Quarter 1, 2024
MSPCyberX Files
Latest News from the Corners
Issue #1
Brian Hubbard
Introducing MSPCyberX
News from Town Square
Ellicott City, MD - In response to the constantly evolving cybersecurity landscape and the challenges faced by managed service providers (MSPs), MSPCyberX has been unveiled as the definitive hub for MSPs and cybersecurity compliance experts.
MSPCyberX fosters collaboration and knowledge-sharing among MSPs and cybersecurity professionals. MSPCyberX offers insights into cybersecurity compliance topics relevant to MSPs. The platform provides an interactive space for members to address and tackle MSP-specific cybersecurity challenges.
At MSPCyberX, our mission is clear: to enhance cybersecurity for small to medium-sized businesses by empowering MSPs with the tools and knowledge they need.
MSPCyberX plays a pivotal role in strengthening the cybersecurity posture of these organizations, thereby safeguarding the cybersecurity of the nation's infrastructure.
Explore membership options, visit MSPCyberX's website (MSPCyberX.com).
The Townsquare is where all the major announcements will come from.
Kelly Hood, Optic Cyber Solutions
Cybersecurity Framework v2.0: Aligning Compliance Requirements
On February 26th, 2024, the National Institute of Standards and Technology released an update to the widely adopted Cybersecurity Framework (CSF). The CSF was initially released back in 2014, and underwent a minor update in 2018, but this release marks the first major update in a decade resulting in the CSF v2.0.
The CSF was initially created to help secure U.S. critical infrastructure but was quickly adopted by companies and government agencies of all industries, sizes, and nationalities. Understanding that Managed Service Providers (MSPs) have a unique challenge in managing disparate requirements across clients, the CSF has proven to be a great tool for managing these challenges. Due to its flexible nature and the number of standards and compliance requirements that have been mapped to it, many organizations have been using it to build and guide their cybersecurity programs.
Further, while the CSF is not itself a compliance standard, it has provided a framework for managing both compliance requirements and cyber risks to become the “Rosetta Stone” for cybersecurity across industry. Additionally, the inclusion of the new Govern Function further emphasizes this point by highlighting the need to have a cybersecurity strategy to
MSPCyberX launched on February 14, 2024, filling a critical need for the MSP Community.
Brian Hubbard
National Cyber Director Praises MSPCyberX Initiative
National News
help in managing cybersecurity risks and requirements to drive cyber resilience.
Through its structured approach and common language, the CSF enables easier conversations at every level of an organization, from strategic discussions with the board to technical talks with IT and security teams.
The CSF has 3 primary components: the Core, the Implementation Tiers, and the Profiles. The Core is a set of cybersecurity outcomes that can be used to understand “what” needs to be done to manage a cybersecurity program. The Tiers are a tool for measuring “how well” those capabilities are being managed and the rigor required for implementing cybersecurity capabilities to manage cyber risk. And finally, the Profiles are the mechanism for capturing what is being done today as well as what needs to be done in the future.
These Profiles can be a game changer for companies looking for more efficient ways to manage their compliance requirements – whether it be CMMC, ISO 27001, or FTC Regulations. Leveraging the outcomes in the Core to define risk-based targets informed by the Tiers into a Profile has been the key for many organizations to streamline requirements and validate expectations. The CSF acts as the common language to align disparate requirements and streamline efforts.
MSPCyberX is a community, purpose built to support MSPs.
Corner Focus
Orientation
CMMC Corner will be a hot bed of activity.
The MSPCyberX is organized as a small town to facilitate ease of access and to make your experience more enjoyable. The center of the town is the Town Square, where all general announcements will be posted. The Library will house cybersecurity compliance resources and is organized by bookshelves for each topical area. We want to encourage discussions about products that MSPs are trying to use, have used successfully, or are causing them issues. This will take place in the General Store. However, this is a sales pitch free town. Absolutely no solicitation.
The National Cyber Director Harry Coker, Jr. recognized the MSPCyberX as an important commitment that supports the National Cyber Workforce and Education Strategy (NCWES), which aims to strengthen the nation's cyber capabilities and resilience. The NCWES includes four pillars of strategy: equipping every American with foundational cyber skills, transforming cyber education, expanding the cyber workforce, and strengthening the federal cyber workforce. It also envisions a future where workers have access to good-paying cyber jobs within their communities, educators can upskill the public continuously, and employers can diversify their workforce.
MSPs support an estimated 75-80% of US small to medium-sized businesses, making them a critical piece of the nation's cybersecurity infrastructure. However, MSPs often face complex and evolving
In a small town, people tend to talk on the street corners and exchange ideas. We are building corners for each major compliance framework or regulatory initiative that members want to talk about. We have started corners for CMMC, CIS, HIPAA, and others.
The Workshop is where we will work on collaborative projects that will help the entire community. We always welcome project ideas and will facilitate discussions in the workshop.
The Diner will be a place for meaty discussions about various cybersecurity topics that members bring up.
We will be posting alerts and articles about cybersecurity issues facing MSPs in the Jailhouse.
The MSPCyberX community has 2 main outlets, the website, and the Slack Environment. The Member Resources section of the website and a Slack environment. The Member Resources area is available to all membership levels and will house curated information. We are attempting to provide you with a one-stop shop for compliance related information and resources, so you do not have to search all over the Internet to find
Business owners often make the assumption that when they hire an MSP they are also outsourcing their cybersecurity program and that it is no longer their responsibility to be compliant, it is the MSPs responsibility.
MSPs need to clearly set expectations with their clients that cybersecurity and compliance are a shared responsibility. The MSP cannot secure a business on their own.
One tool that an MSP can use to facilitate this conversation with their clients is a Shared Responsibility Matrix (SRM). SRMs can
compliance requirements that vary by industry and region. MSPCyberX helps MSPs navigate these challenges and improve their security posture. MSPCyberX launched in February 2024 and has over 20 MSPs on board as of mid-March. It aims to have over 100 by the end of the year.
"I am super stoked that the MSPCyberX got recognized by the National Cyber Director as a valuable contribution to the national cyber strategy," said Brian Hubbard, President of Evolved Cyber, LLC and Founder of MSPCyberX. "We recognize that MSPs are an essential part of the critical infrastructure in the United States. Small business relies on them for their survival. MSPs need the best support and advice available. We are happy to watch the MSPCyberX expand and invite MSPs from all over the country to be part of our community."
This update represents a significant milestone in the evolution of cybersecurity management reinforcing the CSF’s pivotal role in bridging the gap between cybersecurity practices and compliance standards across diverse industries. Whether a company is just starting its cybersecurity journey or looking to enhance existing practices to meet compliance requirements. The CSF’s structured, yet flexible, approach provides a comprehensive framework for understanding essential cybersecurity measures and a tool for managing cyber gaps.
NIST CSF adds the Govern Function to emphasize the need for cybersecurity strategy.
The Town Buzz
Scoop from the street
We have heard news, thanks to Jacob Horne at Summit 7, that the Federal Acquisition Regulation (FAR) rule requiring all Federal Contractors to safeguard Controlled Unclassified information by conforming to NIST 800-171 requirements is likely to be published in draft form this summer.
The FAR CUI rule will drive a huge demand for compliance support from MSPs
relevant material. The Slack environment is where active conversations and workshops take place. This environment is reserved for the Participating and Active members.
The town is structured to be flexible and change with the needs of the membership. Our Town Council (aka, the steering committee) is made up of MSPs drawn from the Active members. They will help us ensure that MSPCyberX meets your needs.
MSPCyberX Is organized with a small town backdrop to make it easier to navigate and invite a sense of community.
MSPs and their clients must work together to implement a cybersecurity program that works for the business and is compliant.
Shared Responsibility Matrix
News From the Workshop
take on many forms and may not all be well suited to the unique needs of the MSP community.
The SRM is such an important piece of the puzzle for MSPs, we decided to tackle it as one of the first projects in the Workshop.
The Workshop is a place to build tools and collaborate with the community to make them more effective for the MSP community. Some of our members have already put the SRM to use and will be providing feedback to continuously improve it.
The first members of the steering committee: Bobby Guerra, Shel Phillips, Toby Musser and Kevin Mann.
MSPCyberX Steering Committee Announced
MSPCyberX Governance Corner
The MSPCyberX has established a steering committee drawn from the ranks of the Active members. We are happy to introduce the first 4 members of the committee: Bobby Guerra, Kevin Mann, Toby Musser, and Shel Philips.
Bobby Guerra is the CEO and Owner of Axiom, a managed service provider in Jacksonville, Florida. With over 25 years of experience in information technology and cyber security, Bobby has climbed many mountains and grown from them. The most recent journey he has started is CMMC. He has his CCP certification and hosts a podcast called Climbing Mount CMMC, which focuses on the transparency of his personal CMMC journey, in hopes to inspire others as they tackle the same mountain.
Kevin Mann is President of Resilient IT, an "MSP" entirely focused on cybersecurity insurance alignment and NIST 800-171/CMMC consulting and preparation, with over two decades of industry experience. Kevin is a CAICO CCP and CCA, and the author of the Amazon best-selling book The Compliance Formula and Cyber Sucker. Kevin’s primary motivation for focusing on CMMC compliance is inspired by his desire to help keep the United States of America safe from foreign cyber-invaders. He knows there is a lot of confusion out there and is deeply committed to helping businesses understand the exact steps they need to take to keep their business, client data, and country safe.
Tobias Musser is the CEO of MNS Group - who specializes in Security and Compliance services and IT implementation for government contractors based in Harford County, Maryland. MNS Group is a CMMC Registered Provider Organization (RPO) and Authorized C3PAO, that provides assessments, readiness, and preparation practices. A cybersecurity evangelist, he has served as a beta tester and consultant to various security and compliance software developers. He is a founding member of the Baltimore Cyber Range Consortium, the first company in the United States to provide cybersecurity range training specifically for workforce development. He is a member of the Harford Community College Cybersecurity Curriculum Advisory Committee. Toby has worked in Workgroups under the Secretary of the State of Maryland, as a board member in the University of Maryland Medical Systems and the Board of Technology Subcommittee for Aberdeen Proving Ground Federal Credit Union.
Shel Philips is a PMP and CCP working in the CMMC trenches to raise the level of security for the Defense Industrial Base and the MSPs providing support. As a 45+ year veteran in the technical project management business, he has added subject matter expertise in cybersecurity and specifically CMMC to the mix to attack the challenges we face. Shel trains other MSPs in cybersecurity policy development through one of the major software license vendors and works to help the industry reach critical mass for secure IT support.
