Last week, we dug into the surge of SonicWall VPN compromises. At first, there was speculation about a possible new zero day — but as the dust settled, we learned it was far more familiar: unpatched systems, misconfigurations, stale service accounts.

One of the biggest takeaways came from breach attorney Spencer Pollack, who cautioned MSPs: don’t speculate. When cyber hits the fan, the truth comes out in the contracts.

That’s exactly where we’re going in today's session. We’re joined by two legal experts — Eric Tilds, MSP business attorney, and Spencer Pollock, breach attorney — to break down how your MSAs and SOWs can either protect you or expose you during a cyber incident.

If you’ve ever wondered whether the language in your agreements will hold up when your client is breached, this is the conversation you don’t want to miss.

In this session of The CyberCall, we’re cutting straight into one of the most relentless threats MSPs and their clients are facing right now—targeted ransomware attacks exploiting SonicWall SSLVPNs, with signs the attackers are already shifting to Fortinet VPNs.

This isn’t theory. It’s happening in the wild, and the fallout is real. Huntress has been on the frontlines analyzing the tactics, SonicWall’s SOC is in the middle of the response, and breach attorneys are already managing a wave of legal cases tied to these compromises.

We’re joined by three experts who see this crisis from every angle: Jamie Levy, Director of Adversary Tactics at Huntress, Cory Clark, VP of Threat Operations at SonicWall, and Spencer Pollack, Breach Attorney at McDonald Hopkins, currently handling 20+ of these cases.

Special Co-host: Chris Loehr, EVP of Solis.

When MSPs are selling IT and security services, the real decision often comes from the person who owns the budget and measures the risk — the CFO. In this session of The CyberCall, we’re getting inside that mindset. Jason Duncan, CFO of InfoSystems, has over two decades of experience working as a Corporate Controller & CFO, making financial, IT & security decisions.

This week he's here to share how CFOs view cyber investments, contracts, compliance, and protecting the systems that drive revenue. If you want to win bigger deals and speak the language that gets funded, this is the conversation you’ve been waiting for.

Co-hosts: Phyllis Lee, Brian Blakely, Eric Tilds

This week, we’re diving into three huge shifts happening in the Microsoft ecosystem that every MSP should have on their radar:

· Token Protection is now available for Entra ID P1 licenses — and it’s a game changer for securing identity tokens and stopping session hijacking.

· GDAP — the move from legacy DAP to Granular Delegated Admin Privileges — is creating both confusion and opportunity for MSPs managing multiple tenants.

· And for those preparing for Right of Boom 2026, Kelvin Tegelaar is here to talk about launching the first CIPP bootcamp — helping MSPs and vCISOs go deeper on Microsoft security and compliance.

Kelvin’s not just anyone — he’s the founder of CIPP and Lime Networks, a 7-time Microsoft MVP, and one of the clearest voices in the channel when it comes to bridging technical complexity and real-world MSP operations.

Co-hosts: Brian Blakely, CRO of Compliance Scorecard & Nick Ross, CEO of CloudCapsule.

Big news for the defense and MSP community:

The 48 CFR CMMC final rule has officially reached OMB review.
This is the second-to-last milestone before publication in the Federal Register — and we’re expecting to see the final rule land by October with no 60-day delay.

Translation? The phased rollout begins Q4 2025.
If you work with defense contractors, or your clients do, the countdown just got very real.

This week on The CyberCall (1pm EDT - URL in comments), we’ve got Jacob Horne, one of the most trusted voices on CMMC, breaking down:

• What this milestone means for MSPs and contractors
• How the phased rollout will actually work
• Immediate actions to take to avoid last-minute chaos

Co-hosts: Joy Beland, VP of Compliance at Summit7, Andy Sauer, CEO of Sentinel Blue & Phyllis Lee, VP of Content at CIS.

Last week, we tackled a big one: 'Risk, Revenue, Responsibility: The Real Job of the vCISO — and it sparked an incredible conversation around how vCISOs are no longer just about frameworks and firewalls, but about protecting business outcomes, navigating executive risk, and helping clients make strategic decisions.

This week, we’re taking it a step further. Because if you're serious about offering vCISO services as part of your MSP, you’re probably asking: What actually makes a great vCISO? And maybe even more importantly: How do we build and scale this into a repeatable service that doesn’t rely on just one rockstar?

Joining us again, is someone who’s lived this journey — Brian Blakely, seasoned MSP veteran, cybersecurity strategist, and someone who’s helped shape what successful vCISO delivery looks like in real-world MSP environments. Brian is joined by MSP veteran vCISO's Eric Sundt & Steven Hicks.

In this episode of The CyberCall, we're cutting through the noise and rethinking the true purpose of the vCISO role. It’s not just about frameworks, policies, and tech stacks, it’s about tying risk to business outcomes (risk to revenue).

The vCISO’s true value goes way beyond compliance checklists and technical jargon; it’s about being a business partner/enabler, protecting critical revenue streams, and building executive trust.

Leading vCISOs start every client conversation by asking: How does this business make money? That focus shifts security from a cost center to a driver of ROI and resilience.

This week we are joined by several folks: Brian Blakely who has three successful MSP exits, built & sold Cosant Cyber, a team of vCISOs and is currently running the professional services arm of Compliance Scorecard as their Chief Risk Officer. David Primor, CEO & Founder of Cynomi and former Executive Director of Technology for the Israeli National Cyber Directorate. Nett Lynch, CISO of Kraft Kennedy and for head of the vCISO practice at VC3 and as always, Phyllis Lee, VP of Content at CIS, with 25 years of experience at the NSA.

Supply chain attacks doubled according to the 2025 Verizon DBIR. This week the channel awakens to Ingram Micro being attacked by the SafePay Ransomware group. Incident Response (IR) expert, Chris Loehr, EVP of Solis joins The CyberCall, to share perspective on the GlobalProtect VPN compromise.

That’s why today on today's CyberCall, we’re talking about what MSPs can do right now to get serious about third-party risk—and why ISO 27001 may be the most important next step for your business.

We're joined by Calvin Engen, CTO & Co-Founder of F12, who walks us through their recent completion and journey:
✅ What it really took to earn ISO 27001
✅ What changed inside F12 along the way
✅ How it’s shaping trust with their clients now

Special co-host guest: Chip Buck, CTO & Co-Founder of SaaS Alerts joins Phyllis Lee, VP of Content and Andrew Morgan, Founder of The CyberCall.