RESEARCH
Part 1: Threat Actors Don't Pick You. You Just Happen to Be There.
There's this idea that floats around—usually in boardrooms and in forums—that advanced threat actors operate like surgeons. They pick a target, they plan it out, they execute. Super deliberate. Undeniably cinematic. It implies that a breach is something that happens ...
Cyber Compliance
Stop Getting Mad When Your Client Won’t Buy Compliance
You know the look. You explain how they need MFA, a risk assessment, documented policies, backups that actually restore… and your client stares back at you like you just recited the GDPR in ancient Greek. You leave the meeting frustrated. ...
“Fined Without a Breach?” Why the Wojeski $60,000 Penalty Matters—even if You Think You’re Small
You’ve seen two kinds of headlines after cyber incidents: (1) lawsuits and (2) regulatory enforcement. The recent $60,000 fine against Wojeski ...
New California Audit Law Just Put Your MSP on the Hook. Here’s How to Turn It Into Recurring Revenue
If your clients process sensitive data, your MSP is now part of the legal conversation. On July 24, 2025, California finalized new rules that require businesses processing high-risk personal information to undergo annual, independent cybersecurity audits. This isn’t just for ...
Cyber Liability
One Misconfigured AI Agent Can Impact Every Client You Manage
When One Action Hits Every Client, Governance Decides the Outcome Imagine a hypothetical that’s taught in law school every semester: A delivery driver abandons his route to join a drum circle for three days. On his way back, he causes ...
They Already Have an IT Department. Good. That’s Why You Should Call.
Last night I was at dinner with the CEO of an MSP. Good operator. Growing. Adding clients. Doing the work. We were walking around his town before dinner talking about the usual founder stuff. Processes. How to get people to ...
Agentic AI at the Edge: Opportunity, Autonomy & the Coming Legal Minefield
You’ve probably heard executives gush about autonomous AI agents, the shiny new productivity booster that can automate workflows faster than you can say “zero-trust.” But what they don’t hype is how agentic AI turns your cybersecurity playbook into an existential ...
Insurance & MSP Liability
The Clients You're Ignoring Are the Ones Who Will Sue You
I said something on stage at XChange last week that made a lot of people in the room uncomfortable. "Your smallest clients are your biggest risk." Not your enterprise accounts. Not the ones with complex environments and demanding SLAs. The ...
You’re Not Insured. You’re Just Hopeful.
So there I am, wrapping up a conference session—over 1,000 MSPs in the building—and one guy comes up clutching a fresh copy of Standardized like it’s a fire extinguisher in a server room. He’s nodding along, clearly rattled in all ...
Your MSP Carries More Risk Than a Magazine Stand—and That’s a Problem
Let’s talk about airport gift shops for a minute. You know the ones—tiny kiosks with $14 neck pillows, expired jerky, and three copies of Men’s Health no one’s ever going to read. Now, tell me—how much sensitive data do you ...
More Articles
One Lawsuit Away from Bankruptcy—And It’s Not Even Your Breach
I was talking to a lawyer recently—sharp guy, been through the wringer with business litigation. I asked him, “How do you avoid getting sued?” He didn’t even blink. “You don’t.” “If you’re running a business long enough, it’s not a ...
A $925,000 Wake-Up Call: How One MSP Got Dragged Into a Nightmare He Didn’t Cause
If you’ve been in the MSP business long enough, you’ve had this type of “client.” Not really a client. Not really not. The kind who doesn’t want your stack. Doesn’t want to be managed. Doesn’t believe in layered security or ...
You’re Testing Like It’s 2015—And Hackers Love That
I was just on a call with an engineer the other day—smart guy, lots of certifications, clearly well-meaning. We were walking through a penetration test report, and suddenly he hits me with this: “According to NIST, this pen test isn’t ...
Your People Aren’t the Problem. Your Lack of a Plan Is.
I was talking with an MSP CEO last week—let’s call him “Every MSP CEO Ever.” He had just hired a new service desk manager. This one, he told me, was different. This one was going to be successful. I asked, ...
The Clock Is Ticking: Windows 10 Is Dying, and You’re About to Be Buried in Bad Hardware
October 14, 2025. That’s the date Windows 10 joins the graveyard of obsolete operating systems. No patches. No updates. No support. And if your clients are still using it after that? They’re not just behind—they’re exposed. And when it all ...
Why Your Help Desk Is the New Front Line in the War on Data Extortion
You locked down the endpoints. You rolled out MFA. You trained your clients to spot suspicious emails like they were defusing bombs. And yet, here we are. They’re back. The callback phishers. The Luna Moth crew. The so-called “Silent Ransom ...
If You Were the MSP for Marks & Spencer, Would You Still Have a Business?
Last week, Marks & Spencer—a billion-pound British retail giant—made headlines. Not for a new product line. Not for record profits. For getting hacked and running their business on pen and paper. For over a week. The insider reports are brutal: ...
Your Salespeople Are Mission-Driven. Your Engineers Are Coin-Operated. Wait, What?
Let’s talk about the two most misunderstood species in your MSP: the sales rep and the engineer. You pay your sales team on commission. They close a deal? They get a check. Simple. Straightforward. “Coin-operated,” as many of you like ...
Why Your GRC Investment Is Doomed (And What to Do Instead)
Let me guess: you’ve finally pulled the trigger on a shiny new GRC platform. You’ve got dashboards, policy templates, user roles, workflows… and a sinking feeling in your gut that this whole compliance thing is going to fall apart in ...
“Password” Isn’t a Firewall Strategy: Why Inaction at Critical Infrastructure Sites Could End in Criminal Charges
I was having dinner with the CEO of an MSP last night. He looked like he’d just walked out of a war zone. One of his clients—a water treatment plant—had been dragging its feet for years on a basic cybersecurity ...
CEOs Don’t Care About Cyber Liability (Until They Absolutely Do)
I just got back from a business event. Big room. Lots of suits. Over 400 CEOs and CFOs packed into one space, armed with business cards, ambition, and an alarming amount of espresso. I went in thinking, This is it. ...
If You’re an MSP and You’re Ignoring Compliance, You’re One Breach Away from Becoming a Headline
You ever watch someone walk straight into oncoming traffic? That’s what it feels like watching MSPs ignore their compliance obligations. They think because their clients are the ones with HIPAA or FTC Safeguards rules on their backs, they’re safe. Like ...
