Artificial intelligence is evolving faster than most organizations can operationally absorb. We’ve automated analysis, accelerated response, and even delegated decisions to machines — but our people, processes, and governance are still running at human speed.

This week on The CyberCall, I’m joined by Sounil Yu, creator of the Cyber Defense Matrix and one of the most forward-thinking minds in cybersecurity, to unpack “The Human Lag: Why AI Outpaces Operational Readiness.”

We’ll explore what happens when innovation outruns process, where humans still matter most, and how security leaders can close the readiness gap before the next disruption hits.

This week on The CyberCall, we’re turning up the heat on deepfakes & disinformation—why they’re no longer sci-fi, and how they’re already targeting MSPs and the Defense Industrial Base.

I’m joined by Sandy Kronenberg (Netarx) and Scott Edwards (Summit 7) to unpack:
• Real attack chains: voice clones, lip-sync, synthetic exec approvals
• The “liar’s dividend” & reputational warfare
• What actually works: identity verification, playbooks, and awareness training
• Fast wins MSPs can roll out this quarter

Today we’re talking about something that may sound government-heavy but is actually critical for MSPs and the SMBs they serve: the new NIST Small Business Primer for SP 800-171 Rev. 3.

At its core, this guide is about protecting Controlled Unclassified Information, or CUI. And while that might sound like it only applies to defense contractors, the reality is that CUI requirements increasingly touch SMBs through contracts, regulations, and supply chains.

What’s powerful here is that NIST designed this Primer specifically for smaller organizations. It takes complex requirements and translates them into practical, plain-language steps that leaders without full-time security staff can actually act on.

Special guest: Daniel Eliot

Today we’re tackling microsegmentation—a solution that could change the game against ransomware.

Ransomware thrives on lateral movement: one compromised device turns into an entire network takedown. Microsegmentation stops that by creating secure ‘neighborhoods’ inside the network, containing the damage before it spreads.

The big questions: can MSPs realistically deploy this at scale, without adding complexity? And how do we frame it in business terms—protecting revenue, uptime, and client trust?

Special guest: Brian Haugli, CEO of SideChannel

Over the past couple of days, I was digging into the latest Anthropic Threat Report and one section really hit me.

They wrote: ‘We’ve developed sophisticated safety and security measures to prevent misuse of our AI models. While generally effective, cybercriminals keep finding ways around them.’

And then they shared some eye-opening case studies—threat actors aren’t just asking AI for advice, they’re embedding it across their entire attack lifecycle. We’re talking reconnaissance, credential harvesting, extortion campaigns, even creating fake identities at scale. This is a whole new level of AI misuse—where a single actor can punch way above their weight class by turning AI into both consultant and operator.

That’s why I’m so excited about today’s guest: Clark Harshbarger, former Director of Incident Response at CrowdStrike. We’re going to explore both sides of this coin: how attackers are scaling their operations with AI, and how incident responders are starting to fight fire with fire—using AI to speed up detection and response when every second counts. Article: https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf

In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens.

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.

Special guests:

MacKenzie Brown, VP of APG at Blackpoint

Charles Buck, Founder and CTO of SaaS Alerts

Chris Loehr, DFIR Exerpt

Phyllis Lee, VP of Content at CIS

Last week, we dug into the surge of SonicWall VPN compromises. At first, there was speculation about a possible new zero day — but as the dust settled, we learned it was far more familiar: unpatched systems, misconfigurations, stale service accounts.

One of the biggest takeaways came from breach attorney Spencer Pollack, who cautioned MSPs: don’t speculate. When cyber hits the fan, the truth comes out in the contracts.

That’s exactly where we’re going in today's session. We’re joined by two legal experts — Eric Tilds, MSP business attorney, and Spencer Pollock, breach attorney — to break down how your MSAs and SOWs can either protect you or expose you during a cyber incident.

If you’ve ever wondered whether the language in your agreements will hold up when your client is breached, this is the conversation you don’t want to miss.

In this session of The CyberCall, we’re cutting straight into one of the most relentless threats MSPs and their clients are facing right now—targeted ransomware attacks exploiting SonicWall SSLVPNs, with signs the attackers are already shifting to Fortinet VPNs.

This isn’t theory. It’s happening in the wild, and the fallout is real. Huntress has been on the frontlines analyzing the tactics, SonicWall’s SOC is in the middle of the response, and breach attorneys are already managing a wave of legal cases tied to these compromises.

We’re joined by three experts who see this crisis from every angle: Jamie Levy, Director of Adversary Tactics at Huntress, Cory Clark, VP of Threat Operations at SonicWall, and Spencer Pollack, Breach Attorney at McDonald Hopkins, currently handling 20+ of these cases.

Special Co-host: Chris Loehr, EVP of Solis.