In this special episode of MSP 1337, CJ is joined by Brooke Lee (Rev.io) and Stacey Whitley (GTIA) to unpack how ITSPs can translate industry engagement into measurable outcomes. Attending events is easy, but most organizations struggle to turn what they learn into real operational outcomes.

Brooke and Stacey share how their collaborative event recap initiative is helping bridge that gap by distilling key takeaways from major channel events into practical, accessible insights. More importantly, they highlight how GTIA serves as the connective tissue that sustains momentum beyond the event, enabling peer accountability, ongoing education, and real community engagement.

The discussion reinforces the business value of GTIA membership beyond networking. From structured onboarding and mentorship to role-based education and vendor-neutral collaboration, GTIA provides a scalable approach to developing teams, reducing isolation, and accelerating organizational maturity. Brooke’s perspective on embedding GTIA into Rev.io’s onboarding model illustrates how intentional engagement can drive adoption and long-term ROI.

Cybersecurity is a central theme, with a focus on GTIA’s Cybersecurity Resource Hub, ISAO, and the GTIA Cybersecurity Trustmark Best Practices. Stacey emphasizes the importance of community-driven intelligence and real-time peer support, particularly during incidents, capabilities that many ITSPs struggle to access independently.

The episode closes with a candid look at how authentic, experience-driven content, rather than polished production, builds trust, strengthens relationships, and lowers barriers to participation across the channel.

Bottom line: GTIA is more than membership, it is more than a community, and as an association, it is greater than the sum of its parts. GTIA is a force multiplier for learning, accountability, and cybersecurity maturity when actively leveraged.

In this episode, Josh Hohbein of CentrexIT breaks down a practical, MSP-centric approach to risk assessments that moves beyond complex, consultant-driven reports and toward clear, actionable business outcomes. He shares how combining vulnerability scans, client interviews, and system configuration reviews, anchored in a cyber maturity model, helps MSPs translate technical findings into meaningful risk conversations, especially during onboarding. The discussion highlights the importance of ownership, communication, and collaboration in managing inherited client risk, while previewing a live demonstration session at Pack State Beyond, designed to equip MSPs with repeatable frameworks they can own. Ultimately, the episode reinforces that effective risk assessments aren’t about identifying more issues; they’re about enabling better decisions, strengthening governance, and driving measurable security maturity.

In this MSP1337 fireside chat, you and Matt Lee unpack the idea of a “vulnpocalypse”, a rapidly emerging reality in which AI-driven tools are accelerating vulnerability discovery at a pace organizations can't keep up with. While much of the industry is focused on the fear and hype, the conversation shifts to what actually matters: operational response. You highlight that the shrinking gap between proof of concept and active exploitation is forcing a fundamental change in how MSPs and organizations manage risk, especially in patching velocity, exposure management, and accountability for internet-facing systems. The takeaway is clear: this isn’t just a future threat, it’s a present inflection point requiring faster, more automated, and governance-aligned security practices.

In this episode, Chris Johnson sits down with Eric Shoemaker of Genius GRC to unpack one of the most misunderstood shifts in the MSP space: the move from tool-driven cybersecurity to standards-aligned governance, risk, and compliance programs.

Eric explains why Genius GRC isn’t a software platform and why that distinction matters. Together, they explore how early automation wins (like continuous access reconciliations) impressed auditors but didn’t replace the need for real governance, documented reviews, and independent judgment. As the market matures, the conversation turns to a growing risk: MSPs and SMBs stacking new security tools while core systems remain misconfigured and under-governed.

Chris and Eric tackle the myth of “do-it-yourself” GRC, the dangers of vibe-based compliance, and why tools only amplify expertise; they don’t replace it. They also dig into the critical separation between IT operations and security leadership, making the case for advisory or independent CISO models that reduce conflicts of interest and improve risk outcomes.

The discussion closes with practical, budget-conscious fundamentals, such as DNS filtering, CIS IG1, and free or low-cost controls that actually move the needle, plus hard truths about negligence versus resourcing failures and why resilience must be budgeted from day one.

If you’re an MSP, consultant, or business leader navigating cybersecurity maturity, this episode is a grounded, no-hype look at what actually reduces risk.

In this episode of MSP1337, Chris Johnson is joined by Jeff Majka, founder of Security Bulldog, to unpack why MSP‑delivered SOC services are at a breaking point, and how AI and automation are forcing a reset. They explore why traditional tiered SOC models and white‑label thinking no longer scale, how ungoverned AI adoption collides with zero trust, and why speed and decision quality now matter more than raw data or CVE counts. From ticket overload and false positives to exploitability, continuous monitoring, and breach resilience, the conversation underscores a hard truth: MSPs must redesign security operations around automation-first workflows that reduce noise, protect high‑value assets, and preserve human judgment for what truly matters in an AI‑accelerated threat landscape.

Chris Johnson sits down with Ido Green of Espresso Labs to explore how AI and local agents can reduce cybersecurity noise, offload Level 1 work, and continuously enforce compliance, without losing human control. They discuss guardrails for safe automation, multi-vendor telemetry, drift detection, evidence collection at scale, and why “reporting gaps” isn’t enough if you can’t execute remediation and preserve proof. The episode closes with a roadmap for frameworks, partnerships, and insurance-ready visibility.

A sit-down with Hamid Ganadan, author of “Not Buying It: The Art of Selling to Scientists, Doctors, and Other Professional Skeptics,” on how MSPs can sell to skeptical, highly educated buyers. This is an exploration of the psychology of decision-making, shifting prospects from skepticism to curiosity, leading with feelings over facts, crafting insights that differentiate offerings, and timing data to validate rather than trigger doubt. Hamid shares practical scripts, a lead follow-up case study that massively improved response rates. Selling cybersecurity doesn't have to be painful.

In this episode of MSP 1337, Chris Johnson sits down with Jim Harryman to break down why passing audits doesn’t equal real security, and why MSPs get into trouble when frameworks turn into checklists.

Drawing from firsthand experience with SOC 2 Type 2, CIS Controls, and the GTIA Cybersecurity Trustmark, Jim shares practical lessons on evidence quality, shared responsibility, inherited security, and the dangers of assumptions. They unpack why SOC 2 excels at governance but leaves technical gaps, why CIS is the most effective starting point for MSPs and their clients, and how Trustmark helps operationalize governance for MSP-specific realities.

The discussion tackles common traps—template-driven compliance, perfection paralysis, and tool-chasing—and replaces them with a disciplined, momentum-driven approach focused on outcomes, accountability, and continuous validation. From third-party vendor management to proof over screenshots, this episode is a reality check for MSPs trying to balance assurance, security, and business growth.

If you’re relying on audits for peace of mind, or struggling to turn compliance into real-world resilience, this episode will reset how you think about frameworks, governance, and what “good” actually looks like.

Learn more about Trustmark: gtia.org/Trustmark