Claim OwnershipThe CyberCall Podcast
Subscribed: 18Played: 351
Subscribe
© 2026 The CyberCall Podcast
Description
The Voice of Cybersecurity for MSPs & MSSPs!
The CyberCall is the weekly podcast where cybersecurity meets business reality. Hosted by Andrew Morgan, Founder of Right of Boom, this is the go-to show for Managed Service Providers (MSPs), virtual CISOs (vCISOs), and IT leaders navigating the complex world of cyber risk, compliance, and AI.
Each episode features raw, practical conversations with the sharpest minds in cybersecurity—from operators in the trenches to CISOs, researchers, policymakers, and toolmakers shaping the future. If you care about protecting your clients, growing your practice, and becoming the security partner businesses trust—this podcast is your playbook.
Co hosts: Phyllis Lee, VP of Content at CIS & Gary Pica, President of TruMethods
46 Episodes
Reverse
With the release of NIST Cybersecurity Framework 2.0, CIS felt strongly that an update to The Controls was necessary to crossmap to CSF 2.0. Specifically the strongest driver, was the release of the Govern function. Co-hosts: Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Brian Blakely: https://www.linkedin.com/in/bblakley/ Eric Woodard: https://www.linkedin.com/in/eric-woodard/ Sponsored by Right of Boom cybersecurity conference: https://www.rightofboom.com/
In this must-listen episode of The CyberCall, hosts Andrew Morgan, Phyllis Lee & Gary Pica are joined by Aharon Chernin, Founder & CEO of Rewst — to explore how Artificial Intelligence (AI), Robotic Process Automation (RPA), and Cybersecurity are colliding in today’s MSP landscape. Tune in to learn what your MSP needs to know now to stay ahead! Connect with Right of Boom: Website & Conference: https://rightofboom.com/ LinkedIn: https://www.linkedin.com/company/right-of-boom/...
Abstract: Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significa...
Abstract: Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes. Regardless of the reason for data loss, we need to have a process established (RPO/RTO) to recover our data. Key Takeaways for Control 11 Prioritize your data and come up with a data recovery plan.Protect your backed up data. (See Control 3: Data Protection.)Practice and Test restorin...
Abstract: Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an organization. Content can be crafted to entice or spoof users into disclosing credentials, providing sensitive data, or providing an open channel to allow attackers to gain access, thus increasing risk to your MSP or client's business. Since email and web are the main means that users interact with external and untrusted users and environm...
Abstract: There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the enterprise, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as one they used for an online account. Learn how CIS Control 5 can mitigate some of the most common ways credentials are comprom...
Abstract: Learn why the number one thing organizations can do to defend their networks against top attacks, is to implement secure configurations! Azure Breach (8/26/2021): According To Wiz who found the CosmosDB Vulnerability, they quote: "Database exposures have become alarmingly common in recent years as more companies move to the cloud, and the culprit is usually a misconfiguration in the customer’s environment." https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-az...
Abstract: CIS Control 3 is Data Protection and data is pretty much what's at stake for a high percentage of cyber attacks. Data is more valuable than oil and it fuels many organizations. Many of the baseline security recommendations from all of the security frameworks out there now recommend, or REQUIRE if you’re in a regulated industry such as healthcare, that certain things like full disk encryption are simply put into place no matter your risk profile. Much of what’s in the Dat...
Google reports that Multifactor Authentication (MFA) prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks that are credential based. In this episode, learn how MFA maps to the different security frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends. Note: Sp...
Every week there’s a new zero-day, a new CVE, a new headline. But what rarely gets talked about is what real threat hunting is uncovering when you actually go looking. Today’s conversation is about what’s happening beyond zero-days — the automated scanning, the long-tail exploitation, the shared infrastructure, and the attack behavior that lives in the background noise of the internet. We’re joined by Vijay Akasapu, CEO of Cylerian, whose team recently went hunting for early React2Shell explo...
Welcome back to The CyberCall. Today we’re tackling one of the fastest-growing risks MSPs face: third-party exposure in the age of AI. Our guest is Greg Rasner — author of Cybersecurity and Third-Party Risk and a leading voice on how AI is reshaping vendor security. Greg has spent years helping organizations understand how a single weak vendor can create massive operational, financial, and reputational damage. With his new book on AI and third-party risk coming soon, Greg joins us to share wh...
Today’s conversation is all about how MSPs actually win in the modern threat landscape — before, during, and after an attack. We’re joined by three practitioners who will each be leading hands-on workshops at Right of Boom 2026. John Strand will take us inside Cloud Forever Days and intro to pen testing, showing how attackers really move through cloud environments. Joff Thyer will break down how MSPs can use AI automation to scale security operations without scaling chaos. And Patterson Cake ...
In 2025, attackers aren’t breaking in through zero-days — they’re logging in. Identity has become the primary attack surface, and once access is gained, everything else happens fast. Today, we’re joined by Chip Buck, CTO of SaaS Alerts — someone who lives at the front lines of identity-based attacks across SaaS platforms every single day. Chip sees how session theft, OAuth abuse, and legitimate-looking logins turn into real business damage for MSPs and their clients. This isn’t a theoretical ...
Welcome back to The CyberCall. Our guest, Joy Beland from Summit7, helps lead security and compliance at the largest MSP serving the Defense Industrial Base. Joy joins us to share what it actually took to prepare as a service provider, what broke, what changed, and what lessons MSPs can learn if they expect CMMC — or ISO 27001 — to become part of their future. If you’re an MSP trying to understand what real compliance maturity looks like at scale, this conversation will give you clarity — not...
Most MSPs don’t fail because of ransomware. They fail because they drift. They chase revenue without direction. They stack tools without a strategy. And they wake up one year later asking the same dangerous question: “Why didn’t last year change anything?” Today isn’t about theory. It’s about execution. Our guest Gary Pica, doesn’t just teach business planning—he’s been stress-testing it with real MSP owners for over 20 years. Through recessions. Through acquisitions. Through “ RM...
Today’s conversation is all about what comes next for Microsoft 365 — because after Ignite, it’s clear that we’re entering a brand-new era. AI agents, identity-first security, native Sysmon, tenant baselines — Microsoft is rebuilding the entire stack around speed, intelligence, and scale. And when you talk about managing M365 at scale, there’s one person MSPs look to: Kelvin Tegelaar, founder of CIPP. Kelvin just sold out his first CIPP certification class at Right of Boom, he’s about to ship...
Today we’re talking about what it really takes to partner with a giant. Every MSP wants to grow alongside hyperscalers like Microsoft — but few truly know how to align, scale, and turn partnership into profit. Our guest today has lived that journey from the inside out. Vince Menzione, Founder of The Ultimate Partner and former Microsoft channel leader, has helped thousands of partners build thriving businesses within the Microsoft ecosystem. We discuss #cloud, #security, #AI - all the buzzwor...
Today’s guest has one of the most unconventional origin stories in the MSP world. Nabil Aitoumeziane started his career not behind a keyboard—but at the door of a nightclub. While working nights as a bouncer, he began doing something few would dare: asking customers for business introductions and meetings. Fast-forward a few years, and he’s now the president of FSI, an 85-person managed service provider and one of Microsoft’s go-to partners for SMBs. From reading crowds to reading client need...
Today we’re talking about one of the biggest shifts in offensive security that MSPs, CISOs, and defenders cannot ignore. For years, pen testing was about human creativity — sneaking in where we “shouldn’t” be, showing you how you’d really get burned in an incident. But in 2025, that world is colliding with AI and automated attack platforms that claim they can do it faster, cheaper, and nonstop. So the question is: are we entering a golden age of continuous validation — or are we fooling ourse...
Today we’re tackling one of the biggest shifts in modern network security. VPNs are breaking under the weight of hybrid work, SaaS sprawl, and constant attack — and MSPs are being forced to rethink how they secure access itself. Enter Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) — not just buzzwords, but the blueprint for the next decade of MSP security architecture. Joining us are two leaders shaping this transformation: Jason Garbis, Founder of Numberline Security ...
Comments
Download from Google Play
Download from App Store
United States