Business of Tech: Daily 10-Minute IT Services Insights Cybersecurity Insights: Policy, Identity Management and CMMC with Jon Murchison
Dave Sobel engages in a thought-provoking conversation with Jon Murchison, CEO of BlackPoint Cyber, about the current state of cybersecurity policies and practices. They discuss the initiatives surrounding "secure by design" and "secure by default," emphasizing the challenges faced by managed IT service providers in implementing these ideals. Jon expresses skepticism about the immediate impact of these policies on the ground level, noting that while they are well-intentioned, they often fall short of practical application in real-world scenarios.
The discussion shifts to the dynamics of responsibility and liability within the cybersecurity landscape. Jon highlights the disparity between software vendors and service providers regarding accountability when security breaches occur. He argues that while security providers should be held liable for secure code design and regular penetration testing, the complexities of cybersecurity make it difficult to assign blame definitively. This nuanced perspective underscores the need for a balanced approach to liability that encourages innovation without stifling progress.
As the conversation progresses, Jon shares his insights on the Cybersecurity Maturity Model Certification (CMMC) and its potential as a broader standard. He acknowledges the foundational value of existing frameworks like NIST and ISO but critiques their lack of practical guidance for organizations. Jon advocates for a more prescriptive approach that focuses on actionable steps for hardening security measures, rather than vague compliance requirements that can lead to checkbox exercises.
Finally, Jon emphasizes the critical importance of identity management in cybersecurity. He explains how threat actors have evolved their tactics, often exploiting legitimate credentials to navigate networks undetected. The episode concludes with Jon discussing the future of posture management and the need for improved security measures around automation, highlighting the ongoing challenges and opportunities in the ever-evolving cybersecurity landscape.
Supported by: https://www.coreview.com/msp/
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.