Welcome back to The CyberCall. Our guest, Joy Beland from Summit7, helps lead security and compliance at the largest MSP serving the Defense Industrial Base.

Joy joins us to share what it actually took to prepare as a service provider, what broke, what changed, and what lessons MSPs can learn if they expect CMMC — or ISO 27001 — to become part of their future.

If you’re an MSP trying to understand what real compliance maturity looks like at scale, this conversation will give you clarity — not marketing, not hype, just experience

Most MSPs don’t fail because of ransomware. They fail because they drift. They chase revenue without direction. They stack tools without a strategy.
And they wake up one year later asking the same dangerous question:

“Why didn’t last year change anything?”

Today isn’t about theory. It’s about execution.

Our guest Gary Pica, doesn’t just teach business planning—he’s been stress-testing it with real MSP owners for over 20 years. Through recessions. Through acquisitions. Through “ RMM, Cloud, Security, Automation and now AI revolutions” in our industry.

Today’s conversation is all about what comes next for Microsoft 365 — because after Ignite, it’s clear that we’re entering a brand-new era. AI agents, identity-first security, native Sysmon, tenant baselines — Microsoft is rebuilding the entire stack around speed, intelligence, and scale.

And when you talk about managing M365 at scale, there’s one person MSPs look to: Kelvin Tegelaar, founder of CIPP. Kelvin just sold out his first CIPP certification class at Right of Boom, he’s about to ship version 8.7.0, and his platform is now used by over 10,000 MSP partners trying to tame the complexity of Microsoft 365.