Chris Johnson - Gaining Trust with Security Trustmark

Chris Johnson is a cybersecurity compliance strategist at heart. He is currently CompTIA’s senior director of cybersecurity programs and ex-officio chairperson of the CompTIA Security Community. In this role, he champions the abilities of MSPs looking to focus more on cybersecurity. 2:22 – Chris discusses his background in the IT industry. He believes that many of the people who were listening fell into it. He had a lot of nasty jobs early in my career because he was someone who said, "I didn't like working at U Haul anymore," but he also had the chance, during the dot-com era, to sort of get his cut by volunteering for a school system at the time. 7:58 – Brian stated that one of the most significant issues in this sector is that anyone can become an MSP tomorrow. 11:37 – Tim has a question for Chris, which he referred to briefly in the beginning, because not everyone is ready to delve deeply into all of this. There are so many shifting parts, such as he knew a new provider, a new company attempting to enter this area. “How do they engage with you?”, “What are the first steps they take”, “What does that look like?”, “How can they achieve some of the things that you just talked about ?” 16:25 – Brian noted that if we look at CIS as a kind of stepping stone based on trust markets, it's a good area that people can get started today since he's always seen CIS as pretty common sense controls for practically every organization. 22:11 – Brian believes we have a good understanding of the measures an MSP can take to get organized. Maybe we can wrap up the conversation today by talking a little bit about what audit expectations would be for the end user. It's not necessarily about dollars and cents, but what that process feels like because many MSPs have never been a part of an audit for either their customers or themselves. 26:45 – Brian believes that if you want the program to be successful in the long run, you must approach it with the perspective that you are going in to improve your business and make your service delivery stronger and more secure. 29:19 – Chris advises getting involved with CompTIA and the membership because these are good places to find resources that can help you navigate this journey and you don't have to do this to yourself. CIS is a great place to start if you are even remotely considering addressing cybersecurity in your organization, especially with group one being somewhat—he doesn't say simple—but it's kind of linear control one step one.