RESEARCH
Incident Response: Panic Is Not a Phase, It’s a Symptom
Part 1: Why Incident Response Fails Before the Incident Starts Most organizations think they’re “doing incident response” because they bought a tool. Or three. Maybe they even survived an incident once or twice, so clearly they’re fine now. That’s not ...
Cyber Compliance
Stop Getting Mad When Your Client Won’t Buy Compliance
You know the look. You explain how they need MFA, a risk assessment, documented policies, backups that actually restore… and your client stares back at you like you just recited the GDPR in ancient Greek. You leave the meeting frustrated. ...
“Fined Without a Breach?” Why the Wojeski $60,000 Penalty Matters—even if You Think You’re Small
You’ve seen two kinds of headlines after cyber incidents: (1) lawsuits and (2) regulatory enforcement. The recent $60,000 fine against Wojeski ...
New California Audit Law Just Put Your MSP on the Hook. Here’s How to Turn It Into Recurring Revenue
If your clients process sensitive data, your MSP is now part of the legal conversation. On July 24, 2025, California finalized new rules that require businesses processing high-risk personal information to undergo annual, independent cybersecurity audits. This isn’t just for ...
Cyber Liability
They Already Have an IT Department. Good. That’s Why You Should Call.
Last night I was at dinner with the CEO of an MSP. Good operator. Growing. Adding clients. Doing the work. We were walking around his town before dinner talking about the usual founder stuff. Processes. How to get people to ...
Agentic AI at the Edge: Opportunity, Autonomy & the Coming Legal Minefield
You’ve probably heard executives gush about autonomous AI agents, the shiny new productivity booster that can automate workflows faster than you can say “zero-trust.” But what they don’t hype is how agentic AI turns your cybersecurity playbook into an existential ...
The New Frontier: Securities Class Actions Triggered by Cybersecurity Failures
Cybersecurity risk isn’t just about limiting data loss anymore, it’s increasingly about legal exposure at the highest corporate level. A recent massive data breach at Coupang, one of South Korea’s largest online retailers, may fundamentally change how publicly traded companies and their cybersecurity providers think about risk ...
Insurance & MSP Liability
You’re Not Insured. You’re Just Hopeful.
So there I am, wrapping up a conference session—over 1,000 MSPs in the building—and one guy comes up clutching a fresh copy of Standardized like it’s a fire extinguisher in a server room. He’s nodding along, clearly rattled in all ...
Your MSP Carries More Risk Than a Magazine Stand—and That’s a Problem
Let’s talk about airport gift shops for a minute. You know the ones—tiny kiosks with $14 neck pillows, expired jerky, and three copies of Men’s Health no one’s ever going to read. Now, tell me—how much sensitive data do you ...
If You Don’t Own the Security Stack, You’ll Be Replaced
There’s a quiet shift happening in the cyber insurance world—and if you’re not talking to your clients about it, someone else is. That someone is their insurance provider. And they’re not just selling policies anymore. They’re selling cybersecurity solutions too. ...
More Articles
They Already Have an IT Department. Good. That’s Why You Should Call.
Last night I was at dinner with the CEO of an MSP. Good operator. Growing. Adding clients. Doing the work. We were walking around his town before dinner talking about the usual founder stuff. Processes. How to get people to ...
Agentic AI at the Edge: Opportunity, Autonomy & the Coming Legal Minefield
You’ve probably heard executives gush about autonomous AI agents, the shiny new productivity booster that can automate workflows faster than you can say “zero-trust.” But what they don’t hype is how agentic AI turns your cybersecurity playbook into an existential ...
Notepad++ Compromise: What you need to know
The recent Notepad++ compromise should make you pause for a moment because the Chrysalis backdoor is exactly the type of malware ...
Your Best Salespeople Aren’t in Sales. They’re on the Floor.
Last night I went out to dinner. I’m an early-to-bed guy, which means I eat when restaurants are still serving happy hour menus. This was New Orleans, so happy hour still meant good food and strong opinions. I was halfway through an appetizer when I overheard ...
The New Frontier: Securities Class Actions Triggered by Cybersecurity Failures
Cybersecurity risk isn’t just about limiting data loss anymore, it’s increasingly about legal exposure at the highest corporate level. A recent massive data breach at Coupang, one of South Korea’s largest online retailers, may fundamentally change how publicly traded companies and their cybersecurity providers think about risk ...
Your Statement of Work Is Your Security Program Playbook, Not Paperwork
Most MSPs treat the Statement of Work like something you do after the sale. A formality. A box to check. That mindset is exactly why scope creeps, expectations get fuzzy, and security ends up feeling hard to prove when a ...
The Hard Truth: Your Security Stack Isn’t as Standardized as You Think
Most MSP owners believe they have a standard security stack. They can list the tools, explain why they chose them, and describe what “good security” looks like for their clients. But when you step back and look across your entire ...
The One Assumption Clients Are Making About You Right Now
A few weeks ago, I had dinner in New Orleans with a family friend. He owns a small law firm in Texas. Smart. Successful. A great client by any MSP’s standards. The kind of client I would have gladly built ...
Before You Sell Security, Ask Yourself This: Who’s Liable When It Fails?
Every MSP wants to talk about cybersecurity when things are going well. New tools, new programs, and a clean vCSO pitch that sounds great in a sales call and looks great in a slide deck. Dashboards, frameworks, and maturity models that promise progress and control. ...
The Control Creep Problem: Why MSPs Keep Adding Controls but Still Miss the Point
If you’ve been in the MSP world for long, you’ve probably noticed this pattern. A new product hits the channel, and we rush to add a control. A vendor releases a shiny capability, and we bolt that on. A client asks, “Are we protected from this?” and ...
Your SOW Is Costing You Clients: The MSP Blind Spot That Destroys Trust Before the Work Even Starts
A while back, I got a call from an MSP owner who sounded like he had just finished gargling battery acid. He told me he lost a client he had supported for ...
Your Security Tools Are Lying to You. Here’s Proof.
It starts like every other sales call with an organization that has its own internal IT department. The prospect’s IT team walks you through their stack. They brag about their EDR. They’ve got a fancy firewall. They’ve got “AI‑powered everything.” ...
