MSP 1337 | Cybersecurity Education & Security Guidance

We recently started a journey down a path that talks about Governance for SMB, picking the right tools/software to run your MSP, and of course, don't forget you can only pick just one... This week I had the opportunity to sit down with Jessica Millhiser of J Mills Consulting to talk about business fundamentals.  Almost all of our episodes have focused on Cybersecurity, and I had an aha moment over the weekend; you can't have a security-first mindset if you don't have the fundamentals dialed in.  I read a post on Linkedin by none other than Jess and realized that we could really benefit from a reset, get "back to basics."

We often take for granted the products and services we use to help reduce overhead and Full-Time Resources (FTE).  I sit down with Ismael Amado of IT Ninjas to talk about starting a new MSP right before a pandemic and how important a security-first approach is.  Just because the products and services you use aren't associated with cybersecurity doesn't mean they don't directly impact your cybersecurity maturity.

Almost every time I do a security maturity assessment I find that companies are the least mature in Governance.  The areas that seem to need the most attention are Policy and Compliance which is to be expected since that is the area we least like to focus on.  In this episode, Sarah O'Kelley from onShore Security and I discuss the differences between governance and leadership and how cybersecurity plays into the leadership and health of an organization.

As we prepare for 2022 and the opportunities and challenges it is sure to bring I thought we should take a minute to focus on people.  Consumers vs employees, two sides of the same coin, but very different parameters placed on how they interact with the digital world.  Join me as I discuss People, Processes, and products, and services with a focus on people. This is a bonus episode as we wrap up the year.  Thanks to Joshua Smith of Varonis for taking the time out of his busy schedule to share. I'd also like to thank the MSP-Ignite and all of it's members who actively listen!

I think everyone at this point has heard someone talk about Log4j.  Even my 8th grader has heard about it as it was featured on CNN10.  This week we are doing a special episode featuring Ryan Weeks, in-house CISO for Datto.  This is an episode that every MSP should listen to as it focuses on what MSPs should be doing as it pertains to log4j. How an MSP can be proactive and reduce their threat surface and more importantly create a culture within their company to build out vulnerability management and incident response plans to prepare for future vulnerabilities and exploits. A special thanks to MSP-Ignite for bringing Datto and Ryan Weeks on to this episode.  It is always a privilege to get an hour with Ryan.  I’d also like to thank all of the MSP-Ignite members who participated as we recorded this episode.

Do you ever wonder if you have too many layers in your security stack? Is it possible you have an overlap between one or more of your existing products?  While Charles Love and I might have created more questions than answers I think you will find some great suggestions on how to ensure you are managing your security services stack well.  Change is hard for all of us but in an evolving threat landscape, we need to be prepared for change!

In our quest to provide the best services to our staff and our clients, it is easy to get caught up trying to solve very large problems.  I think we are programmed that way as we like the feeling when we overcome those big challenges.  I discuss with Jim Harryman of Kinetic Technology Group how what may seem insignificant or small can directly improve the cybersecurity posture of the infrastructure we are responsible for.   Thanks to Eric Hanson of Inland Productivity Solution and a few other unnamed resources who inspired this discussion.

The month of November has focused on incremental changes that MSPs can make to improve their security posture.  I sit down with Jay Tipton to discuss why joining a peer group is one of those incremental changes.  If you know Jay you know he has been through a lot this last year. The combined consumption of energy drinks (cases) and countless hours (over 500) invested in recovering from ransomware has given Jay some great insights and wisdom to share with all MSPs.

What if you could only pick three security products/services to include in your offering? I sit down with Charles Love of Showtech Solutions to discuss the three picks.  Surprise alert... We don't pick the same three.

We are all dealing with objections when it comes to convincing our clients to take cybersecurity seriously.  I sit down with Eric Hanson of Inland Productivity Solutions to discuss the opportunities and challenges of positioning cybersecurity products and services with new and existing clients.  Join us as we address some of the top objections.