MSP 1337 - Cybersecurity Maturity Journey | Guidance and Best Practices for MSPs and MSSPs

The critical importance of going beyond just getting technology to work, addressing the underlying security, scalability, and proper implementation, rather than just fixing symptoms. Eric Hansen, of Inland Productivity Solutions, emphasized the importance of starting troubleshooting at the very beginning, even when engineers claim they've already done everything. He discussed their hiring process, which prioritizes people skills and problem-solving abilities over technical expertise, using unsolvable scenarios to test how candidates handle pressure and know when to escalate. While Eric and I might have found a few rabbit holes in this episode, I hope you will hear a recurring theme: delivering cybersecurity in everything you do with your clients. "We're still in the people business."

A real-world phishing incident. Real financial impact. Real lessons for MSPs.In this episode, we unpack a phishing attack that led to unauthorized access to an Azure subscription and significant financial loss for an MSP client. The conversation goes beyond the incident itself to examine where policy gaps, weak controls, and unclear ownership increased liability, and what changed when the MSP committed to cybersecurity maturity.Joined by Chad Holstead, we walk through how pursuing the GTIA Cybersecurity Trustmark helped transform the MSP’s security posture, improve privileged access controls, and dramatically change the insurance conversation, lowering costs while increasing coverage. This isn’t about adding more tools; it’s about leadership, governance, and proving maturity before advising clients.If you’re an MSP talking cybersecurity to customers, this episode makes one thing clear: secure your own house first.For more GTIA On location interviews, head over to YouTube and just search GTIA On Location or use this link

Google Ads can disappear overnight, and for millions of businesses, it has. In this episode, John Horn of Stub Group breaks down the growing cybersecurity risks behind Google Ads account suspensions and why 39 million accounts were shut down in 2024.We explore Google’s automated, all‑or‑nothing enforcement model, how website vulnerabilities, phishing attacks, and account takeovers trigger suspensions, and why recovery is often harder than prevention. The conversation also dives into the impact of AI on search behavior and SEO, the rise of click fraud, and why Google still dominates search advertising despite the emergence of AI platforms.If you advertise online or manage digital infrastructure, this episode offers practical guidance on securing ad accounts, preparing websites for advertising, and avoiding costly mistakes that can shut down growth overnight.

Cybersecurity maturity isn’t earned in audits, it’s earned in the operational moments where governance either shows up… or it doesn’t. Today’s conversation with Mike Stewart of Anchor Networks goes deep on MSP maturity. How leadership tone, culture, and repeatable decision systems turn policies into actual behavior.We cover why security awareness must be frequent (not annual), why “the why” behind policies matters, and why AI is now a governance challenge as much as a technical one—especially as acceptable use expectations evolve. The goal: use AI to reduce overload and automate routine work, while strengthening critical thinking and verification habits.

Managed Service Providers are being pushed to “get compliant fast.” In my discussion with Bruno Leqoc, we reframe the challenge. Compliance isn’t security, and lasting compliance depends on security maturity first. Highlighting how AI policy can extend existing governance frameworks, why Microsoft Secure Score is a practical readiness indicator, and why foundational controls (MFA, patching, device management/remote wipe) must come before certifications and GRC tooling. In this episode, we also explore MSPs’ expanding responsibilities in data privacy and governance amid fragmented U.S. state laws and why client alignment and continuous maintenance are the true costs of compliance.

Exploring the fast-moving intersection of AI governance, ethics, and cybersecurity, examining how organizations are struggling to adopt AI responsibly while keeping pace with innovation. The conversation highlights a growing disconnect between enthusiasm for AI tools and the absence of clearly defined use cases, governance models, and security guardrails.As AI capabilities rapidly expand, Dr. Adeel Sheikh Mohammed emphasizes that organizations must move beyond checkbox compliance and adopt a shared, strategic approach to AI risk, ethics, and cybersecurity maturity.

Phishing simulations are one of the most debated tools in cybersecurity awareness, but do they actually work?In today’s episode, we’re joined by David Shipley, former soldier turned cybersecurity researcher and founder of Beauceron Security, to unpack what the data really says about phishing simulations, human behavior, and why zero clicks has never been, and will never be, the goal.

Have you ever been stuck in an elevator? What happens when you push the call button? Physical safeguards managed by a 3rd party are often ignored or marked as N/A. What happens when processes and procedures don't get updated after a change? Listen in as Charles Love of ShowTech Solutions shares his experience of being trapped in an elevator and what we should all take away in lessons learned.

A much-needed discussion on the fast‑shifting world of data privacy in 2026 and what it means for MSPs on the front lines. From the tangled web of U.S. state privacy laws to the rising risks hidden in modern data flows (yes, even your car!), guest Andy Sambandam, Clarip CEO & Founder, lays out why every security breach is now a privacy breach, and why security and privacy are officially a forever marriage. We dig into transparency, consent, data mapping, retention policies, and the growing pressure on businesses to actually practice what their privacy policies preach. If you want to stay ahead of compliance, client expectations, and real‑world data risks, this episode gives you the clarity and direction you need.

Join Alane Boyd, founder of Biggest Goal and an AI/security educator, as she dives into the complex landscape of AI. Discover the risks of free AI tools and the importance of robust AI policies for organizations. Alane clarifies how AI agents serve as autonomous digital workers and explores practical applications, from automating ticket management to enhancing vendor validation. She also emphasizes the need for mental health balance in our tech-driven lives. Tune in for insightful tips on making AI work safely for your team!