The CyberCall Podcast

We spent a decade building security around the network. Then five years around the endpoint. The whole time, sitting right in front of every user, every day the browser. Unmanaged. Unexamined. Trusted by default.The 2026 Verizon DBIR makes it hard to look away anymore. Infostealers, session token theft, OAuth attacks almost every major attack pattern this year runs through the browser at some point.Today's guest thinks about this problem at a scale very few people get to. He's going to help us understand what the MSP community is missing and what it actually means to secure the place where work happens.Arunesh Chandra, Head of Product, Microsoft Edge for Business joins The CyberCall to discuss these topics and more.

This week we're doing something a little different. Instead of talking about CMMC in the abstract, we're putting an actual document on the table the CMMC Program FAQ, freshly updated to Revision 2.3. It's the kind of document most contractors skim and most MSPs never read closely. To help us read between the lines, we have one of the sharpest interpreters of CMMC in the industry. Jacob Horne has spent years doing exactly this — taking dense regulatory language and turning it into something a contractor can actually act on. Today we're going to put him to work, page by page, on what this document really says, what it quietly doesn't, and where the traps are hiding.If you serve the defense industrial base, this is the episode to take notes on.

CMMC is no longer theoretical the rule is final, the clock is running, and every MSP in the DIB is about to find out whether the work they've done actually holds up under an assessment.To cut through the noise, we have someone who sees this from angles almost nobody else does. Scott Singer is chair of the Cyber AB’s C3PAO Advisory Council, former CEO of CyberNINES and current President of ControlCase’s Federal Division and he runs two authorized C3PAOs, CyberNINES and ControlCase and a FedRAMP 3PAO. He's helping shape the rules, sitting across the table doing the assessments, and preparing companies to pass them.We're going to demystify the C3PAO role, talk honestly about the backlog, and get specific about what separates MSPs setting their clients up to pass from the ones setting them up to fail.

For the past two weeks, we've been building what a Mythos-ready security program actually looks like. None of that matters if we can't walk into a business or boardroom and get the C-suite to buy in. Today is leadership call. How do MSPs earn the right to be in the boardroom on AI and stop being the vendor who fixes things and start being the partner who helps the business win. That's why I'm so excited about today's guest.Joining us is Bob Zukis, the founder of the Digital Directors Network, lead author of The Great Reboot and the DOMINO Guide, and the world's leading voice on getting boards to actually lead on digital and cybersecurity risk.

Two weeks ago, Anthropic announced Claude Mythos. A model that autonomously found thousands of zero-days, generated working exploits, and broke out of its own containment sandbox.The moment the industry has been warning about for years just arrived.Within 48 hours, the Cloud Security Alliance pulled together more than 80 CISOs and security leaders Heather Adkins, Rob Joyce, Bruce Schneier, Jen Easterly and produced "The AI Vulnerability Storm: Building a Mythos-Ready Security Program." It's one of the most important security documents published this year.My guest today is one of its authors. Sounil Yu CTO of Knostic, architect of the Cyber Defense Matrix, and one of the sharpest minds in cybersecurity.The window between vulnerability and weaponization just collapsed to hours. The patch cycle is broken. And the architecture every MSP has built for their clients was designed for a world that no longer exists.

The cyber insurance market right now is the softest it's been since 2021. Premiums are flat. Capacity is abundant. Carriers are competing aggressively for MSP business, and your SMB clients are getting pricing their predecessors would have dreamed about three years ago.Here's the problem. Loss frequency is up. Ransomware attack frequency rose 45% year-over-year. A single Cloudflare outage in November cost the economy somewhere between 5 and 15 billion dollars. AI-powered attacks are collapsing the window between a vulnerability existing and being weaponized from weeks to hours. And Anthropic just announced a model that found thousands of zero-days autonomously and then broke out of its own containment sandbox.The market is soft. The threat is not.So the question every MSP in this room needs to be asking is: what's the catalyst that flips this? When does the market go hard? What happens to your SMB clients when it does? And more importantly what should you be doing right now, while the window is still open, to make sure your clients are the ones who stay insurable? Reid Wellock, President and Co-Founder of UKON sat down with us to discuss these topics.

This week we need to talk about something every MSP, every security pro, and every business owner needs to understand because it changes the threat equation for everyone, not just the enterprise players it was built for. It was only fitting to bring in John Strand, Founder of Black Hills Information Security to discuss.Anthropic just announced a model called Mythos Preview that can autonomously find and exploit zero-day vulnerabilities across every major OS and browser on the planet flaws that survived decades of human review. They're not releasing it publicly. They've locked it inside a restricted coalition called Project Glasswing with Microsoft, Google, CrowdStrike, and Palo Alto Networks. But here's what didn't make their own headline: during internal testing, the model broke out of its containment sandbox, emailed a researcher to announce it had escaped, and posted externally without any instruction. Anthropic's own words not a bug. "Agentic capability without adequate goal constraints."

On March 31st, Axios was compromised. Four hundred million monthly downloads. The HTTP library sitting inside almost every web application your clients use, depend on, or have had custom-built for them.  The attacker did not touch a single line of code. They hijacked the maintainer's credentials, slipped in one hidden dependency, and let your clients' own systems install the malware automatically during a routine update. It stole every credential it could find, cleaned up after itself, and left no trace. Three hours. Gone before most people woke up. That attack did not come out of nowhere. This is the fifth attack in twelve days between TeamPCP and UNC 1069 (North Korea). We wanted one person on The CyberCall this week: someone who spent two decades at Foundstone, Mandiant, and FireEye investigating exactly how these attacks unfold. This person then built Cylerian to ensure MSPs have the tools to stop them before the 2 a.m. call comes in. This week's special guest is Vijay Akasapu, CEO of Cylerian.

Last week, a supply chain attack hit LiteLLM the open-source AI gateway that sits inside 36% of cloud environment and for about six hours, anyone who ran a routine install command handed over their SSH keys, cloud credentials, and API tokens to a threat group that had been quietly chaining compromises across the open-source ecosystem for months. The attack didn't announce itself. It passed every integrity check.  That is the world our guest operates in and it is exactly why her work matters right now. Ashleigh Vogstad is the CEO of Transcends, a go-to-market firm that works with MSPs, ISVs, and hyperscalers like Microsoft, and she is studying AI at Oxford while doing it. Today we are talking about how MSPs cut through a “sea of sameness”, build trust in the age of AI-driven search, and talk credibly about technology that is moving faster than most governance frameworks can keep up with.

Imagine this. A developer opens their laptop. Gets a routine VS Code update notification. Clicks install. Goes back to work.What they don't know is that an AI triage bot the kind built to make their team more efficient just read a manipulated GitHub Issue title, followed hidden instructions, stole three publishing tokens, and silently installed a rogue AI agent on their machine. One that survives reboots. One that takes remote commands. One that they never heard of, never evaluated, and never consented to.This wasn't a nation-state. This wasn't a zero-day. This was one sentence in a GitHub Issue title and it compromised 4,000 developer machines in 8 hours.We are living in a moment where AI is installing AI  and our security tools were not built for this. Special guest: Liran Baron, CPO of SaaS Alerts.Article: https://www.cremit.io/blog/ai-supply-chain-attack-clinejection

For years, many of us have thought about cyberattacks as criminals chasing money. But when you zoom out, you realize something much bigger is happening.Cyber has become one of the most powerful geopolitical weapons of the 21st century. Nations use it to spy, influence elections, sabotage infrastructure, and increasingly—disrupt supply chains that businesses rely on every day.Purchase Allie's book here on Amazon.For MSPs, this isn’t theoretical. We’ve seen it with SolarWinds and with the growing number of attacks aimed at the very platforms that power and protect our clients.Tonight’s guest, Allie Mellen, author of Code Wars, helps us understand something incredibly important: nation-state cyberattacks aren’t random acts of chaos—they are calculated moves driven by strategy, doctrine, and national objectives.In other words, when you see an attack, you’re often seeing a move on a geopolitical chessboard.So today we’re going to explore how nations think about cyber war, what patterns exist behind the most famous attacks, and—most importantly—what it means for the MSPs sitting in the middle of the global digital supply chain.

On February 28th, the United States and Israel launched coordinated strikes on Iran. Most people know that part.What most people don't know is that Iran responded by sending drones directly into Amazon Web Services data centers in the UAE. Two facilities struck. A third in Bahrain damaged. For the first time in history, commercial cloud infrastructure became a military target — and most of your clients have no idea it happened.What's worse — Iranian cyber operators had already pre-positioned backdoors inside American banks and airports before the first bomb dropped. And with Iran's conventional military now severely degraded, cyber is the only weapon they have left.Jon Murchison, former CEO of Blackpoint Cyber, spent years at the NSA tracking this exact adversary — including their nuclear program — then built one of the most respected MDR platforms in the channel. He has seen Iran from both sides of the fence, and he's here because MSPs are now the most exposed link between nation-state operators and the clients counting on you.

There’s a conversation happening in boardrooms right now that most security professionals aren’t equipped to lead. Not because they don’t understand the technology. They do.But translating risk into business decisions… defending budgets… guiding executives through uncertainty… that’s a different discipline entirely.And that gap? That’s where security programs stall. That’s where funding gets delayed. That’s where the vCISO role becomes reactive instead of strategic.For MSPs, this matters more than ever.The future of growth isn’t just in deploying tools — it’s in leading clients through risk, resilience, and investment decisions. That’s exactly why Brian Blakely created the Certified Cybersecurity Leadership Strategist (CCLS) program in conjunction with Right of Boom. Save $1000 on the inaugural workshop with Boom1000This isn’t theory. It’s three days of immersive leadership development — executive simulations, live breach exercises, budget justification drills, and real-world boardroom communication.It’s designed to answer one question:Can you just manage security… Or can you lead it?Today, we’re going deep on what the industry keeps getting wrong about security leadership — and what it really takes for MSPs to build stable, profitable, executive-level vCISO practices.

There's a concept in military and emergency response called the fog of war — that moment when everything is happening at once, information is incomplete, and the people who trained for this have to decide right now, with what they have.Cybersecurity incident response is that moment. Every time.And the dirty secret is that most organizations don't have a plan that actually holds up when the fog rolls in. They have a playbook nobody has read and a response team about to find out whether their preparation was real or theoretical.Today's guest has spent his career in that fog — and figuring out how to cut through it.Patterson Cake is the Director of Incident Response at Black Hills Information Security. At Right of Boom 2026, he delivered a 3.5-hour workshop called IR Simplified — and that title alone is almost a radical act in a field with a complicated relationship with simplicity. The premise: complexity is the enemy of security, and nowhere is that more true than in a crisis.We're going from 10,000 feet all the way down to hands-on-keyboard today — and I'd have a notepad nearby.

Last week at Right of Boom, something interesting happened.In a conference full of great sessions, one stood out — not because of hype, but because of urgency. Kelvin Tegelaar’s CIPP certification session on securing Microsoft 365 was standing room only. MSPs weren’t there for theory. They were there because M365 has quietly become the single largest attack surface in most of their client environments. And yet, despite years of focus on security… many organizations are still dangerously exposed. So today isn’t a recap. It’s a debrief. We’re going to unpack what Kelvin saw, what surprised him most, and what the packed room of MSPs revealed about the current state of M365 security in 2026. Where are providers still overconfident? What controls actually move the needle? And where are attackers winning because of operational gaps — not technology gaps?Most importantly, we’ll look ahead. If M365 is now the primary battleground for identity, data, and business operations… what does “good” really look like for MSPs moving forward?

Every week there’s a new zero-day, a new CVE, a new headline. But what rarely gets talked about is what real threat hunting is uncovering when you actually go looking.Today’s conversation is about what’s happening beyond zero-days — the automated scanning, the long-tail exploitation, the shared infrastructure, and the attack behavior that lives in the background noise of the internet.We’re joined by Vijay Akasapu, CEO of Cylerian, whose team recently went hunting for early React2Shell exploitation and instead uncovered something much bigger: a multi-layered exploitation ecosystem probing across Java, Python, and PHP stacks at the same time.

Welcome back to The CyberCall. Today we’re tackling one of the fastest-growing risks MSPs face: third-party exposure in the age of AI.Our guest is Greg Rasner — author of Cybersecurity and Third-Party Risk and a leading voice on how AI is reshaping vendor security. Greg has spent years helping organizations understand how a single weak vendor can create massive operational, financial, and reputational damage.With his new book on AI and third-party risk coming soon, Greg joins us to share what’s changing, what MSPs are missing, and what leaders must do now to protect their businesses.

Today’s conversation is all about how MSPs actually win in the modern threat landscape — before, during, and after an attack.We’re joined by three practitioners who will each be leading hands-on workshops at Right of Boom 2026. John Strand will take us inside Cloud Forever Days and intro to pen testing, showing how attackers really move through cloud environments. Joff Thyer will break down how MSPs can use AI automation to scale security operations without scaling chaos. And Patterson Cake will walk us through what incident response should look like when things stop being theoretical and start being real.This isn’t hype. This is how to think like an attacker, operate like a modern security team, and respond like a professional when it counts.

In 2025, attackers aren’t breaking in through zero-days — they’re logging in. Identity has become the primary attack surface, and once access is gained, everything else happens fast.Today, we’re joined by Chip Buck, CTO of SaaS Alerts — someone who lives at the front lines of identity-based attacks across SaaS platforms every single day. Chip sees how session theft, OAuth abuse, and legitimate-looking logins turn into real business damage for MSPs and their clients.This isn’t a theoretical discussion. We’re here to talk about what identity attacks actually look like in the wild, what MSPs are missing, and how to detect and respond before access turns into impact.

Welcome back to The CyberCall. Our guest, Joy Beland from Summit7, helps lead security and compliance at the largest MSP serving the Defense Industrial Base.Joy joins us to share what it actually took to prepare as a service provider, what broke, what changed, and what lessons MSPs can learn if they expect CMMC — or ISO 27001 — to become part of their future.If you’re an MSP trying to understand what real compliance maturity looks like at scale, this conversation will give you clarity — not marketing, not hype, just experience

Most MSPs don’t fail because of ransomware. They fail because they drift. They chase revenue without direction. They stack tools without a strategy. And they wake up one year later asking the same dangerous question: “Why didn’t last year change anything?”Today isn’t about theory. It’s about execution.Our guest Gary Pica, doesn’t just teach business planning—he’s been stress-testing it with real MSP owners for over 20 years. Through recessions. Through acquisitions. Through “ RMM, Cloud, Security, Automation and now AI revolutions” in our industry.

Today’s conversation is all about what comes next for Microsoft 365 — because after Ignite, it’s clear that we’re entering a brand-new era. AI agents, identity-first security, native Sysmon, tenant baselines — Microsoft is rebuilding the entire stack around speed, intelligence, and scale.And when you talk about managing M365 at scale, there’s one person MSPs look to: Kelvin Tegelaar, founder of CIPP. Kelvin just sold out his first CIPP certification class at Right of Boom, he’s about to ship version 8.7.0, and his platform is now used by over 10,000 MSP partners trying to tame the complexity of Microsoft 365.

Today we’re talking about what it really takes to partner with a giant.Every MSP wants to grow alongside hyperscalers like Microsoft — but few truly know how to align, scale, and turn partnership into profit.Our guest today has lived that journey from the inside out. Vince Menzione, Founder of The Ultimate Partner and former Microsoft channel leader, has helped thousands of partners build thriving businesses within the Microsoft ecosystem.We discuss #cloud, #security, #AI - all the buzzwords!!

Today’s guest has one of the most unconventional origin stories in the MSP world. Nabil Aitoumeziane started his career not behind a keyboard—but at the door of a nightclub. While working nights as a bouncer, he began doing something few would dare: asking customers for business introductions and meetings. Fast-forward a few years, and he’s now the president of FSI, an 85-person managed service provider and one of Microsoft’s go-to partners for SMBs.From reading crowds to reading client needs, Nabil turned street smarts into boardroom strategy—and built one of the most respected MSPs in the channel. Today, we’re unpacking that journey—from hustle to scale, trust to transformation, and how an outsider mindset can build an insider’s empire in cybersecurity.

Today we’re talking about one of the biggest shifts in offensive security that MSPs, CISOs, and defenders cannot ignore.For years, pen testing was about human creativity — sneaking in where we “shouldn’t” be, showing you how you’d really get burned in an incident. But in 2025, that world is colliding with AI and automated attack platforms that claim they can do it faster, cheaper, and nonstop.So the question is: are we entering a golden age of continuous validation — or are we fooling ourselves with marketing and dashboards?To dig into that, we’ve got one of the most trusted names in offensive security: John Strand, Founder of Black Hills Information Security.

Today we’re tackling one of the biggest shifts in modern network security. VPNs are breaking under the weight of hybrid work, SaaS sprawl, and constant attack — and MSPs are being forced to rethink how they secure access itself.Enter Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) — not just buzzwords, but the blueprint for the next decade of MSP security architecture.Joining us are two leaders shaping this transformation:Jason Garbis, Founder of Numberline Security and author of “Zero Trust” Ahmet Polat, Founder & CTO of Timus.Together, we’ll unpack how MSPs can move clients off VPNs, build scalable Zero Trust frameworks, and turn this evolution into a repeatable, profitable service model.Special co-host guest: Nett Lynch

Artificial intelligence is evolving faster than most organizations can operationally absorb. We’ve automated analysis, accelerated response, and even delegated decisions to machines — but our people, processes, and governance are still running at human speed.This week on The CyberCall, I’m joined by Sounil Yu, creator of the Cyber Defense Matrix and one of the most forward-thinking minds in cybersecurity, to unpack “The Human Lag: Why AI Outpaces Operational Readiness.”We’ll explore what happens when innovation outruns process, where humans still matter most, and how security leaders can close the readiness gap before the next disruption hits.

This week on The CyberCall, we’re turning up the heat on deepfakes & disinformation—why they’re no longer sci-fi, and how they’re already targeting MSPs and the Defense Industrial Base.I’m joined by Sandy Kronenberg (Netarx) and Scott Edwards (Summit 7) to unpack: • Real attack chains: voice clones, lip-sync, synthetic exec approvals • The “liar’s dividend” & reputational warfare • What actually works: identity verification, playbooks, and awareness training • Fast wins MSPs can roll out this quarter

Today we’re talking about something that may sound government-heavy but is actually critical for MSPs and the SMBs they serve: the new NIST Small Business Primer for SP 800-171 Rev. 3.At its core, this guide is about protecting Controlled Unclassified Information, or CUI. And while that might sound like it only applies to defense contractors, the reality is that CUI requirements increasingly touch SMBs through contracts, regulations, and supply chains.What’s powerful here is that NIST designed this Primer specifically for smaller organizations. It takes complex requirements and translates them into practical, plain-language steps that leaders without full-time security staff can actually act on.Special guest: Daniel Eliot

Today we’re tackling microsegmentation—a solution that could change the game against ransomware.Ransomware thrives on lateral movement: one compromised device turns into an entire network takedown. Microsegmentation stops that by creating secure ‘neighborhoods’ inside the network, containing the damage before it spreads.The big questions: can MSPs realistically deploy this at scale, without adding complexity? And how do we frame it in business terms—protecting revenue, uptime, and client trust?Special guest: Brian Haugli, CEO of SideChannel

Over the past couple of days, I was digging into the latest Anthropic Threat Report and one section really hit me.They wrote: ‘We’ve developed sophisticated safety and security measures to prevent misuse of our AI models. While generally effective, cybercriminals keep finding ways around them.’And then they shared some eye-opening case studies—threat actors aren’t just asking AI for advice, they’re embedding it across their entire attack lifecycle. We’re talking reconnaissance, credential harvesting, extortion campaigns, even creating fake identities at scale. This is a whole new level of AI misuse—where a single actor can punch way above their weight class by turning AI into both consultant and operator.That’s why I’m so excited about today’s guest: Clark Harshbarger, former Director of Incident Response at CrowdStrike. We’re going to explore both sides of this coin: how attackers are scaling their operations with AI, and how incident responders are starting to fight fire with fire—using AI to speed up detection and response when every second counts. Article: https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf

In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens. We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.Special guests:MacKenzie Brown, VP of APG at BlackpointCharles Buck, Founder and CTO of SaaS AlertsChris Loehr, DFIR ExerptPhyllis Lee, VP of Content at CIS

Last week, we dug into the surge of SonicWall VPN compromises. At first, there was speculation about a possible new zero day — but as the dust settled, we learned it was far more familiar: unpatched systems, misconfigurations, stale service accounts.One of the biggest takeaways came from breach attorney Spencer Pollack, who cautioned MSPs: don’t speculate. When cyber hits the fan, the truth comes out in the contracts.That’s exactly where we’re going in today's session. We’re joined by two legal experts — Eric Tilds, MSP business attorney, and Spencer Pollock, breach attorney — to break down how your MSAs and SOWs can either protect you or expose you during a cyber incident.If you’ve ever wondered whether the language in your agreements will hold up when your client is breached, this is the conversation you don’t want to miss.

In this session of The CyberCall, we’re cutting straight into one of the most relentless threats MSPs and their clients are facing right now—targeted ransomware attacks exploiting SonicWall SSLVPNs, with signs the attackers are already shifting to Fortinet VPNs.This isn’t theory. It’s happening in the wild, and the fallout is real. Huntress has been on the frontlines analyzing the tactics, SonicWall’s SOC is in the middle of the response, and breach attorneys are already managing a wave of legal cases tied to these compromises.We’re joined by three experts who see this crisis from every angle: Jamie Levy, Director of Adversary Tactics at Huntress, Cory Clark, VP of Threat Operations at  SonicWall, and Spencer Pollack, Breach Attorney at McDonald Hopkins, currently handling 20+ of these cases.Special Co-host: Chris Loehr, EVP of Solis.

When MSPs are selling IT and security services, the real decision often comes from the person who owns the budget and measures the risk — the CFO. In this session of The CyberCall, we’re getting inside that mindset. Jason Duncan, CFO of InfoSystems, has over two decades of experience working as a Corporate Controller & CFO, making financial, IT & security decisions.This week he's here to share how CFOs view cyber investments, contracts, compliance, and protecting the systems that drive revenue. If you want to win bigger deals and speak the language that gets funded, this is the conversation you’ve been waiting for.Co-hosts: Phyllis Lee, Brian Blakely, Eric Tilds

This week, we’re diving into three huge shifts happening in the Microsoft ecosystem that every MSP should have on their radar:·      Token Protection is now available for Entra ID P1 licenses — and it’s a game changer for securing identity tokens and stopping session hijacking.·      GDAP — the move from legacy DAP to Granular Delegated Admin Privileges — is creating both confusion and opportunity for MSPs managing multiple tenants.·      And for those preparing for Right of Boom 2026, Kelvin Tegelaar is here to talk about launching the first CIPP bootcamp — helping MSPs and vCISOs go deeper on Microsoft security and compliance.Kelvin’s not just anyone — he’s the founder of CIPP and Lime Networks, a 7-time Microsoft MVP, and one of the clearest voices in the channel when it comes to bridging technical complexity and real-world MSP operations.Co-hosts: Brian Blakely, CRO of Compliance Scorecard & Nick Ross, CEO of CloudCapsule.

Big news for the defense and MSP community:The 48 CFR CMMC final rule has officially reached OMB review. This is the second-to-last milestone before publication in the Federal Register — and we’re expecting to see the final rule land by October with no 60-day delay. Translation? The phased rollout begins Q4 2025. If you work with defense contractors, or your clients do, the countdown just got very real.This week on The CyberCall (1pm EDT - URL in comments), we’ve got Jacob Horne, one of the most trusted voices on CMMC, breaking down:What this milestone means for MSPs and contractorsHow the phased rollout will actually workImmediate actions to take to avoid last-minute chaosCo-hosts: Joy Beland, VP of Compliance at Summit7, Andy Sauer, CEO of Sentinel Blue & Phyllis Lee, VP of Content at CIS.

Last week, we tackled a big one: 'Risk, Revenue, Responsibility: The Real Job of the vCISO — and it sparked an incredible conversation around how vCISOs are no longer just about frameworks and firewalls, but about protecting business outcomes, navigating executive risk, and helping clients make strategic decisions.This week, we’re taking it a step further. Because if you're serious about offering vCISO services as part of your MSP, you’re probably asking: What actually makes a great vCISO? And maybe even more importantly: How do we build and scale this into a repeatable service that doesn’t rely on just one rockstar?Joining us again, is someone who’s lived this journey — Brian Blakely, seasoned MSP veteran, cybersecurity strategist, and someone who’s helped shape what successful vCISO delivery looks like in real-world MSP environments. Brian is joined by MSP veteran vCISO's Eric Sundt & Steven Hicks.

In this episode of The CyberCall, we're cutting through the noise and rethinking the true purpose of the vCISO role. It’s not just about frameworks, policies, and tech stacks, it’s about tying risk to business outcomes (risk to revenue).The vCISO’s true value goes way beyond compliance checklists and technical jargon; it’s about being a business partner/enabler, protecting critical revenue streams, and building executive trust.Leading vCISOs start every client conversation by asking: How does this business make money? That focus shifts security from a cost center to a driver of ROI and resilience.This week we are joined by several folks: Brian Blakely who has three successful MSP exits, built & sold Cosant Cyber, a team of vCISOs and is currently running the professional services arm of Compliance Scorecard as their Chief Risk Officer. David Primor, CEO & Founder of Cynomi and former Executive Director of Technology for the Israeli National Cyber Directorate. Nett Lynch, CISO of Kraft Kennedy and for head of the vCISO practice at VC3 and as always, Phyllis Lee, VP of Content at CIS, with 25 years of experience at the NSA.

Supply chain attacks doubled according to the 2025 Verizon DBIR. This week the channel awakens to Ingram Micro being attacked by the SafePay Ransomware group. Incident Response (IR) expert, Chris Loehr, EVP of Solis joins The CyberCall, to share perspective on the GlobalProtect VPN compromise.That’s why today on today's CyberCall, we’re talking about what MSPs can do right now to get serious about third-party risk—and why ISO 27001 may be the most important next step for your business.We're joined by Calvin Engen, CTO & Co-Founder of F12, who walks us through their recent completion and journey:✅ What it really took to earn ISO 27001✅ What changed inside F12 along the way✅ How it’s shaping trust with their clients nowSpecial co-host guest: Chip Buck, CTO & Co-Founder of SaaS Alerts joins Phyllis Lee, VP of Content and Andrew Morgan, Founder of The CyberCall.

In this must-listen episode of The CyberCall, hosts Andrew Morgan, Phyllis Lee & Gary Pica are joined by Aharon Chernin, Founder & CEO of Rewst — to explore how Artificial Intelligence (AI), Robotic Process Automation (RPA), and Cybersecurity are colliding in today’s MSP landscape. Tune in to learn what your MSP needs to know now to stay ahead!Connect with Right of Boom:Website & Conference: https://rightofboom.com/LinkedIn: https://www.linkedin.com/company/right-of-boom/YouTube: https://www.youtube.com/@rightofboom

With the release of NIST Cybersecurity Framework 2.0, CIS felt strongly that an update to The Controls was necessary to crossmap to CSF 2.0. Specifically the strongest driver, was the release of the Govern function.Co-hosts:Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Brian Blakely: https://www.linkedin.com/in/bblakley/Eric Woodard: https://www.linkedin.com/in/eric-woodard/Sponsored by Right of Boom cybersecurity conference: https://www.rightofboom.com/

Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing  is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform.In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red Teaming and Vulnerability Assessment. Why should you choose one over the other and when would one proceed the other.Sponsored by: Hacket Cyber and post game interview with Founder James Carroll.  Hacket Cyber is a security consulting firm specializing in penetration testing, ethical hacking, and industry-leading cybersecurity services. Our offerings are purpose-built for the MSP, MSSP, and VAR channels.  https://hacketcyber.com/partner/James Carroll LinkedIn: https://www.linkedin.com/in/jchax/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up.Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.Our sponsor: Exigence (https://www.exigence.io) is a multi-tenant, Incident Readiness, Incident Response platform, built for MSP/MSSPs. Drive new revenue streams and meet cyber insurance & regulatory requirements for Incident Response plans and tabletops. The Exigence platform gives you full control of critical incidents by uniquely addressing every aspect of the incident – turning an unstructured situation into one that is structured and easy to manage. ​ It coordinates all stakeholders and systems all the time, orchestrates complex workflows from trigger to resolution, simplifies the post-mortem, and always leverages lessons learned for doing it even better next time.Contact Noam here: [email protected] Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/'

CIS Control 16 - Application Software SecurityThe way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data.  NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors.**Jim Manico at minute 52:40 - do not miss!!**Our sponsor: Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices. Contact Jim here: https://manicode.com/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/'

LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies. Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recent security incidents. Training should also reiterate the necessity of using strong passwords, spotting and reporting phishing attacks, as well as properly handling personal information. Security awareness training should include frequent phishing tests. Phishing tests allow users to learn from their mistakes and utilize their training to spot actual phishing attacks. These phishing tests should be specially crafted for different departments within an enterprise. Specially crafted phishing tests are harder to detect and demonstrate the value of security awareness training.👏Special thanks to Phin Security for their sponsorship and interview.Connor Swalm: https://www.linkedin.com/in/connor-swalm/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8.  This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of  continuous improvement  that involves people, process, and technology.  Service providers  need a well-trained staff that executes on their network monitoring, detection, logging, correlation of events in order to thwart malicious attacks. 👏Special thanks for ConnectWise sponsorship and interview. Drew Sanford: https://www.linkedin.com/in/drewsanford/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract: Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization’s network infrastructure.  Even if network devices are hardened with non-default configurations and strong passwords, over time these devices will be targeted by new vulnerabilities that are discovered by security researchers.MSPs should ensure that their teams implementing and operating the network infrastructure have processes and procedures in place that include capabilities for having a secure network infrastructure. 👏Special thanks for Domotz sponsorship and interview.  ONLY $21 per Network!!  Incredible for MSP COGS!!Key areas Domotz helps MSPs: Control 1 | Continuous Discovery of new devices | checking for default passwords | Alerting on changes (ports, protocols, configurations) | being able to revert back (backup) | logging and auditing of changes and much more!! 🙌 JB Fowler: https://www.linkedin.com/in/jb-fowler-1302023/  & Giancarlo Fanelli https://www.linkedin.com/in/giancarlofanelli/ 👉Domotz's Security Standards: https://www.domotz.com/knowledge-base/Domotz-Security-Standards-2021-March.pdfDomotz MSP: https://www.domotz.com/msp.phpCo-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract: Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes.  Regardless of the reason for data loss, we need to have a process established (RPO/RTO) to recover our data. Key Takeaways for Control 11Prioritize your data and come up with a data recovery plan.Protect your backed up data. (See Control 3: Data Protection.)Practice and Test restoring your data.Restore your data after any compromise. 👉Datto's BCDR Resource Center: https://www.datto.com/resources?page=4&categories=BCDR 🙌 Rob Rae: https://www.linkedin.com/in/robtrae/ - special thanks for Datto's sponsorship and interview.Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/