🤝 MSP Peer Groups and Communities

Whether you’re seeking guidance on scaling your business, navigating market changes, or simply looking for camaraderie among those who understand your journey, there’s a peer community out there that fits your needs. Investing time in the right network will not only accelerate your professional growth but also make the journey of running an MSP more rewarding and resilient.

Miss our live podcast last week? Then you missed out on some great insights from nodeware’s Matthew Koenig and the Blacksmith guys regarding compliance positioning, upselling, and differentiation! Click the button below to check out the recording!

🛡️ Bringing Compliance into Your Day-to-Day Operations

Mature, sustainable compliance isn't about superficial preparation for the next evaluation, but building systems that naturally produce compliant outcomes day after day. This fundamental difference enables delivery of services that clients can confidently rely upon — not just documentation that looks impressive during audits.

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

• Get daily AI news, tools, and tutorials

• Learn new AI skills you can use at work in 3 mins a day

• Become 10X more productive

Sign up and start mastering AI

❓ Understanding Compliance Maturity

Rather than viewing compliance as a fixed state with some kind of 'on-off switch', compliance maturity models recognize it as an evolutionary journey through distinct developmental stages. Such frameworks deliver multiple strategic benefits to MSPs and their clients: taking them from reactive to proactive, operationalizing risk management, and fostering a culture of security and compliance.

⚠️ Threat Updates

🔴 Multiple Windows Zero-Day Vulnerabilities Under Active Attack (5/15/25)

Microsoft has confirmed five new zero-day vulnerabilities in Windows, including CVE-2025-32701 and CVE-2025-32706 in the Common Log File System Driver, which allow attackers to escalate privileges to SYSTEM. These flaws are already being exploited in the wild, with attackers able to take over systems and deploy ransomware or other malware. CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging organizations to patch immediately to prevent compromise. » More Info

🔴 Earth Ammit Supply Chain Attacks Expand Beyond Drones (5/19/25)

The threat actor known as Earth Ammit has broadened its supply chain attack campaign, targeting not just Taiwanese drone manufacturers but also heavy industry, media, technology, healthcare, and payment service providers in both South Korea and Taiwan. Organizations are urged to strengthen vendor assessments and monitor for suspicious activity linked to trusted partners. Trend Micro: "Earth Ammit's long-term goal is to compromise trusted networks via supply chain attacks, allowing them to target high-value entities downstream and amplify their reach." » More Info

🗨️ Parting Words

“Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.”

— Chris Pirillo

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith can form the backbone of your profitable, low-lift compliance offering.