets, including those that have grown through acquisitions. The platform's modular sensor technology supports IT, OT, and hybrid environments, offering deep packet inspection, network detection, and even user behavior analytics to flag potential lateral movement or anomalous activity.One of the most compelling updates from the conversation is the introduction of their autonomous SOC capability. Subo emphasizes this is not about replacing humans but amplifying their efforts. The platform groups alerts into actionable cases, reducing noise and allowing analysts to respond faster. Built-in machine learning and threat intelligence feeds enrich data as it enters the system, helping determine if something is benign or a real threat.The episode also highlights new program launches like Infinity, which enhances business development and peer collaboration for MSSP partners, and their Cybersecurity Alliance, which deepens integration across a wide variety of security tools. These efforts reflect Stellar Cyber's strong commitment to ecosystem support and customer-centric growth.Subo closes by reinforcing the importance of scalability and affordability. Stellar Cyber offers a single platform with unified licensing to help MSSPs grow without adding complexity or cost. It's a clear statement: powerful security doesn't need to be out of reach for smaller teams or companies.This episode offers a practical view into what it takes to operationalize cybersecurity across diverse environments—and why automation with human collaboration is the path forward.Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, subo guha, xdr, mssp, cybersecurity, automation, soc, ai, ot, threat detection, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

 “We're turning a mandate into an operational advantage.” — Barbara Sharnak, SVP of Business Development, Relay In a wide-ranging conversation with Technology Reseller News publisher Doug Green, Barbara Sharnak, Senior Vice President of Business Development at Relay, outlines how the company is transforming frontline communication for industries that have traditionally relied on walkie-talkies and two-way radios. Relay replaces legacy radio systems with a cloud-connected platform designed for high-noise, high-mobility environments such as manufacturing, hospitality, education, healthcare, and logistics. “The legacy radio has been around for a reason,” says Sharnak, “but it hasn't evolved to meet the productivity and safety needs of today's frontline workers.” Unlike traditional devices, Relay's system unifies real-time voice, location tracking, text communication, and AI-powered features like Team Translate, which enables seamless multilingual communication across teams. Relay devices integrate cellular and Wi-Fi connectivity to deliver nationwide coverage without costly infrastructure upgrades. The hardware itself is rugged, waterproof, and designed for extended battery life — delivering up to 24 hours of uptime in even the most demanding environments. Sharnak highlights how Relay's panic alert system and precise indoor GPS capabilities have helped customers in hospitality and facilities management not only meet safety mandates but also improve operations. “We support over 5,000 properties,” she notes, “and for many of them, replacing radios with Relay has added value beyond compliance — driving analytics, workforce visibility, and improved morale.” With mobile apps, dashboards, and seamless integration across devices, Relay enables centralized control while keeping frontline teams hands-free and heads-up. The platform also opens doors for MSPs, MSSPs, and channel partners seeking new revenue streams through communication modernization. For more information, visit relaypro.com.