We're taking this week off, so instead of hearing us talk about compliance this week, you get to hear us rap!

In this special episode, Mike and Jared talk about the compliance trends and cybersecurity disasters in an entertaining recap of 2025. Stay tuned for the 2026 preview!

Want to get your own questions about cybersecurity or compliance answered? Head on over to https://blacksmithinfosec.com/ask

This is part one of a two-part crossover with Adam Walter from Humanize IT⁠. In this episode, we dig into two real listener questions that every MSP will recognize. First, we help Marisol from a dental practice understand why compliance is a program and not a one-off project, using an orthodontics metaphor that goes way further than anyone planned. Then we answer a question from Ryan, a COO who is tired of QBRs that feel like meaningless status updates. We break down what a useful business review should actually look like and how MSPs can steer the conversation toward real outcomes. If you want clearer, more human client communication, start here.

Drop your own question at blacksmithinfosec.com/ask and make sure to catch part two next week on the Humanize IT podcast.

In this episode of Get NIST-y, hosts Jared Casner and Michael Zbarsky talk about how MSPs can stop seeing compliance as a burden and start using it to grow their business.

Question 1: “When I'm talking to prospects, compliance always comes up as a pain. How can MSPs flip compliance into a trust signal or competitive advantage instead of a burden?” — Daniel, MSP Sales Leader in Chicago

Jared and Mike dig into how strong compliance can actually make you faster, smoother, and more secure. They share real examples of how automating user management, auditing accounts, and simplifying security can build trust and help you win bigger contracts.

Question 2: “I'm really struggling to grow recurring revenue. How can packaging compliance into our offering actually increase margins and reduce those emergency calls?” — Alex, MSP Owner in Phoenix

They explain how to turn repeatable compliance work into steady revenue, reduce late-night “hair on fire” calls, and make your MSP more valuable to clients. You’ll hear how a simple “say it, do it, prove it” approach can strengthen your security culture, keep clients loyal, and help you charge what you’re worth.

Got your own compliance question? Send it in at blacksmithinfosec.com/ask.

Most MSPs think they have incident response under control, at least until chaos hits. In this live episode of Get NIST-y, hosts Jared Casner and Michael Zbarsky sit down with Bob Miller, CEO of IR Game and Chief Evangelist for Right of Boom, to explore why even the most “mature” IR plans crumble under pressure and what real-world readiness actually looks like.

From the limitations of tabletop exercises to the emotional gap that keeps decision-makers complacent, Bob shares hard-won lessons from decades in the trenches. The trio dives into:

• Why traditional tabletop exercises fail to simulate true incident pressure

• How emotional engagement and muscle memory are key to effective response

• The overlooked human and legal pitfalls, from communication missteps to conflicts of interest with insurers and forensics teams

• Why 80% of incident response is not technical, it’s business continuity, PR, compliance, and people under stress

• How to align your IR plan with frameworks like NIST and HIPAA (without tripping contractual landmines)

It’s a masterclass in turning theory into muscle memory, packed with war stories, practical guidance, and a few “oh sh*t” moments every MSP can learn from.

Want to get your own questions answered? Head over to https://blacksmithinfosec.com/ask!

In this episode of Get NIST-y, we're joined by our friend Dustin Puryear, founder of https://giantrocketship.com/. We talk about how to use automation, documentation, and compliance to set your MSP up for success and long-term, sustainable growth.

Want to get your own questions answered about cybersecurity or compliance? Head on over to https://blacksmithinfosec.com/ask

In this episode of Get NIST-y, hosts Jared Casner and Michael Zbarsky engage with Jean Templin, founder of nayak.ai, to explore the evolving landscape of sales, particularly in the context of AI. They discuss the importance of building trust and rapport with clients, understanding buyer perceptions, and leveraging AI to enhance emotional intelligence in sales interactions. The conversation delves into practical strategies for framing conversations, handling objections, and the significance of customizing sales approaches to meet client needs. The episode also addresses the challenges of ghosting in sales and the role of AI in providing insights and support throughout the sales process.

Want to get your own questions about cybersecurity and compliance answered? Head over to https://blacksmithinfosec.com/ask!

Our questions this week revolve around training and culture.

The first is, “I’ve rolled out security awareness training, but it doesn’t seem to stick. How do you actually build a culture where employees care about cybersecurity?”

The second is, “We’ve been doing phishing tests, but people get upset and feel tricked. How do you balance training and testing without making employees resent IT?”

Want to get your own compliance or security questions answered? Ask them at ⁠https://blacksmithinfosec.com/ask

Jared and Mike talk with guests Everykey and TurboDocx! Is AI a powerful tool for cybersecurity — or is it too early to tell? What tasks can we trust AI to perform like pro, and which still need human oversight and expertise?

Want to get your own compliance or security questions answered? Ask them at ⁠https://blacksmithinfosec.com/ask

Jared and Mike talk with guests (and fellow PitchIT participants) HitWit and Palisade! We'll discuss the best way to engage and convert clients using a variety of marketing and sales channels (and cutting-edge tech!)

Want to get your own compliance or security questions answered? Ask them at ⁠https://blacksmithinfosec.com/ask