Ikigai One’s Post

We **NEED** accountability for MSPs/MSSPs/IT Providers- I cannot stress to people enough that your stack is not going to save you. When your client gets hacked, not if- and you're standing in court defending your actions because you did EVERYTHING you could do as the professional YOU (the MSP) warranted yourselves to be could have possibly done to proactively protect the client- and the attorney asks you why you never finished IG1 of CIS and you need to google what CIS is.... You're cooked friend. No amount of, "We used <insert leading vendor here> as our EDR" is going to save you. I have so many MSPs asking me the same question: "what X should I buy", but none of them are asking "How do I create a defense in depth strategy that fits my client's risk profile and tolerance, and why does it matter". I agree entirely with Bob Miller. I think we genuinely need a regulatory body to govern MSPs/MSSPs- you're telling me an attorney has to go through 7ish years of school, pass the BAR, and then has to answer to a regulatory committee and abide by specific standards, but Joe Shmo MSSP owner with 37 minutes of YouTube, a free Canva account, and a laptop can nuke an entire business overnight putting dozens out of work and costing the owner millions?

View profile for Wes Spencer, graphic

Dictator 2024 | Cybersecurity Innovator | CISO | Keynote Speaker | 2020 Cyber Educator of the Year | Board Director

Last night a friend shared with me a pretty egregious post from someone who bought into some vendor hype. Without fact checking. Oof. Sounded good. Promises of a breach-free life. Ain’t gonna happen and anyone with a modicum of experience knows it. Why do we keep falling for the latest vendor hype in cybersecurity? Every time I turn around, it’s a new tool, a new platform, a new magic solution that’s supposedly going to fix everything. But let’s be real—none of that’s going to save you. It’s not about what’s in your stack. It’s about doing the hard stuff—like following frameworks, building maturity, and sticking to good cyber hygiene. The basics work. NIST, CIS Controls—those are proven. But no one wants to put in the grind. Most MSPs just want to write a check and feel secure. And clients? They don’t think they’re a target. They don’t believe the damages will cost much, so they don’t see the point. And we’re stuck in this cycle. So here’s my question: If you could change one thing in our industry to break this pattern, what would it be? What’s the #1 thing we need to focus on to actually start fixing this?

  • No alternative text description for this image

To view or add a comment, sign in

Explore topics