Episodes

  • Who’s Breach Is It – The Legal Grey Area of MSP Client Transitions
    Jul 14 2026

    Here's a scenario that's playing out right now, for several MSPs across the country, and based on our research, most do not have it covered in writing.

    A client decides to switch providers. The new MSP starts rolling out EDR and standing up monitoring. The old MSP begins winding down. Somewhere in that overlap, credentials are still active, agents are only half deployed, and it isn't clear who's actually watching. Then the breach hits.

    Now two MSPs are pointing at each other, the client's data is exposed, and everyone reaches for the contract, only to find the transition period was not CLEARLY defined. Who was responsible? When did one watch end and the other begin? The MSA doesn't say. The SOW doesn't say.

    This is one of the biggest gray areas in managed services, and it's the one that ends up in court.

    To help us walk through it, we are joined by Melissa Ventrone, attorney at Clark Hill, who has lived this from the incident response side, where she sees what happens after the handoff goes wrong. We're going to dig into the controls and monitoring gap, who owns the risk during a transition, and what every MSP should put in writing before they ever take on, or hand off, a client.

    Show More Show Less
    1 hr
  • Inside the Credential Spray Hitting Microsoft 365
    Jul 6 2026

    This week we're digging into a Huntress report that came out on June 30th, updated just a couple days ago on July 2nd a large-scale password spray campaign that hit Microsoft 365 environments through Azure CLI. Between June 12th and June 26th, Huntress tracked more than 81 million login attempts, leading to at least 78 compromised accounts across 64 organizations.

    What makes this one worth a full conversation isn't just the volume it's that a lot of the businesses hit already had Conditional Access policies and MFA in place. The attackers got in anyway, by using a deprecated OAuth flow called ROPC that quietly sidesteps MFA if your policy isn't scoped correctly. So this is really a story about the gap between "MFA is turned on" and "MFA is actually enforced everywhere it needs to be."

    Andrew “Spike” Brandt, Principal Threat Intelligence, Incident Commander at Huntress, sat down with us to unpack what happened, why it worked, and what to actually go check in your own client environments this week.

    Show More Show Less
    1 hr
  • The Vulnpocalypse is here and your MSP can survive it
    Jun 30 2026

    Today we have one of the most important voices in cybersecurity joining us.

    Chris Hughes started his career defending the nation in the United States Air Force. He's spent over two decades in the trenches from the Department of Defense to the federal government to the commercial world as a CISO, security architect, and engineer.

    Today he's VP of Security Strategy at Zenity, where his focus is on what he believes is the defining security challenge of our era: agentic AI.

    He's the author of multiple books published by Wiley, including Modern Vulnerability Management, and he runs Resilient Cyber, a newsletter and podcast that reaches over 31,000 security professionals every single week.

    But here's what you really need to know walking into today’s session, CVE counts are on pace to exceed 50,000 this year. NIST has conceded it can no longer keep up with enriching vulnerability data. And exploit timelines have collapsed from weeks to hours. Our guest has a word for what's coming and he coined it himself: the Vulnpocalypse. But, there’s hope, as Chris will share

    Show More Show Less
    1 hr and 2 mins
  • The Vulnerability Crisis No One is Funding
    Jun 22 2026

    Last week, I asked Philippe Langlois, principal author of the 2026 Verizon DBIR, a simple question: if an MSP could only focus on one thing this year, what should it be? His answer, without hesitation: "Vulnerability management."

    That tracks, as this is the first year in DBIR history that vulnerability exploitation has overtaken stolen credentials as the top breach entry point, jumping from 20% to 31%. Meanwhile, median time-to-patch climbed from 32 to 43 days, and only 26% of known exploited vulnerabilities got fully remediated.

    As most know, NIST just overhauled how the National Vulnerability Database operates, moving to a risk-based triage model after CVE submissions jumped 263% since 2020. Joining us to unpack it is Steve Carter, CEO and co-founder of Nucleus Security, who's spent over two decades in vulnerability management

    Show More Show Less
    1 hr and 1 min
  • The 2026 Verizon DBIR Unpacked with Author Philippe Langlois
    Jun 15 2026

    Today's session is one you genuinely don't want to miss. Every year, Verizon publishes what is arguably the most respected, data-backed snapshot of the global threat landscape, the Data Breach Investigations Report.

    The 2026 edition is the 19th annual installment, and it just set a new record: over 22,000 confirmed breaches analyzed across 145 countries. The numbers don't just confirm what we suspected, they shift how we must implement our defense in depth strategies.

    Joining us is Philippe Langlois, principal author of the 2026 DBIR and one of the minds behind how Verizon collects, interprets, and translates breach data into actionable intelligence.

    Show More Show Less
    1 hr
  • Identity, the Browser and the New Perimeter
    Jun 1 2026

    We spent a decade building security around the network. Then five years around the endpoint. The whole time, sitting right in front of every user, every day the browser. Unmanaged. Unexamined. Trusted by default.

    The 2026 Verizon DBIR makes it hard to look away anymore. Infostealers, session token theft, OAuth attacks almost every major attack pattern this year runs through the browser at some point.

    Today's guest thinks about this problem at a scale very few people get to. He's going to help us understand what the MSP community is missing and what it actually means to secure the place where work happens.

    Arunesh Chandra, Head of Product, Microsoft Edge for Business joins The CyberCall to discuss these topics and more.


    Show More Show Less
    1 hr and 3 mins
  • CMMC FAQ May Pubulication Unpacked with Jacob Horne
    May 19 2026

    This week we're doing something a little different. Instead of talking about CMMC in the abstract, we're putting an actual document on the table the CMMC Program FAQ, freshly updated to Revision 2.3.

    It's the kind of document most contractors skim and most MSPs never read closely.

    To help us read between the lines, we have one of the sharpest interpreters of CMMC in the industry. Jacob Horne has spent years doing exactly this — taking dense regulatory language and turning it into something a contractor can actually act on. Today we're going to put him to work, page by page, on what this document really says, what it quietly doesn't, and where the traps are hiding.

    If you serve the defense industrial base, this is the episode to take notes on.

    Show More Show Less
    1 hr and 1 min
  • From C3PAO to Cyber AB: Scott Singer on What's Coming Next
    May 11 2026

    CMMC is no longer theoretical the rule is final, the clock is running, and every MSP in the DIB is about to find out whether the work they've done actually holds up under an assessment.

    To cut through the noise, we have someone who sees this from angles almost nobody else does. Scott Singer is chair of the Cyber AB’s C3PAO Advisory Council, former CEO of CyberNINES and current President of ControlCase’s Federal Division and he runs two authorized C3PAOs, CyberNINES and ControlCase and a FedRAMP 3PAO. He's helping shape the rules, sitting across the table doing the assessments, and preparing companies to pass them.

    We're going to demystify the C3PAO role, talk honestly about the backlog, and get specific about what separates MSPs setting their clients up to pass from the ones setting them up to fail.

    Show More Show Less
    1 hr and 2 mins