MSP 1337

A fireside chat with George Bardissi of bVoIP and me at the 1Stream by bVoIP Partner Gathering. Mistakes we made, the challenges we overcame, and then we jump into some interesting questions ranging from AI and Insurance to the Cybersecurity Trustmark and how it benefits MSPs. This is a different format and was recorded with a live audience.

Sitting with Henry Tim of Tech Degenerates and Phantom Technology Solutions to talk about GRC platforms. What makes it a GRC platform? How important is a GRC in my MSP? These questions and several others are tackled, and I think we have found some answers.

There has been a lot of buzz over the last 12 months surrounding the use of GenAI. We are all familiar with the likes of ChatGPT, Perplexity, and others, but what is the real value of AI when used correctly? I sat down with Alex Heublein of NETSURIT to talk about how they take an approach with their clients that involves democratizing AI and automation.

With ITN Secure right around the corner, I sit down with Matt Topper of ConnectWise to talk about Community. What does it mean to share in a community? Matt Topper and others at ConnectWise are bringing the community to their partners. GTIA and Tech Degenerates... Whether you are in a community, peer group, or part of an association, this is for you. When multiple groups come together to share, everyone benefits.

Over the years industry events have evolved. I remember the earily 2000s and it was very partner focused, Community, Vendors shared their roadmaps and you heard directly from those that were running the inititiatives. Join me as Charles Love of ShowTech Solution and I look at the changes and how we are seeing a glimplse at a new future of smaller micro events and more community.

Remember the first time you implemented an RMM tool? Did you buy a tool at a show to take advantage of the show special? Charles Love of ShowTechsolutions and I will walk through the history of vendor shows and discuss how much has changed as we approach 2025.

Tools galore, shiny object syndrome, must there be a tool for that? Then we get caught up in our day-to-day, and perhaps we forget about a tool or a tool feature, and we begin looking to solve another challenge. I get to sit down with Augie Staab of TD Synnex. We have a great discussion around right sizing your tech stack as an MSP and what it means to partner and work with organizations like TD Synnex to help fill in areas of your own MSP where you might lack expertise or are taking on a new client that has unique needs you don't want to pass up.

How many videos and quizzes have you taken to show your skills at avoiding phishing emails and other types of Business Email Compromise? Have you been shamed or had to watch additional training videos? I know that in our world of email overload, it isn't a matter of if, it is a matter of when we might fall for one of the masterfully crafted phishing emails due to AI and other trickery. Join me as I discuss this and more with Craig Taylor of Cyberhoot.

I recently had a chance to chat with Robert Smith of Intellisystems on what it means to be an MSP in today's Threat Landscape. Gone are the days of installation, configuration, and watching. Today, it is patch, patch again, be proactive, investigate, and educate. It is a 24/7/365. Take a trip with us down memory lane as Robert sets us up for what it means to be an MSP today. Intellisystems finished going through the GTIA Cybersecurity Trustmark, which has played into their future strategy.

GRC Tools seem to be coming out of the woodwork continuously. A few of them have been finalists in ConnectWise PitchIt over the past few years, and they are all unique in their own way. Recently, GTIA announced the addition of ControlMap, ComplianceScorecard, Sure-Shield, and others coming in to host the Trustmark. I wanted to get some perspective on why it is so important for MSPs working on their own cybersecurity maturity to do so using a GRC Platform. Thanks to Matthew Fisch of FortMesa, I think you will get a clear picture of why.

Featured in Million Podcasts.

https://www.millionpodcasts.com/cyber-security-podcasts/

MSSPs in the Healthcare vertical face many challenges and opportunities. I sat down with Russell Teague of Fortified Health Security to discuss providing Cybersecurity services in the healthcare space and how it stands out from other verticals. If you are an MSP or MSSP, this is a great opportunity to further explore unique service offerings.

Navigating Frameworks and implementing the controls and safeguards within can be quite daunting. I sit down with Matt Lee to talk through the taxonomy project that so many have worked on and how it helps break down expectations so that one can be successful. Without visuals, as this is a podcast, join us as we try to articulate verbally what this all means.

Attending my first Communities and Councils Forums (CCF) under the new brand Global Technology Industria Association was easily the best ever. An annual event with polos and no logos. I sit down with Charles love of Showtech Solutions to go down memory lane and reflect on why CCF is so important to our Channel Community.

"If you want to go somewhere with like minded individuals and be involved in the industry that we've worked so hard to protect, then CCF is for you." - Charles J. Love

Cybersecurity doesn't happen overnight. It is a maturity process that often struggles with forward progress when the business core values are unclear or no longer aligned. I sit down with Jessica Millhiser of JMills Consulting to talk about the health of a business and the things that need to be in place for growth. We talk Policy, Process, and Procedures, and we cover the bases on good business books. Enjoy!

Human risk within any organization is often not given enough attention when it comes to monitoring and tracking the behavior of employees, such as phishing attempts, security training, etc. I sat down with Mathias Zeumer, North America Channel Manager at usecure, to talk about their approach to security awareness training, share a few horror stories, and discuss how vendors like usecure and others are starting to map their products/services to frameworks and having that checked or validated by an independent 3rd party.

If you are pursuing the GTIA Cybersecurity Trustmark, you will want to tune in. Matt Lee of Pax8 and I discuss the taxonomy and prompts that drive success in breaking down safeguards into actionable and obtainable tasks.

In recent weeks, we have seen the drama surrounding TicTok, Red Note, DeepSeek, and many other technologies that, in many cases, are used without any regard for the repercussions of using them for good or bad. I sit down with Charles Love of ShowTech Solutions to talk about where we are today after hearing his projections for 2025... is it too soon to check in? Then we suddenly found ourselves talking about the challenges of how AI, custom applications and perhaps what was once called shadow IT.

If you have ever worked with Construction Management, Manufacturing, Healthcare, and others where the technology that is in place is no longer supported. How do you help them move forward and when is it appropriate to continue to use legacy technology? Join me as I sit with Jeff Borello of Andromeda Technology Solutions to chat about successful approaches and knowing, in some cases, when to walk away.

Whether you travel domestically or internationally, there are things you can do to protect yourself. VPNs, Public Wi-Fi, and other considerations as you travel for work or life are some of the topics I discuss with my friend Clay Johnson. You might find that this episode is worth sharing with clients, friends, and family as we tackle security at a personal level.

So many words in the English language have more than one meaning. Some words are pronounced the same but are spelled differently. All of these are challenges in their own right, but what happens when you talk to someone who doesn't speak English as a first language? Now, take those challenges and apply them to cybersecurity. I sit down with Paul Croker of 18bit IT to talk about global cybersecurity threats and how the approach to addressing those threats might change based on which part of the world you are in.

Will 2025 be the year of natural selection for MSPs? I sit down with Matt Lee of Pax8 to chat about the cybersecurity picture for 2025 and it comes down to those that choose to make changes in their company to mature their cybersecurity posture and those that do not... Those that do not are the MSPs that use excuses like, I'm to small, We don't have time, Our clients won't pay, etc. Stay until the end to catch some of the foreshadowing of future fireside chats in 2025.

Actual compliance challenges in 2025 are heating up with clients now asking for evidence and proof on how their MSP is helping them meet certain safeguards for regulatory requirements and insurance. Join Josh Hohbein of CentrexIT and I as we discuss the opportunities and challenges surrounding compliance and roles and responsibilities pertaining to the role an MSP plays in helping their clients and themselves comply with frameworks and safeguards.

I had the opportunity to sit down with Jeff McCullough and Brad Reinboldt of NetAlly to find out what is new. Having spent many years with my trusty Link Sprinter, I was keen to hear what evolutions of products and services they might offer to help MSPs and MSSPs in troubleshooting networks, scanning for vulnerabilities, mapping to common frameworks, and documenting and tracking their findings are part of the new reality. I truly enjoyed the discussion around what it is that NetAlly does today and how far they have come over their 30-year journey.

Last week, we discussed the highs and lows of 2024. This week, we will examine what we expect or predict to see in 2025 and how it might impact us. Thanks again to Joshua Smith of Reliaquest and Charles Love of ShowTech Solutions for joining me and discussing the future and what is in store.

Every year, we reflect on the good and the bad. What might give us pause as we get ready for the new year? As we prepare to embrace 2025, I sit down with the former leadership team of Untangled Solutions. Joshua Smith and Charles Love take us through the highs and lows—a little something for everyone.

Matt Lee and I recap 2024 and the impact of Cybersecurity on the MSP community. We then look forward at what we might expect in 2025. This is an episode that will really get you thinking about your own cybersecurity posture as Matt drops some serious knowledge.

It's exciting times with Senteon. There is a big announcement, a discussion around endpoint hardening, and their roadmap for 2025. I hear firsthand from Henry and Zach about their adventures in bootstrapping Senteon to where they are today. This is an episode you don't want to miss.

Your employees might already use AI for either work or personal, but are you using it for your business? I sit down with Jimmy Hatzel of Hatz.ai to discuss the challenges and impact of AI and its usage to improve productivity and efficiency within your MSP.

With FFIEC retiring the CAT assessment in August 2025, it might seem daunting to consider other frameworks as a path forward. I sat down with Dan Sitton of Guardian Technology Group to discuss his background in working with banks and some suggestions for the future.

The Last Control Domain discussed on the fireside chat is Physical and Environmental Security. This domain was taken directly from the CompTIA Cybersecurity Trustmark, and while it wasn't done in sequence like the majority of the domains, it is not a result of it being overlooked. However, many MSPs often fail to give much attention to it. Join Matt Lee and me as we walk through the 16 safeguards.

Whether you are aligning your cybersecurity to CIS Top 18, the Cybersecurity Trustmark, or any of the many other frameworks, you are bound to get stuck in an attempt to achieve perfection. I sit down with Charles Love of Showtech Solutions to tackle the challenges of progress in the face of paralysis. Stay to the end to get the Ten Commandments of Framework Implementation.

Many of us remember the days of trying to recover data off of a physically damaged drive, human error of deleted files, and many other scenarios. I sit down with Sarah Farrell and Andy Maus of Drive Savers to debunk a few myths around drive recovery and many new technologies developed to recover data that seem near impossible to save.

As we wrap up Cybersecurity Month, I had a chance to sit down with Wayne Selk, VP of CompTIA Cybersecurity Programs and Executive Director of CompTIA ISAO, to discuss Risk Management and its role in cybersecurity—flashback to the late 90s and the changes we have seen that bring us to today.

We have discussed what happens when a vendor is just gone. What happens when a vendor has an outage or some business disruption? Do you jump to another vendor? Do you plan to weather the storm, or do you pivot? Eric Hanson of Inland Productivity Solutions and I sit down and discuss the challenges faced with business disruptions and failures that might require a pivot... Then again, they might not.

What is your company's will? This Fireside Chat with Matt Lee tackles the Acceptable Use Policy, Written information security plan, Roles, and responsibilities. Please give us feedback, as we have a pretty healthy disagreement on a few items and are hoping that you, the listener, can help us find a new path forward.

From CompTIA MSP Community to the larger IT Community at large. Dawn Sizer of 3rd Element Consulting and Henry Timm of Phantom Technology Solutions are great CompTIA community members who volunteer their time for not just CompTIA but other great communities that make us all better together. This is a great conversation around what is available to you both from networking and education down to tools and resources that can help you get involved and improve your cybersecurity posture.

Talking about risk shouldn't be difficult, but it is as I sit down with Peter Maynard of SMB1001. There are so many challenges in cybersecurity, but sometimes we need to look through the lens of risk. SMBs worldwide will soon be asking their MSPs about how they can help them align their cybersecurity posture with a set of safeguards that will complement what MSPs pursuing the CompTIA Cybersecurity Trustmark can manage or support for their new or existing clients.

Most technological advancements in IT or OT are made with the best of intentions. What happens when the technology you have acquired causes unintended consequences? I sit down with Ryan Morris of Morris Management Partners to discuss what he sees in the world of OT and the opportunities for existing and prospective clients.

Control 18 has only five safeguards, yet you can spend an entire year preparing for it. Matt Lee of Pax8 and I will help you understand each safeguard and the importance of getting this right and the pitfalls to avoid.

Don't Forget about VoIP as you onboard new clients or even with existing clients. There are significant risks in not including some level of management of the VoIP system or providing some support when there are issues on the network. I sit down with Alec Stanners of bVoIP to talk a bit about the history of VoIP solutions and the challenges we faced in the early days versus the cybersecurity challenges MSPs face today.

Each of the items in the title are titles for show episodes dating all the way back to the beginning of 2020. They have made the top 10 playbacks for all time. I sit down with Chad Holstead of the BKS Team to talk through current trends and challenges related to these five.

We take a moment to remember where we were as an MSP. Joshua Smith of Reliaquest and Charles Love of ShowTech Solutions and I reflect on the technologies and challenges we faced more than eight years ago and then look at what has changed since.

Last week we talked about playbooks and runbooks... This week we are back in the CIS Top 18 controls, #17 and while the timing might be coincidental it is a perfect fit. What we have learned going through the first 16 controls to get to here. Listen to Matt Lee of Pax8 unpack the safeguards and perhaps here a bit of a tussle as we grapple with Yellow Brick Road or Wizard of OZ... you decide!

What happens if your RMM goes down and doesn't come back? We sit down with Mike Stewart of Anchor Networks and Charles Love of ShowTech Solutions to get their take on the importance of Runbooks. By the way, they were at a peer group and brought this up. Let's just say those who sleep alone at night are always looking for friends to share their no-sleep drama.

I always like to catch one or two attendees of an event after they get home to see what did they come away with. I spoke with Jim Harryman of Kinetic Technology Group to get his reaction on an event that he has now attended for the third year in a row. If you weren't at Channelcon24 I hope this gives you some FOMO and that we will see you at CCF and ChannelCon 2025.

The demand for cyber soldiers is always on the rise. We look at the challenges of protecting Critical Infrastructure and that while there is a lot of Doom and Gloom... there is hope. I sit down with Chris Storey of Qriar to discuss the importance of Incident response planning and how the right plan and some education might actually create a tipping point!

Using a framework to find gaps in your organization is a great way to improve your security posture. Have you thought about using the same framework with your clients? I think you find this discussion with Jim Harryman of Kinetic Technology Group a real eye-opener to the opportunities you have to reduce risk within your own company and that of your clients.

We are finally talking about Application Software Security with Matt Lee of Pax8. We went deep on a few safeguards and found some tangents.

We have all configured Email automation at some point and we often use systems and tools that automate email notifications with actions or instructions. With that being said, how often do we check in on the recipient as to whether or not the action and instructions are being followed. Listen to Charles Love of ShowTech Solutions share his experience and resolution when it comes to email automation as it pertains to Security Awareness Training.