Today’s headline news for Canadian IT solution providers:

Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, May 15, and here’s what’s happening in the channel today.

Hewlett Packard Enterprise announced a major shift in its distribution strategy yesterday, naming Ingram Micro and TD SYNNEX as its two global distributors. The move transitions HPE to a unified distribution model designed to deliver greater consistency and operational support for partners worldwide. According to the vendor, this structure will be anchored by these two global leaders but complemented by regional and specialist distributors to maximize partner capabilities. The change signals a streamlined approach to enablement, with HPE expecting the unified model to drive additional investments in partner resources across its full portfolio. This includes helping distributors build deeper expertise in high-demand areas like networking, cloud, and AI. For Canadian IT solution providers, a simplified global distribution tier could mean more predictable engagements, faster quoting, and improved access to cross-sell opportunities, particularly within the HPE Networking portfolio, as priorities evolve across different customer sizes and industries.

Managed services software provider N-able has expanded its executive leadership team, announcing the appointments of Robert Johnston as Chief Innovation Officer and Nicole Reineke as Chief AI Officer. The dual appointments highlight a strategic pivot toward embedding artificial intelligence and advanced automation directly into the company’s platform ecosystem. N-able noted the new roles are intended to reinforce the company’s focus on business resilience and innovation as IT providers face increasingly complex cyber and operational challenges. Designating a dedicated Chief AI Officer is a notable step in the MSP software space, signaling that AI is moving from a roadmap feature to a core architectural priority. IT solution providers running their practices on N-able can expect a more aggressive rollout of AI-driven capabilities designed to streamline technician workflows and improve automated threat response.

Data resilience vendor HYCU launched HYCU aiR yesterday, an AI-native solution that transforms backup data into actionable security and compliance intelligence. Rather than relying on point solutions for data security posture management or insider risk, aiR allows organizations to query their existing backup data across dozens of SaaS applications to identify sensitive data exposure, identity drift, and unmonitored AI agent activity. For managed service providers, this alters the backup conversation. Partners can use the platform to run rapid assessments across a prospect’s environment, identifying compliance exposures within days. According to the company, midmarket customers are often priced out of standalone security tools that cover a fraction of the estate. By reading backup data as a security intelligence layer across more than 100 workloads, partners can deliver overlapping intelligence as a natural extension of backup contracts, providing a tangible way to govern shadow AI and secure data pipelines.

In Brief – The Canadian Internet Registration Authority will unveil a new channel-based cybersecurity platform for MSPs at the ChannelNEXT event in Toronto later this month. Object First has launched a new cloud platform designed to help partners monitor and manage distributed data backups. Peripherals maker Plugable has expanded its B2B strategy with the appointment of Matthew Dargis as Chief Revenue Officer to build out a new field sales organization. Keeper Security has introduced its 2026 MSP Partner Program with a new tier-based discount structure tied to annualized global revenue. Montreal-based managed service provider MTech Cyber has released an assessment platform designed to help IT providers validate security protections for small business clients. Full details and links in the show notes or the blog post.

Later today on In The Channel, we’ll feature a conversation with Lenovo’s global partner ecosystem head Jeff Taylor and Canada channel chief Craig Taylor on the vendor’s massive incentive consolidation and the shift to services-led revenue.

And if you haven’t heard it yet, on yesterday’s episode of In The Channel, we sat down with ESET’s Cameron Tousley and Pedro Kertzman to discuss why cyber threat intelligence belongs in the MSP practice.

That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

For most MSPs, the quarterly client conversation looks something like this: here are the alerts we handled, here is your uptime number, here is a dashboard of things we blocked. Useful, certainly – but not exactly the stuff of trusted advisor relationships.

Cameron Tousley, director of MSP channels for ESET North America, has a phrase for the upgrade: move from statistical talks to threat briefings. In this episode of In The Channel, he and Pedro Kertzman, threat intelligence specialist at ESET, join host Robert Dutt to explain what that actually looks like in practice – and why the window for MSPs to make that transition may be narrowing.

The occasion is ESET’s eCrime Reports, a threat intelligence offering that tracks cybercriminal activity at the affiliate level – the individuals buying malware-as-a-service and executing the actual attacks. Kertzman explains why that granularity matters: affiliates signal tactical shifts before attacks scale, giving security-forward MSPs a genuine early-warning advantage. Tousley adds the client conversation layer: knowing that a specific threat group is targeting your customer’s vertical via a specific attack method is a meaningfully different conversation than “we blocked 4,000 threats this month.”

There’s also an uncomfortable wrinkle for MSPs specifically: as Pedro notes, affiliates increasingly exploit MSP tooling itself as a vector – compromising credentials to access managed environments quietly, hitting dozens of small clients while staying well below the radar of law enforcement attention focused on high-profile infrastructure targets.

For the smaller MSP without a dedicated analyst, the entry point is more accessible than it sounds. Indicators of compromise can be automated directly into client firewalls without a full threat intelligence platform. WeLiveSecurity and the live threat feed built into ESET Protect offer a low-barrier starting point for shops that are earlier in their security maturity journey.

Tousley’s closing frame is the one worth sitting with: the Canadian MSP market is being reshaped by consolidation at a pace that isn’t slowing. The independents that survive will be the ones having more sophisticated conversations with their clients. Evolve or sell.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show.

Cyber Threat Intelligence, CTI, has long been framed as an enterprise discipline. Dedicated team, security operations center, analysts who live in the data. But the threat landscape doesn’t really respect that boundary anymore. The tooling is getting more accessible, the attacks are getting more targeted at smaller organizations, and as we’ve talked about on the show before, the MSP stack itself has become a threat vector. So the question for the typical Canadian MSP isn’t really “Is threat intelligence relevant to me?” It’s “What do I actually do with it?”

To dig into that, I sat down with two people from ESET. Cameron Tousley is director of MSP channels for ESET North America, and he lives squarely in the business conversation around what MSPs need to grow and differentiate. Pedro Kertzman is ESET’s resident CTI subject matter expert, and I’ll note that Pedro usually sits on the other side of the interview chair as the host of his own podcast on threat intelligence. So this was a bit of a role reversal for him.

We talked about ESET’s eCrime reports, the idea of tracking cyber criminal activity at the affiliate level rather than just the group level, what proactive threat intelligence actually looks like for a 15-person MSP shop, and what Cameron described as the “evolve or sell” reality facing the MSP market right now. Let’s get right into it. Cameron, Pedro, thanks for joining us. I appreciate it.

Cameron Tousley: Thanks for having us.

Pedro Kertzman: Great to be here.

Robert Dutt: Before we get into what ESET is specifically bringing to market, Cameron, can you give our listeners a sense for where the threat intelligence conversation is right now in the channel? Is this still primarily an enterprise kind of discussion or has something really shifted in terms of how MSPs and MSSPs are thinking about and talking about CTI?

Cameron Tousley: I think that the market is evolving as a whole, no matter if you’re in the SMB segment or enterprise. I mean, it’s evolving everywhere. The beautiful thing is technology is getting cheaper, it’s getting more accessible. People are able with the advent of AI to kind of do more with less staff and things like that, and then allow their staff to kind of become more specialized.

Enter in the topic of CTI. I just think that there’s an appetite from certain, and probably more evolving larger MSPs, to start incorporating more for their clients. I think they’ve always probably wanted to educate them, but it’s always that, “Hey man, just make sure I have uptime and the help desk is active when I need it.” And that’s the conversation. Fast forward to now and it’s becoming a little bit more relevant to want to consume CTI. So I’ll kind of start there and I’ll take a pause. I don’t know if Pedro’s got any other comments on that.

Pedro Kertzman: No, I 100% agree. I think the threat landscape now with the maturity of the CTI offerings, MSPs can see that the things they’re trying to protect their customers against are more clearly explained and delivered in a way that they can see through CTI offerings now. So I think it’s just a natural evolution within the cybersecurity space to start leveraging that expertise as well.

Robert Dutt: Without getting too far into pure positioning, how would you characterize what differentiates your approach to threat intelligence, sort of at the methodology level? What’s the philosophy behind how you’re researching and tracking threats and what you’re bringing to market with this CTI package?

Cameron Tousley: Yeah, I’d say first off, our reach. We’re a global company. We have a product line, yeah, but we have 11 threat intel centers and those are also R&D centers too. So it’s a wealth of knowledge. Then we have researchers outside of that that are just remote, and so our tentacles are everywhere and that means something for somebody choosing a cybersecurity vendor or a platform because our researchers, they’re looking at a bunch of different avenues.

They’re looking at the major threat acting groups. We have an offering we’ll talk about here in a few minutes, that centers on tracking affiliates because malicious activity, malware-as-a-service, is just like MSPs provide a service. So if I’m an affiliate—and I’ll define that real quick, an affiliate being the people that are buying the malware service and then going and distributing it and causing zero-day attacks—those are affiliates. So the real key part is what they do, not necessarily always the major malware-as-a-service group because that’s just one large avenue, but then you can’t predict what your customers are going to go and do on the black market.

So yeah, I think we have a really exciting offering on our threat intelligence called eCrime and it comes in a feed and reports and it’s amazing. It really centers on the affiliate level and that is going to help get the conversations to be more quality with customers. It’s going to help an MSP who provides more, let’s call it reactive security at best, generalized services—which no knock against them, that’s just the model—and that’s going to help propel them into the more proactive security and having more quality cybersecurity-forward conversations with their customers of all sizes.

Robert Dutt: Let’s delve a little bit more into that. Can you walk me through a scenario, even hypothetical or composite, where that affiliate-level insight would practically change the outcome for an MSP or one of their customers? How does this show up for an MSP basically?

Pedro Kertzman: Yeah. So basically, I’ll take a step back a little bit just to explain how this threat ecosystem works. So the affiliates will be the ones really on the end of the line bringing that malware they got from a quote-unquote threat actor market or affiliate programs, more technically speaking per se, but they will be the ones delivering or sending that payload forward to whatever companies that they are trying to attack.

So knowing how these guys work is basically going to give the companies, and the MSPs of course working for their security, the ability to stop the attack in the early stages, because the affiliates will be the ones trying to break in, acquire through whatever methods—credentials stolen or compromised credentials. So they are responsible, quote-unquote, within these affiliate programs to get the foot inside the door. So if you’re knowledgeable about how they act, what kind of techniques they use to get that foot in, you’re basically stopping the attacks before they actually become super massive, widespread attacks or super dangerous attacks. It’s kind of the proactive security instead of the reactive security.

Cameron Tousley: Yeah, that’s a good comment. And then I’ll just throw one more little thing on that. I was talking about the conversations you can have with your clients, everything Pedro said, plus it’s like, you could have a specific conversation about, “Hey, this is what we blocked this month, but these are the threat acting groups, and here are the patterns, here’s the kind of malware that’s out there right now. By the way, you’re in the healthcare vertical, this threat acting group is targeting healthcare and doing this specific type of attack—happens to be phishing or fileless or whatever the complex attack is.”

So they got to get really granular in the conversation. It can’t just be a super high-level one, because then your user’s not going to know what to do with that information. But if you coach them on the end-of-the-line issue and where it’s sourcing from, to Pedro’s point, you get ahead of that attack early, you might even prevent stuff that would have normally been a real headache.

Robert Dutt: And you need to position yourself at least somewhat as the hero in so much as you’re saying, “Here’s the people who are attacking you, here’s what they’re doing, here’s what we’re doing proactively to counter that.”

Cameron Tousley: Absolutely. Yeah, that’s a huge value to your end customer. The one that normally would have not cared about security and it’s more of an annoyance, now they’re paranoid about it, just like the MSP, just like the vendors, we’re all trying to get ahead of it. So I think that that provides a lot of value, and the average MSP is probably not going to do that. So you don’t necessarily have to go spend a ton of money, you just have to consume the information that’s out there maybe for free, and then maybe some of the paid services like the eCrime reports without buying our full threat intelligence platform, you can just do that. And that is like a huge value on its own to track exactly what we’re talking about right now.

Robert Dutt: So taking a step back, I think some of this certainly informs and colors the question we go to ask, but I’m a 15-person MSP somewhere. I’ve got solid endpoint protection, an RMM stack I like, maybe managed SOC coverage, that kind of model. What’s the case, in addition to what we’ve already discussed, for why threat intelligence should be on my radar as a distinct capability I need to think about, bring to my customers and offer?

Pedro Kertzman: Yeah, I think especially because again, talking specifically about the eCrime reports, we’re talking about the ones that are really perpetrating the attacks or executing the attacks. When you understand how your adversaries really act, you don’t need to always rely on the expertise of a super senior CTI analyst. There are ways that also, depending on your vendor, you can automate the expertise to just be pumping, let’s say, IOCs or IP addresses into your existing end users‘ firewalls. If you manage a bunch of other firewalls for your end users, you can pump that eCrime knowledge into those firewalls in the form of IP addresses, domains, and things like that. But understanding that it’s going to be a proactive approach so they don’t get a foot in the door first, it’s kind of that decision beforehand that will give the MSPs, or MSSPs with 15 or so employees, that kind of extra leverage against those frontline attackers.

Robert Dutt: I’m really interested in the idea of using intelligence and these eCrime reports as a client-facing tool, not just something that’s consumed internally, especially for that smaller MSP—something that you’re using in your QBR or whatever business review you have with customers to show your value. I’m curious, is that something you’re seeing happening today or is it a realistic use case, or is it a stretch for most MSPs right now?

Cameron Tousley: I think it’s realistic. Now, let’s set the tone here. An MSP, they may not have the budget nor the expertise nor the staff to be buying a full-blown threat intelligence offering even like ours, but they can use certain parts of it like the eCrime reports. So that’s a good jumping-in point for the MSPs that are growing, or if you have 15 people on staff and there’s a good deal of them on the technical side, you may want to run your SOC in-house. Maybe that’s something you want to do. I think for them, the maturing MSP and definitely the MSSP, a threat intelligence offering is something that you will probably want to consume if you’re doing everything in-house.

Now, I think there’s an argument for even if you’re going to go out-of-house and use the vendor, I still think there are free sources. We have customers that are using free platforms but running a paid feed through it. This is really dynamic. It’s flexible. It can fit to every different audience for the most part, except for the ones who are just not staffed for it and they’re probably outsourcing everything and they just don’t want to do it. They know that they are never going to be able to staff a 24×7 team and they’re also never going to be able to consume as much information as is coming in.

But there are also other free resources, like I said, associated with our threat intelligence platform, like the eCrime reports, but there’s white papers that we produce. There are periodic threat reports. We do all kinds of analysis. And then on our welivesecurity.com blog, we publish all kinds of free information. And the really cool thing for existing ESET customers is through our ESET security platform, ESET Protect, we run a live feed through there and it shows you like, “Hey, here’s the latest news on WeLiveSecurity. Here is something you need to be aware of, there’s a vulnerability in the wild.” So we run some of the security stuff and this news right through a window inside of our platform, which I think is really big value added.

Pedro Kertzman: Awesome. Yeah, I would add, if I can, Rob, we do have monthly digests as well on the CTI offerings, even for not super deep-down technical people. Let’s say more executives or CSMs, let’s say account managers on the MSSP or MSP side. It’s kind of an executive-ready type of report. So it’s more about the threat landscape overview. I think it helps them show that they are expanding their offerings on the security side and they’re knowledgeable about it as well. Again, doesn’t need to go in the nitty-gritty like in the weeds of IOCs and all that, but understanding, for example, that now the ecosystem on the other side is somebody providing the malware, somebody going and executing it. So just to show how they see these movements, I think it’s sometimes important enough to show that they are expanding their coverage for their end users.

Robert Dutt: The reports, the eCrime reports, have been in the market about a month now, I guess. I’m curious what you’re actually hearing from MSPs and MSSPs as they’re digging into them. Are people using them the way you expected or are there surprises that you’re seeing in how they’re engaging, what they’re doing, how they’re thinking about this information?

Pedro Kertzman: That’s a good question. I think because of the name, we got out of the gate with police forces reaching out to us, but in theory, it’s not the best kind of deep analysis that we’re going to give them, because they have a lot of expertise. So then we have the APT reports that would bring more detailed analysis for them. So it was interesting to see that people are kind of eager on the end-user side to see how the threat landscape, especially related to financial crimes or eCrime, are really, let’s say, hot right now. The MSPs are kind of following that trend, not as jumping on like the police forces were, but they are starting to inquire about the new eCrime reports for sure.

Cameron Tousley: Yeah, I’d agree. I think the defender agencies, I’ll call them, the ones that are fighting the same battle we are, but maybe physically, but now they’re fighting the eCrime too. As they’re learning, this is a great tool for them. We find that they’re excited about it. It’s relatively new, so we’re going to see more and more adoption of it. But plenty of people who are in evaluation are like, “Hey, can I run a free month of this? I want to check it out and see what I’m going to get.” And we’re getting a lot of good feedback on it right now.

I’d say on the MSSP/MSP side, again, it’s new for them too. And they do a lot of different things. So for them, they’re like, “I need to slice out some time to check this out as well because this is interesting. I don’t know if anybody else is really doing anything quite like this.” So for them to be able to check it out and add it to their offering, I think what’s going to happen is that they’ll get hooked on something like that and they’ll want more. And we’re already working on more. So our teams are hard at work. We’re adding new feeds, new reporting structures, new ways to consume it. And reasonably priced packages and things like that. Even ones where you have somebody on retainer where you can go to and get a very long deep dive on what you’re reading periodically throughout any given month. So I think with that, you’ll see a lot of internal IT large agencies adopt it. I think you’ll see some MSSPs adopt it. And you might even see some general MSPs who are evolving up that chain do the same thing. So it’s kind of a report and an offering for everybody there.

Pedro Kertzman: Yeah, I think you mentioned something important, Cam. We do offer trials for the eCrime reports as well, right? If they want to test it out.

Cameron Tousley: Yeah, try it before you buy it. Yeah.

Robert Dutt: It sounds like you’re also thinking about ways that you can slice this, dice this, package it out to that smaller MSP or that MSP who’s not a pure-play security player going forward. I was going to ask, what do you see as coming next in CTI and in your eCrime reports? I think that’s certainly a hint. Anything else that you see sort of in the pipeline or where you’d like it to go, where partners would like to see it go?

Cameron Tousley: Yeah, I’ll take a stab at this one because my heart’s near and dear to the MSP community. That’s what I’ve been working in. That’s a segment for quite a long time now for ESET. And so what I’m reading and what I’m theorizing on is that there’s other kinds of technologies that are pretty complex, have gotten more simple in the way that they’re still doing complex processes, like an EDR, right? It’s an investigative tool, and then you pair it with AI and then things become easier for the team managing it.

I think it’s going to be the same thing here where you’re going to have an AI paired with it, which we have our own agentic AI agent in this offering now, which is very, very cool, and it’s built in our security platform. But for this, I think it’s going to make consuming information easier, generalizing it, summarizing it, and making sure you can spin it into a quick executive summary. My theory is click of a button, right? So I’m going to have a dashboard. I’m going to say, “Hey, I want an executive summary on this event.” So you’re basically just filtering, and then the end result is you hit that AI generate button and then it generates something that’s quality, and you can do it at various user levels, maybe various role levels. I’ll hit the CTO button or I’ll hit the CEO button and they’ll be a little bit different, obviously. So I think that it’s going to get simpler and managed intelligence as a service, that’s next. It’s already a term that’s being thrown out there a little bit if you look for it. So it’s just not mainstream yet. And I think it will be here in a short period of time.

Pedro Kertzman: A hundred percent. And just to double down a little bit as well, Rob. I think especially for the smaller MSPs, let’s say you hit a critical infrastructure, you stop a pipeline or anything like that, you’re going to have federal agencies going after you, right? But then when you hit a mom-and-pop shop, nobody really cares. And those guys are often served through these smaller MSPs. So I think getting a better understanding of the threat landscape that especially targets those small businesses, I think it’s just a natural progression of the change in the threat landscape.

Robert Dutt: Well, and you bring up a point that I kind of pulled on a little bit with your friend, Tony Anscombe, not too long ago. There’s so much data about how many attacks right now are taking advantage of the MSP tooling as a threat vector. And so I think that also speaks to a need for an MSP who wants to be mature and responsible about these kinds of things to have a better grip on who’s looking, what they’re looking at, and how that maps to what they’re doing.

Pedro Kertzman: A hundred percent. And just to link this specifically about eCrime and affiliates, affiliates would be the ones exploiting those RMM tools, right? Because it’s something that is already deployed in the environment. If they get the credentials that got stolen for whatever reason, they have access to those tools and then they can deploy malware that they bought from those affiliate programs inside of the victim’s networks.

Robert Dutt: And it’s funny, almost a reversal of back in the day, I can remember as a Mac user, there was a saying that Apple engaged in security through obscurity. What you describe is almost the opposite of that. It’s insecurity to a degree through obscurity. In that if I’m an attacker, I know that if I go after Colonial Pipeline to use your example, I’m all over the front page and there’s going to be a lot of government agencies who have a lot of serious, serious questions for me. If I take out an MSP tool that gives me access to a bunch of very small clients though, maybe I fly under the radar just a little bit more.

Cameron Tousley: Oh yeah.

Robert Dutt: This is my last question. If there’s one shift in thinking that you’d want a Canadian MSP to walk away with after this conversation, in terms of how they think about these reports, in terms of how they think about the role of threat intelligence in their business, you know, one thing they should reconsider about how they’re approaching their security practice, what would that be?

Pedro Kertzman: So I think first, Rob, that’s kind of more of a mindset type of thing. CTI still sounds super complex to a lot of people. I would say there are two main flavors. One, if you really want to dig into techniques and all that, yes, you can get fairly technical and sophisticated, but there are really simple ways to ingest cyber threat intelligence into existing automated tools. You can, of course, do a POC with one, two, whatever vendors you want to do. Once you find that real value for your customers, your end users, then it’s automated. We’re talking about data feeds ingesting directly into a firewall. If you don’t have a CTI central brain kind of thing, which the market knows as a TIP (threat intel platform), you don’t need to go that route, the sophisticated route. There are simple ways to use threat intelligence. And honestly, it’s super valuable because it’s just, again, automated. You’re outsourcing the knowledge to the vendor directly who’s going to execute that, like a firewall, for example.

Cameron Tousley: Yeah, I think that’s some really good commentary. And I have a lot of business conversations with MSP business owners and I follow the market, and the consolidation, there’s tons of it. And there has been for a few years, but it’s just insane right now. And I think that there’s this thing going around, it’s like, look, evolve or sell. Because you have the advent of AI and that’s speeding everything up tenfold. And just don’t be afraid. If you want to continue to run your business, don’t worry, you’re going to have clients out there in your locale that probably love you. But they’re also going to have people calling them as these other MSPs get bigger, and these national ones that swallow other little smaller companies and then their go-to market will be, “Well, let’s go down market, down market,” because we can’t always go up market, that’s pretty hard to do.

But down market is like shooting fish in a barrel kind of thing. So that means it’s a risk for the smaller MSPs that are not going to sell out, that want to be in business another 10 or 15 years. So don’t be afraid, utilize AI to research it. They say don’t use AI as Google, I disagree a little bit, but you can use it for a lot of things. This can summarize: what is this offering? Can I use it? Ask it really basic questions to get acquainted, and then take the next step and call your vendor and just have a conversation with them and say, “What are all my options? I am in this locale, I serve these kind of verticals, here’s my sizing, here’s the tools I use.”

You’ve got to throw everything out on the table because then your vendor, somebody like a technical or business contact, can jump in and say, “Look, I think that you should check out this part of this larger offering. And here’s what I’ll do for you. And here’s what you’re going to do. We’ll give you a game plan, right? You’re going to trial it in the following ways, we’re going to pair you up with a technical person to teach you a little bit and be your co-pilot—Microsoft gets enough press.” But really kind of jump in, try it out. Don’t be afraid. Because if you want to be around another 10 or 15 years, you have to make the leap. And you don’t have to do anything big, but you have to start adopting some of this security-forward thinking so that you can have threat briefings with your clients and not statistical talks.

There was just that MSP summit and there was actually a panel on what the next gen of MSPs is doing. And it was funny to hear it because they’re like, “Well, we’re focused on outcomes.” And I totally agree, but I know some of the older MSPs are like, “Well, we’re focused on outcomes too.” But I think it’s the talk track. You’re all saying the same thing, but you need some more complex tools in some ways to be able to have these more outcome-based discussions. Like, “Hey, I not only blocked X amount of threats, I kept your uptime up in this way, and that allowed you to keep productivity up. So by my clock here, you were able to achieve all those things that you wanted to achieve in our initial meeting, we’re on track.” That’s the conversation you want to have in addition to that little bit of the threat briefings peppered in.

Robert Dutt: All right. Some great advice there. Gentlemen, thank you both for taking the time. I appreciate it.

Cameron Tousley: Thank you, Rob.

Pedro Kertzman: Great to be here.

Cameron Tousley: Absolutely. It was a pleasure. Thanks so much.

Robert Dutt: There you have it, Cameron Tousley and Pedro Kertzman from ESET. I’d like to thank both Cameron and Pedro for their time. They did exactly what we set out to do with this conversation, kept it firmly in the strategy lane with technical depth in service of the business point rather than the other way around.

A few things to leave you with. The framing that stuck with me most was Cameron’s distinction between statistics talk and threat briefings. The idea that your quarterly client review shifts from “here’s how many threats we blocked” to “here’s the specific group targeting your vertical right now. Here’s how their affiliate operates, and here’s what we’ve already done about it.” That’s a real upgrade in how an MSP demonstrates value. It moves you from uptime vendor to trusted advisor and that’s a conversation your competitors probably aren’t having yet.

On the technical side, Pedro’s explanation of affiliate-level tracking is worth sitting with. The headline ransomware groups get the attention, but it’s the affiliates, the ones buying malware-as-a-service and doing the actual execution who determine the tactics on the ground. Tracking them is what gives you an early warning before the attack scales. And as I noted during the conversation, there’s a certain logic in how attackers exploit the MSP model specifically. Go after the tooling, stay under the radar, quietly compromise a hundred small clients instead of one high-profile target. Obscurity in that scenario is working against you.

For the smaller MSP who’s heard all of this and thought, “I’m not staffed for this,” Pedro’s entry point is worth considering. You don’t need a full threat intelligence platform or a dedicated analyst to start. Automate the ingestion of indicators of compromise directly into your clients’ firewalls. Let the tooling do the work. It’s not glamorous, but it’s real, actionable and it’s a lot more than most of your competitors are doing.

And Cameron’s closing thought, “evolve or sell,” is the frame I’d put around all of it. The consolidation wave hitting the MSP market right now is not slowing down. The shops that survive as independents will be the ones that have more sophisticated conversations with their customers. Threat intelligence is one of the things that helps you have those conversations.

If you found this one useful, please follow or subscribe to the podcast wherever you listen. We’re on Apple Podcasts, Spotify, YouTube, all the major podcast directories. Ratings and reviews are always appreciated. Until next time, I’m Robert Dutt for ChannelBuzz.ca and I’ll see you in the channel.

Today’s headline news for Canadian IT solution providers:

[powerpresss]

Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, May 14, 2026, and here’s what’s happening in the channel today.

Acronis has launched Cyber Frame, a new hyperconverged infrastructure and infrastructure-as-a-service platform built specifically for managed service providers. The launch comes at a critical time for the channel, as many service providers are actively seeking alternatives to legacy virtualization platforms following recent industry shakeups and pricing model changes. Cyber Frame allows MSPs to build and deliver infrastructure services with native, seamless integration into Acronis’ existing cyber protection and remote monitoring and management tools. Rather than dealing with the unpredictable costs of hyperscale public clouds or the complexity of managing disparate vendor stacks, MSPs can use Cyber Frame to consolidate their service delivery. Acronis says the platform is designed to give service providers significantly better margin control and simplified management. It offers flexible deployment options, allowing partners to choose between a fully hosted model managed by Acronis, or a partner-hosted deployment running on the MSP’s own hardware in their local data center. By combining compute, storage, networking, and security into a single unified platform, Acronis is positioning Cyber Frame as a way for MSPs to scale their infrastructure offerings profitably while maintaining the tight security posture that modern SMB clients demand.

Citrix has introduced Citrix Platform Flex, a new persona-based secure access model intended to help organizations move away from static, one-size-fits-all IT delivery. In today’s hybrid work environment, the access requirements for a call center employee, a traveling executive, and a remote software engineer are vastly different. Citrix built Platform Flex to recognize these distinctions, allowing IT teams to align resources, security controls, and application delivery specifically to the varying needs of different worker profiles. The new platform delivers secure application access, managed services, and comprehensive observability under a model designed for more flexible and predictable pricing. By shifting away from rigid licensing structures that often force companies to over-provision resources for basic users, Citrix aims to help enterprises optimize their cloud and infrastructure spending. Platform Flex also incorporates advanced analytics and security policies that adapt in real-time based on user behavior and location. For channel partners, this persona-driven approach provides a clear framework to help enterprise customers rationalize their IT investments, simplify the management of distributed workforces, and ensure that security protocols do not impede productivity for end users who require high-performance access to specialized applications.

Upwind has launched its new AI Agentic Pack, adding autonomous, agent-driven capabilities to its cloud security platform. As cloud environments grow increasingly complex and security operations centers face unprecedented alert fatigue, the cybersecurity industry is rapidly shifting toward agentic AI to help manage the load. Upwind’s new tools are specifically designed to help security teams autonomously investigate threats, validate whether theoretical vulnerabilities are actually exposed to active exploitation, and prioritize remediation efforts based on real-world risk. Instead of simply generating more alerts for human analysts to sift through, the Agentic Pack leverages artificial intelligence to actively investigate the root cause of an incident, map the attack path across cloud infrastructure, and propose actionable fixes. This launch leans heavily into the growing necessity of using autonomous agents to drastically compress the window between threat discovery and response. With malicious actors utilizing AI to accelerate their attacks, defenders require matching speed to counter them. For managed security service providers, Upwind’s agentic capabilities offer a pathway to scale their operations, handle a higher volume of telemetry without adding headcount, and provide faster threat containment for their clients.

In brief:

Nerdio vice president of MSP sales Will Ominsky warned in a Redmond Channel Partner interview today that MSPs who figure out how to monetize AI by the end of 2026 will grab massive market share. 

Boomi and Red Hat have announced a strategic collaboration to deliver an integrated stack for deploying agentic AI at scale. 

The U.S. Department of Homeland Security is reportedly scrutinizing Instructure after a massive ransomware attack disrupted its Canvas online learning platform. 

And Canadian cybersecurity provider Plurilock has announced 1.13 million dollars in new critical services contracts. 

Later today on in the channel, we’re talking eCrime Reports and Threat Intelligence with Camerous Tousley and Pedro Kertzman of ESET.

And if you missed it yesterday, check out my conversation with Auvik’s Steve Petryschuk on the gap between MSPs’ expectation around AI, and the reality they have realized to date.

That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Every year brings a new wave of IT industry reports, but Auvik’s 2026 IT Trends Report – titled “Beyond the Hype: The Real State of IT in 2026” – lands as something of a reality check. The headline finding is striking: while 67% of IT professionals say they are optimistic about AI’s potential, only 5% say it is actually core to their daily operations. That gap between ambition and execution is what Auvik is calling the “Maturity Mirage.”

The governance picture is even more telling. Auvik’s research found that 76% of IT leaders believe their organization has an AI policy in place – but only 42% of frontline help desk staff agree. That disconnect isn’t just a communications problem. It’s the open door through which Shadow AI enters the environment, and Auvik’s own platform telemetry counted over 100,000 shadow AI applications discovered in customer networks in 2025 alone.

In this episode of In The Channel, Steve Petryschuk, vice president of product and market strategy at Auvik, joins Robert Dutt to dig into what the data actually means for Canadian MSPs. They discuss why documentation is the unglamorous foundation that any real AI readiness strategy has to be built on, what the MSP execution advantage looks like in the numbers, and how the “Maturity Mirage” framing can help partners have more honest – and more productive – conversations with clients about where they actually stand.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show.

Every year we look to the major vendor reports to see where the industry’s head is at, but Auvik’s 2026 IT Trends Report, titled “Beyond the Hype,” feels a little different this time around. It’s a bit of a reality check for the AI era. We’ve been hearing about the AI revolution for some time now, but Auvik’s data shows a massive gap between what leadership thinks is happening and what’s actually hitting the help desk.

We’re talking about a world where 76% of executives swear they have an AI policy, while more than half of their frontline staff have never even seen it. That disconnect isn’t just a communications problem. For an MSP, it’s a massive opening for shadow AI to walk in through the front door.

To dig into this maturity mirage and what it means for your service desk – and your bottom line – I’m joined today by Steve Petryschuk. Steve is vice president of product and market strategy at Auvik, and he’s been at the center of translating this data into a roadmap for partners. We talk about why documentation is actually the most important AI tool, the rising risk of competency debt in junior techs, and why the Canadian mid-market might actually have an execution advantage over the big enterprise players.

Let’s get right into it. My chat with Steve Petryschuk.

[MUSIC]

Robert Dutt: Steve, thanks for taking the time. I appreciate it.

Steve Petryschuk: Thanks so much for having me.

Robert Dutt: The report highlights a significant gap in AI policy awareness – something we’re seeing across multiple industry reports. In this case, 76% of leaders believe they have a solid AI policy in place, while only 42% of frontline staff agree that policy even exists. Is that a communication failure, or is the policy just not mapping to how people are actually doing the work?

Steve Petryschuk: I think it’s a bit of both. I’d start with communication failure as the primary driver. We don’t always have visibility into when policy violations are occurring, so how do you enforce that policy – or even communicate that enforcement – without that visibility? It starts with just making sure people know the policy exists, and then building some implementation around enforcement.

Robert Dutt: Only 5% of respondents say AI is core to their operations today, despite plenty of optimism in the data. What are the specific readiness hurdles keeping AI in the pilot phase for so many MSPs?

Steve Petryschuk: This is probably one of the most interesting findings in the report – that disconnect between enthusiasm around AI and how little has actually been operationalized. I think it starts with trust. Most MSPs don’t yet have the trust to let AI operate solo, and that makes sense, because we’re the ones managing the client relationships and the consequences when things go wrong. Until we build that trust, we’ll remain at that pilot stage.

So I see it as a phased approach. You start in areas where humans remain in the loop – at least for now – so you can build comfort with the system. But equally important is ensuring you’re giving AI good inputs, because this is still very much a garbage-in, garbage-out situation. If your inputs aren’t clean, your outputs won’t be either, and that’ll hold you back from ever making AI a core part of operations.

Robert Dutt: Does the fact that most tools MSPs are using today are either adding AI functionality or on the roadmap to do so – does that help build that trust, or does it require something more fundamental?

Steve Petryschuk: There are a lot of vendors adding AI on top of their tools, but I think the more useful question is: how do you embed AI into the existing workflows your team is already using? Rather than treating it as a bolt-on, think about the processes you’re already familiar with – can AI assist you within those workflows and demonstrate value day to day? That’s how you start to build trust incrementally. Once you see it working in familiar territory, you can expand from there.

Robert Dutt: And as you build that trust – once you’ve got those first steps working the way you want – how does an MSP move from having an AI policy on paper to implementing the technical controls a client or auditor can actually verify?

Steve Petryschuk: It starts with visibility. Before you can enforce a policy, you need to uncover all the AI tools in the environment – both sanctioned and shadow. As shadow IT has evolved into shadow AI, that discovery step is critical. From there, you can move toward real-time policy reminders before committing to more active, automated guardrails. Eventually, you get to a point where you’re blocking non-sanctioned AI tools and allowing sanctioned ones. Most MSPs I talk to are still a long way from that, but they’re at least starting with the visibility angle – and that’s the right starting point.

Robert Dutt: On that topic, Auvik’s telemetry found over 100,000 shadow AI applications in customer networks last year. Is shadow AI replacing shadow IT as the primary risk, or is it effectively the same problem in a new form?

Steve Petryschuk: It’s a problem that’s evolved. Shadow IT and shadow AI are directly related, but you can’t just do a find-and-replace on the terminology – the risks aren’t identical. A lot of the core concerns are the same: understanding what applications are in use, where data is going, what’s being ingested. But the business impact of shadow AI gone wrong is significantly higher. Think about LLMs being trained on data you didn’t know was out there, or agents with access to multiple systems inadvertently moving sensitive client data – or worse, surfacing Client A’s data in a report for Client B. The risks aren’t entirely new, but the consequences of something going wrong are considerably greater.

Robert Dutt: That’s an interesting angle – it’s not just that the data is out there, but that it can be actively executed against you. The accidental cross-contamination between clients is a particularly pointed example for MSPs.

The report also found that around 60% of IT teams discover unauthorized SaaS at least monthly. From a visibility standpoint, does this signal that the perimeter approach is effectively dead? And if so, what does a modern visibility strategy look like for an MSP managing, say, 50 clients?

Steve Petryschuk: The traditional perimeter has been eroding for a while. Work happens at the endpoint now, and that’s where visibility needs to focus – continuous discovery of the applications end users are running day to day. It doesn’t mean you’re auditing every minute of every day, but it’s not a point-in-time snapshot either. It’s an ongoing picture that gives you something useful whether you’re responding to a support ticket or walking a client through a QBR – “here’s all the shadow AI we’ve uncovered.” That discovery needs to happen as close to where work is actually getting done as possible: within the applications being used, and on the endpoints where people are working.

Robert Dutt: Interestingly, despite all the shadow AI conversation, MSPs in the report still ranked shadow IT as the number one underestimated risk. Why do you think business leaders continue to miss the gravity of it, even as sensitive data flows into AI tools?

Steve Petryschuk: I think it’s one of those areas where it’s easier to turn a blind eye until there’s a triggering security incident. Until something actually happens to you, it’s always someone else’s problem. You hear about it, you read about it, but “it’s not going to happen here.” The honest version of that is: it hasn’t happened here yet. And until you’ve had that personal experience where shadow IT – or shadow AI – bites you, the tendency is to underestimate the risk.

Robert Dutt: There’s an interesting budget paradox in the data – almost half of IT teams said their budgets were growing, but a similar proportion cited lack of time as their biggest blocker. Where’s the money going if it’s not buying back time for staff?

Steve Petryschuk: It’s a great question, and the report didn’t specifically dig into the causes of that disconnect. But based on conversations with partners and broader industry trends, I think a lot of those budget increases are simply going to maintain the status quo – salary increases, rising tooling costs, price increases still catching up from the inflation cycle of a couple of years ago. The budgets are growing, but that growth is being absorbed by keeping the lights on: keeping the tools running, keeping the teams intact. The magnitude of the increases isn’t enough to fundamentally change how work gets done, and without changing how you work, you won’t get that time back.

Robert Dutt: Here’s one where MSPs can take a bit of a victory lap – corporate IT teams are apparently half as likely to be making new investments compared to MSPs. Does that suggest the managed services model is structurally better at converting budget into operational progress, or is this more of a “you have to automate to survive” story?

Steve Petryschuk: Part of it is the MSP’s willingness to adapt and experiment – we tend to be a little ahead of the curve on new technology adoption. But I also think it’s a macroeconomic confidence indicator. Historically, MSPs tend to hold up better – and even do well – in times of broader economic uncertainty. So when there’s turbulence around them, MSPs are more likely to say, “We’ve seen this before, we’ll be okay,” and that confidence translates into a willingness to make new investments even when others are pulling back.

Robert Dutt: And there’s something to be said for the maturity of the managed services model at this point – you can look at a rough environment, recognize the pattern, and not panic.

Steve Petryschuk: That’s exactly right.

Robert Dutt: The report found that just over 50% of IT teams are still spending ten or more hours a week on basic user tickets. What role do you see AI playing in actually moving that needle – going from hyped solution to genuinely freeing up technician time?

Steve Petryschuk: Let’s set aside the panacea of fully automated ticket resolution for now – the scenario where a ticket comes in and no one ever touches it. Maybe we get there eventually, and for simple things like password resets, some level of automation is already feasible. But the more realistic near-term win is using AI to gather all the context a technician would normally have to collect manually. Agents can pull together that background information and surface a recommended next action, so that by the time a technician picks up the ticket, their job is less “figure out what to do” and more “confirm this is the right call and execute.” That’s an easier step, it’s probably already happening in some service desks today, and it starts to build trust in AI recommendations over time – which feeds back into that adoption flywheel we talked about earlier.

Robert Dutt: And as those recommendations get better, you get more comfortable with the idea that yes, that’s the right answer for this type of issue – and eventually that trust extends further.

Steve Petryschuk: Exactly.

Robert Dutt: On the workforce side, the report showed a hollowing out of the hybrid model in favour of office-first or remote-first. From a network management perspective, does office-first actually make IT any simpler, or is distributed support just the permanent baseline now?

Steve Petryschuk: I think distributed support is the permanent baseline. For MSPs, it doesn’t really matter whether the client is in the office or working from home – we’re still supporting them remotely either way. Network complexity doesn’t change much. And even in a fully return-to-office environment, users are still moving around, travelling to events, going on the road.

Looking at the Canadian context specifically – we’re still laggards in the office-first shift compared to some of our global peers, despite what you hear in the media. There’s still a significant amount of distributed work happening here, and I think the problem of managing that distributed environment is a long way from going away.

Robert Dutt: You’ve framed AI as a “senior IT associate in your pocket” for junior techs – which is a much more interesting way to look at it than “it’s going to eliminate entry-level jobs.” But even with that framing, is there still a risk of competency debt? Where the next generation of technicians ends up leaning so heavily on AI diagnostics that they lose the ability to evaluate whether the recommended action is actually right?

Steve Petryschuk: The risk is absolutely there. But it’s not entirely a new problem – technology has always built on previous technology, and skills evolve accordingly. How many technicians today can troubleshoot at the processor level? Not many. The craft changes.

What matters is teaching junior technicians the right fundamentals for the AI era: basic problem-solving skills, the ability to recognize a plausible answer from an implausible one, and how to use AI tooling effectively. The actual knowledge base evolves, but you still need a baseline of IT competency to function well. And that pipeline from junior to senior really matters – if we hollow out the junior tier, we’ll eventually run out of senior technicians too.

Robert Dutt: Since we’re both flying the Maple Leaf – did you see anything specifically Canadian in the data? Anything unique or peculiar to the Canadian market?

Steve Petryschuk: The survey data doesn’t specifically break out geographies, but based on conversations with MSPs across Canada, the US, and Europe, I don’t think we’re significantly ahead or behind on AI adoption – we’re facing many of the same governance challenges. Policies aren’t always making it to day-to-day operations, and visibility into which AI tools are actually in use remains a challenge for most.

Where I do see a Canadian distinction is in the regulatory and legal landscape. I was recently at an event for professional engineers in Ontario where AI regulation came up – and the picture is interesting. The EU is taking an aggressive regulatory stance; the US is moving toward a more relaxed one. Canada, unsurprisingly, is finding its way somewhere in the middle. That’s probably the most Canadian answer I can give.

Robert Dutt: Hopefully the middle ground lands well. Last question – looking at all the data, if an MSP owner can only fix one thing in their operations this year, what yields the biggest ROI?

Steve Petryschuk: Documentation. You need an up-to-date source of truth, because that’s what AI has to build on to operate effectively in your environment. Visibility actually improves when documentation improves – they’re closely related. But if you don’t have a solid, well-maintained source of truth, you’re going to get that garbage-in, garbage-out scenario no matter how good the AI tools are. So if there’s one thing to focus on, it’s making sure you know what your sources of truth are, and that they’re accurate and up to date. That gives you the foundation everything else builds on.

Robert Dutt: I appreciate that bit of advice. Steve, thank you for taking the time and walking us through the numbers.

Steve Petryschuk: Thanks so much for having me on.

[MUSIC]

Robert Dutt: There you have it – Steve Petryschuk from Auvik. I’d like to thank Steve for his time. And honestly, I think “AI as a senior associate in your pocket” is going to be the quote of the month.

The big takeaway for me is that we need to stop thinking about AI as a cool project and start treating it as a documentation problem. If your source of truth is a mess, your AI is just going to be a very fast, very confident hallucination machine.

For those of you running MSPs in Canada, the maturity mirage is your best sales tool right now. If you can show your client that their budget increase is being swallowed by reactive noise because they don’t have visibility, you’ve moved from being a vendor to being a business advisor.

Thanks for spending some time with us today. If you found this conversation useful, you can find more in the full show notes at ChannelBuzz.ca. You can find the podcast on Apple Podcasts, Spotify, YouTube, and pretty much everywhere you get your audio. If you have a moment, leaving a rating or review really does help us reach more of the community.

Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Today’s headline news for Canadian IT solution providers:

Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, May 13, 2026, and here’s what’s happening in the channel today.

SonicWall yesterday announced the NSv XS, a new virtual firewall extending its Gen 8 platform to cloud environments, with managed service providers and MSSPs as the primary target. The product allows partners to deploy firewall security wherever customer workloads run – public cloud, private cloud, branch offices, and distributed infrastructure – under a management model designed for multi-tenant operations. According to SonicWall, the NSv XS carries the same Gen 8 security engine found in its physical appliances into a lightweight virtual form factor, which the company says closes a growing gap as customer environments increasingly span both physical and cloud boundaries that legacy appliances can’t follow. The announcement is a practical one for the channel: a cloud-native firewall with the Gen 8 engine that can be managed centrally simplifies both the sales conversation around security coverage and the operational overhead of delivering it across heterogeneous customer environments.

Also yesterday, Huntress announced a partnership with insurance firm Acrisure to connect cybersecurity posture directly to cyber insurance outcomes for eligible organizations. Under the program, customers running the Huntress managed security platform can access Cyber and Tech Errors and Omissions policies through Acrisure with no deductible – with policy terms tied to the customer’s verified security posture rather than a generic underwriting baseline. According to Huntress, the program is built on the premise that organizations that have actually deployed layered security controls should not be underwritten at the same rates as those that haven’t. The arrangement is worth watching for solution providers who have been looking for cyber insurance integrations that go beyond co-marketing – this one appears to operationalize the connection between managed security delivery and insurance terms in a way that could strengthen both the MSP’s value proposition and the client’s risk profile.

Intruder rounded out a busy Tuesday by releasing its 2026 Attack Surface Management Index, drawing on anonymized data from 3,000 organizations to assess how quickly companies are identifying and closing their exposed attack surfaces. The headline finding: more than one in four organizations still have MySQL databases exposed and accessible from the internet – a foundational configuration risk that the report says reflects a broader struggle to maintain visibility over sprawling and distributed infrastructure. According to Intruder, the data shows that human remediation is falling further behind the pace of automated exploitation, a trend the company calls the “Mythos Era” – a period in which attacker tooling has measurably outpaced defender workflows. The report gives solution providers a concrete, data-backed framework to bring into client conversations, particularly for customers still relying on point-in-time scanning rather than continuous monitoring.

In Brief – 

ThreatDown yesterday launched an identity threat detection and response platform, extending its security stack to cover credential-based attacks across Microsoft Entra ID, Okta, and Active Directory. 

Cycode is declaring “shift left is dead,” releasing new agentic development lifecycle security capabilities designed to protect AI-driven software pipelines from code generation through deployment. 

Toronto-based AYCE Capital yesterday announced the acquisition of a cybersecurity advisory firm to anchor a portfolio-wide security center of excellence. 

MSPAlliance last week added Service Lines to its Cyber Verify platform, letting MSPs map audited controls directly to the services they deliver for cleaner, client-ready compliance reporting. 

Full details and links in the show notes or the blog post.

Later today on In The Channel, we’re sitting down with Steve Petryschuk from Auvik to dig into their 2026 IT Trends Report and what the data reveals about the gap between AI ambition and AI maturity in managed services.

And if you haven’t heard it yet, yesterday’s episode is a good one – Joel Abramson from Top Down Ventures joins me to discuss the close of their C$38 million MSP-focused founders fund and why they believe managed service providers are the primary delivery vehicle for AI to the small and mid-market.

That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Today’s In The Channel episode lands on the same morning that Vancouver-based Top Down Ventures announces the close of Founders Fund I at C$38 million – oversubscribed against an original target of US$25 million, and positioned as the first institutional venture fund focused exclusively on early-stage software and AI for the managed service provider ecosystem.

Managing partner Joel Abramson joined the show to walk through the fund’s thesis and what it means for the channel.

Abramson co-founded and led Fully Managed through more than a dozen acquisitions before its $137 million acquisition by Telus Business Solutions in 2021. He joins general partners Chris Day (founder of IT Glue and ScalePad) and Mark Scott (founder of N-able) at Top Down – three operators who between them have spent about 75 years building and scaling companies inside the MSP ecosystem.

The fund’s first exit – zofiQ to ConnectWise, which closed in January 2026 – returned 5.3 times the invested capital in roughly six months. Abramson describes it as a case study in what Top Down looks for: founders solving singular problems with exceptional depth, validated by real MSP operators rather than generalist investors.

The macro thesis is equally compelling. The global IT services market is projected to grow from $600 billion to over $1 trillion by 2030. And in 2026, SMB IT spend is on track to outpace enterprise IT spend for the first time ever – a shift Abramson contrasts with what he calls the “SaaSpocalypse” in enterprise, where headcount reductions are translating directly into fewer SaaS licenses.

The fund’s LP base of more than 100 MSP operators – including Pax8 – acts as a flywheel for validating investments, sourcing design partners, and connecting portfolio companies with the customers best positioned to stress-test what they’re building.

Find Top Down Ventures, including their newsletter and annual research report, at topdown.com.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show.

If you caught The Buzz this morning – and you really should have – you already know the headline. Vancouver-based Top Down Ventures has closed Founders Fund I at $38 million Canadian, oversubscribed, as the first institutional venture fund focused exclusively on early-stage software and AI for the managed service provider ecosystem.

The story behind it, though, is rich. Top Down was founded with three partners with deep roots in the Canadian channel community: Chris Day of IT Glue and ScalePad, Mark Scott who founded N-able, and today’s guest, Joel Abramson, who ran Fully Managed through more than a dozen acquisitions before its $137 million sale to Telus Business Solutions in 2021.

The fund already has its first exit in the books. zofiQ, an agentic AI platform for MSP service desks that ConnectWise acquired just six months after Top Down’s investment, at 5.3 times the invested capital.

Joel joined me this morning to talk about why MSP software needs its own dedicated venture fund, what the first exit tells us about where agentic AI is headed, and one market shift that has the team genuinely excited about the decade ahead.

Let’s get right into it. My chat with Joel Abramson.

Joel, thanks for taking the time. I appreciate it.

Joel Abramson: Great to be here, Rob.

Robert Dutt: I wanted to start with the origin story here. I think it’s an interesting one in that you had a big role in building and running Fully Managed through a dozen or so acquisitions, then sold – instead of going off and retiring on a boat somewhere or that sort of thing, you ended up in venture investing in specifically MSP software. Can you walk me through how that happened? How did Top Down come together? Was this something that you sought out or something that Chris Day pulled you into? How did that happen?

Joel Abramson: Yeah, well, let’s be clear – I do love being on boats.

To tell the origin story, you get to go through a 25-year journey of the MSP ecosystem itself, because there are three general partners: Mark Scott, Chris Day, and myself, Joel Abramson. Our journey dates back to the early 2000s when Mark Scott started N-able, and he was one of the pioneers that really helped value-added resellers and break-fix IT service providers become MSPs.

I meet people every time I’m out on the road who have a story about working with N-able – transitioning their revenue model from break-fix to recurring. N-able is a phenomenal company today and I think Mark’s legacy lives on there.

Mark started that company and then exited just before the SolarWinds acquisition. Then he went on to start a service provider called CareWorks – an MSP focused on senior care facilities. A really interesting vertical, as well as broad SMB.

But I’ll pause his story and focus on Chris, because Chris is founder and chairman and really sets the vision for Top Down. Chris had an MSP as well back in the early 2000s. Eventually that was Fully Managed, and that’s where I joined him. I had a small – much less successful – MSP called Packetsafe Networks, and I rolled my little MSP into Chris’s marquee MSP, Fully Managed, and together we set on this journey.

We wanted to bring that company to ten cities with $10 million in revenue in each city and then sell it to a Canadian telco – and it’s not revisionist history, it was actually the goal.

But then a couple of years into our shared journey at Fully Managed, Chris got pulled into building software. It was because I’d built a bunch of software for Fully Managed to run on, and he made the mistake – or the fortuitous opportunity – of showing it to his peer group. His peer group was like, “I want to use that.” So he said, “Okay, well, I’ll build it for you.” He started building a documentation platform from the ground up and called it IT Glue, and that was a phenomenal ride for him – taking it from a couple of peer group mates trying it out to selling to Kaseya in 2018 and building a very large company in a relatively short amount of time. Not without a tremendous amount of hard work and grind. He was on the road with pop-up banners signing up logo by logo by logo in the early days, but eventually the movement just took shape and every MSP realized that they needed a documentation platform, and IT Glue took off.

So IT Glue exits to Kaseya in 2018. Chris has to make that decision: do I want to golf and travel for the rest of my life, or what brings me joy? And so he actually started Top Down as a way to re-engage back with the MSP community. He had an early portfolio of three companies: Warranty Master, a company he had started with his brother; Backup Radar; and Quoter. Together those three early companies started to grow at their own individual pace.

Keep in mind, we’re still running Fully Managed over here – I’m running it for him. Then we ended up putting Fully Managed together with Mark Scott’s MSP, and that’s how the three of us came together.

Then yes, we did a number of acquisitions. We grew Fully Managed to be $100 million in revenue. It wasn’t the straight line Chris and I had talked about – ten cities in ten years – but it was maybe seven cities. The bridge version: Telus came in and said they wanted to acquire Canada’s largest MSP, which was Fully Managed at the time. They had done a bunch of research and nine months later we consummated that transaction, at the end of 2021.

I’d been working with Chris for a number of years on the early-stage portfolio, because we’d get a couple of calls every month with people saying, “Hey, I’m starting this project, Chris, are you interested in taking a look?” So we started to build this reputation as investors in early-stage MSP software companies. We tried some other stuff – everything from consumer packaged goods (we still have a couple of investments) to starting a country music label, which we’ll save for another time. But we always knew our home, I think, was in the MSP space.

After the Fully Managed exit, we decided we wanted to really compound our impact. We had this idea of a venture fund – and maybe I’ll pause there, because I can continue the journey, but we’ll wait and see if you have any questions up to that point.

Robert Dutt: Understandable. It’s a wild journey, and it really is back to the heart of the early days of the MSP movement – as you say, from break-fix and VAR models. I guess tell me a little bit about where you’re at now. The fund is positioned as the first institutional VC targeting early-stage software and AI for this ecosystem. Why do you think this space needs a dedicated fund? What does a generalist venture fund miss or get wrong when they’re looking at the space?

Joel Abramson: We’ve been doing early-stage investing for a few years – five years. At the same time, Warranty Master became ScalePad, and ScalePad started to gain really, really great momentum. ScalePad brought in a growth equity partner, Integrity Growth Partners, who are just phenomenal folks. They capitalized the business and that grew ScalePad from $10 million to $50 million. They were great partners, great board members, and we watched these guys – we were like, wow, we’ve been through this journey a couple of times. They add a lot of value, and we’re really excited about that relationship.

We were doing our thing with the early-stage companies, and so we looked across the ecosystem. We said, there is a ton of capital that’s ready to invest in companies in the MSP ecosystem when they get to a certain scale – that was kind of the scale that ScalePad had gotten to. Then we looked down and said, well, what about the guys that are just starting out? There’s not a ton of support. There’s a ConnectWise pitch contest that grants $60,000 or $70,000 to early-stage companies. And there are early-stage investors – we’ve seen companies like Pax8 and Huntress go through many rounds of financing and they started somewhere. But we saw that the strongest source of capital in the MSP ecosystem was actually coming from angel investors. It was Joe Paniterri and Kevin Blake and Channel Angels, and they had done a number of deals, bringing together really early-stage capital and putting $100,000 into a business fueled from a number of different folks. That’s really, really cool. But where’s all the venture?

You look across horizontal software and there are funds of venture that just pour in. In the big markets – the Valley and New York – and then in secondary markets, there are funds focused on those areas. But we saw early-stage MSP software companies as vastly overlooked.

So we said, what if we could bring together capital from the MSP ecosystem? Because we’ve made plenty of millionaires just by acquiring them with Fully Managed. You look at how that scales out across the ecosystem: you’ve got Evergreen and Integris and Thrive and all these folks buying up MSPs. The stats are over 200 search funds, family offices, and MSP aggregators buying MSPs right now. That’s generating a lot of wealth for a lot of people. Then you have MSPs that are super profitable and people are making good cash flow. Then you have all the software companies that have exited with similar stories to Chris’s. There’s actually quite a bit of capital that could be put to work back into the ecosystem if we just found a way to harness it and focus it on innovation.

We said, instead of doing a couple of deals a year, what if we could make 8 to 10 investments a year by bringing capital together? And then what if we could build a system around that to take everything we’ve learned working with early-stage companies – applying those practices, bringing folks together for design partners, early customers, advice, and partnerships in the MSP ecosystem?

So we set out to raise a $25 million venture fund, and we said we were going to focus on educating the MSP ecosystem on what investing in a venture fund looks like, because it’s really just going to fuel innovation for MSPs themselves. Our goal was to have half the fund raised from the MSP community and half from outside – similar to what it was at Fully Managed: let’s tell the world about what a great opportunity exists in MSP.

We were super successful in the first bucket. We got really well received by the MSP community. We have over 100 LPs in the fund and we exceeded our target of $25 million. In the second bucket, we still have a lot of work to do. We’re one year into our Outliers podcast, we’ve produced one white paper, and we’ve had hundreds and hundreds of conversations in the institutional community, educating funds of funds and family offices on the opportunity for early-stage MSP software investing. We only got a couple of participants in this fund – which is all right, because it shows the strength of the MSP ecosystem. We still oversubscribed our target. But we’re excited to continue that journey of educating institutional investors for our second fund and beyond.

Robert Dutt: You mentioned you’re in at the early stage. Where in the lifecycle do you typically start looking, and what does a target portfolio company look like at the point you’re getting involved?

Joel Abramson: I’ve only been doing this for a few years, so I’m still learning some of the language, Rob. But we talk about early stage being right at inception – which is called pre-seed, the first money into a company. Maybe they have an idea of what they want to build, a prototype, a business plan, some people, but they haven’t actually started that path to launch – all the way up to around that first million or million and a half of revenue, where they’d be called a late-seed investment or an early Series A. So maybe it’s the second money in, or in a Series A it could be the third. But really we’re focused on the early stage where we can leverage the strength of our LP base – a lot of strong MSPs – as well as the strength of the community that Top Down works to enable and bring together.

That can be for design partners, early customers, folks to help with advice, and then partnerships in the MSP ecosystem. Maybe a company is working with ScalePad to solve a problem and ScalePad can help by bringing that product to its customer base. It’s really about building the things that matter most to MSPs.

And that’s why I think we love this ecosystem so much – it’s a partnership of vendors and service providers. If we look forward to how AI is going to impact things, you have small and medium businesses at the frontline – all the enablement use cases there, all the cybersecurity use cases. Then you have the service provider layer, which is MSPs helping them with all those things. Then you have a middle layer of supply chain software like the companies we invest in. And on top of that, you have the hyperscalers, the cloud companies, the frontier companies. That four-tiered system really matters, because without the innovation from Microsoft and Anthropic, the macro doesn’t move forward. But very rarely is it going to go straight from there into frontline workers’ hands. The two layers in between – the layer we invest in, and the MSPs themselves – are really what’s helping bring the value from the top to the end market.

We think it’s an incredibly resilient ecosystem. We think there’s nobody better positioned to help with AI transformation than MSPs. And that layer between the frontier companies and the hyperscalers and the MSPs is really important – that’s where innovation happens on their behalf, and that’s the kind of companies we’re investing in.

Robert Dutt: One example of that would be zofiQ, which I think was your first exit – and some pretty startling numbers there: a six-month turnaround, selling to ConnectWise, bringing back more than 5x what you put in. What did you see in that company that made you say “we’re in,” and what did the ConnectWise acquisition tell you about the market for PSA and agentic AI and where that’s all headed?

Joel Abramson: It starts with Lee and his team. We get the fortunate opportunity to look at a lot of things that are being built and we’re still learning, trying to keep pace. As the last couple of years have played out, we’ve been students of what people are building and how they’re looking at solving problems, armed with the knowledge of the last 25 years of the ecosystem.

When we met Lee, we were really impressed with him as a founder. He had a strong track record of purpose-building solutions. When Chris and I sat down with him, it was obvious he was solving singular problems with a tremendous amount of depth, versus some of the other folks we’d seen building solutions who were really going an inch deep and a mile wide. Knowing how mission-critical these solutions are to MSPs – that for every time they mess up a service ticket, they put that customer relationship at risk – we knew that Lee’s approach was just bang on. He was obsessed with solving singular use cases. It showed in the team he put together, the technology he built, and what customers were saying about the product.

It’s very atypical to make an investment and then six months later have it acquired. When it was all going down and we were talking to the ConnectWise folks, it was bittersweet. We’re so happy to see ConnectWise gain this incredible capability, but we were sad to know we weren’t going to have Lee in the Top Down portfolio anymore.

Ultimately, thrilled – because what it means for ConnectWise is that they can get this really powerful technology into a lot of people’s hands. That has a tremendous impact for the ecosystem, the end market, the MSPs partnered with ConnectWise. They can get this great innovative technology out into the market much faster than Lee could on his own, just going out and telling the story and waiting for the momentum to build. Thrilled for ConnectWise, thrilled for Lee and the team to jump into an organization like ConnectWise. And proud that we were able to play a tiny part on that journey.

Robert Dutt: zofiQ was automating the service desk with AI agents. From what you saw inside that experience with them, and looking across the portfolio now, I’m curious – especially given your background running an MSP – when you’re talking to MSPs about what some of these companies are doing, how ready are they to adopt and operationalize this kind of agentic tooling? Both in terms of willingness and interest, which I’m sure is high, and actual aptitude and ability to make the operational changes that come with it?

Joel Abramson: It totally depends on the MSP’s maturity. I’ve been through the life cycle of MSP maturity many times – two steps forward, one step back, a bunch of times. Every MSP is on a similar treadmill of growing and maturing, then having to embrace new technology, then getting hit by outside factors: whether it’s COVID, the move to remote work, the push back to the office, or the change in technology. It’s not a static industry, but it is an industrial-strength ecosystem because it’s so mission-critical for the customers MSPs serve.

Everybody is at their own part of the journey. Companies like zofiQ come around and they focus on building the right technology, then working with the ideal MSPs that are at a place where they can embrace it.

I go back to an inspirational investor, Dave Lahn, who always talks about the different buckets of work: the hero work, all the work that supports the hero work, and then all the work that should be done but isn’t. I think about MSPs with that third bucket. As a 20-year MSP operator, there were all these things I knew I wanted to do but could never get around to because we were always fighting fires, then trying to do proactive work, then project work – it compounds and you never had enough hands for the work that should be done that isn’t.

I think that’s one of the huge opportunities with AI – actually getting that work done, staying on top of it, and providing more stable, secure environments for MSP customers. If AI is the great enabler for MSPs themselves, then how exciting is it to be in a position where I can’t think of a service provider that supports small and medium businesses that’s better positioned to bring AI enablement down to that market than an MSP. I doubt it’s the accountant, I doubt it’s the janitor or the maintenance people. I think it’s the MSP, because you’re already talking technology.

As MSPs continue to evolve from the server room to boardroom conversations, AI is an incredible hook to get into that conversation. That’s why the work ScalePad does around customer success and supporting the strategy conversations is so critical. But the next wave of companies we see are really around helping MSPs actually deliver AI use cases successfully to their customers. That transformation will take place for a long, long time.

Robert Dutt: Your base of limited partners includes more than 100 MSP operators, including Pax8. That’s unusual for a VC fund. Was that a deliberate choice? And how does having operators as limited partners actually change how you source and evaluate deals?

Joel Abramson: It just makes us so strong. We have the brainpower of over 100 people there for us to tap and leverage. At our Horizons event in November – where we bring all of our LPs together – I’ve never seen a more aligned group of individuals, focused on supporting the supply chain of an ecosystem, come together and have meaningful conversations without any real individual agenda.

We think about it as a flywheel. We have a group of limited partners with all of our capital in this fund together. Of course we all want to make money – but I think what drives that outcome is supporting innovation and figuring out exactly where the best place to put capital is today that can have the largest impact tomorrow.

zofiQ is a perfect example. Here’s a strong founder with a huge problem, solving it at the deepest level, that MSPs are going to be able to take forward and dramatically impact their businesses and their customer experience. That, to me, is the genesis of venture investing: aligning all those things and putting the right pieces together.

We think about the strength of the mindshare of our LPs, figuring out ways to connect them with our portfolio companies, ways to validate our thesis and investments by harnessing that energy, and then making the right investments and providing the right support throughout a portfolio company’s lifecycle, thanks to that really, really strong LP base.

Robert Dutt: So if I’m an MSP owner listening to this – not an investor per se, just someone running a managed services shop – why should I be paying attention to what you guys are doing and what you’re funding? What’s the typical practical downstream impact on my business?

Joel Abramson: You could look at our portfolio with a degree of confidence that these companies are getting great support to build great products, that they’re talking to top MSP operators around the world to help shape what gets built. The average MSP is the benefactor of that, because it means they’re getting great product built that they can use in their MSP or deploy to their customers.

We’re doing this to earn and keep the reputation that a Top Down-backed company means tier-one innovation, great people behind it, that it’s been validated and tested – and that MSPs themselves can be the benefactor of that by leveraging this technology.

Robert Dutt: You closed this fund at about $38 million, oversubscribed, in what you called a slog of an environment – and I get that. What does that tell you about where institutional capital is actually flowing in 2026? And what does a successful Fund I set up for Fund II?

Joel Abramson: A lot of institutional capital is flowing towards the frontier companies and the supply chain of AI. We think that’s great, because just like the Microsofts and Googles that have powered the ecosystem for the last ten years, we think heavily capitalized AI companies are fantastic for the downstream companies – the software companies we’re investing in, the AI companies we’re investing in, the MSPs themselves, and the SMB layer. Capital flows down as well.

As vertical-focused funds like ours demonstrate a strong track record, more institutional capital will flow into vehicles like ours. Certainly a lot of capital is tied up at the top right now, but we see that as a great thing because we’re not super concerned about the capital cycles of the next three months. We’re much more concerned about the capital cycles of the next two decades.

As we’ve mobilized a non-insignificant pool of capital to support early-stage MSP software companies, we strive to earn the right to have a second fund with a more diverse group of participants, and subsequent funds beyond that – as long as we continue to find the right companies to partner with and add value along the way.

Robert Dutt: And that seems like – just with the names you’ve mentioned and the names I can think of off the top of my head – a target-rich environment. There are lots of companies building specifically for the MSP market for obvious reasons. But I’m curious: without necessarily naming names or tipping your hand, what problem or product category are you most excited about in the MSP software pipeline right now? Where’s the white space that’s still underbuilt?

Joel Abramson: In our research paper, we talk about two big macro things happening in the market right now.

One: we think this market – let’s broaden it to IT services, not just MSP – is going from a $600 billion addressable market to a $1.3 trillion addressable market, certainly $1 trillion by 2030. That’s a huge market. On the MSP side specifically, we have four or five scaled companies at or above a billion in revenue. Ninja is on its way up there. N-able, of course, is a big company. But you’re talking about a much larger addressable market – there’s still empty canvas where new companies can scale up to fill the middle and eventually be alongside some of those platforms. We expect those platforms to continue to grow and thrive, and we hope to build or invest in companies that can partner with them to take advantage of their distribution and ultimately make small and medium businesses better through MSPs.

All that said, what are some of those categories? I don’t think it’s new MSPs starting up and buying PSA – that market is fairly saturated. Nor do I think it’s more EDR or XDR – those are pretty saturated markets too. There’s still market share that will trade, don’t get me wrong, and innovation will build on top of it. But doubling the market requires new products, new revenue streams, and obviously AI is a critical part of that. Whether it’s the evolution of agentic service work to do all the work that should be done but isn’t, or raising productivity levels so the service is that much better, or helping the average SMB with a sophisticated IT strategy that evolves into an AI strategy – we see the category of AI services enablement for MSPs as a huge, huge opportunity.

In the enterprise, we’re living through what I call the SaaSpocalypse – the idea that big SaaS companies are going to see fewer licenses because people are going to downsize headcount and thus take an impact on their top line. But we see the SMB market as more resilient, because my accountant with 60 people and one person in marketing – they’re not going to downsize that one-person marketing department. That person is actually just going to get that much better thanks to all the tools they’re using.

SMB IT spend is expected to outpace enterprise IT spend for the first time ever in 2026. We believe that’s because of the resiliency of the SMB market – the idea that when a big tech company lays off 5,000 people, those people don’t all sail off into the sunset. A lot of them move into the SMB economy and start small businesses. Maybe the IT folks start an MSP. So we see the SMB part of the economy continuing to thrive, and it’s showing itself this year – thanks to this crazy stat that SMB IT spend will outpace enterprise IT spend for the first time ever.

For all those reasons, we’re very excited about the opportunities it creates in the companies that we’re invested in.

Robert Dutt: That is a crazy stat, and it’s worth underlining – because of where you and your peers and so much of this community is focused, right in that SMB space. And closer to home, as a Canadian podcast, we’re very much a nation of SMBs. So it really is super impactful here.

Joel Abramson: Yeah, I would agree.

Robert Dutt: For people who want to follow what you guys are doing – whether they’re founders, MSPs, or just interested in what’s coming in terms of new AI-first MSP software – where do they find you? How can they find out more?

Joel Abramson: TopDown.com. We publish a newsletter and try to share all the learnings we’re gaining each quarter. We publish a white paper annually. We have a conference in November called Horizons – if you’re interested in investing in the MSP ecosystem, our goal is to bring everybody together as peers. We do a lot of dinners and events around the big MSP events. Our goal is always to bring everyone together as peers, not in a supplier relationship where you’re being sold to – just everybody trying to solve this thing together. The community aspect of the MSP ecosystem is so strong, and that’s how you engage.

I’m pretty easy to find and always interested in a conversation with anybody from inside the ecosystem or outside, as we try to build this thing one brick at a time toward 1.3 trillion of addressable market.

Robert Dutt: Brilliant. Go get that. Go build that. I appreciate you taking the time, Joel.

Joel Abramson: Thank you so much for having me.

Robert Dutt: There you have it – Joel Abramson from Top Down Ventures.

I’d like to thank Joel for his time this morning. Thank you as always for listening to In The Channel.

A few things stuck with me from this conversation.

First, the framework Joel described: frontier AI companies at the top, then the supply chain software layer that Top Down invests in, then MSPs, then SMBs at the front line. It’s a clean way to think about how AI value actually gets delivered to small and medium businesses. And the point that MSPs are the most natural vehicle for that delivery is hard to argue with – from where I sit, and probably from where you sit too.

Second, that stat about SMB IT spend outpacing enterprise IT for the first time ever this year. If we’re in what Joel calls the SaaSpocalypse for the enterprise, we’re in a resilience story for SMB. For an audience of MSPs, that’s your market, and that’s your moment.

And the zofiQ story. A six-month hold, 5.3 times the invested capital to ConnectWise. What Joel said about what made it work – going deep into a singular problem rather than an inch deep and a mile wide – is as much a product philosophy lesson as it is a venture capital story.

If you want to follow what Top Down is doing, find them at TopDown.com, where they publish a regular newsletter and annual white paper on the state of MSP capital. Their Horizons conference runs every November if you’re engaged in this ecosystem as a founder, an operator, or an investor.

If you’re enjoying the show, please give the podcast a follow or subscribe on Apple Podcasts, Spotify, YouTube, or most of the major podcast directories. Ratings and reviews are always encouraged.

Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Today’s headline news for Canadian IT solution providers:

Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Tuesday, May 12, 2026, and here’s what’s happening in the channel today.

Top Down Ventures has announced the final close of its Founders Fund I, pulling in 38 million Canadian dollars and oversubscribing its original target. According to the firm, this is the first institutional fund focused exclusively on early-stage software and artificial intelligence for the managed service provider ecosystem, which it values as a roughly 1 trillion dollar global IT services category. The fund is backed by a limited partner base of more than 100 MSP operators, including distribution giant Pax8. Top Down noted that closing the fund in the current economic environment was a challenge, but the oversubscription signals clear institutional interest in the MSP software space. The firm also pointed to its first exit as a proof point – zofiQ, an agentic AI platform for MSP service desks, was acquired by ConnectWise just six months after Top Down’s initial investment, returning 5.3 times the invested capital. Having dedicated institutional capital purpose-built for the ecosystem means the next generation of MSP tooling gets funded by people who actually understand the problem. For solution providers thinking about where the platform wars are heading over the next five years, this fund is part of that story.

New data released yesterday by Fortinet paints a stark picture of Canada’s position in the global threat landscape. According to the company’s 2026 Global Threat Landscape Report and its companion 2026 Cybersecurity Skills Gap Report, Canada has moved from third to second globally in ransomware attacks, with 374 Canadian organizations extorted last year. Total cyberattacks against Canadian targets surged to 17 billion in 2025, up from 13.7 billion the year before. Fortinet’s FortiGuard Labs says the time-to-exploit for critical vulnerabilities is now running two to four times faster than it was, driven by threat actors deploying agentic AI to accelerate reconnaissance and execution. The skills picture compounds the problem: 47 percent of Canadian IT leaders cited a lack of cybersecurity talent as a top cause of breaches, and 49 percent say they struggle to hire staff with specific AI security experience. That combination – faster attacks, a shrinking talent pool – is exactly the kind of environment where a strong MSP security practice becomes a business necessity for SMB clients, not a nice-to-have. Derek Manky, chief security strategist and global vice president of threat intelligence at FortiGuard Labs, called it an “industrialized defense” challenge.

New research from Barracuda released this morning adds another dimension to the threat picture. Based on an analysis of 3.1 billion emails, the company’s 2026 Email Threats Report finds that one in three emails is now malicious or unwanted spam. According to Barracuda, 48 percent of malicious email activity is phishing, 34 percent of organizations experience account takeover at least once per month, and 90 percent of high-volume phishing campaigns now use phishing-as-a-service kits. Perhaps most notable for the managed services conversation: 70 percent of malicious PDFs now hide phishing links inside QR codes, a tactic specifically designed to bypass traditional email filters. Barracuda positions the core finding as a shift in attacker strategy – away from noisy malware and toward stealthier, trust-based techniques that use compromised accounts and familiar file formats to slip past defenses. The report identifies growing demand for layered email and identity protection combined with automated response, which points directly to an opportunity for service providers helping customers with lean IT teams who are already stretched managing alert volume.

In Brief – Calian Group has completed its acquisition of U.S. managed service provider Computex, expanding the Ottawa-based firm’s American footprint and cybersecurity capabilities. Crogl has begun a private rollout of its AI-powered SOC platform, positioning it to help service providers automate threat response and cut alert fatigue. Pax8 and NinjaOne have announced a partnership starting as a referral motion, giving MSPs a path to RMM and unified IT operations tools while the companies work toward future marketplace integration. TD SYNNEX has given MSPs reserved access to NVIDIA GPU capacity through a deal with Nebius AI Cloud, letting channel partners deliver AI infrastructure services without buying hardware or competing with hyperscalers for GPU supply. Full details and links in the show notes or the blog post.

Later today on In The Channel, I sit down with Joel Abramson, managing partner at Top Down Ventures, to go deeper on the Founders Fund close – the LP flywheel strategy, the zofiQ exit, and what it means for the companies building the next generation of MSP software.

And if you missed it yesterday, check out my conversation with Steven Kiss, partner and national ServiceNow practice leader at EY Canada, on what building Canada’s first ServiceNow elite partner teaches you about what is coming next in the agentic enterprise.

That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

This is the final episode in our Knowledge 2026 coverage series, recorded live in Las Vegas. If you haven’t caught the earlier episodes, we’d suggest starting with our conversations with ServiceNow SVP of global partnerships and channels Michael Park and ServiceNow AVP of Canada Cristin Gooderham – both published last week.

Steven Kiss is a partner at EY Canada and leads the firm’s ServiceNow practice nationally. His path to EY is worth knowing: in 2013 he co-founded SuMO IT Solutions, which grew into Canada’s largest ServiceNow boutique and became the country’s first gold and first elite ServiceNow partner. EY acquired SuMO in May 2021, making this conversation’s recording date – almost exactly five years later – a quietly meaningful one.

EY is a global elite ServiceNow partner and the reigning worldwide partner of the year for banking, risk, and security. Steven’s strength in this conversation is that he speaks as a practitioner, not a spokesperson. He describes EY using ServiceNow internally as client zero – targeting eighty-five to ninety percent deflection of HR interactions, with employees getting instant answers to questions that used to require a chain of emails. He’s watching the agentic AI transition from the inside of a four-hundred-thousand-person organization.

On the practice-building side, his advice is consistent and direct: configuration over customization, accelerators over custom builds, and outcomes over deliverables. The partners who survive the AI transition, he argues, are the ones who learn to translate technology capability into business value – not the ones who can deploy the most modules the fastest.

His closing advice to Canadian MSPs and solution providers is worth the listen on its own: before you talk about what you can build, stop and ask what the client is actually trying to accomplish. It’s the philosophy that built SuMO – and it’s the one he’d hand to any partner trying to figure out where they fit in the agentic business era.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show.

This episode wraps up our coverage from last week’s ServiceNow Knowledge 2026 conference in Las Vegas. If you’ve been following along, you’ve heard from ServiceNow’s global channel chief on how the partner model is evolving around the Agentic Business, and from ServiceNow’s Canadian leader on what all the big announcements mean for Canadian enterprises and partners specifically. This conversation is a different angle altogether – what does this moment look like from someone who’s actually been building a ServiceNow practice in Canada for over a decade?

My guest is Steven Kiss, partner and national ServiceNow practice leader at EY Canada. What makes this conversation different from a lot of partner-perspective interviews is his backstory. Steven didn’t arrive at EY through the traditional consulting path. In 2013, he co-founded SuMO IT Solutions, which became Canada’s largest ServiceNow boutique – the first gold and first elite partner in the country. EY acquired SuMO in May 2021, and Steven has been running the national ServiceNow practice from inside one of the world’s largest professional services firms ever since. EY is a global elite ServiceNow partner and the reigning worldwide partner of the year in banking, risk, and security.

That combination – born in a boutique, operating at GSI scale, winning in regulated verticals – gives him a perspective on where the channel is headed that’s worth hearing whether you’re running a five-person shop or a fifty-person one.

Let’s get right into it – my chat with Steven Kiss.

Steven, thanks for taking the time. I appreciate it.

Steven Kiss: My pleasure, Rob. Good to be here.

Robert Dutt: I want to start off with a little bit of the background. You didn’t arrive at EY through the traditional consulting angle. It’s neat that you built out a ServiceNow specialist in SuMO IT, which was then acquired. For listeners who don’t know the backstory, can you give us the elevator pitch version of what happened? And also, what does the EY ServiceNow footprint in Canada look like today?

Steven Kiss: Yeah, absolutely. I’d love to tell you that story. It goes back to 2013, where we saw an obvious opening in the market. ServiceNow was coming on strong, really starting its momentum. We had a lot of legacy HP folks and HP Service Manager, et cetera. With ServiceNow, I think there was a real opportunity to see the market redefine and reshape itself. We launched in October 2013 with just a handful of employees, and really being focused on the goal of building the best service management partner organization in the country – that was the fuel that allowed us to grow. It wasn’t about how do we grow the quickest, have the most people, have the most certifications, be the most profitable. We really just wanted to be the place that people would come to when they wanted to modernize and accelerate their transformation. And then it grew into, I would say, Canada’s largest ServiceNow boutique. We were the first gold partner in the country, and then we became the first elite partner in the country. Then up to the point in May 2021 – which is our fifth anniversary coming up in a couple of days – we completed the acquisition by EY, where we brought 85 professionals into the EY Canada organization. That’s just the high-level story.

Robert Dutt: That’s the backstory. Where’s that business at now? What does it look like in terms of scope and scale?

Steven Kiss: It’s been an incredible ride. We brought in the things that made the boutique partner super successful, which meant very deep technical skills, then expanding as the ServiceNow platform expanded. But there’s a true opportunity within an organization like EY to leverage that front-end consulting engine. EY as a legacy consulting organization is in the market every day talking about HR, cyber risk, supply chain optimization, any part of the business. What that offered them was the ability to operationalize consulting – in the real world, solve the problem for the customer by using technology. We’ve been able to grow with that through activation and integration within the firm. It’s been an incredible ride and it still continues to grow and expand today. Significant growth over the past five years.

Robert Dutt: The big theme here was obviously the Agentic Business – the argument that the pilot era is over and we’re moving towards autonomous AI deployment that shows real value. From where you sit, working with Canadian enterprises day to day, how does that land with what you’re seeing, with where people are? Are your clients there yet, or is this still aspirational for most?

Steven Kiss: Well, I think let’s put it this way. I think people have a sense of what they’d like to accomplish when we talk about the agentic enterprise – the vision of the future, the aspirational vision of tomorrow. I think that’s somewhat clear in people’s minds. It may not be fully aligned from executive to executive across the board, but I think they have an aspirational thought of what it is. A couple of years ago, Gartner put out a quote – and I hate to misquote it – but something along the lines of the vast adoption of AI in an enterprise will come from the platforms people are already using. And of course, we’ve seen that: ServiceNow, who’s been in the AI space for years and years, and other platforms that enterprises trust are obviously incorporating AI capabilities. You’ve got departmental efficiencies in a lot of cases, but I don’t think you have the end-to-end benefit of AI all the way through. You’ve got pockets of it, but the enterprise benefits are not yet being realized.

A hundred percent, like everybody says, we’re in the pilots and the kicking of the tires phase. But I think we have to think broader. This is not about how do I get my department to operate better, faster, stronger, cheaper – it’s really about the execution from request all the way through to fulfillment across the enterprise. We have the same actual goals as what we’ve had for years: breaking down silos, creating efficiencies across the enterprise, now with an expectation of accelerating all that. The good news is it’s at least a familiar challenge – a familiar motion – to break down those silos and get everyone rowing in the same direction.

Robert Dutt: A hundred percent. And I think that’s exactly it. How do you see your role, or the role of other partners, in helping organizations get that alignment across executives and get everyone prioritizing and identifying the steps?

Steven Kiss: Yeah, this is very interesting. This is where I look back on the earlier question about boutique versus the Big Four mindset now. I think of us very much along these lines. I’ve seen from the inside what organizations like EY have done. We’re a global operation – four hundred thousand people. Yes, we look at it from the Canadian lens because of being in Canada, but we’ve seen firsthand how these pockets of AI innovation turn into more enterprise workflows. Again, we’re four hundred thousand people, so any time we can see even single-digit efficiencies, that adds up to real dollars – and more importantly, less frustration for the people inside these workflows. We’re able to take these case studies and things that we’ve seen as client zero to our clients. We go, “Look, we are also a global operation. We have global employees. We understand the frictions from the inside.”

And I think being able to tap into that front-end consulting engine I mentioned a few moments ago – we are already in the market talking to the people who own that business problem, the person who feels the pain of it, potentially the budget to solve it. We’re able to bring our expertise to that story and explain how we would solve that problem. I think the adoption of platforms like ServiceNow reduces the obstacles to get there, simply because we can leverage the “using technology you already own” mindset. You don’t have to buy yet again another tool, another platform, train more people. It’s already been security vetted. You already know how to support it. Your people are used to using it. Why not simply extend it into these areas? That’s been a huge benefit of the conversations we’re having.

Robert Dutt: A big theme here – and whether you want to call it eating your own dog food or drinking your own champagne, ServiceNow tends to call it “Now on Now,” running the business on the product – I’m curious how you guys use ServiceNow internally, and especially as some of the new agentic capabilities roll in, how you’re thinking about it from an internal lens as a way to both learn and to add value to the organization.

Steven Kiss: Yeah, absolutely. It continues the thought from before – AI, obviously, is going into every department. There isn’t a department that’s not looking at it. We’re doing the exact same thing internally. We are a client of ServiceNow in addition to being a global elite partner, and we have the luxury of being able to look at it from the point of view of scale. Initially people are looking at it from the departments that are – I don’t want to necessarily say early adopters, but potentially early adopters – and IT would be one. If you think about what happened a generation ago with IT service management moving into enterprise service management, it’s the exact same thing. IT is one of the most framework-driven departments in an organization. We ourselves have deployed ServiceNow in IT for request management, traditional help desk support, ticketing, case summarization – things of that nature have been huge. HR has also been a huge accelerated adoption area with ServiceNow – onboarding new employees and things of that nature.

We also see ourselves moving very aggressively toward the target outcome of deflecting eighty-five to ninety percent of HR interactions. Things as basic as “What is the value of my flex benefit account?” or “How many days of vacation do I have?” – these are all things that the human in us wants to know nearly every day, but getting to that answer is not as easy as it should be. I have to send an email and I have to hope I get an answer. Now I can just simply ask and get the answer back. Looking at the employee from the human nature element is guiding where we’re taking it next. It’s really exciting where I’ve seen EY go from five years ago to today, and I think we’re going to see further acceleration in these areas.

Robert Dutt: You guys just won Worldwide Partner of the Year for banking and risk. Very specific distinction – not just great implementation partner, but specifically in high-stakes, regulated space. Take your victory lap. What does that actually mean in terms of what you think you’re doing that more generalist partners aren’t?

Steven Kiss: It’s incredible. And Rob, I hate to point it out – you also missed security in there. So it’s risk, security, and banking, which means we’re on the resilience side. If I take risk and security together, it’s not functional deployments of these things – it’s understanding the mindset of what resilience means to organizations, especially regulated industries like banking. This is a perfect example where these things actually come together.

I think what separates us, in addition to the obvious large footprint in the banking and financial services sector to begin with, is again leveraging that front-end consulting engine. It’s one of our largest sectors. It’s where we’ve got a ton of innovation going, especially internally at EY with our AI innovation centers, et cetera. There’s a lot of horsepower and investment directed at these. I think they’re also the sectors that are investing the most themselves. So there’s a very strong partnership. It’s truly amazing for us. We work with very large financial institutions to help them get to success in these areas.

I think it’s also not about deployment of modules. It’s not about people at hours. It’s really about outcomes and value – being able to really understand our clients, understand their business, understand their greatest challenges, connecting those issues across levels in the organization so we can understand what success looks like for them. We also have banking innovation departments with people who spend all day, every day just thinking about what the future of banking looks like. Being able to apply the value proposition of the ServiceNow alliance as part of those conversations is a huge differentiator. And this is the third year that we are the banking partner of the year, so we see continued success there.

Robert Dutt: Close to home – I keep thinking about regulated industries in Canada, data sovereignty, public sector sensitivity, OSFI E-21, all of these things. Given that you guys have practice strength in exactly those regulated environments, where do you see the biggest near-term deployment opportunities for ServiceNow in Canada specifically? And what do you see as the blockers that are still there?

Steven Kiss: Yeah, absolutely. I’ll start with blockers. I think organizations need to realize that they’ve got to get their data in order. This is the foundational element that’s going to stop rapid deployment if they don’t have it in place. They’re just going to be behind – and I don’t think the market is going to tolerate falling behind. The people who are proactive at investing in what tomorrow is going to look like will be the winners from a business perspective. That’s foundationally it.

When you start talking about OSFI E-21 and regulation, they’re very defined on what the needs are, but I don’t think those needs are defined fully – we can’t see so many years out. They will constantly evolve, because we ourselves don’t ultimately know what AI is going to look like. So how would the regulations? They’re going to constantly evolve and mature. And I think the benefit of what I’ve seen in platforms like ServiceNow is the endless ability to evolve with the times without ripping and replacing. The investments will be leveraged and built upon and refined. I haven’t seen any other organization plow as much R&D into their platform as ServiceNow has. It’s not build your own house. They’ve defined it and created the frameworks, and configuration – not customization – is going to get us where we need to go. That’s a huge differentiator. But again, it’s ultimately going to come down to navigating the endless evolution of these regulatory needs.

Robert Dutt: One of the big announcements this week – Action Fabric and the MCP integration layer – opens the door for partners to build proprietary IP on top of the platform and bring it to market as their own. Curious how you’re thinking about that. Is that something you’re doing – building reusable accelerators or industry-specific agents that you’re bringing to clients? And how do you think about the build-versus-configure question as that evolves?

Steven Kiss: Yeah. I’ll start at the end and you can keep me on the straight and narrow with the rest of the question. With clients, it’s very much about having a framework of success as you start to deploy. And as I said previously – configuration, not customization. Leveraging as much out of the box as possible, and industry-leading practices are going to drive how we deploy things. This is not about individual whims. There is a well-worn path in front of you – follow it, adapt around it, and then you are going to be running, not walking. The organizations that adapt and create that framework of success are going to be the very successful ones.

As it relates to building blocks to create IP at the partner level on top of the platform – I think we’ve seen this for years with different degrees of success – because you’re essentially thinking about it from a productizing perspective. You have to accept the fact that if you are in the productized business, you are a product organization. You need size, scale, ongoing investment. You have to have that commitment internally.

I’m a big fan of innovation where it doesn’t ratchet down the foundational capabilities of the platform. I’m a big supporter of accelerators that allow clients to get to the finish line faster – and these don’t necessarily mean we’re creating a product that locks clients into certain capabilities, because we’ve seen the negative side of that over the past five, seven, ten years. Accelerators that provide an industry-leading process to the conversation, that allow us to move the client toward the outcome of what this thing should look like – those are very positive. And once again, if you think about EY, the brand is very strong in risk, security, the resilience story. Partnering with an organization known for that just accelerates the path to the finish line.

Robert Dutt: Outside of what we’ve already talked about – or even within it – what have been your big takeaways from the event? What caught your ear the most and changed the way you think about something, or that you think is going to lead you to do something new or different in the practice once you get back home?

Steven Kiss: The show, a hundred percent. A couple of things. First of all, the way ServiceNow is actually driving the market forward. In some ways it’s very Apple-esque – the old Steve Jobs quote, “our customers don’t tell us what they need, we’re there to help guide them.” I’ve seen that with things like AI Control Tower. Everybody’s excited about the possibilities of AI, but we can’t just let it loose. It has to be governed. And we have to be able to, over our Monday morning lattes, look at a single system and understand where our position of risk is.

Number two – the areas of regulated industries and having a recommended path forward for clients operating in those sectors, being able to guide them through that in an accelerated way so we’re not waiting years to get there. Organizations are looking at this like an arms race – everyone’s running. So let’s make sure they don’t trip and get them there. Those are probably the areas where I’m the most excited about continuing to see the innovation and investment from ServiceNow. It’s something that I don’t think has ever been seen at that level. The way they’ve adapted to the AI story has been incredibly impressive – not following, very much leading. And I think it’s just very exciting.

Robert Dutt: Last one for me. Our audience is primarily VARs, MSPs, smaller solution providers – not GSIs, but folks who are watching what you guys at the big integrators are doing because it tells them something about where the market’s going. Especially given your former life leading SuMO and being in that boutique partner role – if you were advising a mid-sized MSP or other partner right now, who’s trying to figure out their AI strategy and where ServiceNow might fit within it, what would be the most important thing you’d tell them?

Steven Kiss: I think at the end of the day, a laser focus on the client and what success looks like for them. This is not about the technology – the technology is the enabler to get to success. Our secret sauce as we were building our boutique was really to say: yes, you come to us and ask us, “Hey, we want to deploy a module, we want to do this thing, we need a couple of people that are skilled at this.” I would always stop and say that’s great, we would love to have that conversation – but before we get there, what is it you’re trying to accomplish? Who in your organization benefits – customers, employees, vendors, partners? Tell me how it’s done today and tell me what you think it’s going to look like tomorrow. That’s going to be the best way we can advise you and get you there, because we want to be part of your success and create a long-term partnership.

This is not about having more certifications than you do as a differentiator. This is not about being able to code quicker. It’s really about understanding what success looks like. Yes, you make yourself successful because you understand how to deploy – and the functional component of that is selling a deliverable, people, hours. But unless you’re able to translate that into outcomes and value, and articulate the problem that this solves, there’s no way you’re going to justify budget for the next thing you’re trying to do. If you simply focus on the functional execution part and not the business side of it, you will be left behind. You have to constantly think about that. It can be exhausting sometimes, especially for partners that are more technology-driven and not business or consulting-driven. That is a comfort zone you have to get out of. And I think if you do that, you’ll find it’s a very refreshing way to guide your organization through these next steps.

Robert Dutt: That’s great advice. And I think we’re seeing a lot of momentum towards partners being encouraged to think that way. So I appreciate it being amplified. Steven, thanks for taking the time once again. Hope the rest of the show goes well for you.

Steven Kiss: Thank you very much. I appreciate it. Thank you for the time as well.

Robert Dutt: There you have it – Steven Kiss, partner and national ServiceNow practice leader at EY Canada, recorded live at Knowledge 2026 in Las Vegas.

I’d like to thank Steven for his time – and for being one of the more candid guests we’ve had on this show about what it actually takes to build and sustain a practice in this market.

And thank you for listening. Three things from this conversation worth sitting with.

First – EY as its own test lab. The detail that stuck with me most wasn’t about client work. It was Steven describing what EY is doing internally with ServiceNow – targeting eighty-five to ninety percent deflection of HR interactions, so that a question like “what’s the value of my flex benefit account?” or “how many vacation days do I have?” gets answered instantly rather than through a chain of emails. That’s a four-hundred-thousand-person organization using itself as client zero. When he talks about AI adoption in enterprises, he’s talking about something he’s watching from the inside. That credibility comes through.

Second – configuration, not customization. Steven returned to this idea more than once, and it’s worth repeating. His argument is that the partners who try to build elaborate custom solutions on top of the ServiceNow platform are going to get left behind by the partners who master what’s already there, build accelerators that help clients move faster, and focus relentlessly on business outcomes rather than technical deliverables. It’s a discipline that’s easier to say than to build into a practice culture.

And third – the advice he’d give any mid-sized MSP or solution provider right now. It comes straight from the SuMO playbook. Before you talk about what you can build or deploy, stop and ask the client what they’re actually trying to accomplish. Who benefits? How does it work today? What does tomorrow look like? That’s not a sales technique – it’s an operating philosophy. And it’s the thing he says separates partners who justify the next engagement from partners who get left behind.

That wraps up our Knowledge 2026 coverage series. Thanks for spending the week with us in Las Vegas.

If you’re finding In The Channel useful, we’d love for you to follow or subscribe wherever you’re listening. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. Ratings and reviews are always appreciated and always read.

Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

This week’s In The Channel episodes have been coming live from ServiceNow’s Knowledge 2026 conference in Las Vegas, where the company made its most aggressive platform repositioning in years – moving from workflow automation into what it’s calling the Agentic Business: autonomous AI agents doing real enterprise work, governed by a platform layer that sits above everything else running in your organization.

The big announcements – AI Control Tower, Action Fabric, the Go Live AI guarantee – were covered extensively earlier this week. This conversation is a different question: what does all of that actually mean if your customers are Canadian?

Cristin Gooderham is area vice president of Canada enterprise sales at ServiceNow. In this conversation, she makes a case worth sitting with: the traits that have historically made Canadian enterprises slower adopters – governance-first thinking, regulatory sensitivity, preference for proven approaches – are actually an advantage in this specific moment. When the lead pitch for enterprise AI is governance and control, Canada is ahead of the curve, not behind it.

She also touches on the partner ecosystem dynamic, describing a market that saw boutique ServiceNow specialists absorbed by larger integrators over the past few years, and is now seeing a new generation of AI-first specialists starting to emerge and fill that gap. For Canadian solution providers trying to figure out where they fit in the ServiceNow ecosystem, that’s an encouraging signal.

And on the security side, the completed acquisitions of Armis and Veza aren’t just product additions – they’re an active attempt to bring a new category of security-domain partners into an ecosystem that hasn’t historically included them.

This episode is part of our Knowledge 2026 coverage series. Also in the series: our conversation with ServiceNow SVP of global partnerships and channels Michael Park, and on Monday, EY Canada partner and national ServiceNow practice leader Steven Kiss.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show.

This week I’ve been at ServiceNow’s Knowledge 2026 conference in Las Vegas, where the company spent the week making the case for what it’s calling the Agentic Business – the argument that the AI pilot era is over and autonomous agents doing real enterprise work, governed by a platform layer, is the new reality.

Yesterday, you heard from ServiceNow’s global channel chief on what it means for the partner model. This episode is a different question: what does it actually mean if you’re a Canadian enterprise or a Canadian partner?

My guest is Cristin Gooderham, area vice president for Canada enterprise sales at ServiceNow. She’s leading the company’s go-to-market motion in Canada at what is genuinely a pivotal moment – a week where the platform her team sells just repositioned itself as the governance layer for all enterprise AI, not just workflow automation. We talked about where Canadian organizations actually are on this journey, what makes this market different from the US, and where she sees the near-term opportunity for Canadian partners.

Let’s get right into it – my chat with Cristin Gooderham.

Cristin, thanks for taking the time. I appreciate it.

Cristin Gooderham: I’m very excited to be here. Thank you so much for taking the time with me.

Robert Dutt: Well, and thanks for having me out to Knowledge to get a sense of what’s going on here. When you look at where Canadian enterprises are right now on AI adoption – a big theme obviously this week is moving from proof of concepts to proving actual value – where do you see the Canadian market in that regard? Are we ahead, behind, or is it more complicated than that?

Cristin Gooderham: I wouldn’t say we’re behind. I would say we’re right on pace with what I’ve seen from my US counterparts. We have some organizations that are driving full force ahead, and then we do have some that are still stuck in that POC landscape where they’re really still struggling to define what they want AI to be for them – which is probably the biggest thing. Where we’ve seen organizations really do a tremendous job is where they’ve come with a very strong point of view of what their business challenge was and tried to look at it from an AI perspective, versus “I wonder what AI could solve for me.”

Robert Dutt: The more concrete the approach, the better it sounds like.

Cristin Gooderham: Absolutely. Tying everything to a business outcome that can actually, particularly if it can support revenue, is where we see organizations find not just the energy but the funding to put towards it.

Robert Dutt: Bill McDermott’s framing this morning was the AI blind spot – organizations running agents without governance visibility, which has kind of been the state of play up until now. Given what you know about Canadian enterprises – whether it’s regulatory caution, public sector sensitivity, or just Canadian conservatism in terms of not wanting to be first out on that limb – do you think that message lands differently in Canada than it does in the US or other markets?

Cristin Gooderham: I think for ServiceNow it lands even stronger in the Canadian market because of that conservatism. The reality is platforms like ServiceNow are really bringing to the market true visibility into your AI asset estate and the ability to actually govern and audit what is going on with your AI agents. No one is going to win the AI race by having all the agents – that’s just not a realistic expectation. But having visibility into what all those agents are doing, particularly once they start talking to each other – I think Canadian organizations are going to be very interested to have a view of that estate before they make massive investments in AI. We’ve already had those discussions with a lot of clients who really want to understand: of course we want to get AI, of course we want to find efficiency gains, but we need to do it in a way that we can govern it. That’s been a very key message, and it’s great to hear Bill reiterating it here because that’s really what ServiceNow can bring to the table.

Robert Dutt: How live has that governance discussion been with clients to date?

Cristin Gooderham: I would say the discussion has been very live. The implementation and action of it – we are working diligently on that piece. Where we’ve seen success is with clients in particular verticals that are far more mature with ServiceNow than others. Our banks in Canada, for example, have been invested in ServiceNow and really viewing us as a strategic platform since as early as 2010 in some cases. They’ve made investments not just from an IT point of view but have expanded into the security and risk areas of our platform. Those are the ones where we’re having the most productive discussions and are really moving quickly beyond proof of value into true value.

Robert Dutt: I’m curious to what degree you see the regulatory environment as backfilling that as well – how often is it being driven by existing or coming regulation, especially in regulated industries?

Cristin Gooderham: As always, the laws are typically behind the technology. What I’ve seen is that our own customers are taking a very forward-facing look at it because they know that regulation will be something to consider. We’ve had tremendous discussions on AI processing data, data at rest, Canadian sovereignty of the data. That has been a really hot topic. There’s no strong directive coming from the federal government to say all data must reside in Canada at all times. But the AI component has made it very interesting, and it’s a discussion we’re having constantly with customers.

Robert Dutt: A stat that came up yesterday was that ninety percent of ServiceNow implementations globally are partner-involved or partner-delivered. What does that mix look like in Canada? What can you tell me about GSIs versus smaller partners? Are you seeing a new breed of more specialized, AI-focused partners emerging that are punching above their weight?

Cristin Gooderham: The partner ecosystem in Canada is absolutely a complete mix – everything from global GSIs down to extremely unique niche partners. Over the last few years, we did see a tremendous amount of our really strong boutique partners actually get acquired by global GSIs. When I got to ServiceNow six years ago, we had a tremendous amount of point partners – ServiceNow-specialized and very focused on a particular part of our platform. That went away for a bit because so many GSIs were excited about the opportunity to expand their ServiceNow practices. Now we’re seeing the resurgence of those smaller point solution partners coming back with a ServiceNow-only, AI-first view, which has been really exciting to see.

Robert Dutt: I wonder if this becomes a cycle that repeats itself as those folks grow up and we see another wave of consolidation down the road.

Cristin Gooderham: Potentially, absolutely. But the opportunity for partners in Canada to focus on ServiceNow is tremendous. We’re really excited to see some of these up-and-coming partners. We had two recently launched in Western Canada – both Ardent Labs and Skymark – taking a ServiceNow-only focus, which is a very different approach than the GSIs. The GSIs are fantastic, but they look holistically. A ServiceNow-dedicated partner can really make an impact in ways a GSI won’t necessarily prioritize.

Robert Dutt: One trend we’re seeing across the channel is multi-partner engagement becoming more common. You’re nodding as I say that. I’m curious what you’re seeing in terms of situations where a big GSI tags in more specialized partners to fill the bench and meet customer needs.

Cristin Gooderham: It is absolutely critical and something we at ServiceNow fully support. We do it ourselves – we have our own expert services, and a lot of times we will engage niche partners to fill particular gaps. One of the areas where I see our partner ecosystem doing that a tremendous amount is in the security and risk space, because some partners are phenomenal on the overall platform but security and risk is a different skill set – it’s even a different vocabulary. I love seeing partners collaborate because it’s usually the best option for the customer. It’s the best outcome for everybody: the partners are successful, the customer is successful, and therefore ServiceNow is successful.

Robert Dutt: I realize this is not how one builds out a business model, but I’m curious – as you said, there’s a rising generation of ServiceNow-focused partners. If you were to point to the greenfield, the underserviced opportunity in the Canadian market today, what would it be?

Cristin Gooderham: So I’ve touched on it already – security and risk. With our acquisitions of both Armis and Veza, that is an area where we’re going to continue to invest. If ServiceNow partners are looking to expand their skill set, that is where we need additional help. When we started having the AI Control Tower discussion late last year, it was at every executive briefing the thing that made every CIO sit up and pay attention. So anything in that space is really where we’re going to need to see continued partner enablement and adoption, and hopefully new partners coming in to pick it up.

Beyond that, as we continue to make moves into the CRM space, those are also going to be areas where we need additional partners. We have phenomenal partners from the US that come up and do work here, but as an opportunity for more Canadian jobs, that’s definitely an area I would point Canadian partners toward.

Robert Dutt: The AI Factory and NVIDIA partnership that came up – how do you see that through a Canadian lens?

Cristin Gooderham: I think the key piece is that NVIDIA and ServiceNow together have a great story. We know most of our customers are investing in NVIDIA – a number of the telcos, we’ve already had discussions with them. So it’s really an opportunity for us to continue to expand our AI footprint and help create really positive three-way relationships. As NVIDIA becomes more and more critical in every market, it’s fantastic to see that they see the value in ServiceNow – and our customers are seeing the same thing.

Robert Dutt: Data sovereignty – big issue in the Canadian market. It sounded from your earlier comments like it’s not quite a hard regulatory concern yet, but how do you see it playing out? What are customers asking you about?

Cristin Gooderham: Data sovereignty is a hot topic in every customer engagement we have. In the public sector space it has a tremendous amount of weight. We’ve seen a real shift from the federal government in terms of their position on sovereignty – they haven‘t come out and defined very strongly what data sovereignty looks like, but it’s absolutely something we’re focused on. We announced earlier last year a large investment in Canada to build out our own isolated full stack to host all of our public sector clients, ensuring Canadians on Canadian soil are managing the data.

But it does stop somewhat short of true sovereignty. The benefit of SaaS is the ability to push upgrades to customers at any given time – as soon as you move to true data sovereignty, that piece closes off. It doesn’t make it a negative, it’s just something clients need to make decisions on.

Robert Dutt: With AI Control Tower coming online and the way Bill was repositioning the company around that governance layer – as almost the orchestrator of the ecosystem – how does that change the partner role?

Cristin Gooderham: I don’t think it changes the partner role tremendously. As you heard in the keynote this morning, we’ve always been the platform of platforms, and we’re still advocating that message. It’s just refined itself to really focus on securing and governing the AI estate, as opposed to a more open approach. Partners are still going to be critical to help us get customers to success. But it does mean that retraining and focus into those areas – understanding the security and governance piece – is going to be critical moving forward.

Robert Dutt: The security piece is so big in the channel writ large. Do you see it as another entry point for new partners to come into the ServiceNow ecosystem and add what you’re doing to what they’re doing with other vendors and their own managed services?

Cristin Gooderham: Absolutely. Where I think there’s a really interesting opportunity is for more security-focused partners that perhaps haven’t focused on ServiceNow before – they’re focused on multiple different point solutions – to actually start looking at ServiceNow as another tool to put in their bag. We are having expanded security conversations all the time. I think it’s very clear through our acquisitions that this is going to be a continued focus.

A security partner like Arctiq, for example – they’re already engaged a lot with us, and I believe they’re already engaged with Armis. This could be a really interesting push for them to take on more of ServiceNow. The good part is that there’s no shortage of security tools out there to take on. The challenge as a partner is the same thing – there’s no shortage of security tools to take on.

Robert Dutt: Is that mindshare conversation with security-focused partners already happening, or is there a strategy to identify the right partners and get on their radar?

Cristin Gooderham: Those conversations are already happening – not necessarily with the more niche individual security partners yet, but a number of the GSIs have very strong security and risk practices. We’ve had a lot of reach out from Canadian partners at organizations like KPMG, where they run a security and risk practice and are very excited about these acquisitions and wanting to discuss how this folds into their practice. So there’s definitely opportunity at every level of partner.

Robert Dutt: We talked a little bit about governance, and I noticed that Bell Canada is presenting tomorrow on the subject of their governance guardrails implementation. What can you tell me about that relationship and what they’ve done? Are we starting to see a cluster of organizations moving toward that space, or is Bell still more of a bellwether?

Cristin Gooderham: When we talk about Bell, we have to talk about two different angles. We have Bell as a customer – Bell Business, who are a phenomenal customer we’ve engaged with in a very long-term relationship and who have made a huge investment to innovate on the ServiceNow platform. And then underneath Bell we also have their partner, Acteamo, which is a fully Bell-backed organization that is a services partner in the Canadian ecosystem. So there’s Bell as the customer and Bell as the partner. We have phenomenal relationships with both, and we’re very excited to see what Acteamo is doing in the ecosystem. I know they’re looking to expand not only across Canada but even into the US to bring some of the learnings from working with Bell Canada to other telcos.

Robert Dutt: When you’re talking to Canadian solution providers who’ve seen the announcements this week and are trying to figure out where they fit in the whole Agentic Business picture – what’s your advice on where to focus, where to build practice, where the opportunity is richest and most accessible right now in the Canadian market?

Cristin Gooderham: I’ll go back to what I said at the very beginning – focus on business outcomes. Nobody is interested in a discussion on agentic AI to modernize your CMDB. It’s truly about finding problems in the organization where AI can lead to either revenue generation or true cost savings. Where partners will be successful is if they can quickly identify – whether it’s verticalized opportunities across oil and gas, telco, or retail – areas where they’ve had success before and can bring that to customers. I don’t know that there’s a single point of entry. The challenge with AI is that it can do so many things. But Canadians like to start small. They like to be able to prove something out quickly, and then they like to move fast. So I would always caution partners: look for opportunities to do just that. Start small, move quickly, and then progress to the next step.

Robert Dutt: That’s great advice. I appreciate your time, especially given how busy things are. You really helped put a Canadian lens on a lot of what we’ve heard this week.

Cristin Gooderham: Thank you so much.

Robert Dutt: There you have it – Cristin Gooderham, area vice president for Canada enterprise sales at ServiceNow, recorded live at Knowledge 2026 in Las Vegas.

I’d like to thank Cristin for her time during what was clearly a very busy week for the ServiceNow team.

And thank you for listening. A few things worth pulling out of this one.

First – the Canadian conservatism point. Cristin made the case that the traits that have historically made Canadian enterprises slower adopters – caution around governance, preference for proven approaches, regulatory sensitivity – are actually an advantage in this specific moment. The agentic AI conversation leads with governance. That’s a message that lands here before it lands anywhere else, and that’s an opening for partners.

Second – the partner ecosystem observation. What she described is a market that went through a consolidation phase where boutique ServiceNow specialists got absorbed by larger integrators, and is now seeing a new generation of AI-first specialists starting to emerge and fill that gap again. If you’re a mid-sized Canadian solution provider trying to figure out where you fit, that’s encouraging news.

And third – security as the door. The Armis and Veza acquisitions she referenced aren’t just product additions. They’re a signal that ServiceNow is actively trying to pull in a new category of security-domain partners who haven’t historically been in the ServiceNow ecosystem. If your practice is in that space, it’s worth paying attention.

More from Knowledge 2026 on Monday, when I’ll have my conversation with Steven Kiss, partner and national ServiceNow practice leader at EY Canada – a conversation about what the boutique-to-big-four journey actually teaches you about where the channel is headed next.

If you’re finding In The Channel useful, we’d love for you to follow or subscribe wherever you’re listening. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. Ratings and reviews are always appreciated and always read.

Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Today’s headline news for Canadian IT solution providers:

Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, May 8, 2026, and here’s what’s happening in the channel today.

Managing Microsoft 365 Copilot is becoming a genuine operational challenge for MSPs, and a company called inforcer is positioning itself as the answer with the launch of its new Copilot Manager feature. The company, which makes Microsoft 365 multi-tenant management software for managed service providers, says Copilot Manager gives partners in-depth visibility into Copilot adoption trends across all client tenants, and – critically – the ability to monitor shadow AI usage. According to inforcer, as many as eighty percent of SMB employees are bringing their own AI tools to work, using unauthorized or open-source applications that increase the risk of data leakage. The company cites IBM research suggesting one in five organizations have experienced a breach due to shadow AI, with those carrying high shadow AI exposure averaging six hundred and seventy thousand dollars more in breach costs.

The business case here is straightforward for solution providers. Copilot has crossed twenty million paid seats. The licensing is in motion. What most MSPs lack is the infrastructure to make Copilot governance a repeatable, billable service rather than a one-time check-in conversation. Copilot Manager has already been trialed in beta by more than two hundred MSPs globally, and the company says it builds directly on a Copilot Readiness Assessment tool released last year, giving partners a documented progression from pre-sales evaluation through ongoing managed AI services.

SUSE has launched a new Sovereign Partners Specialization as part of its channel program, a move that carries meaningful implications for the Canadian market. The announcement came at the company’s annual SUSECON conference in Prague last month, with details emerging publicly this week. SUSE is positioning the specialization as an agile layer on top of its existing partner program, designed specifically for early-mover partners who already hold sovereign field certifications and are invested in the sovereign technology market. According to Hayley Wienszczak, SUSE’s head of global partner programs and success, the initial go-to-market will focus on existing SUSE MSPs who know the technology stack, working jointly to onboard the first reference customers onto a full SUSE sovereign stack.

More than ninety-eight percent of SUSE’s business runs through partners, and the company is framing the sovereign play as an opportunity to lock in that partner ecosystem around an emerging but fast-growing requirement. For Canadian MSPs, the timing aligns with accelerating regulatory pressure around data sovereignty – OSFI’s E-21 guideline on technology and third-party risk, Quebec’s Law 25, and federal Protected B requirements are all pushing enterprise buyers toward environments where data residency is a verifiable, contractual commitment rather than a vendor promise. SUSE is also opening co-sell registration to ISVs and system integrators alongside MSPs as part of the same program update.

Earlier this week, Cayosoft launched a full-cycle Microsoft identity migration service that it says is designed to address the ongoing risk that sits inside most Active Directory and Entra ID environments. The offering, called Cayosoft Microsoft Migration Services, is being delivered in partnership with XMS Solutions, a long-time provider of migration and cybersecurity services. According to the company, the service covers Active Directory, Entra ID, Microsoft 365, Exchange, SharePoint, Teams, and related identity infrastructure, and spans the complete lifecycle from pre-migration assessment through phased execution, data integrity validation, and post-migration monitoring, governance, and recovery.

The launch targets a specific and frequently mismanaged problem: migrations that declare success on go-live day while leaving behind broken permissions, duplicated identities, and poorly governed access that creates security exposure for months afterward. Cayosoft is specifically calling out M&A, divestitures, and consolidation scenarios as high-risk contexts. For Microsoft-focused channel partners, the model Cayosoft is describing – migration as the front door into a longer-term identity management and recovery engagement – represents a services motion that can extend well beyond the initial project. Partners who have historically treated Active Directory migrations as one-time engagements may find this a useful framework for repackaging that work as an ongoing managed practice.

In Brief

Kaseya has unveiled what it is calling the first Agentic IT Management Platform, powered by a proprietary dataset the company calls Kaseya Intelligence. 

GuidePoint Security has been named CrowdStrike’s 2026 Americas Partner of the Year after the two companies surpassed one billion dollars in cumulative joint sales. 

Dyna Software is showcasing its Platform Copilot at ServiceNow Knowledge 2026, positioning the tool as a way to generate ServiceNow configurations from natural language and images. 

Kyndryl has announced updates pushing AI deeper into its IT operations practice, expanding autonomous resolution capabilities across its global managed services engagements. 

Upwind has launched new runtime visibility support for Windows Server virtual machines across AWS, Azure, and Google Cloud Platform, addressing a gap in cross-platform endpoint coverage. 

Full details and links in the show notes or the blog post.

Later today on In The Channel, we continue our Knowledge 2026 series with Cristin Gooderham, area vice president of Canada enterprise sales at ServiceNow, on what the shift to agentic business looks like from a Canadian market perspective.

And if you haven’t heard it yet, yesterday on In The Channel we published my conversation with Michael Park, ServiceNow’s global channel chief, on why the company put its AI product leader in charge of the channel – and what that means for how partners get built and compensated going forward. 

That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.