The CyberCall Podcast

For the past two weeks, we've been building what a Mythos-ready security program actually looks like. None of that matters if we can't walk into a business or boardroom and get the C-suite to buy in. Today is leadership call. How do MSPs earn the right to be in the boardroom on AI and stop being the vendor who fixes things and start being the partner who helps the business win. That's why I'm so excited about today's guest.

Joining us is Bob Zukis, the founder of the Digital Directors Network, lead author of The Great Reboot...

Two weeks ago, Anthropic announced Claude Mythos. A model that autonomously found thousands of zero-days, generated working exploits, and broke out of its own containment sandbox.

The moment the industry has been warning about for years just arrived.

Within 48 hours, the Cloud Security Alliance pulled together more than 80 CISOs and security leaders Heather Adkins, Rob Joyce, Bruce Schneier, Jen Easterly and produced "The AI Vulnerability Storm: Building a Mythos-Ready Security Program." It's one of the most important security documents published this year.

My guest today is one of its authors. Sounil Yu CTO...

The cyber insurance market right now is the softest it's been since 2021. Premiums are flat. Capacity is abundant. Carriers are competing aggressively for MSP business, and your SMB clients are getting pricing their predecessors would have dreamed about three years ago.

Here's the problem. Loss frequency is up. Ransomware attack frequency rose 45% year-over-year. A single Cloudflare outage in November cost the economy somewhere between 5 and 15 billion dollars. AI-powered attacks are collapsing the window between a vulnerability existing and being weaponized from weeks to hours. And Anthropic just announced a model that found thousands of zero-days autonomously and...

This week we need to talk about something every MSP, every security pro, and every business owner needs to understand because it changes the threat equation for everyone, not just the enterprise players it was built for. It was only fitting to bring in John Strand, Founder of Black Hills Information Security to discuss.

Anthropic just announced a model called Mythos Preview that can autonomously find and exploit zero-day vulnerabilities across every major OS and browser on the planet flaws that survived decades of human review. They're not releasing it publicly. They've locked it inside a restricted...

On March 31st, Axios was compromised. Four hundred million monthly downloads. The HTTP library sitting inside almost every web application your clients use, depend on, or have had custom-built for them. 

 The attacker did not touch a single line of code. They hijacked the maintainer's credentials, slipped in one hidden dependency, and let your clients' own systems install the malware automatically during a routine update. It stole every credential it could find, cleaned up after itself, and left no trace. Three hours. Gone before most people woke up.

 That attack did not come out of now...

Last week, a supply chain attack hit LiteLLM the open-source AI gateway that sits inside 36% of cloud environment and for about six hours, anyone who ran a routine install command handed over their SSH keys, cloud credentials, and API tokens to a threat group that had been quietly chaining compromises across the open-source ecosystem for months. The attack didn't announce itself. It passed every integrity check. 

 That is the world our guest operates in and it is exactly why her work matters right now. Ashleigh Vogstad is the CEO of Transcends, a go-to-market firm that wo...

Imagine this. A developer opens their laptop. Gets a routine VS Code update notification. Clicks install. Goes back to work.

What they don't know is that an AI triage bot the kind built to make their team more efficient just read a manipulated GitHub Issue title, followed hidden instructions, stole three publishing tokens, and silently installed a rogue AI agent on their machine. One that survives reboots. One that takes remote commands. One that they never heard of, never evaluated, and never consented to.

This wasn't a nation-state. This wasn't a zero-day. This was one...

For years, many of us have thought about cyberattacks as criminals chasing money. But when you zoom out, you realize something much bigger is happening.

Cyber has become one of the most powerful geopolitical weapons of the 21st century. Nations use it to spy, influence elections, sabotage infrastructure, and increasingly—disrupt supply chains that businesses rely on every day.

Purchase Allie's book here on Amazon.

For MSPs, this isn’t theoretical. We’ve seen it with SolarWinds and with the growing number of attacks aimed at the very p...

On February 28th, the United States and Israel launched coordinated strikes on Iran. Most people know that part.

What most people don't know is that Iran responded by sending drones directly into Amazon Web Services data centers in the UAE. Two facilities struck. A third in Bahrain damaged. For the first time in history, commercial cloud infrastructure became a military target — and most of your clients have no idea it happened.

What's worse — Iranian cyber operators had already pre-positioned backdoors inside American banks and airports before the first bomb dropped. And with Iran's conventional military now...

There’s a conversation happening in boardrooms right now that most security professionals aren’t equipped to lead. Not because they don’t understand the technology. They do.

But translating risk into business decisions… defending budgets… guiding executives through uncertainty… that’s a different discipline entirely.

And that gap? That’s where security programs stall. That’s where funding gets delayed. That’s where the vCISO role becomes reactive instead of strategic.

For MSPs, this matters more than ever.

The future of growth isn’t just in deploying tools — it’s in leading clients through...

There's a concept in military and emergency response called the fog of war — that moment when everything is happening at once, information is incomplete, and the people who trained for this have to decide right now, with what they have.

Cybersecurity incident response is that moment. Every time.

And the dirty secret is that most organizations don't have a plan that actually holds up when the fog rolls in. They have a playbook nobody has read and a response team about to find out whether their preparation was real or theoretical.

Today's guest ha...

Last week at Right of Boom, something interesting happened.

In a conference full of great sessions, one stood out — not because of hype, but because of urgency. Kelvin Tegelaar’s CIPP certification session on securing Microsoft 365 was standing room only. MSPs weren’t there for theory. They were there because M365 has quietly become the single largest attack surface in most of their client environments.

 And yet, despite years of focus on security… many organizations are still dangerously exposed. So today isn’t a recap. It’s a debrief.

 We’re going to unpack what Kelv...

Every week there’s a new zero-day, a new CVE, a new headline. But what rarely gets talked about is what real threat hunting is uncovering when you actually go looking.

Today’s conversation is about what’s happening beyond zero-days — the automated scanning, the long-tail exploitation, the shared infrastructure, and the attack behavior that lives in the background noise of the internet.

We’re joined by Vijay Akasapu, CEO of Cylerian, whose team recently went hunting for early React2Shell exploitation and instead uncovered something much bigger: a multi-layered exploitation ecosystem probing across Jav...

Welcome back to The CyberCall. Today we’re tackling one of the fastest-growing risks MSPs face: third-party exposure in the age of AI.

Our guest is Greg Rasner — author of Cybersecurity and Third-Party Risk and a leading voice on how AI is reshaping vendor security. Greg has spent years helping organizations understand how a single weak vendor can create massive operational, financial, and reputational damage.

With his new book on AI and third-party risk coming soon, Greg joins us to share what’s changing, what MSPs are missing, and what leaders must do now to protec...

Today’s conversation is all about how MSPs actually win in the modern threat landscape — before, during, and after an attack.

We’re joined by three practitioners who will each be leading hands-on workshops at Right of Boom 2026. John Strand will take us inside Cloud Forever Days and intro to pen testing, showing how attackers really move through cloud environments. Joff Thyer will break down how MSPs can use AI automation to scale security operations without scaling chaos. And Patterson Cake will walk us through what incident response should look like when things stop being theoretical and start...

In 2025, attackers aren’t breaking in through zero-days — they’re logging in. Identity has become the primary attack surface, and once access is gained, everything else happens fast.

Today, we’re joined by Chip Buck, CTO of SaaS Alerts — someone who lives at the front lines of identity-based attacks across SaaS platforms every single day. Chip sees how session theft, OAuth abuse, and legitimate-looking logins turn into real business damage for MSPs and their clients.

This isn’t a theoretical discussion. We’re here to talk about what identity attacks actually look like in the wild, what MSP...

Welcome back to The CyberCall. Our guest, Joy Beland from Summit7, helps lead security and compliance at the largest MSP serving the Defense Industrial Base.

Joy joins us to share what it actually took to prepare as a service provider, what broke, what changed, and what lessons MSPs can learn if they expect CMMC — or ISO 27001 — to become part of their future.

If you’re an MSP trying to understand what real compliance maturity looks like at scale, this conversation will give you clarity — not marketing, not hype, just experience

Most MSPs don’t fail because of ransomware. They fail because they drift. They chase revenue without direction. They stack tools without a strategy.
 And they wake up one year later asking the same dangerous question: 

“Why didn’t last year change anything?”

Today isn’t about theory. It’s about execution.

Our guest Gary Pica, doesn’t just teach business planning—he’s been stress-testing it with real MSP owners for over 20 years. Through recessions. Through acquisitions. Through “ RMM, Cloud, Security, Automation and now AI revolutions” in our industry. 

Today’s conversation is all about what comes next for Microsoft 365 — because after Ignite, it’s clear that we’re entering a brand-new era. AI agents, identity-first security, native Sysmon, tenant baselines — Microsoft is rebuilding the entire stack around speed, intelligence, and scale.

And when you talk about managing M365 at scale, there’s one person MSPs look to: Kelvin Tegelaar, founder of CIPP. Kelvin just sold out his first CIPP certification class at Right of Boom, he’s about to ship version 8.7.0, and his platform is now used by over 10,000 MSP partners trying to tame...

Today we’re talking about what it really takes to partner with a giant.

Every MSP wants to grow alongside hyperscalers like Microsoft — but few truly know how to align, scale, and turn partnership into profit.

Our guest today has lived that journey from the inside out. Vince Menzione, Founder of The Ultimate Partner and former Microsoft channel leader, has helped thousands of partners build thriving businesses within the Microsoft ecosystem.

We discuss #cloud, #security, #AI - all the buzzwords!!

Today’s guest has one of the most unconventional origin stories in the MSP world. Nabil Aitoumeziane started his career not behind a keyboard—but at the door of a nightclub. While working nights as a bouncer, he began doing something few would dare: asking customers for business introductions and meetings. Fast-forward a few years, and he’s now the president of FSI, an 85-person managed service provider and one of Microsoft’s go-to partners for SMBs.

From reading crowds to reading client needs, Nabil turned street smarts into boardroom strategy—and built one of the...

Today we’re talking about one of the biggest shifts in offensive security that MSPs, CISOs, and defenders cannot ignore.

For years, pen testing was about human creativity — sneaking in where we “shouldn’t” be, showing you how you’d really get burned in an incident. But in 2025, that world is colliding with AI and automated attack platforms that claim they can do it faster, cheaper, and nonstop.

So the question is: are we entering a golden age of continuous validation — or are we fooling ourselves with marketing and dashboards?

To dig into that, we’ve go...

Today we’re tackling one of the biggest shifts in modern network security. VPNs are breaking under the weight of hybrid work, SaaS sprawl, and constant attack — and MSPs are being forced to rethink how they secure access itself.

Enter Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) — not just buzzwords, but the blueprint for the next decade of MSP security architecture.

Joining us are two leaders shaping this transformation:

Jason Garbis, Founder of Numberline Security and author of “Zero Trust”
Ahmet Polat, Founder & CTO of Timus.

Together...

Artificial intelligence is evolving faster than most organizations can operationally absorb. We’ve automated analysis, accelerated response, and even delegated decisions to machines — but our people, processes, and governance are still running at human speed.

This week on The CyberCall, I’m joined by Sounil Yu, creator of the Cyber Defense Matrix and one of the most forward-thinking minds in cybersecurity, to unpack “The Human Lag: Why AI Outpaces Operational Readiness.”

We’ll explore what happens when innovation outruns process, where humans still matter most, and how security leaders can close th...

This week on The CyberCall, we’re turning up the heat on deepfakes & disinformation—why they’re no longer sci-fi, and how they’re already targeting MSPs and the Defense Industrial Base.

I’m joined by Sandy Kronenberg (Netarx) and Scott Edwards (Summit 7) to unpack:
• Real attack chains: voice clones, lip-sync, synthetic exec approvals
• The “liar’s dividend” & reputational warfare
• What actually works: identity verification, playbooks, and awareness training
• Fast wins MSPs can roll out this quarter

Today we’re talking about something that may sound government-heavy but is actually critical for MSPs and the SMBs they serve: the new NIST Small Business Primer for SP 800-171 Rev. 3.

At its core, this guide is about protecting Controlled Unclassified Information, or CUI. And while that might sound like it only applies to defense contractors, the reality is that CUI requirements increasingly touch SMBs through contracts, regulations, and supply chains.

What’s powerful here is that NIST designed this Primer specifically for smaller organizations. It takes complex requirements and translates them into prac...

Today we’re tackling microsegmentation—a solution that could change the game against ransomware.

Ransomware thrives on lateral movement: one compromised device turns into an entire network takedown. Microsegmentation stops that by creating secure ‘neighborhoods’ inside the network, containing the damage before it spreads.

The big questions: can MSPs realistically deploy this at scale, without adding complexity? And how do we frame it in business terms—protecting revenue, uptime, and client trust?

Special guest: Brian Haugli, CEO of SideChannel

Over the past couple of days, I was digging into the latest Anthropic Threat Report and one section really hit me.

They wrote: ‘We’ve developed sophisticated safety and security measures to prevent misuse of our AI models. While generally effective, cybercriminals keep finding ways around them.’

And then they shared some eye-opening case studies—threat actors aren’t just asking AI for advice, they’re embedding it across their entire attack lifecycle. We’re talking reconnaissance, credential harvesting, extortion campaigns, even creating fake identities at scale. This is a whole new level of AI misuse—w...

In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens. 

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the ris...

Last week, we dug into the surge of SonicWall VPN compromises. At first, there was speculation about a possible new zero day — but as the dust settled, we learned it was far more familiar: unpatched systems, misconfigurations, stale service accounts.

One of the biggest takeaways came from breach attorney Spencer Pollack, who cautioned MSPs: don’t speculate. When cyber hits the fan, the truth comes out in the contracts.

That’s exactly where we’re going in today's session. We’re joined by two legal experts — Eric Tilds, MSP business attorney, and Spencer Pollock, bre...

In this session of The CyberCall, we’re cutting straight into one of the most relentless threats MSPs and their clients are facing right now—targeted ransomware attacks exploiting SonicWall SSLVPNs, with signs the attackers are already shifting to Fortinet VPNs.

This isn’t theory. It’s happening in the wild, and the fallout is real. Huntress has been on the frontlines analyzing the tactics, SonicWall’s SOC is in the middle of the response, and breach attorneys are already managing a wave of legal cases tied to these compromises.

We’re joined by three experts who...

When MSPs are selling IT and security services, the real decision often comes from the person who owns the budget and measures the risk — the CFO. In this session of The CyberCall, we’re getting inside that mindset. Jason Duncan, CFO of InfoSystems, has over two decades of experience working as a Corporate Controller & CFO, making financial, IT & security decisions.

This week he's here to share how CFOs view cyber investments, contracts, compliance, and protecting the systems that drive revenue. If you want to win bigger deals and speak the language that gets funded, this is the conv...

This week, we’re diving into three huge shifts happening in the Microsoft ecosystem that every MSP should have on their radar:

·      Token Protection is now available for Entra ID P1 licenses — and it’s a game changer for securing identity tokens and stopping session hijacking.

·      GDAP — the move from legacy DAP to Granular Delegated Admin Privileges — is creating both confusion and opportunity for MSPs managing multiple tenants.

·      And for those preparing for Right of Boom 2026, Kelvin Tegelaar is here to talk about launching the first CIPP bootcamp — helping MSPs and vCISOs go deeper on Microsoft secu...

Big news for the defense and MSP community:

The 48 CFR CMMC final rule has officially reached OMB review.
This is the second-to-last milestone before publication in the Federal Register — and we’re expecting to see the final rule land by October with no 60-day delay. 

Translation? The phased rollout begins Q4 2025.
If you work with defense contractors, or your clients do, the countdown just got very real.

This week on The CyberCall (1pm EDT - URL in comments), we’ve got Jacob Horne<...