The MSP Cybersecurity Exchange (MSPCyberX)

[00:00:00] Welcome back climbers, I'm your co-host, Kayleigh Floyd and this is another episode of Climbing Mount CMMC.

[00:00:11] Today I am joined by Brian Hubbard to talk about the MSP Cybersecurity Exchange.

[00:00:17] Brian is also the president of evolved cyber solutions and the founder of MSP Cyberacts.

[00:00:23] Brian is also a certified CMMC assessor and certified information security manager.

[00:00:29] With over 40 years of cyber security knowledge, Brian is excited to share his new mission in vision for MSP Cyberacts.

[00:00:36] So without further ado, let's get into this episode.

[00:00:42] Hello everyone and welcome to another episode of Climbing Mount CMMC.

[00:00:48] Today I am joined with Brian Hubbard and we are going to be talking about the new MSP Cybersecurity Exchange, also known as MSP Cyberacts.

[00:00:59] And so I am so excited for you guys to dive into what this is, his mission, his vision behind it.

[00:01:07] And you know, without further ado, I think let's just talk about Brian.

[00:01:12] If you want to share with them, what is MSP Cyberacts?

[00:01:18] Yeah, absolutely. Thanks for having me on.

[00:01:21] And yeah, MSP Cyberacts is a community really that is forming between MSPs and cyber security professionals.

[00:01:31] Bringing folks together, bringing most in particular, we're bringing together cyber security compliance professionals with the MSPs to help work through not only one of the challenges for MSPs around all the various compliance.

[00:01:46] Things that are coming down the pike at them, but also to help them help their clients because all their clients are getting hit with any number of compliance things.

[00:01:58] MSP Cyberacts, CMMC obviously being one of them, FTC, the safeguards rule, HIPAA has always been there.

[00:02:06] And a number of other things, SCC rules, DHS rules, there's all kinds of rules coming down at the pike at small to medium sized businesses.

[00:02:16] And what we want to do is be able to help as many of those small businesses as possible.

[00:02:21] And the best way to do that in my long-winded career has been, it's been to work with companies that work with lots of those different companies.

[00:02:34] So working with MSPs will help to magnify the impact and help to get to as many small businesses as possible to help them shore up their cyber security.

[00:02:44] And ultimately the security of the nation, and again, the splicing for the nation.

[00:02:49] That's awesome. I love it. I love your guys' mission and your vision behind what you're trying to do.

[00:02:55] Also because we're walking through a lot of that journey right now as well ourselves.

[00:03:00] And so we really relate to it as a company.

[00:03:05] And so when they go to sign up, what is there to expect? What's inside? What are the benefits when you sign up for something like this?

[00:03:17] Yeah. So kind of expanding on a little bit on what we're trying to do.

[00:03:25] There's kind of that information sharing concept. Right?

[00:03:28] So having one place to go to get all the information they need about all these different compliance regimens and how to approach them, that sort of thing.

[00:03:37] So we're trying to do that. We're providing that via our website.

[00:03:43] And we start out with our informed members, you know, the lowest tier of our membership other informed members can get access to all of that information that we're collecting.

[00:03:54] We're curating that information for across internet, i.e., we're giving you pointers. So there are places. So it's all in one place.

[00:04:01] So that information sharing is huge, right? But that's not enough. Right? It's not enough to give people a big dump of information and expect them to weed up out the important bits.

[00:04:15] So what we're trying to do is create a platform to allow for knowledge building.

[00:04:21] Right? So we're sharing that information, but we're also going to be working together through a collaborative environment, a Slack channel basically, you know, a Slack environment.

[00:04:33] We consider it a community. So we've kind of structured their overall MSP cyber access as a community and, you know, kind of structured around a small town, kind of kind of scenario where we have a, we have various corners, we have the, we have the barbershop where you can go in and talk about anything you want to talk about.

[00:04:54] We have, we have the library where all the books reside. We have, you know, the town hall where all the announcements will come from and that sort of thing. But, and then we have corners.

[00:05:03] We have the different corners to talk, go out and stand on those corners and talk about the different different things. The CMMC corner is going to be a real hot one. And we have, we have, we have, we have a hip corner, we have all kinds of different corners to go talk about things.

[00:05:18] We're the general store to go talk about different products that you might, might be trying to use and a sort of thing. We're not going to do sales pitches. We're going to avoid, you know, kind of being a salesy kind of platform.

[00:05:30] We're going to, we're really to talk about what are the best practices and things it is.

[00:05:35] So from a membership perspective, so we have our informed members, which I talked about. And that's they've come in and, and avail themselves of all the content will bring in together.

[00:05:45] And then we have participating members and participating members are those that can participate in the Slack community.

[00:05:52] And, and we'll have monthly calls and things like that to get people together.

[00:05:58] The Slack community is important because it's really where the cyber security community and the MSP community are going to come together.

[00:06:06] Not only the MSPs can share information amongst themselves, which is, you know, kind of kind of great because they'll be able to share best practices and things that they do.

[00:06:15] But also then to bring in that cyber security compliance perspective and make sure that what we're talking about is actually going to meet, meet some of these requirements and run bringing experts from all the different, different aspects of compliance, all of the compliance regimens.

[00:06:31] And then our, our, our, our premier membership is, is kind of, is called active members and active members participating in all of that.

[00:06:40] But then we're also providing an hour or a quarter of consulting services from one of the cyber security space.

[00:06:47] And that's included in the membership just to come out and a work on your one-on-one, work with you on your, on your issues and try to get you pointed in the right direction.

[00:06:57] And then also quarterly workshops.

[00:07:02] So we're, we have a really important kind of the workshop concept. We have a workshop on the Slack channel.

[00:07:08] We have it, that's one of our buildings that we have where we're working on. Right now, we're working on shared responsibility matrices and things like that.

[00:07:18] So that's one of the topics that we're working on right now.

[00:07:23] But, but then they'll also all have live live workshops like, you know, either live or virtual in person or not.

[00:07:35] And then you can work through real problems. Well, and those are all driven by the steering committee and the steering committee is made up of an MSPs.

[00:07:46] So we didn't want the same being, you know, I'm a cyber security geek. Right. So that's what I am. That's where I live.

[00:07:54] So it's important that it not be from my perspective. It's important that this whole thing be driven from the MSP perspective.

[00:08:02] And so that's why we have a steering committee that's made up totally of MSPs and Bobby's, Bobby's one of those.

[00:08:11] He's on the steering committee, which is great. So we're looking forward to having having to be really impactful for the MSPs because of that.

[00:08:20] So that's kind of our three memberships informed participating in active. The inform membership is a free membership because hey, I'm just bringing together information and provided out there participating in active come with the come with the fee covers cover the costs of doing that.

[00:08:39] Right. And all of this is on your guys's website right MSP cyber X dot com is that correct? Yeah, MSP cyber X dot com is our website and our our we we had our initiative actually recognized by the White House.

[00:08:56] Wow.

[00:08:58] Yeah, so we we were working with one of the community colleges here and locally to where I am involved in or on Baltimore.

[00:09:07] And they were having an event with the national cyber scurry director.

[00:09:13] So they you know what and I've been working with them for a while. So they reach out and said hey do you have any issues that you want to talk about with respect to workforce development.

[00:09:21] Cyber cyber workforce development. And I said well yeah, do I have this MSP cyber scurry exchange that we're getting ready to launch and so I got talking about that and they're like that's great.

[00:09:32] We want we would like you to write that up for us. So we wrote it up. It was actually announced by the national cyber director.

[00:09:40] And has been listed on is now listed actually on the on the White House's website for.

[00:09:50] That's awesome workforce initiative. So it is important and the nice thing about that is it was it's really the only initiative that's listed under the workforce.

[00:09:58] And it's really important that is focused on MSPs. MSPs being you know critical resource for the nation.

[00:10:07] And I think it's a great recognition that that's important and they really need to, you know that that that part of the workforce is going to be key to everything we do going forward.

[00:10:22] I was really curious while you were talking about what exactly the pain point was that gave you the inspiration to start this.

[00:10:32] You know, what was it that you are feeling was missing? There was like an emptiness maybe something that you felt personally that inspired you to kind of start this initiative.

[00:10:44] That's a great question. So so I'd say you know couple of years ago started really well maybe more than a couple but we're when we started it down the CMMC path, we're realized that hey, small businesses are really struggling with these requirements and and seen then that most small businesses 70 to 80% of small businesses use some in some form a many service provider.

[00:11:13] And so so wanting to reach those small businesses and help them do that the small businesses themselves in many cases.

[00:11:23] They don't have any IT people right there it's they're relying on their MSP and if the MSP is an armed with the right kind of information and it isn't prepared to help those companies, those companies are going to flounder and they're going to have have issues and in you know ultimately lose lose business and

[00:11:41] have challenges in getting contracts and things like that. So so we wanted to work with those and the other Heather kind of key thing was so I'm I'm as you said in the announcement, I've been doing this for a lot of years.

[00:11:57] Yeah.

[00:11:58] So I'm hopefully going to retire sometime in my lifetime maybe five to six years from now.

[00:12:06] And then 2023 I you I was able to work with about 20 20 companies right so I and so I just was multiplying that out and I said well not all those were small but but

[00:12:20] if I can only work with for another five or six years and that means I can only really reach about 120 companies is that's not enough right I wanted to have a bigger impact.

[00:12:31] So that was the other aspect of it, I wanted to reach I wanted to magnify what I can do and and bring a community together that will impact thousands and thousands of small businesses to try to help bring bring up the level of cybersecurity in the

[00:12:48] country. So that's really what is driving it, you know that was why I'm spending all my on my waking hours on it but then the other motivation is that hey you know people people need to be aware of compliance I need to be getting ready for compliance and getting me to do it and

[00:13:07] the other other piece of it I am very anti compliance for compliance.

[00:13:14] So when you develop a good compliance should be an outcome of a good cybersecurity program so building this good cybersecurity program helps your business it helps you get to do what you need to do and oh by the way you're going to comply with all the regulations coming out.

[00:13:35] Yeah so that's that's kind of what I wanted to make sure that our community builds that culture kind of builds that culture a list list focus on building good cybersecurity and and and then let's not forget about all this compliance stuff that goes along with it.

[00:13:53] Right right you know another word that really stands out as you're talking about this is just transparency which we are so big on and we talk I mean we advocate for it with all I feel like every episode we mentioned the word

[00:14:13] transparency but you know it's so important to be able to be educated to make educated decisions based on what you hear and your Slack channels the information that you gather all of those things are giving this transparent view for MSPs you know so they can really see what's happening be educated on what's going on

[00:14:40] so that they can make better decisions for their clients so that their clients have a better outcome right and so it like that was just another thing that I just kept seeing throughout all your discussions about MSP cyber access is just like the transparency of it is so key as well.

[00:15:01] It is and again in a non non competitive community right I mean it's everybody you know that's why we wanted to have a community feel was because a community works together right in the community brings up everybody at the same time so you know they're all it takes a village comes up.

[00:15:22] Yeah so we feel like you know take take the competitive edge off and get in get into these discussions where everybody everybody is sharing everybody is is is benefiting from the knowledge being shared simultaneously essentially and and yeah and that's why we don't want sales sales pitches we don't want you know and and everybody coming in should just kind of take off their competitive.

[00:15:52] So if you have a competitive head and list focus on helping everybody succeed because there are so many if all the MSPs that join this community succeed and help all these thousands going to go up those hundreds of thousands of other companies that still need help right so there's nobody's going to lose business everybody's going to gain business from this it's going to be a way to help help MSPs recognize more more revenue because obviously they everybody needs to make a living.

[00:16:22] Right. And grow their business and everyone wants to grow their business so this is a way to do that but to do that in a way that is kind of I don't want to say standard but it's you know it's kind of a kind of a common common sense of what needs to be done.

[00:16:38] Yeah laying that laying that foundation of community.

[00:16:42] Foundation is a great work thank you for that one.

[00:16:44] Yeah.

[00:16:45] Yeah.

[00:16:46] Yeah no I just I love this and this is also you know I think I'm so passionate about what you're doing and how you're doing it because that's also what we're trying to do with this podcast you know is just help people on the journey of CMMC and being transparent and being vulnerable about what we're doing and maybe even the mistakes that we make not just things we did right but the things that we did wrong you know.

[00:17:14] Absolutely.

[00:17:15] Because you can benefit from both and so it's you know it's not about being competitive always but you know being able to work together so that you can you guys can succeed together you know and there is there is a world for that and I love that you're showing that there is one for that.

[00:17:34] Yeah definitely.

[00:17:35] Yeah definitely.

[00:17:36] Yeah.

[00:17:37] So I'm curious you kind of mentioned this just a little bit but the last thing that I wanted to ask you is is there something that you guys are just you know you're starting off now it is open so open for business you can sign up today right but is there something right now that you're noticing that as a community you guys are really tackling right now and focusing on is there something that's more in the forefront of your vision that you see happening right now.

[00:18:04] Yeah you know and that one of the reasons we we picked the project that's working in the workshop around the shared response really matrix concept is that we feel strongly that MSPs need to be able to express what their service offerings are doing for their clients right so how is how is their service offering help them helping them comply but also you know what what is it that the MSP is going to do.

[00:18:33] Versus what is it the customer needs to do right because the MSP can only do so much right so either you know for example when it comes to access control right and and.

[00:18:45] MSP may be managing all the all the access to to a clients information and that's everything that's great they can just make up users right the the customer has to actually vet the users and they hear is the user and here's the stuff that they should have access to.

[00:19:02] And then the MSP influence that right so there's a responsibilities at every step of the way and in going through that process with respect to you know we're going to start out with CMMC and any mistake 101 21 kind of controls but we're going to expand span this concept from there is to go through each of those and say okay what is it your your service offering is doing.

[00:19:28] And how would how would that customer express that to an auditor they came in an assessor they came in and then what are those responsibilities that you have what are the that your customer has that does a lot of things right so it helps with the compliance arguments obviously but it also helps with with the service level agreements the things that the customer the expectations setting the expectations for the customers.

[00:19:57] So that the MSPs aren't caught with in this scenario that they their customers are mad at them because something happened when.

[00:20:05] They must be had nothing to do with that yeah.

[00:20:09] Didn't ask you to do that they were doing that.

[00:20:12] That kind of thing so so we want to make sure that that's so that's one of the workshop issues and why we're working on that right off the bat.

[00:20:20] Yeah no that's that's great yeah and us you know as MSP we're also we're doing that right now as well which I'm sure Bobby's in that workshop living it up you know because we're implementing that in our business too and it is so critical and you don't realize sometimes how critical that kind of stuff is until something negative happens right in the light fallback on you when it shouldn't have necessarily so happy.

[00:20:50] And I'm trying to make sure that you're doing that having that standard SLA's those kind of things those are those are definitely crucial for for you to have.

[00:21:00] Before we close today I want to make sure that everybody knows that again you can find all of this information and more on the website which I've also linked in the description so MSP cyber ex dot com right Brian that's right.

[00:21:14] They can also if anybody is once did have information more on said once I have a discussion about it send an email to support at MSP cyber ex dot com and we'll reach back out and get you the information that you need.

[00:21:31] Awesome love it Brian thank you so much for hopping on here and sharing your mission your vision and why you started this initiative we are so excited to be a part of it with you and continue watching you guys grow and help many many businesses out there.

[00:21:50] So thank you so much for joining us today and sharing what you have to offer.

[00:21:54] Thank you Kayleigh really appreciate it yeah and thank you guys for listening or watching if you're watching.

[00:22:00] If you're watching on YouTube we hope you guys enjoyed today's podcast and we'll see you in the next one cheap on promise.

[00:22:07] Make sure to follow us on LinkedIn and YouTube to stay up to date on the latest CMMC news.

[00:22:13] We hope you guys enjoyed today's episode and listen out for the next one but until then keep on climbing.

[00:22:30] Thanks for watching.

[00:23:00] Thanks for watching.