
The cybersecurity industry loves to sell tools. What it rarely talks about is the hard work required to make those tools effective. In this episode, Jim Harryman joins Chris to challenge the idea that technology alone creates security. They discuss why mature organizations focus on governance, accountability, documentation, policies, review cycles, and operational discipline long before they look for the next shiny solution. If you've ever mistaken a technology purchase for progress, this conversation may be the reality check your organization needs.
Jun 30
42 min

Planes, hotels, and conference stages aren’t what put you at risk, it’s what you bring with you. In this episode, Dawn Sizer of 3rd Element dives into the real reasons traveling professionals become easy targets: weak policies, poor communication, unsecured devices, and total blind spots around personal data exposure. From conditional access headaches to rideshare risks and AI policy chaos, this is a practical, no-excuses look at how security breaks down in the real world, and what you need to fix before your next trip.
Jun 23
30 min

This episode explores how cybersecurity is evolving from point-in-time assessments to continuous, intelligence-driven operations. Galina Kho of Cyberbay shares how predictive analytics, crowdsourced ethical hackers, and AI are reshaping how organizations understand and manage risk. We discuss how to scale security without adding headcount, why human expertise remains essential, and how governance and trust underpin effective security ecosystems. The result is a clearer model for modern cybersecurity, proactive, collaborative, and built for constant change.
Jun 16
32 min

In this special episode of MSP 1337, CJ is joined by Brooke Lee (Rev.io) and Stacey Whitley (GTIA) to unpack how ITSPs can translate industry engagement into measurable outcomes. Attending events is easy, but most organizations struggle to turn what they learn into real operational outcomes. Brooke and Stacey share how their collaborative event recap initiative is helping bridge that gap by distilling key takeaways from major channel events into practical, accessible insights. More importantly, they highlight how GTIA serves as the connective tissue that sustains momentum beyond the event, enabling peer accountability, ongoing education, and real community engagement.The discussion reinforces the business value of GTIA membership beyond networking. From structured onboarding and mentorship to role-based education and vendor-neutral collaboration, GTIA provides a scalable approach to developing teams, reducing isolation, and accelerating organizational maturity. Brooke’s perspective on embedding GTIA into Rev.io’s onboarding model illustrates how intentional engagement can drive adoption and long-term ROI. Cybersecurity is a central theme, with a focus on GTIA’s Cybersecurity Resource Hub, ISAO, and the GTIA Cybersecurity Trustmark Best Practices. Stacey emphasizes the importance of community-driven intelligence and real-time peer support, particularly during incidents, capabilities that many ITSPs struggle to access independently. The episode closes with a candid look at how authentic, experience-driven content, rather than polished production, builds trust, strengthens relationships, and lowers barriers to participation across the channel.Bottom line: GTIA is more than membership, it is more than a community, and as an association, it is greater than the sum of its parts. GTIA is a force multiplier for learning, accountability, and cybersecurity maturity when actively leveraged.
Jun 9
32 min

In this episode, Josh Hohbein of CentrexIT breaks down a practical, MSP-centric approach to risk assessments that moves beyond complex, consultant-driven reports and toward clear, actionable business outcomes. He shares how combining vulnerability scans, client interviews, and system configuration reviews, anchored in a cyber maturity model, helps MSPs translate technical findings into meaningful risk conversations, especially during onboarding. The discussion highlights the importance of ownership, communication, and collaboration in managing inherited client risk, while previewing a live demonstration session at Pack State Beyond, designed to equip MSPs with repeatable frameworks they can own. Ultimately, the episode reinforces that effective risk assessments aren’t about identifying more issues; they’re about enabling better decisions, strengthening governance, and driving measurable security maturity.
Jun 2
24 min

In this MSP1337 fireside chat, you and Matt Lee unpack the idea of a “vulnpocalypse”, a rapidly emerging reality in which AI-driven tools are accelerating vulnerability discovery at a pace organizations can't keep up with. While much of the industry is focused on the fear and hype, the conversation shifts to what actually matters: operational response. You highlight that the shrinking gap between proof of concept and active exploitation is forcing a fundamental change in how MSPs and organizations manage risk, especially in patching velocity, exposure management, and accountability for internet-facing systems. The takeaway is clear: this isn’t just a future threat, it’s a present inflection point requiring faster, more automated, and governance-aligned security practices.
May 26
26 min

In this episode, Chris Johnson sits down with Eric Shoemaker of Genius GRC to unpack one of the most misunderstood shifts in the MSP space: the move from tool-driven cybersecurity to standards-aligned governance, risk, and compliance programs.Eric explains why Genius GRC isn’t a software platform and why that distinction matters. Together, they explore how early automation wins (like continuous access reconciliations) impressed auditors but didn’t replace the need for real governance, documented reviews, and independent judgment. As the market matures, the conversation turns to a growing risk: MSPs and SMBs stacking new security tools while core systems remain misconfigured and under-governed.Chris and Eric tackle the myth of “do-it-yourself” GRC, the dangers of vibe-based compliance, and why tools only amplify expertise; they don’t replace it. They also dig into the critical separation between IT operations and security leadership, making the case for advisory or independent CISO models that reduce conflicts of interest and improve risk outcomes.The discussion closes with practical, budget-conscious fundamentals, such as DNS filtering, CIS IG1, and free or low-cost controls that actually move the needle, plus hard truths about negligence versus resourcing failures and why resilience must be budgeted from day one.If you’re an MSP, consultant, or business leader navigating cybersecurity maturity, this episode is a grounded, no-hype look at what actually reduces risk.
May 19
34 min

In this episode of MSP1337, Chris Johnson is joined by Jeff Majka, founder of Security Bulldog, to unpack why MSP‑delivered SOC services are at a breaking point, and how AI and automation are forcing a reset. They explore why traditional tiered SOC models and white‑label thinking no longer scale, how ungoverned AI adoption collides with zero trust, and why speed and decision quality now matter more than raw data or CVE counts. From ticket overload and false positives to exploitability, continuous monitoring, and breach resilience, the conversation underscores a hard truth: MSPs must redesign security operations around automation-first workflows that reduce noise, protect high‑value assets, and preserve human judgment for what truly matters in an AI‑accelerated threat landscape.
May 12
30 min

Chris Johnson sits down with Ido Green of Espresso Labs to explore how AI and local agents can reduce cybersecurity noise, offload Level 1 work, and continuously enforce compliance, without losing human control. They discuss guardrails for safe automation, multi-vendor telemetry, drift detection, evidence collection at scale, and why “reporting gaps” isn’t enough if you can’t execute remediation and preserve proof. The episode closes with a roadmap for frameworks, partnerships, and insurance-ready visibility.
May 5
29 min

A sit-down with Hamid Ganadan, author of “Not Buying It: The Art of Selling to Scientists, Doctors, and Other Professional Skeptics,” on how MSPs can sell to skeptical, highly educated buyers. This is an exploration of the psychology of decision-making, shifting prospects from skepticism to curiosity, leading with feelings over facts, crafting insights that differentiate offerings, and timing data to validate rather than trigger doubt. Hamid shares practical scripts, a lead follow-up case study that massively improved response rates. Selling cybersecurity doesn't have to be painful.
Apr 28
36 min
Load more
