In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens.

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.

Special guests:

MacKenzie Brown, VP of APG at Blackpoint

Charles Buck, Founder and CTO of SaaS Alerts

Chris Loehr, DFIR Exerpt

Phyllis Lee, VP of Content at CIS

Last week, we dug into the surge of SonicWall VPN compromises. At first, there was speculation about a possible new zero day — but as the dust settled, we learned it was far more familiar: unpatched systems, misconfigurations, stale service accounts.

One of the biggest takeaways came from breach attorney Spencer Pollack, who cautioned MSPs: don’t speculate. When cyber hits the fan, the truth comes out in the contracts.

That’s exactly where we’re going in today's session. We’re joined by two legal experts — Eric Tilds, MSP business attorney, and Spencer Pollock, breach attorney — to break down how your MSAs and SOWs can either protect you or expose you during a cyber incident.

If you’ve ever wondered whether the language in your agreements will hold up when your client is breached, this is the conversation you don’t want to miss.

In this session of The CyberCall, we’re cutting straight into one of the most relentless threats MSPs and their clients are facing right now—targeted ransomware attacks exploiting SonicWall SSLVPNs, with signs the attackers are already shifting to Fortinet VPNs.

This isn’t theory. It’s happening in the wild, and the fallout is real. Huntress has been on the frontlines analyzing the tactics, SonicWall’s SOC is in the middle of the response, and breach attorneys are already managing a wave of legal cases tied to these compromises.

We’re joined by three experts who see this crisis from every angle: Jamie Levy, Director of Adversary Tactics at Huntress, Cory Clark, VP of Threat Operations at SonicWall, and Spencer Pollack, Breach Attorney at McDonald Hopkins, currently handling 20+ of these cases.

Special Co-host: Chris Loehr, EVP of Solis.

When MSPs are selling IT and security services, the real decision often comes from the person who owns the budget and measures the risk — the CFO. In this session of The CyberCall, we’re getting inside that mindset. Jason Duncan, CFO of InfoSystems, has over two decades of experience working as a Corporate Controller & CFO, making financial, IT & security decisions.

This week he's here to share how CFOs view cyber investments, contracts, compliance, and protecting the systems that drive revenue. If you want to win bigger deals and speak the language that gets funded, this is the conversation you’ve been waiting for.

Co-hosts: Phyllis Lee, Brian Blakely, Eric Tilds

This week, we’re diving into three huge shifts happening in the Microsoft ecosystem that every MSP should have on their radar:

· Token Protection is now available for Entra ID P1 licenses — and it’s a game changer for securing identity tokens and stopping session hijacking.

· GDAP — the move from legacy DAP to Granular Delegated Admin Privileges — is creating both confusion and opportunity for MSPs managing multiple tenants.

· And for those preparing for Right of Boom 2026, Kelvin Tegelaar is here to talk about launching the first CIPP bootcamp — helping MSPs and vCISOs go deeper on Microsoft security and compliance.

Kelvin’s not just anyone — he’s the founder of CIPP and Lime Networks, a 7-time Microsoft MVP, and one of the clearest voices in the channel when it comes to bridging technical complexity and real-world MSP operations.

Co-hosts: Brian Blakely, CRO of Compliance Scorecard & Nick Ross, CEO of CloudCapsule.

Big news for the defense and MSP community:

The 48 CFR CMMC final rule has officially reached OMB review.
This is the second-to-last milestone before publication in the Federal Register — and we’re expecting to see the final rule land by October with no 60-day delay.

Translation? The phased rollout begins Q4 2025.
If you work with defense contractors, or your clients do, the countdown just got very real.

This week on The CyberCall (1pm EDT - URL in comments), we’ve got Jacob Horne, one of the most trusted voices on CMMC, breaking down:

• What this milestone means for MSPs and contractors
• How the phased rollout will actually work
• Immediate actions to take to avoid last-minute chaos

Co-hosts: Joy Beland, VP of Compliance at Summit7, Andy Sauer, CEO of Sentinel Blue & Phyllis Lee, VP of Content at CIS.

Last week, we tackled a big one: 'Risk, Revenue, Responsibility: The Real Job of the vCISO — and it sparked an incredible conversation around how vCISOs are no longer just about frameworks and firewalls, but about protecting business outcomes, navigating executive risk, and helping clients make strategic decisions.

This week, we’re taking it a step further. Because if you're serious about offering vCISO services as part of your MSP, you’re probably asking: What actually makes a great vCISO? And maybe even more importantly: How do we build and scale this into a repeatable service that doesn’t rely on just one rockstar?

Joining us again, is someone who’s lived this journey — Brian Blakely, seasoned MSP veteran, cybersecurity strategist, and someone who’s helped shape what successful vCISO delivery looks like in real-world MSP environments. Brian is joined by MSP veteran vCISO's Eric Sundt & Steven Hicks.

In this episode of The CyberCall, we're cutting through the noise and rethinking the true purpose of the vCISO role. It’s not just about frameworks, policies, and tech stacks, it’s about tying risk to business outcomes (risk to revenue).

The vCISO’s true value goes way beyond compliance checklists and technical jargon; it’s about being a business partner/enabler, protecting critical revenue streams, and building executive trust.

Leading vCISOs start every client conversation by asking: How does this business make money? That focus shifts security from a cost center to a driver of ROI and resilience.

This week we are joined by several folks: Brian Blakely who has three successful MSP exits, built & sold Cosant Cyber, a team of vCISOs and is currently running the professional services arm of Compliance Scorecard as their Chief Risk Officer. David Primor, CEO & Founder of Cynomi and former Executive Director of Technology for the Israeli National Cyber Directorate. Nett Lynch, CISO of Kraft Kennedy and for head of the vCISO practice at VC3 and as always, Phyllis Lee, VP of Content at CIS, with 25 years of experience at the NSA.