Turning Compliance into MSP Revenue (EP 985)
I caught up with Jared Casner of Blacksmith InfoSec after MSP IT Expo to unpack what’s really working for MSPs around security, compliance, and client education. We talk about starting small with CIS IG1, mapping your existing stack to NIST CSF, and using QBRs to show progress instead of just ticket counts. If you’re wrestling with pricing, packaging, and monetizing cybersecurity and compliance services, this conversation gives you concrete strategies you can put to work fast.
If you’ve ever stared at NIST, CIS, or SOC 2 requirements and thought, “Where do I even start?”, this episode is for you. Jared Casner from Blacksmith InfoSec joins me to break compliance out of the checkbox trap and show MSPs how to turn security frameworks into real, billable services your clients will actually value. We cover practical steps, real stories, and a simple way to talk about compliance without scaring or confusing your customers.
Chapters
- 00:00 Welcome, conference recap, and setup
- 00:48 Running into Jared at MSP IT Expo
- 03:02 Sessions vs. vendor hall and MSP show strategy
- 06:11 Talking to non‑MSPs and sharpening the value pitch
- 09:59 Who is Blacksmith InfoSec and what they do
- 12:13 Frameworks first: NIST CSF, CIS, and mapping to compliance
- 17:30 Security as a long‑term investment, not a quick fix
- 24:26 What MSPs should prioritize now: third‑party and supply chain risk
- 31:41 Monetizing compliance and packaging MSP services
- 36:26 Turning compliance into projects, shared responsibility with clients
Guests
- Blacksmith InfoSec: https://blacksmithinfosec.com
Companies / Vendors / Products Mentioned
- MSP IT Expo (MSP EXPO / ITEXPO in Fort Lauderdale): https://www.mspexpo.com
- Omni Hotel (Omni Hotels & Resorts): https://www.omnihotels.com
- NIST Cybersecurity Framework (NIST CSF): https://www.nist.gov/cyberframework
- CIS Controls (Center for Internet Security): https://www.cisecurity.org
- CMMC (Cybersecurity Maturity Model Certification): https://dodcio.defense.gov/CMMC
- HIPAA (Health Insurance Portability and Accountability Act): https://www.hhs.gov/hipaa
- FTC Safeguards Rule: https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know
- Florida Bar: https://www.floridabar.org
- Axios Breach: https://www.bloomberg.com/news/articles/2026-03-31/axios-software-tool-used-by-millions-compromised-in-hack
- NPM (Node Package Manager): https://www.npmjs.com
- Get NIST‑y (podcast by Blacksmith InfoSec): https://blacksmithinfosec.com/nisty
- EOS (Entrepreneurial Operating System): https://www.eosworldwide.com
- Pumpkin Plan (business framework): https://pumpkinplan.com
=== SPONSORS:
- Livestream Partner, ThreatLocker: https://www.itbusinesspodcast.com/threatlocker
- Technology Partner, NetAlly: https://www.itbusinesspodcast.com/netally/
- Technology Partner: Bvoip: https://www.itbusinesspodcast.com/bvoip
- Travel Partner: TruGrid: https://www.itbusinesspodcast.com/trugrid
- Digital Partner, Designer Ready: http://itbusinesspodcast.com/designerready
=== SHOW MUSIC:
- Item Title: Upbeat & Fun Sports Rock Logo
- Item URL: https://elements.envato.com/upbeat-fun-sports-rock-logo-CSR3UET
- Author Username: AlexanderRufire
- Item License Code: 7X9F52DNML
=== Connect with Uncle Marv
🌐 Website: https://www.itbusinesspodcast.com/
🎙 Host: Marvin Bee
🛒 Uncle Marv’s Amazon Store (gear & tools I recommend): https://amzn.to/3EiyKoZ
☕ Support the show: https://ko-fi.com/itbusinesspodcast
If you found value in this episode, share it with another MSP, IT provider, or tech entrepreneur. Your support helps keep practical, no-nonsense IT business conversations coming every week.
