Episodes
-
Everyone talks about email phishing, ransomware, and endpoint security, but one of the most dangerous attack vectors is sitting in your pocket. In this episode of MSP1337, Chris Johnson sits down with Mark Kreitzman of Efani to expose the growing threat of SIM swapping, mobile account takeovers, and the hidden security gaps traditional carriers have failed to solve. They explore why mobile numbers remain a critical trust anchor for banking, MFA, and identity verification, how carrier business models contribute to risk, and what individuals and organizations can do to better protect themselves. The conversation also examines secure phones, privacy realities, and why true mobile security requires protecting the account behind the device, not just the device itself.
-
The cybersecurity industry loves to sell tools. What it rarely talks about is the hard work required to make those tools effective. In this episode, Jim Harryman joins Chris to challenge the idea that technology alone creates security. They discuss why mature organizations focus on governance, accountability, documentation, policies, review cycles, and operational discipline long before they look for the next shiny solution. If you've ever mistaken a technology purchase for progress, this conversation may be the reality check your organization needs.
-
Missing episodes?
-
Planes, hotels, and conference stages arenât what put you at risk, itâs what you bring with you. In this episode, Dawn Sizer of 3rd Element dives into the real reasons traveling professionals become easy targets: weak policies, poor communication, unsecured devices, and total blind spots around personal data exposure. From conditional access headaches to rideshare risks and AI policy chaos, this is a practical, no-excuses look at how security breaks down in the real world, and what you need to fix before your next trip.
-
This episode explores how cybersecurity is evolving from point-in-time assessments to continuous, intelligence-driven operations. Galina Kho of Cyberbay shares how predictive analytics, crowdsourced ethical hackers, and AI are reshaping how organizations understand and manage risk. We discuss how to scale security without adding headcount, why human expertise remains essential, and how governance and trust underpin effective security ecosystems. The result is a clearer model for modern cybersecurity, proactive, collaborative, and built for constant change.
-
In this special episode of MSP 1337, CJ is joined by Brooke Lee (Rev.io) and Stacey Whitley (GTIA) to unpack how ITSPs can translate industry engagement into measurable outcomes. Attending events is easy, but most organizations struggle to turn what they learn into real operational outcomes.
Brooke and Stacey share how their collaborative event recap initiative is helping bridge that gap by distilling key takeaways from major channel events into practical, accessible insights. More importantly, they highlight how GTIA serves as the connective tissue that sustains momentum beyond the event, enabling peer accountability, ongoing education, and real community engagement.
The discussion reinforces the business value of GTIA membership beyond networking. From structured onboarding and mentorship to role-based education and vendor-neutral collaboration, GTIA provides a scalable approach to developing teams, reducing isolation, and accelerating organizational maturity. Brookeâs perspective on embedding GTIA into Rev.ioâs onboarding model illustrates how intentional engagement can drive adoption and long-term ROI.
Cybersecurity is a central theme, with a focus on GTIAâs Cybersecurity Resource Hub, ISAO, and the GTIA Cybersecurity Trustmark Best Practices. Stacey emphasizes the importance of community-driven intelligence and real-time peer support, particularly during incidents, capabilities that many ITSPs struggle to access independently.
The episode closes with a candid look at how authentic, experience-driven content, rather than polished production, builds trust, strengthens relationships, and lowers barriers to participation across the channel.
Bottom line: GTIA is more than membership, it is more than a community, and as an association, it is greater than the sum of its parts. GTIA is a force multiplier for learning, accountability, and cybersecurity maturity when actively leveraged.
-
In this episode, Josh Hohbein of CentrexIT breaks down a practical, MSP-centric approach to risk assessments that moves beyond complex, consultant-driven reports and toward clear, actionable business outcomes. He shares how combining vulnerability scans, client interviews, and system configuration reviews, anchored in a cyber maturity model, helps MSPs translate technical findings into meaningful risk conversations, especially during onboarding. The discussion highlights the importance of ownership, communication, and collaboration in managing inherited client risk, while previewing a live demonstration session at Pack State Beyond, designed to equip MSPs with repeatable frameworks they can own. Ultimately, the episode reinforces that effective risk assessments arenât about identifying more issues; theyâre about enabling better decisions, strengthening governance, and driving measurable security maturity.
-
In this MSP1337 fireside chat, you and Matt Lee unpack the idea of a âvulnpocalypseâ, a rapidly emerging reality in which AI-driven tools are accelerating vulnerability discovery at a pace organizations can't keep up with. While much of the industry is focused on the fear and hype, the conversation shifts to what actually matters: operational response. You highlight that the shrinking gap between proof of concept and active exploitation is forcing a fundamental change in how MSPs and organizations manage risk, especially in patching velocity, exposure management, and accountability for internet-facing systems. The takeaway is clear: this isnât just a future threat, itâs a present inflection point requiring faster, more automated, and governance-aligned security practices.
-
In this episode, Chris Johnson sits down with Eric Shoemaker of Genius GRC to unpack one of the most misunderstood shifts in the MSP space: the move from tool-driven cybersecurity to standards-aligned governance, risk, and compliance programs.
Eric explains why Genius GRC isnât a software platform and why that distinction matters. Together, they explore how early automation wins (like continuous access reconciliations) impressed auditors but didnât replace the need for real governance, documented reviews, and independent judgment. As the market matures, the conversation turns to a growing risk: MSPs and SMBs stacking new security tools while core systems remain misconfigured and under-governed.
Chris and Eric tackle the myth of âdo-it-yourselfâ GRC, the dangers of vibe-based compliance, and why tools only amplify expertise; they donât replace it. They also dig into the critical separation between IT operations and security leadership, making the case for advisory or independent CISO models that reduce conflicts of interest and improve risk outcomes.
The discussion closes with practical, budget-conscious fundamentals, such as DNS filtering, CIS IG1, and free or low-cost controls that actually move the needle, plus hard truths about negligence versus resourcing failures and why resilience must be budgeted from day one.
If youâre an MSP, consultant, or business leader navigating cybersecurity maturity, this episode is a grounded, no-hype look at what actually reduces risk.
-
In this episode of MSP1337, Chris Johnson is joined by Jeff Majka, founder of Security Bulldog, to unpack why MSPâdelivered SOC services are at a breaking point, and how AI and automation are forcing a reset. They explore why traditional tiered SOC models and whiteâlabel thinking no longer scale, how ungoverned AI adoption collides with zero trust, and why speed and decision quality now matter more than raw data or CVE counts. From ticket overload and false positives to exploitability, continuous monitoring, and breach resilience, the conversation underscores a hard truth: MSPs must redesign security operations around automation-first workflows that reduce noise, protect highâvalue assets, and preserve human judgment for what truly matters in an AIâaccelerated threat landscape.
-
Chris Johnson sits down with Ido Green of Espresso Labs to explore how AI and local agents can reduce cybersecurity noise, offload Level 1 work, and continuously enforce compliance, without losing human control. They discuss guardrails for safe automation, multi-vendor telemetry, drift detection, evidence collection at scale, and why âreporting gapsâ isnât enough if you canât execute remediation and preserve proof. The episode closes with a roadmap for frameworks, partnerships, and insurance-ready visibility.
-
A sit-down with Hamid Ganadan, author of âNot Buying It: The Art of Selling to Scientists, Doctors, and Other Professional Skeptics,â on how MSPs can sell to skeptical, highly educated buyers. This is an exploration of the psychology of decision-making, shifting prospects from skepticism to curiosity, leading with feelings over facts, crafting insights that differentiate offerings, and timing data to validate rather than trigger doubt. Hamid shares practical scripts, a lead follow-up case study that massively improved response rates. Selling cybersecurity doesn't have to be painful.
-
In this episode of MSP 1337, Chris Johnson sits down with Jim Harryman to break down why passing audits doesnât equal real security, and why MSPs get into trouble when frameworks turn into checklists.
Drawing from firsthand experience with SOC 2 Type 2, CIS Controls, and the GTIA Cybersecurity Trustmark, Jim shares practical lessons on evidence quality, shared responsibility, inherited security, and the dangers of assumptions. They unpack why SOC 2 excels at governance but leaves technical gaps, why CIS is the most effective starting point for MSPs and their clients, and how Trustmark helps operationalize governance for MSP-specific realities.
The discussion tackles common trapsâtemplate-driven compliance, perfection paralysis, and tool-chasingâand replaces them with a disciplined, momentum-driven approach focused on outcomes, accountability, and continuous validation. From third-party vendor management to proof over screenshots, this episode is a reality check for MSPs trying to balance assurance, security, and business growth.
If youâre relying on audits for peace of mind, or struggling to turn compliance into real-world resilience, this episode will reset how you think about frameworks, governance, and what âgoodâ actually looks like.
Learn more about Trustmark: gtia.org/Trustmark
-
Most MSPs donât fail at cybersecurity because of missing tools; they stall because they miss the maturity inflection point where governance must replace tactics. In this episode, we break down what actually defines cybersecurity maturity, contrasting technical frameworks with governance-driven models that reflect real organizational behavior.
Using the GTIA Cybersecurity Trustmarkâs four-level maturity lens alongside Joshâs five-step cybersecurity maturity journey (built from cyber insurance and CIS Implementation Groups), we explore how organizations move from checkbox security to leadership-driven, repeatable governance. We dig into why people and process ultimately outweigh tooling, how intentional training and tabletop exercises expose true readiness, and why cost and complexity increase as risk declines.
If youâve ever wondered why MSPs plateau despite âhaving all the right tools,â this conversation reframes maturity as a business and leadership problem, one solved by clarity of purpose, decision rights, and governance that scales.
-
In this episode, we unpack one of the most misunderstood topics in the MSP industry: insurance. From Errors & Omissions to cyber insurance, we break down what these policies actually cover, and more importantly, what they donât. The conversation challenges the assumption that buying insurance equals risk transfer and explores how liability really plays out across MSPs, clients, and thirdâparty vendors.
We discuss why cyber insurance typically protects only the insured entity, how E&O applies to negligence and misconfiguration, and why insurance requirements vary dramatically based on client size, maturity, and risk tolerance. The episode also dives into supplyâchain risk, litigation realities, and why MSPs must align insurance decisions with their business model, client profiles, and overall risk strategy, rather than treating insurance as a checkbox.
Ultimately, this episode reinforces that trust is built through risk conversations, not policies, and that MSPs have a critical opportunity to mentor clients on what good risk management actually looks like.
-
Clear communication is one of the most overlooked and most costly challenges in IT service providers. In this episode, Chris sits down with Amy Reczek, communication and presence expert, to unpack why misalignment happens between leadership, teams, and clients, and how understanding the âwhyâ behind communication changes everything. From ineffective meetings and virtual body language to intent versus impact, this conversation dives into the human gaps that tools and systems canât fix, and what ITSP leaders can do instead.
-
The critical importance of going beyond just getting technology to work, addressing the underlying security, scalability, and proper implementation, rather than just fixing symptoms. Eric Hansen, of Inland Productivity Solutions, emphasized the importance of starting troubleshooting at the very beginning, even when engineers claim they've already done everything. He discussed their hiring process, which prioritizes people skills and problem-solving abilities over technical expertise, using unsolvable scenarios to test how candidates handle pressure and know when to escalate. While Eric and I might have found a few rabbit holes in this episode, I hope you will hear a recurring theme: delivering cybersecurity in everything you do with your clients. "We're still in the people business."
-
A real-world phishing incident. Real financial impact. Real lessons for MSPs.
In this episode, we unpack a phishing attack that led to unauthorized access to an Azure subscription and significant financial loss for an MSP client. The conversation goes beyond the incident itself to examine where policy gaps, weak controls, and unclear ownership increased liability, and what changed when the MSP committed to cybersecurity maturity.
Joined by Chad Holstead, we walk through how pursuing the GTIA Cybersecurity Trustmark helped transform the MSPâs security posture, improve privileged access controls, and dramatically change the insurance conversation, lowering costs while increasing coverage. This isnât about adding more tools; itâs about leadership, governance, and proving maturity before advising clients.
If youâre an MSP talking cybersecurity to customers, this episode makes one thing clear: secure your own house first.
For more GTIA On location interviews, head over to YouTube and just search GTIA On Location or use this link
-
Google Ads can disappear overnight, and for millions of businesses, it has. In this episode, John Horn of Stub Group breaks down the growing cybersecurity risks behind Google Ads account suspensions and why 39 million accounts were shut down in 2024.
We explore Googleâs automated, allâorânothing enforcement model, how website vulnerabilities, phishing attacks, and account takeovers trigger suspensions, and why recovery is often harder than prevention. The conversation also dives into the impact of AI on search behavior and SEO, the rise of click fraud, and why Google still dominates search advertising despite the emergence of AI platforms.
If you advertise online or manage digital infrastructure, this episode offers practical guidance on securing ad accounts, preparing websites for advertising, and avoiding costly mistakes that can shut down growth overnight.
-
Cybersecurity maturity isnât earned in audits, itâs earned in the operational moments where governance either shows up⊠or it doesnât. Todayâs conversation with Mike Stewart of Anchor Networks goes deep on MSP maturity. How leadership tone, culture, and repeatable decision systems turn policies into actual behavior.
We cover why security awareness must be frequent (not annual), why âthe whyâ behind policies matters, and why AI is now a governance challenge as much as a technical oneâespecially as acceptable use expectations evolve. The goal: use AI to reduce overload and automate routine work, while strengthening critical thinking and verification habits.
-
Managed Service Providers are being pushed to âget compliant fast.â In my discussion with Bruno Leqoc, we reframe the challenge. Compliance isnât security, and lasting compliance depends on security maturity first. Highlighting how AI policy can extend existing governance frameworks, why Microsoft Secure Score is a practical readiness indicator, and why foundational controls (MFA, patching, device management/remote wipe) must come before certifications and GRC tooling. In this episode, we also explore MSPsâ expanding responsibilities in data privacy and governance amid fragmented U.S. state laws and why client alignment and continuous maintenance are the true costs of compliance.
- Show more