MSP 1337 - Cybersecurity Maturity Journey | Guidance and Best Practices for MSPs and MSSPs

Cybersecurity maturity isn’t earned in audits, it’s earned in the operational moments where governance either shows up… or it doesn’t. Today’s conversation with Mike Stewart of Anchor Networks goes deep on MSP maturity. How leadership tone, culture, and repeatable decision systems turn policies into actual behavior.We cover why security awareness must be frequent (not annual), why “the why” behind policies matters, and why AI is now a governance challenge as much as a technical one—especially as acceptable use expectations evolve. The goal: use AI to reduce overload and automate routine work, while strengthening critical thinking and verification habits.

Managed Service Providers are being pushed to “get compliant fast.” In my discussion with Bruno Leqoc, we reframe the challenge. Compliance isn’t security, and lasting compliance depends on security maturity first. Highlighting how AI policy can extend existing governance frameworks, why Microsoft Secure Score is a practical readiness indicator, and why foundational controls (MFA, patching, device management/remote wipe) must come before certifications and GRC tooling. In this episode, we also explore MSPs’ expanding responsibilities in data privacy and governance amid fragmented U.S. state laws and why client alignment and continuous maintenance are the true costs of compliance.

Exploring the fast-moving intersection of AI governance, ethics, and cybersecurity, examining how organizations are struggling to adopt AI responsibly while keeping pace with innovation. The conversation highlights a growing disconnect between enthusiasm for AI tools and the absence of clearly defined use cases, governance models, and security guardrails.As AI capabilities rapidly expand, Dr. Adeel Sheikh Mohammed emphasizes that organizations must move beyond checkbox compliance and adopt a shared, strategic approach to AI risk, ethics, and cybersecurity maturity.

Phishing simulations are one of the most debated tools in cybersecurity awareness, but do they actually work?In today’s episode, we’re joined by David Shipley, former soldier turned cybersecurity researcher and founder of Beauceron Security, to unpack what the data really says about phishing simulations, human behavior, and why zero clicks has never been, and will never be, the goal.

Have you ever been stuck in an elevator? What happens when you push the call button? Physical safeguards managed by a 3rd party are often ignored or marked as N/A. What happens when processes and procedures don't get updated after a change? Listen in as Charles Love of ShowTech Solutions shares his experience of being trapped in an elevator and what we should all take away in lessons learned.

A much-needed discussion on the fast‑shifting world of data privacy in 2026 and what it means for MSPs on the front lines. From the tangled web of U.S. state privacy laws to the rising risks hidden in modern data flows (yes, even your car!), guest Andy Sambandam, Clarip CEO & Founder, lays out why every security breach is now a privacy breach, and why security and privacy are officially a forever marriage. We dig into transparency, consent, data mapping, retention policies, and the growing pressure on businesses to actually practice what their privacy policies preach. If you want to stay ahead of compliance, client expectations, and real‑world data risks, this episode gives you the clarity and direction you need.

In this episode, we cut through the AI hype with Alane Boyd to unpack what MSPs really need to know about today’s AI landscape. We cut right to the chase on data‑privacy pitfalls and free-tool misconceptions, and on the rise of AI agents that go far beyond simple automation. We explore practical, business-ready use cases, how to build safe and effective AI policies, and why better prompting (and better balance with our mental health) matters more than ever. If you’ve wondered how AI can help your team without putting your data at risk, this episode delivers the clarity you’ve been looking for. If you are looking to connect with Alane Boyd, her website is biggestgoal.ai

Chris Johnson and cybersecurity expert Robert Siciliano dive into the human side of security, exploring why default trust and denial make people vulnerable to social engineering and cyber threats. They discuss the cultural framing of security, the importance of personalizing security practices, and why leadership must model proactive behaviors. The conversation introduces the concept of a “strategic human firewall,” emphasizing that proper protection comes from security appreciation, not just awareness. From AI-driven fraud and voice cloning to practical steps like password managers and two-factor authentication, this episode highlights how mindset shifts and personal responsibility are key to resilience in today’s threat landscape.

Resilience and Continuous Improvement for ITSPs as we go into 2026. I discuss what it means to be on a resilience journey with Charles Love of ShowTech Solutions. ShowTech Solutions has reached a milestone in its maturity journey, achieving Assured status, and continues to advance its maturity process. Experiences and lessons learned that will help any ITSP on their own journey.

Predictions and challenges in the technology and cybersecurity space for 2026, with a focus on Microsoft ecosystem changes, licensing, security, and the impact of AI and Copilot. I had a chance to catch up with Shay Cohen of Optimize365.io this week, and I think you will find his insights on the future of CoPilot and other unique changes we can expect in 2026.

In 2026, AI will increasingly integrate into business processes, emphasizing strong data quality and security as prerequisites for success. AI agents, distinct from chatbots, will operate with machine identities to automate tasks while supporting, rather than replacing, human decision-making. This is just a glimpse of the insights Ben Wilcox of ProArch shared this week.

Looking ahead to 2026 trends and challenges in the MSP (Managed Service Provider) space, focusing on AI, automation, security, risk management, and social engineering. In a conversation with Josh Hohbein of Centrex IT, we discussed the key challenges and opportunities as we enter 2026.

Predictions for the Managed Service Provider (MSP) cybersecurity landscape in 2026, with a focus on risk management, the continued importance of basic cyber hygiene, open-source adoption, and the strategic use of risk registers. Did I say Risk Register? Dom Kirby brings it home: the importance of the Risk Register and its role as we enter 2026. He advocates that MSPs move beyond discussions of technical tools and engage in business and risk conversations with their clients.

I sat down with Chris Loehr to discuss the varying approaches businesses are taking toward cybersecurity spending as they plan for 2026, highlighting the influence of private equity and the unpredictability in budget increases or reductions even within the same industry.

From what keeps us up at night, to just meeting the minimums and nothing more to be compliant. Dorota Ulkowska of Accurate Networks and I discuss the recurring challenge of clients, tiny businesses, resisting recommended cybersecurity practices due to cost, perceived inconvenience, or a belief that risks are exaggerated, with Dorota providing real-world examples from their experience at Accurate Networks.

Sitting down with Bobby Glen James of Boteka about the importance of simplicity in IT security for MSPs. Bobby shares lessons from decades in the industry, advocating for Lean IT practices, streamlined technology stacks, and a service-first approach that avoids hardware upselling and long-term contracts. Practical insights on risk management, prioritizing critical systems, and building resilient, client-focused MSP services.

By the end, it is hard to believe that in 2025, less than 30% of all Web Domains have properly configured SPF, DMARC, and DKIM records. Yep, less than 30% of the top 10 million domains. I sit down with Al Iverson of Valimail to talk about DNS records and the importance of SPF, DMARC, and DKIM records. Might sound a bit boring...At the end of November, bulk mailing will stop working for your company if you don't have those records configured correctly.

Once upon a time, I was an MSP. Looking at everything that MSPs have to keep track of, both internally and client-facing, can be overwhelming. I sat down with Dor Eisner of Guardz.com to talk about the biggest challenge facing MSPs.

With IT Nation Connect Global only a week away, we wanted to share some of the workshops and the value frameworks play in helping shift the conversations about cybersecurity from speed and feeds to Risk. Josh Hohbein of CentrixIT to get his perspectives and why he is so passionate about helping other MSPs and their clients better understand how frameworks help and the importance of the GTIA Cybersecurity Trustmark.

First ever monlogue with CJ... I recap some of the things I found to be of interest over the past few weeks with Pax8 EMEA and ChannelCon EMEA... Tell some stories and then looking forward to MSP Global. This one is short and sweet and I hope you find some entertainement in it.