NIS2 keeps showing up in conversations, and one word is causing most of the panic: continuous.

Question 1: For NIS2, what’s a realistic, defensible way to handle “continuous” vendor and supplier monitoring without chasing 40 vendors by email every week?

Question 2: How are teams supposed to do “continuous” asset inventory when legacy systems and unknown dependencies make scanning risky?

Want to get your own questions answered? Head on over to https://blacksmithinfosec.com/ask

Everyone’s selling “continuous compliance” right now. Cool. But what does that look like in a real company with real humans? Today we tackle this topic thanks to 2 related listener questions.

Question 1: Is continuous compliance actually happening in smaller SOC 2 / ISO programs, or do we all still sprint before audits?

Question 2: Our SOC 2 deadline is close and training completion is stuck at 20%. How do we fix this without turning into the Training Police?

In this episode, we referenced some videos on social engineering. Here are some links to our favorites:

• https://youtu.be/lc7scxvKQOo?si=DxCSbATtVNEsl8Vf
• https://youtu.be/PWVN3Rq4gzw?si=InAvEbxQ-VrCya2y

Want to get your own questions answered? Head on over to https://blacksmithinfosec.com/ask

If your systems are running and nothing bad has happened, how should leaders think about cyber risk?

In this episode, we tackle two listener questions. Kevin, a COO in Phoenix, asks how business leaders should evaluate security risk when there has been no breach, outage, or audit failure to force the issue. Allison, an IT Director in Portland, wants to know how to show real progress in cybersecurity and compliance when success mostly looks like nothing going wrong.

We break down how to think about cyber risk proactively, why progress often feels invisible, and how MSPs and business leaders can talk about security in a way that actually makes sense to executives.

Have a security or compliance question you want us to cover? Submit it at blacksmithinfosec.com/ask.

We're kicking off the 2026 season of Get NIST-y with some predictions about what's to come in the world of compliance and cybersecurity. At the end of year, we'll make sure to grade ourselves on how well we predicted things, too.

Want to get your compliance or cybersecurity questions answered? Head over to https://blacksmithinfosec.com/ask

We're taking this week off, so instead of hearing us talk about compliance this week, you get to hear us rap!

In this special episode, Mike and Jared talk about the compliance trends and cybersecurity disasters in an entertaining recap of 2025. Stay tuned for the 2026 preview!

Want to get your own questions about cybersecurity or compliance answered? Head on over to https://blacksmithinfosec.com/ask

This is part one of a two-part crossover with Adam Walter from Humanize IT⁠. In this episode, we dig into two real listener questions that every MSP will recognize. First, we help Marisol from a dental practice understand why compliance is a program and not a one-off project, using an orthodontics metaphor that goes way further than anyone planned. Then we answer a question from Ryan, a COO who is tired of QBRs that feel like meaningless status updates. We break down what a useful business review should actually look like and how MSPs can steer the conversation toward real outcomes. If you want clearer, more human client communication, start here.

Drop your own question at blacksmithinfosec.com/ask and make sure to catch part two next week on the Humanize IT podcast.

In this episode of Get NIST-y, hosts Jared Casner and Michael Zbarsky talk about how MSPs can stop seeing compliance as a burden and start using it to grow their business.

Question 1: “When I'm talking to prospects, compliance always comes up as a pain. How can MSPs flip compliance into a trust signal or competitive advantage instead of a burden?” — Daniel, MSP Sales Leader in Chicago

Jared and Mike dig into how strong compliance can actually make you faster, smoother, and more secure. They share real examples of how automating user management, auditing accounts, and simplifying security can build trust and help you win bigger contracts.

Question 2: “I'm really struggling to grow recurring revenue. How can packaging compliance into our offering actually increase margins and reduce those emergency calls?” — Alex, MSP Owner in Phoenix

They explain how to turn repeatable compliance work into steady revenue, reduce late-night “hair on fire” calls, and make your MSP more valuable to clients. You’ll hear how a simple “say it, do it, prove it” approach can strengthen your security culture, keep clients loyal, and help you charge what you’re worth.

Got your own compliance question? Send it in at blacksmithinfosec.com/ask.