MSP 1337 | Cybersecurity Education & Security Guidance

Most MSPs don’t fail at cybersecurity because of missing tools; they stall because they miss the maturity inflection point where governance must replace tactics. In this episode, we break down what actually defines cybersecurity maturity, contrasting technical frameworks with governance-driven models that reflect real organizational behavior.Using the GTIA Cybersecurity Trustmark’s four-level maturity lens alongside Josh’s five-step cybersecurity maturity journey (built from cyber insurance and CIS Implementation Groups), we explore how organizations move from checkbox security to leadership-driven, repeatable governance. We dig into why people and process ultimately outweigh tooling, how intentional training and tabletop exercises expose true readiness, and why cost and complexity increase as risk declines.If you’ve ever wondered why MSPs plateau despite “having all the right tools,” this conversation reframes maturity as a business and leadership problem, one solved by clarity of purpose, decision rights, and governance that scales.

In this episode, we unpack one of the most misunderstood topics in the MSP industry: insurance. From Errors & Omissions to cyber insurance, we break down what these policies actually cover, and more importantly, what they don’t. The conversation challenges the assumption that buying insurance equals risk transfer and explores how liability really plays out across MSPs, clients, and third‑party vendors.We discuss why cyber insurance typically protects only the insured entity, how E&O applies to negligence and misconfiguration, and why insurance requirements vary dramatically based on client size, maturity, and risk tolerance. The episode also dives into supply‑chain risk, litigation realities, and why MSPs must align insurance decisions with their business model, client profiles, and overall risk strategy, rather than treating insurance as a checkbox.Ultimately, this episode reinforces that trust is built through risk conversations, not policies, and that MSPs have a critical opportunity to mentor clients on what good risk management actually looks like.

Clear communication is one of the most overlooked and most costly challenges in IT service providers. In this episode, Chris sits down with Amy Reczek, communication and presence expert, to unpack why misalignment happens between leadership, teams, and clients, and how understanding the “why” behind communication changes everything. From ineffective meetings and virtual body language to intent versus impact, this conversation dives into the human gaps that tools and systems can’t fix, and what ITSP leaders can do instead.

The critical importance of going beyond just getting technology to work, addressing the underlying security, scalability, and proper implementation, rather than just fixing symptoms. Eric Hansen, of Inland Productivity Solutions, emphasized the importance of starting troubleshooting at the very beginning, even when engineers claim they've already done everything. He discussed their hiring process, which prioritizes people skills and problem-solving abilities over technical expertise, using unsolvable scenarios to test how candidates handle pressure and know when to escalate. While Eric and I might have found a few rabbit holes in this episode, I hope you will hear a recurring theme: delivering cybersecurity in everything you do with your clients. "We're still in the people business."

A real-world phishing incident. Real financial impact. Real lessons for MSPs.In this episode, we unpack a phishing attack that led to unauthorized access to an Azure subscription and significant financial loss for an MSP client. The conversation goes beyond the incident itself to examine where policy gaps, weak controls, and unclear ownership increased liability, and what changed when the MSP committed to cybersecurity maturity.Joined by Chad Holstead, we walk through how pursuing the GTIA Cybersecurity Trustmark helped transform the MSP’s security posture, improve privileged access controls, and dramatically change the insurance conversation, lowering costs while increasing coverage. This isn’t about adding more tools; it’s about leadership, governance, and proving maturity before advising clients.If you’re an MSP talking cybersecurity to customers, this episode makes one thing clear: secure your own house first.For more GTIA On location interviews, head over to YouTube and just search GTIA On Location or use this link