MSP 1337 | Cybersecurity Education & Security Guidance

In this episode, Chris Johnson sits down with Eric Shoemaker of Genius GRC to unpack one of the most misunderstood shifts in the MSP space: the move from tool-driven cybersecurity to standards-aligned governance, risk, and compliance programs.Eric explains why Genius GRC isn’t a software platform and why that distinction matters. Together, they explore how early automation wins (like continuous access reconciliations) impressed auditors but didn’t replace the need for real governance, documented reviews, and independent judgment. As the market matures, the conversation turns to a growing risk: MSPs and SMBs stacking new security tools while core systems remain misconfigured and under-governed.Chris and Eric tackle the myth of “do-it-yourself” GRC, the dangers of vibe-based compliance, and why tools only amplify expertise; they don’t replace it. They also dig into the critical separation between IT operations and security leadership, making the case for advisory or independent CISO models that reduce conflicts of interest and improve risk outcomes.The discussion closes with practical, budget-conscious fundamentals, such as DNS filtering, CIS IG1, and free or low-cost controls that actually move the needle, plus hard truths about negligence versus resourcing failures and why resilience must be budgeted from day one.If you’re an MSP, consultant, or business leader navigating cybersecurity maturity, this episode is a grounded, no-hype look at what actually reduces risk.

In this episode of MSP1337, Chris Johnson is joined by Jeff Majka, founder of Security Bulldog, to unpack why MSP‑delivered SOC services are at a breaking point, and how AI and automation are forcing a reset. They explore why traditional tiered SOC models and white‑label thinking no longer scale, how ungoverned AI adoption collides with zero trust, and why speed and decision quality now matter more than raw data or CVE counts. From ticket overload and false positives to exploitability, continuous monitoring, and breach resilience, the conversation underscores a hard truth: MSPs must redesign security operations around automation-first workflows that reduce noise, protect high‑value assets, and preserve human judgment for what truly matters in an AI‑accelerated threat landscape.

Chris Johnson sits down with Ido Green of Espresso Labs to explore how AI and local agents can reduce cybersecurity noise, offload Level 1 work, and continuously enforce compliance, without losing human control. They discuss guardrails for safe automation, multi-vendor telemetry, drift detection, evidence collection at scale, and why “reporting gaps” isn’t enough if you can’t execute remediation and preserve proof. The episode closes with a roadmap for frameworks, partnerships, and insurance-ready visibility.

A sit-down with Hamid Ganadan, author of “Not Buying It: The Art of Selling to Scientists, Doctors, and Other Professional Skeptics,” on how MSPs can sell to skeptical, highly educated buyers. This is an exploration of the psychology of decision-making, shifting prospects from skepticism to curiosity, leading with feelings over facts, crafting insights that differentiate offerings, and timing data to validate rather than trigger doubt. Hamid shares practical scripts, a lead follow-up case study that massively improved response rates. Selling cybersecurity doesn't have to be painful.

In this episode of MSP 1337, Chris Johnson sits down with Jim Harryman to break down why passing audits doesn’t equal real security, and why MSPs get into trouble when frameworks turn into checklists.Drawing from firsthand experience with SOC 2 Type 2, CIS Controls, and the GTIA Cybersecurity Trustmark, Jim shares practical lessons on evidence quality, shared responsibility, inherited security, and the dangers of assumptions. They unpack why SOC 2 excels at governance but leaves technical gaps, why CIS is the most effective starting point for MSPs and their clients, and how Trustmark helps operationalize governance for MSP-specific realities.The discussion tackles common traps—template-driven compliance, perfection paralysis, and tool-chasing—and replaces them with a disciplined, momentum-driven approach focused on outcomes, accountability, and continuous validation. From third-party vendor management to proof over screenshots, this episode is a reality check for MSPs trying to balance assurance, security, and business growth.If you’re relying on audits for peace of mind, or struggling to turn compliance into real-world resilience, this episode will reset how you think about frameworks, governance, and what “good” actually looks like.Learn more about Trustmark: gtia.org/Trustmark