AI and LLMs: Can MSPs Navigate This Compliance Maze?

Straight from Blacksmith: Listen to our discussion about compliant AI on Get NIST-y! AI and compliance are colliding in a very practical way for MSPs. On one hand, clients want the productivity boost from LLMs; on the other, regulators and insurers are watching closely. At the same time, the security programs you build […]
Cyber Insurance Risks, Client Questionnaires, and MSP Assumptions

Straight from Blacksmith: Listen to our discussion about these topics on Get NIST-y! When compliance goes sideways, it rarely does it quietly. For MSPs, a single “helpful” answer on an insurance form or a fuzzy interpretation of MFA can turn into real liability when something breaks — and that is exactly what this […]
Trust as an Attack Surface: CI/CD Compromise Explained

Weaponizing CI/CD trust is what happens when an attacker stops trying to slip past your defenses and instead learns to speak in your own systems’ voice. Instead of fighting per‑service, they compromise the machinery that builds, signs, and ships everything you run. CI/CD stands for Continuous Integration and Continuous Delivery (or Continuous Deployment). Continuous Integration […]
The Axios npm Breach: 7 Supply Chain Lessons Every MSP Can Absorb Right Now

Straight from Blacksmith: Listen to our discussion about the Axios attack on Get NIST-y! Axios’ late‑March supply chain compromise turned one ubiquitous open‑source package into a delivery system for a cross‑platform RAT — and for managed service providers, it is a dress rehearsal for the next upstream software failure that ripples across every […]
What the Tinder / Match Group Breach Teaches About Real-World Compliance

The Tinder / Match Group incident is a near‑perfect case study for MSPs: a big brand, sensitive data, and an attack that rides through humans, identity, and SaaS sprawl instead of some exotic zero‑day. Used well, it can sharpen your own program and give you a concrete story to tell every SMB you serve. What […]
Designing a Low-Lift, Win-Win Compliance Engagement for MSP Clients

Designing a good compliance engagement is less about adding more tasks and more about changing the shape of the work so clients feel like they are telling a story, not doing homework. Done well, that structure also makes your delivery more consistent and scalable as an MSP. Why compliance feels like homework Most clients experience […]
5-Tier Risk Framework for Mitigating Human Error

Most security incidents still start with a person: a rushed click, a reused password, a file sent to the wrong place. For years, the default answer has been “more awareness training,” but that treats every employee as the same level of risk and ignores the environment they work in. A better approach is to treat […]
Zero Trust Meets the Real World Network: From VPN and Vibes to Measured Trust

How business leaders and their MSPs can move from flat, fragile networks to smaller blast radiuses in 90 days — without ripping everything out. In slide decks, zero trust is all glass towers and pristine diagrams. In the real world, it looks more like an old castle that’s been expanded badly — new wings slapped […]
Whoops! What We Can Learn from South Korea’s $4.8m Crypto Key Blunder

Officials in South Korea’s National Tax Service stood behind a table of seized hardware wallets prepping for their victory lap — cameras rolling, proud to show the public that crypto‑enabled tax dodging had consequences. The photos went out in high resolution. On social media, people zoomed in — and found the handwritten seed phrase for […]
Hiring an Attacker: Deepfake Employees, Fake Résumés, Real Breaches

Hiring a fully remote “cloud engineer” felt like a win. The résumé checked every box, the video interviews were smooth, the references came back glowing. The new hire shipped code quickly, asked smart questions in Slack, and never missed a stand‑up. Thirty days later, incident response found a quiet backdoor in the CI/CD pipeline and […]