MSP 1337 - Cybersecurity Maturity Journey | Guidance and Best Practices for MSPs and MSSPs

Clear communication is one of the most overlooked and most costly challenges in IT service providers. In this episode, Chris sits down with Amy Reczek, communication and presence expert, to unpack why misalignment happens between leadership, teams, and clients, and how understanding the “why” behind communication changes everything. From ineffective meetings and virtual body language to intent versus impact, this conversation dives into the human gaps that tools and systems can’t fix, and what ITSP leaders can do instead.

The critical importance of going beyond just getting technology to work, addressing the underlying security, scalability, and proper implementation, rather than just fixing symptoms. Eric Hansen, of Inland Productivity Solutions, emphasized the importance of starting troubleshooting at the very beginning, even when engineers claim they've already done everything. He discussed their hiring process, which prioritizes people skills and problem-solving abilities over technical expertise, using unsolvable scenarios to test how candidates handle pressure and know when to escalate. While Eric and I might have found a few rabbit holes in this episode, I hope you will hear a recurring theme: delivering cybersecurity in everything you do with your clients. "We're still in the people business."

A real-world phishing incident. Real financial impact. Real lessons for MSPs.
In this episode, we unpack a phishing attack that led to unauthorized access to an Azure subscription and significant financial loss for an MSP client. The conversation goes beyond the incident itself to examine where policy gaps, weak controls, and unclear ownership increased liability, and what changed when the MSP committed to cybersecurity maturity.
Joined by Chad Holstead, we walk through how pursuing the GTIA Cybersecurity Trustmark helped transform the MSP’s security posture, improve privileged access controls, and dramatically change the insurance conversation, lowering costs while increasing coverage. This isn’t about adding more tools; it’s about leadership, governance, and proving maturity before advising clients.
If you’re an MSP talking cybersecurity to customers, this episode makes one thing clear: secure your own house first.
For more GTIA On location interviews, head over to YouTube and just search GTIA On Location or use this link

Google Ads can disappear overnight, and for millions of businesses, it has. In this episode, John Horn of Stub Group breaks down the growing cybersecurity risks behind Google Ads account suspensions and why 39 million accounts were shut down in 2024.
We explore Google’s automated, all‑or‑nothing enforcement model, how website vulnerabilities, phishing attacks, and account takeovers trigger suspensions, and why recovery is often harder than prevention. The conversation also dives into the impact of AI on search behavior and SEO, the rise of click fraud, and why Google still dominates search advertising despite the emergence of AI platforms.
If you advertise online or manage digital infrastructure, this episode offers practical guidance on securing ad accounts, preparing websites for advertising, and avoiding costly mistakes that can shut down growth overnight.

Cybersecurity maturity isn’t earned in audits, it’s earned in the operational moments where governance either shows up… or it doesn’t. Today’s conversation with Mike Stewart of Anchor Networks goes deep on MSP maturity. How leadership tone, culture, and repeatable decision systems turn policies into actual behavior.
We cover why security awareness must be frequent (not annual), why “the why” behind policies matters, and why AI is now a governance challenge as much as a technical one—especially as acceptable use expectations evolve. The goal: use AI to reduce overload and automate routine work, while strengthening critical thinking and verification habits.