There's a concept in military and emergency response called the fog of war — that moment when everything is happening at once, information is incomplete, and the people who trained for this have to decide right now, with what they have.

Cybersecurity incident response is that moment. Every time.

And the dirty secret is that most organizations don't have a plan that actually holds up when the fog rolls in. They have a playbook nobody has read and a response team about to find out whether their preparation was real or theoretical.

Today's guest has spent his career in that fog — and figuring out how to cut through it.

Patterson Cake is the Director of Incident Response at Black Hills Information Security. At Right of Boom 2026, he delivered a 3.5-hour workshop called IR Simplified — and that title alone is almost a radical act in a field with a complicated relationship with simplicity. The premise: complexity is the enemy of security, and nowhere is that more true than in a crisis.

We're going from 10,000 feet all the way down to hands-on-keyboard today — and I'd have a notepad nearby.

Last week at Right of Boom, something interesting happened.

In a conference full of great sessions, one stood out — not because of hype, but because of urgency. Kelvin Tegelaar’s CIPP certification session on securing Microsoft 365 was standing room only. MSPs weren’t there for theory. They were there because M365 has quietly become the single largest attack surface in most of their client environments.

And yet, despite years of focus on security… many organizations are still dangerously exposed. So today isn’t a recap. It’s a debrief.

We’re going to unpack what Kelvin saw, what surprised him most, and what the packed room of MSPs revealed about the current state of M365 security in 2026. Where are providers still overconfident? What controls actually move the needle? And where are attackers winning because of operational gaps — not technology gaps?

Most importantly, we’ll look ahead. If M365 is now the primary battleground for identity, data, and business operations… what does “good” really look like for MSPs moving forward?

Every week there’s a new zero-day, a new CVE, a new headline. But what rarely gets talked about is what real threat hunting is uncovering when you actually go looking.

Today’s conversation is about what’s happening beyond zero-days — the automated scanning, the long-tail exploitation, the shared infrastructure, and the attack behavior that lives in the background noise of the internet.

We’re joined by Vijay Akasapu, CEO of Cylerian, whose team recently went hunting for early React2Shell exploitation and instead uncovered something much bigger: a multi-layered exploitation ecosystem probing across Java, Python, and PHP stacks at the same time.

Welcome back to The CyberCall. Today we’re tackling one of the fastest-growing risks MSPs face: third-party exposure in the age of AI.

Our guest is Greg Rasner — author of Cybersecurity and Third-Party Risk and a leading voice on how AI is reshaping vendor security. Greg has spent years helping organizations understand how a single weak vendor can create massive operational, financial, and reputational damage.

With his new book on AI and third-party risk coming soon, Greg joins us to share what’s changing, what MSPs are missing, and what leaders must do now to protect their businesses.

Today’s conversation is all about how MSPs actually win in the modern threat landscape — before, during, and after an attack.

We’re joined by three practitioners who will each be leading hands-on workshops at Right of Boom 2026. John Strand will take us inside Cloud Forever Days and intro to pen testing, showing how attackers really move through cloud environments. Joff Thyer will break down how MSPs can use AI automation to scale security operations without scaling chaos. And Patterson Cake will walk us through what incident response should look like when things stop being theoretical and start being real.

This isn’t hype. This is how to think like an attacker, operate like a modern security team, and respond like a professional when it counts.

In 2025, attackers aren’t breaking in through zero-days — they’re logging in. Identity has become the primary attack surface, and once access is gained, everything else happens fast.

Today, we’re joined by Chip Buck, CTO of SaaS Alerts — someone who lives at the front lines of identity-based attacks across SaaS platforms every single day. Chip sees how session theft, OAuth abuse, and legitimate-looking logins turn into real business damage for MSPs and their clients.

This isn’t a theoretical discussion. We’re here to talk about what identity attacks actually look like in the wild, what MSPs are missing, and how to detect and respond before access turns into impact.

Welcome back to The CyberCall. Our guest, Joy Beland from Summit7, helps lead security and compliance at the largest MSP serving the Defense Industrial Base.

Joy joins us to share what it actually took to prepare as a service provider, what broke, what changed, and what lessons MSPs can learn if they expect CMMC — or ISO 27001 — to become part of their future.

If you’re an MSP trying to understand what real compliance maturity looks like at scale, this conversation will give you clarity — not marketing, not hype, just experience

Most MSPs don’t fail because of ransomware. They fail because they drift. They chase revenue without direction. They stack tools without a strategy.
And they wake up one year later asking the same dangerous question:

“Why didn’t last year change anything?”

Today isn’t about theory. It’s about execution.

Our guest Gary Pica, doesn’t just teach business planning—he’s been stress-testing it with real MSP owners for over 20 years. Through recessions. Through acquisitions. Through “ RMM, Cloud, Security, Automation and now AI revolutions” in our industry.