MSP 1337 | Cybersecurity Education & Security Guidance

In this episode, we unpack one of the most misunderstood topics in the MSP industry: insurance. From Errors & Omissions to cyber insurance, we break down what these policies actually cover, and more importantly, what they don’t. The conversation challenges the assumption that buying insurance equals risk transfer and explores how liability really plays out across MSPs, clients, and third‑party vendors.We discuss why cyber insurance typically protects only the insured entity, how E&O applies to negligence and misconfiguration, and why insurance requirements vary dramatically based on client size, maturity, and risk tolerance. The episode also dives into supply‑chain risk, litigation realities, and why MSPs must align insurance decisions with their business model, client profiles, and overall risk strategy, rather than treating insurance as a checkbox.Ultimately, this episode reinforces that trust is built through risk conversations, not policies, and that MSPs have a critical opportunity to mentor clients on what good risk management actually looks like.

Clear communication is one of the most overlooked and most costly challenges in IT service providers. In this episode, Chris sits down with Amy Reczek, communication and presence expert, to unpack why misalignment happens between leadership, teams, and clients, and how understanding the “why” behind communication changes everything. From ineffective meetings and virtual body language to intent versus impact, this conversation dives into the human gaps that tools and systems can’t fix, and what ITSP leaders can do instead.

The critical importance of going beyond just getting technology to work, addressing the underlying security, scalability, and proper implementation, rather than just fixing symptoms. Eric Hansen, of Inland Productivity Solutions, emphasized the importance of starting troubleshooting at the very beginning, even when engineers claim they've already done everything. He discussed their hiring process, which prioritizes people skills and problem-solving abilities over technical expertise, using unsolvable scenarios to test how candidates handle pressure and know when to escalate. While Eric and I might have found a few rabbit holes in this episode, I hope you will hear a recurring theme: delivering cybersecurity in everything you do with your clients. "We're still in the people business."

A real-world phishing incident. Real financial impact. Real lessons for MSPs.In this episode, we unpack a phishing attack that led to unauthorized access to an Azure subscription and significant financial loss for an MSP client. The conversation goes beyond the incident itself to examine where policy gaps, weak controls, and unclear ownership increased liability, and what changed when the MSP committed to cybersecurity maturity.Joined by Chad Holstead, we walk through how pursuing the GTIA Cybersecurity Trustmark helped transform the MSP’s security posture, improve privileged access controls, and dramatically change the insurance conversation, lowering costs while increasing coverage. This isn’t about adding more tools; it’s about leadership, governance, and proving maturity before advising clients.If you’re an MSP talking cybersecurity to customers, this episode makes one thing clear: secure your own house first.For more GTIA On location interviews, head over to YouTube and just search GTIA On Location or use this link

Google Ads can disappear overnight, and for millions of businesses, it has. In this episode, John Horn of Stub Group breaks down the growing cybersecurity risks behind Google Ads account suspensions and why 39 million accounts were shut down in 2024.We explore Google’s automated, all‑or‑nothing enforcement model, how website vulnerabilities, phishing attacks, and account takeovers trigger suspensions, and why recovery is often harder than prevention. The conversation also dives into the impact of AI on search behavior and SEO, the rise of click fraud, and why Google still dominates search advertising despite the emergence of AI platforms.If you advertise online or manage digital infrastructure, this episode offers practical guidance on securing ad accounts, preparing websites for advertising, and avoiding costly mistakes that can shut down growth overnight.

Cybersecurity maturity isn’t earned in audits, it’s earned in the operational moments where governance either shows up… or it doesn’t. Today’s conversation with Mike Stewart of Anchor Networks goes deep on MSP maturity. How leadership tone, culture, and repeatable decision systems turn policies into actual behavior.We cover why security awareness must be frequent (not annual), why “the why” behind policies matters, and why AI is now a governance challenge as much as a technical one—especially as acceptable use expectations evolve. The goal: use AI to reduce overload and automate routine work, while strengthening critical thinking and verification habits.

Managed Service Providers are being pushed to “get compliant fast.” In my discussion with Bruno Leqoc, we reframe the challenge. Compliance isn’t security, and lasting compliance depends on security maturity first. Highlighting how AI policy can extend existing governance frameworks, why Microsoft Secure Score is a practical readiness indicator, and why foundational controls (MFA, patching, device management/remote wipe) must come before certifications and GRC tooling. In this episode, we also explore MSPs’ expanding responsibilities in data privacy and governance amid fragmented U.S. state laws and why client alignment and continuous maintenance are the true costs of compliance.

Exploring the fast-moving intersection of AI governance, ethics, and cybersecurity, examining how organizations are struggling to adopt AI responsibly while keeping pace with innovation. The conversation highlights a growing disconnect between enthusiasm for AI tools and the absence of clearly defined use cases, governance models, and security guardrails.As AI capabilities rapidly expand, Dr. Adeel Sheikh Mohammed emphasizes that organizations must move beyond checkbox compliance and adopt a shared, strategic approach to AI risk, ethics, and cybersecurity maturity.

Phishing simulations are one of the most debated tools in cybersecurity awareness, but do they actually work?In today’s episode, we’re joined by David Shipley, former soldier turned cybersecurity researcher and founder of Beauceron Security, to unpack what the data really says about phishing simulations, human behavior, and why zero clicks has never been, and will never be, the goal.

Have you ever been stuck in an elevator? What happens when you push the call button? Physical safeguards managed by a 3rd party are often ignored or marked as N/A. What happens when processes and procedures don't get updated after a change? Listen in as Charles Love of ShowTech Solutions shares his experience of being trapped in an elevator and what we should all take away in lessons learned.

A much-needed discussion on the fast‑shifting world of data privacy in 2026 and what it means for MSPs on the front lines. From the tangled web of U.S. state privacy laws to the rising risks hidden in modern data flows (yes, even your car!), guest Andy Sambandam, Clarip CEO & Founder, lays out why every security breach is now a privacy breach, and why security and privacy are officially a forever marriage. We dig into transparency, consent, data mapping, retention policies, and the growing pressure on businesses to actually practice what their privacy policies preach. If you want to stay ahead of compliance, client expectations, and real‑world data risks, this episode gives you the clarity and direction you need.

In this episode, we cut through the AI hype with Alane Boyd to unpack what MSPs really need to know about today’s AI landscape. We cut right to the chase on data‑privacy pitfalls and free-tool misconceptions, and on the rise of AI agents that go far beyond simple automation. We explore practical, business-ready use cases, how to build safe and effective AI policies, and why better prompting (and better balance with our mental health) matters more than ever. If you’ve wondered how AI can help your team without putting your data at risk, this episode delivers the clarity you’ve been looking for. If you are looking to connect with Alane Boyd, her website is biggestgoal.ai

Chris Johnson and cybersecurity expert Robert Siciliano dive into the human side of security, exploring why default trust and denial make people vulnerable to social engineering and cyber threats. They discuss the cultural framing of security, the importance of personalizing security practices, and why leadership must model proactive behaviors. The conversation introduces the concept of a “strategic human firewall,” emphasizing that proper protection comes from security appreciation, not just awareness. From AI-driven fraud and voice cloning to practical steps like password managers and two-factor authentication, this episode highlights how mindset shifts and personal responsibility are key to resilience in today’s threat landscape.

Resilience and Continuous Improvement for ITSPs as we go into 2026. I discuss what it means to be on a resilience journey with Charles Love of ShowTech Solutions. ShowTech Solutions has reached a milestone in its maturity journey, achieving Assured status, and continues to advance its maturity process. Experiences and lessons learned that will help any ITSP on their own journey.

Predictions and challenges in the technology and cybersecurity space for 2026, with a focus on Microsoft ecosystem changes, licensing, security, and the impact of AI and Copilot. I had a chance to catch up with Shay Cohen of Optimize365.io this week, and I think you will find his insights on the future of CoPilot and other unique changes we can expect in 2026.

In 2026, AI will increasingly integrate into business processes, emphasizing strong data quality and security as prerequisites for success. AI agents, distinct from chatbots, will operate with machine identities to automate tasks while supporting, rather than replacing, human decision-making. This is just a glimpse of the insights Ben Wilcox of ProArch shared this week.

Looking ahead to 2026 trends and challenges in the MSP (Managed Service Provider) space, focusing on AI, automation, security, risk management, and social engineering. In a conversation with Josh Hohbein of Centrex IT, we discussed the key challenges and opportunities as we enter 2026.

Predictions for the Managed Service Provider (MSP) cybersecurity landscape in 2026, with a focus on risk management, the continued importance of basic cyber hygiene, open-source adoption, and the strategic use of risk registers. Did I say Risk Register? Dom Kirby brings it home: the importance of the Risk Register and its role as we enter 2026. He advocates that MSPs move beyond discussions of technical tools and engage in business and risk conversations with their clients.

I sat down with Chris Loehr to discuss the varying approaches businesses are taking toward cybersecurity spending as they plan for 2026, highlighting the influence of private equity and the unpredictability in budget increases or reductions even within the same industry.

From what keeps us up at night, to just meeting the minimums and nothing more to be compliant. Dorota Ulkowska of Accurate Networks and I discuss the recurring challenge of clients, tiny businesses, resisting recommended cybersecurity practices due to cost, perceived inconvenience, or a belief that risks are exaggerated, with Dorota providing real-world examples from their experience at Accurate Networks.