Today we’re talking about one of the biggest shifts in offensive security that MSPs, CISOs, and defenders cannot ignore.

For years, pen testing was about human creativity — sneaking in where we “shouldn’t” be, showing you how you’d really get burned in an incident. But in 2025, that world is colliding with AI and automated attack platforms that claim they can do it faster, cheaper, and nonstop.

So the question is: are we entering a golden age of continuous validation — or are we fooling ourselves with marketing and dashboards?

To dig into that, we’ve got one of the most trusted names in offensive security: John Strand, Founder of Black Hills Information Security.

Today we’re tackling one of the biggest shifts in modern network security. VPNs are breaking under the weight of hybrid work, SaaS sprawl, and constant attack — and MSPs are being forced to rethink how they secure access itself.

Enter Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) — not just buzzwords, but the blueprint for the next decade of MSP security architecture.

Joining us are two leaders shaping this transformation:

Jason Garbis, Founder of Numberline Security and author of “Zero Trust”
Ahmet Polat, Founder & CTO of Timus.

Together, we’ll unpack how MSPs can move clients off VPNs, build scalable Zero Trust frameworks, and turn this evolution into a repeatable, profitable service model.

Special co-host guest: Nett Lynch

Artificial intelligence is evolving faster than most organizations can operationally absorb. We’ve automated analysis, accelerated response, and even delegated decisions to machines — but our people, processes, and governance are still running at human speed.

This week on The CyberCall, I’m joined by Sounil Yu, creator of the Cyber Defense Matrix and one of the most forward-thinking minds in cybersecurity, to unpack “The Human Lag: Why AI Outpaces Operational Readiness.”

We’ll explore what happens when innovation outruns process, where humans still matter most, and how security leaders can close the readiness gap before the next disruption hits.

This week on The CyberCall, we’re turning up the heat on deepfakes & disinformation—why they’re no longer sci-fi, and how they’re already targeting MSPs and the Defense Industrial Base.

I’m joined by Sandy Kronenberg (Netarx) and Scott Edwards (Summit 7) to unpack:
• Real attack chains: voice clones, lip-sync, synthetic exec approvals
• The “liar’s dividend” & reputational warfare
• What actually works: identity verification, playbooks, and awareness training
• Fast wins MSPs can roll out this quarter

Today we’re talking about something that may sound government-heavy but is actually critical for MSPs and the SMBs they serve: the new NIST Small Business Primer for SP 800-171 Rev. 3.

At its core, this guide is about protecting Controlled Unclassified Information, or CUI. And while that might sound like it only applies to defense contractors, the reality is that CUI requirements increasingly touch SMBs through contracts, regulations, and supply chains.

What’s powerful here is that NIST designed this Primer specifically for smaller organizations. It takes complex requirements and translates them into practical, plain-language steps that leaders without full-time security staff can actually act on.

Special guest: Daniel Eliot

Today we’re tackling microsegmentation—a solution that could change the game against ransomware.

Ransomware thrives on lateral movement: one compromised device turns into an entire network takedown. Microsegmentation stops that by creating secure ‘neighborhoods’ inside the network, containing the damage before it spreads.

The big questions: can MSPs realistically deploy this at scale, without adding complexity? And how do we frame it in business terms—protecting revenue, uptime, and client trust?

Special guest: Brian Haugli, CEO of SideChannel

Over the past couple of days, I was digging into the latest Anthropic Threat Report and one section really hit me.

They wrote: ‘We’ve developed sophisticated safety and security measures to prevent misuse of our AI models. While generally effective, cybercriminals keep finding ways around them.’

And then they shared some eye-opening case studies—threat actors aren’t just asking AI for advice, they’re embedding it across their entire attack lifecycle. We’re talking reconnaissance, credential harvesting, extortion campaigns, even creating fake identities at scale. This is a whole new level of AI misuse—where a single actor can punch way above their weight class by turning AI into both consultant and operator.

That’s why I’m so excited about today’s guest: Clark Harshbarger, former Director of Incident Response at CrowdStrike. We’re going to explore both sides of this coin: how attackers are scaling their operations with AI, and how incident responders are starting to fight fire with fire—using AI to speed up detection and response when every second counts. Article: https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf

In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens.

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.

Special guests:

MacKenzie Brown, VP of APG at Blackpoint

Charles Buck, Founder and CTO of SaaS Alerts

Chris Loehr, DFIR Exerpt

Phyllis Lee, VP of Content at CIS