Skip to main content
MSP 1337

MSP 1337

By Chris Johnson

Educational sound bytes to help MSPs and their clients navigate Cyber Security. Cybersecurity maturity is a journey, don't go it alone. Interviews and guidance from fellow MSPs and other Industry experts.

Our goal is Secure Outcomes and together we can make a difference.
Listen on Spotify
Available on
Apple Podcasts Logo
Google Podcasts Logo
iHeartRadio Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

Do The Right Thing (see something, say something.)

MSP 1337Jun 08, 2022

00:00
38:49
Security Awareness and Skills Training

Security Awareness and Skills Training

If you are familiar with CIS v8 Top 18 then you might be comfortable talking about Security Awareness and Skills Training. I sit down with Jim Harryman of Kinetic Technology Group to talk about the Why and the Proof that ever solution provider should be considering in their own traning.

Mar 26, 202432:05
Fireside Chat CIS Control 12

Fireside Chat CIS Control 12

We are on Control 12 in our Fireside chat with Matt Lee and are digging into a control with only one IG1 safeguard and only one IG3 safeguard. Network Infrastructure comes with some rabbit holes and tangents, but I think you will find that this control is essential to most MSPs.

Mar 19, 202440:38
Parting ways with a client or prospect

Parting ways with a client or prospect

As an MSP, many decisions go into taking on a new client or getting rid of an existing one. I sit down with Charles Love of Showtech Solutions to discuss when the decisions are tied to cybersecurity and where one should consider drawing a line in the sand.

Mar 12, 202429:39
Vendor and Product Evaluation

Vendor and Product Evaluation

What does it look like to have an employee request approval for a specific tool? Do you have an evaluation process? What types of risks are introduced that you need to consider when evaluating a new vendor, product, or service? All of these questions and more are discussed with Chad Holstead of BKS Group.

Mar 05, 202438:02
Is Cyber Insurance Enough?

Is Cyber Insurance Enough?

When a vendor fills a gap in cyber, they deserve to be heard. I sat down with Nick Wolf of Cork to discuss the cyber insurance industry and the space they fill. I'd say Cork is to cyber insurance like Aflac is to Medical insurance. Join Nick and I as we navigate the challenges with questionnaires, insurance questionnaires, and all the crazy around insurance and coverage.

Feb 27, 202423:44
Fireside Chat: Control 11 Data Recovery

Fireside Chat: Control 11 Data Recovery

Storage costs are relatively cheap compared to the cost of storage, but one might say that data recovery is where most MSPs have been very successful. Years back, we were challenged with costs around storage and destination fees costs, so we had to be selective about what we backed up. In today's world, the cost of storage is relatively cheap in comparison, but so many new variables complicate this process. Listen to Matt Lee of Pax8 as we dive deep into CIS Control 11 Data Recovery and explore all five safeguards.

Feb 20, 202433:02
Data Protection

Data Protection

Data protection is tough when you don't know where your data is or who might have access to it. Join me as I sit down with Prandar Das, cofounder of Sotero, as we discuss the challenges and the opportunities that AI and LLM bring as we continue to look at better ways to protect data. Stick around for the four tips to follow on your own journey to protect your data.

Feb 13, 202433:52
Risk of Risky AI...

Risk of Risky AI...

How many buzzwords do we have in the MSP world? MSP, MSSP, Web 2.0, AI? At any rate, we now have AI as a buzzword to deal with. Kidding AI is a lot more than a buzzword. Join me as I discuss AI and the risks of AI with Jim Harryman of Kinetic Technology Group.

Feb 06, 202435:30
ToDo or not ToDo

ToDo or not ToDo

How we manage our time for a work life balance plays a role in how we work in both in our strategic and tactical workflow. I sit down with Jason Slagle of CNRW to discuss how important keeping track of what we do in a planner or in our PSA or other tools is critical when things happen. Evidence is hard to come by after the fact.

Jan 30, 202429:43
Selling Cybersecurity Services

Selling Cybersecurity Services

I have heard MSPs say, "we just eat the cost for some services." Whether they are services you have implemented internally are not, it doesn't mean you shouldn't sell those services. Liste to Bill Mulcahey of M6 Technology share his challenges and opportunities. Remember forward progress is good progress!

Jan 23, 202427:53
Fireside Chat - Control 9 Email & Web Browser Protections

Fireside Chat - Control 9 Email & Web Browser Protections

We have made it halfway through the CIS Top 18 and Matt Lee of Pax8 delivers again with a compelling argument for Control 9's demanding our undivided attention.

Jan 16, 202432:26
Hiring Security Resources

Hiring Security Resources

Hiring cybersecurity resources and the costs associated with it. What does the job description look like, and what are the responsibilities? Mike Stewart of Anchor Networks and I discuss the challenges and opportunities of hiring staff to help with cybersecurity.

Jan 09, 202430:47
Data Backup and Air gapped?

Data Backup and Air gapped?

I have had multiple conversations around backup vendors and the shift to solutions that are direct to cloud and other feature requirements that we didn't even consider 6-10 years ago. Remember the world before the data actors started doing data exfiltration. Join me with Matt Horning of Blue Tree Technology as we explore everything from the 3, 2, 1 and other backup models as well as airgapping.

Jan 02, 202438:56
2024 Outlook in Cyber

2024 Outlook in Cyber

As 2023 comes to a close and you I thought in traditional fashion, we share with you our outlook for 2024. Joshua Smith of Reliaquest and I have a few optimistic observations that might have been shadowed by some Sky Net references, but I think 2024 has a lot of potential. Enjoy the holidays and we will see you soon in 2024.

Dec 26, 202331:29
Fireside Chat - CIS Control 8 - Audit Logs

Fireside Chat - CIS Control 8 - Audit Logs

CJ and Matt Lee of Pax8 discuss control 8, which pertains to audit logs. Some of the safeguards are easy to satisfy... just turn the logging function on and set to 90 days. Others will require more effort but all are reasonable for MSPs to pull off.

Dec 19, 202339:57
2023 Look back in Cyber

2023 Look back in Cyber

From tools and breaches to LLM, IoT and OT we talk about it all. Where we have been and how far we have come with Charles Love of ShowTech Solutions, and Joshua Smith of Reliaquest.

Dec 12, 202329:36
My Cell Phone's Been Cloned

My Cell Phone's Been Cloned

We all know the dangers of connecting to Airport Wifi... Join Sarah Goffman and I as we discuss the dangers of connecting even your cellphone to public wifi.

Dec 05, 202329:22
Ideals vs Reality

Ideals vs Reality

What does future growth and sustainability look like in the MSP space? Acquisitions abound, SMBs and micro-SMBs bounce from one MSP to another... What is the future yield especially when we start discussing cybersecurity challenges and adopting even good cyber hygiene? I sit down with Eric Hanson of Inland Productivity to get his take on the future of client growth and where those net new clients might be. Whether with existing or new clients, they must recognize the need to improve their cybersecurity posture!

Nov 28, 202332:41
Fireside Chat - Control 07 Continuous Vulnerability Mgmt.

Fireside Chat - Control 07 Continuous Vulnerability Mgmt.

Deep dive into control 7 with some influences of other controls. We know that OS patch management, change management, Third Party App management and third party app patching aren't always prioritized the way it should be considering today's threat landscape. Matt Lee is on a pedestal on this control so stay tuned through the end as we run a bit long on this one.

Nov 21, 202343:42
ITN Connect Recap 2023

ITN Connect Recap 2023

I sat down with Matt Fisch of Fortmesa to discuss observations and highlights from ITN Connect. From new vendors in the pavilion tackling niche cybersecurity challenges to conversations with Solution providers that show our industry is maturing.

Nov 14, 202334:18
Business Email Compromise

Business Email Compromise

Maybe we have talked about this before? At any rate Business email compromise is a constant threat. We do Phishing simulations and other security awareness training to help our staff and clients make good choices, but we aren't always perfect. I sit down with Dan Gilligan with Integra MSP to hear his journey in dealing with this issue and the tools and training that have changed over the years to keep up with this evolving threat.

Nov 07, 202333:27
Insider Threats

Insider Threats

What are insider threats? Tim Schnurr and I discuss the importance of cybersecurity in protecting digital assets and preventing insider threats in organizations. There is a overwhelming need for employee education, the use of data classification tools, and the implementation of monitoring tools to track data flow. This is a great way to have open conversations with your employees and your clients as to why it is so important to think before you click on a link, hit send in an email, or download/upload files to file sharing sites etc.

Oct 31, 202340:06
Industry Conference Overload

Industry Conference Overload

Thinking back ten-plus years on the industry conferences we have attended in person and online. With vendor mergers and acquisitions it is hard to determine which shows you should still attend and every day it seems there is a new road show, quarterly show or another membership conference. How do you make decisions to attend what is relevant?

Oct 24, 202330:06
Fireside Chat - CIS Control 10 - Malware Defense

Fireside Chat - CIS Control 10 - Malware Defense

As we go through the CIS controls we try to stay in sequence but as a result of some discussions at recent events, we decided to jump to Malware Defenses. Hopefully, Matt Lee's insights and my humor will be enough for you to endure 30 minutes on what you should do in your journey to address Malware Defenses.

Oct 17, 202341:01
Getting an Assessment...

Getting an Assessment...

We talk about frameworks, compliance, cybersecurity, and many things in between but we haven't discussed getting assessed against a framework or even the new CompTIA Cybersecurity Trustmark. I sat down with Omer Kasim Aslim of Lake Ridge to discuss assessments. How the different frameworks, whether prescriptive or not, are often looking for compliance to protect a specific type of data and not an organization's overall security. We go through several scenarios and Omer offers many tips and best practices. Enjoy!

Oct 10, 202326:50
Should I Sell Compliance Services?

Should I Sell Compliance Services?

In recent years we have seen Solution Providers begin offering services that are showing a shift in our industry around our client and client prospect needs. Five years ago very few solution providers would be comfortable talking about risk registers, GRC tools, PoAMs, and take a leadership role with our clients. Joine me as I sit down with Chad Holstead of BKS Group to talk about challenges, risks, and opportunities for positioning compliance as a service.

Oct 03, 202331:40
CompTIA Cybersecurity Trustmark Progress

CompTIA Cybersecurity Trustmark Progress

From the trenches... I sit down with Jim Harryman of Kinetic Technology Group to discuss their progress through the new CompTIA Cybersecurity Trustmark. What are the significant challenges and what are the easy wins. A glipse into the journey that got Kinetic Technology Group to where they are today and preparing for their asessment at the end of the year.

Sep 26, 202333:53
Fireside Chat - CIS Control 6 Access Management

Fireside Chat - CIS Control 6 Access Management

Fireside chat with Matt Lee brings us control 6. Access Management goes hand in hand with Account Management but if you have been following along we coverd control 5 last month. Join Matt Lee and I as we deep dive into each safeguard and discuss what you should be doing and then mapping it to the safeguards we cover.

Sep 19, 202332:07
Do I know my assets (IoT, IIoT, and OT)?

Do I know my assets (IoT, IIoT, and OT)?

Each day we are bombarded by cybersecurity threats and this episode adds another vector you should be looking at as you address your asset inventory. Are you looking at the asset that controls your thermostat? How about the IP cameras you use to secure your office? These are just some of the many questions as I sit down with Huxley Barbee of Run Zero. It isn't all doom and gloom but the outlook is definitely scary if we don't start taking action to secure the devices that often are ignored or the responsibility and burden is assumed to be already handled.

Sep 12, 202334:18
Committing Fraud Through CMMC.

Committing Fraud Through CMMC.

There is no question that CMMC is here to stay. It is a much-needed maturity model for measuring companies that cater to the Defense space and are doing what is needed to protect Confidential Unclassified Information (CUI). I sit down with Adam Duman of Vanta to discuss frameworks, contracts, cybersecurity challenges, and how all of these things impact a company looking to keep or add contracts within the defense space.

Sep 05, 202333:54
Preparing For A Storm.

Preparing For A Storm.

In Cyber we often focus only on the events that come from the ether, the dark web, and we forget that disasters can come from all sorts of events. With a hurricane less than 24 hours from making landfall, I sit down with Charles Love of ShowTech Solutions to discuss their prep.

Aug 29, 202336:39
Was I a victim?

Was I a victim?

I am a big fan of Scott Augenbaum's book, "The Secret to Cybersecurity." Specifically, the 4 truths that we talk about with Tye Male, Senior Pastor of Wellspring church. Suspicious email, inconvenient timing, stress-inducing, and when it is all said and done... it has the potential to damage your reputation. Listen in to hear what Tye learned as it pertains to being vigilant and communicating the cyber dangers with friends and loved ones.

Aug 22, 202330:33
Fireside Chat - CIS Control 5 Hurdles

Fireside Chat - CIS Control 5 Hurdles

We are 1/3 of the way through the CIS Top 18 and I think Control 5 might be my favorite. Matt Lee joins me as we dive into all six safeguards and how important they are in the journey toward cyber resilience.

Aug 15, 202336:10
Cybersecurity for Big and Small MSPs

Cybersecurity for Big and Small MSPs

I remember the days when Joshua Smith and I decided we should build our own MSP. It was simpler times and Cybersecurity was defined largely by firewalls and antivirus. Today starting an MSP or even being a small MSP trying to get arms around cybersecurity is a daunting task. I discuss with Dor Eisner to talk about why he decided to build Guardz. Why the desire to focus on a solution for the smaller MSP and his overall look at the threat landscape. Together we can we can make it more difficult for the threat actors.

Aug 08, 202329:25
MSPs Need Compliance

MSPs Need Compliance

There are lots of frameworks to choose from and some are more complicated than others. What is important is that you use some set of controls/safeguards or standards that are measurable and can be aligned with. I sit down with Alex Spigel to talk bout her approach to compliance and how things like responsibility matrixes can help. We are at channelcon23 and I hope to see many of you in person.

Aug 01, 202323:45
Showing Evidence

Showing Evidence

Over the past few months we have spent time on policies, how to tackle controls and safeguards in CIS Top 18, and we have even pointed out cybersecurity areas that might be overlooked. In this episode, as we all look at maturing our cybersecurity practice we look at how one might show evidence to support all of the efforts in creating policies, processes, and procedures. Thanks to Chase Griffin for highlighting that sometimes you do need some tools.

Jul 25, 202331:20
Fireside Chat - CIS Control 4 Hurdles

Fireside Chat - CIS Control 4 Hurdles

It is the 3rd Tuesday of the month and it is time for Control 4 With Mat Lee. This is a shorter episode but we get it done and got great insights on how to go about addressing CIS Control 4.

Jul 19, 202325:54
Policy Creation Involves Everyone!

Policy Creation Involves Everyone!

Policies are the one thing no company wants to create but everyone has to have. We see them show up in employee handbooks, Written Information Security Plans (WISP), and System Security Plans (SSP), and there is no shortage coming from HR. In this episode, Charles Love of ShowTech Solutions, and I explore why policies should involve all staff. Either everyone gets it and acknowledges the need to follow them or they tend to not get followed at all.

Jul 04, 202338:02
Do You Know Who Your Users Are?

Do You Know Who Your Users Are?

I don't often have vendors as guests on the show and so when there is an exception made it is because they are bringing something to the table that is exceptional. Discussing Single Sign-on with Nick Wolf Of Evo Security is a topic that we have touched on before but never in the context of how it might help you address CIS controls or other challenges within your internal management of users or users client-facing.

Jun 27, 202327:44
Fireside Chat - CIS Control 3 Hurdles

Fireside Chat - CIS Control 3 Hurdles

A little Chutes and Ladders, a little Yellow Brick Road. In this episode, I think you will find that Data Protection is a rather complex beast but through the guidance of Matt Lee of Pax8 you will have the tools you need to better protect what is important to you and your clients.

Jun 20, 202341:14
Counterintelligence and TikTok

Counterintelligence and TikTok

This week we put a thought towards adding counterintelligence as something that should be part of your Business Continuity, Disaster Recover, and Incident Response. It makes sense when you hear what Darren Mott has to say. As a former FBI agent, his insights both from his time in the field and even now in his new role, are not to be missed. Why is TikTok bad? What are the personal risks that I am taking on by the decisions I make to use technologies like TikTok? What are the potential ramifications for me and my friends...? Not just today... what about 10 years from now?

Jun 13, 202339:03
Check Vendor's Security Posture

Check Vendor's Security Posture

After we did, "A Doozy of a Story." I was presented with this Gem. It almost feels like a perfect storm but in fact it is a legitimate business and as I discuss the details with Eric Hanson, I want you to think about CIS Control Service Provider Management and Software Management. It is easy to forget that our vendors don't always take a security-first approach.

Jun 06, 202332:40
Cyber Insurance Industry Maturation

Cyber Insurance Industry Maturation

When cybersecurity insurance first came on the scene it was a new frontier. Everyone seemed to be selling it and everyone seemed to qualify for it. That was then... Sitting down with Reid Wellock of FifthWall was an enlightening discussion of where the industry is at and hope for the future. There are several pointers in this episode and even a book recommendation.

May 30, 202322:52
Do I need a PenTest?

Do I need a PenTest?

What is a PenTest? What if I can't afford a PenTest? How is a pentest different from a vulnerability assessment? These questions and many more Matt Lang and I attempt to give some direction. Perhaps redefining what a pentest is will be our next endeavor.

May 23, 202336:09
Fireside Chat - CIS Control 2 Hurdles

Fireside Chat - CIS Control 2 Hurdles

Our first fireside chat was about Physical Assets and the hurdles or obstacles faced when trying to get a complete inventory. In this month's special edition, a fireside chat with Matt Lee, we are addressing control 2. This is a focus on really understanding and going about having a good handle on the software and operating systems. As always Matt has great insights and our conversation does drift a bit to other controls. Our hope is that this episode will help you build your foundation as you continue on your journey of Cybersecurity Maturity!

May 16, 202339:02
One Man Shop to CISSP...

One Man Shop to CISSP...

I love a good origin story. Sitting down with Matt Lang of SVAM International showed me just how alike many of our stories are. How we got started in IT, why we started an MSP, and in some cases why we became super passionate about educating our friends, peers and colleagues about Cybersecurity risks. Stick around to the end as Matt shares some great tips on getting more out of the CompTIA ISAO.

May 09, 202334:51
FTC Safeguard Rule and Opportunity

FTC Safeguard Rule and Opportunity

We are all too familiar with regulatory requirements and penalties for failing to comply. The FTC has put into effect June 9, 2023 requirements that will directly impact financial institutions. In this episode, we talk specifically about the impact this will have on the automotive industry, very specifically, car dealerships. I am joined this week by Jay Lamb of Core Plus discussing the impact of not properly protecting PII and the areas of focus are not limited to the following: Designate a qualified individual to oversee their information security program, Implement 2FA, Develop an IR plan and several other specifics that sound all too familiar.

May 02, 202331:06
A Doozie of a Story

A Doozie of a Story

Domain Registrations and an extra invoice that has a bit of sticker shock... This and more with Charles Love of ShowTech Solutions. We have talked about doom and gloom in the past but this story is one that I am already losing sleep over. I'd love to hear your thoughts on this one.

Apr 25, 202337:16
Fireside Chat - CIS Control 1 Hurdles

Fireside Chat - CIS Control 1 Hurdles

If you haven't met me, you know that my passion is to help others with improving their cybersecurity posture. In an effort to make a bigger impact, I have brought Matt Lee of Pax8 on to the show as a special guest to talk about the noise our MSP audience is dealing with. In this episode we talk about some of the challenges we have heard MSPs struggle with and we think this will help our friends and colleagues get past asset inventory in a meaningful way.

Apr 18, 202333:55
Suddenly Gone

Suddenly Gone

We are all to familiar with our own mortality. In this episode we talk about the scenarios that can arise when a key person in a company holds all of the keys and is suddenly taken from us. While there is some morbidity to this episode and it helps us tell the story, it should make you pause and consider what if a key person in the organization is just un reachable? Have you done a tabletop exercise? You don't want to miss out as Sarah Goffman paints a pretty painful picture that I am sure all of us would like to avoid.

Apr 11, 202328:01