Carson Easterling

Fortinet admins are seeing attackers exploiting a patch bypass for a previously fixed FortiGate authentication bypass (CVE-2025-59718) to hack patched firewalls. https://t.co/CbX91QZWT5

I don’t remember most of my past. But I remember the work. I moved fast through wins, losses, and challenges. Always forward. That pace helped me survive (myself). It also meant I rarely stopped to reflect. As the year wraps, I’m learning to slow down without losing the drive.

Most teams aren’t scared of AI. They’re scared of what their data might do once AI touches it.

Every CFO wants cost control. Every CIO wants less chaos. A tool audit solves both.

Shadow IT isn’t “rogue employees.” It’s employees trying to get their job done faster. Your job is to make sure it doesn’t break the company.

The biggest risks aren’t hiding. They’re sitting in plain sight. Unpatched devices. Old accounts. SaaS apps no one remembers buying. Clean that up and half your security worries disappear.

One quiet IT question always shows up when considering a MSP: “Can they solve our bandwidth issues without stepping on toes?” It’s not about tech — it’s politics. Help only works if it doesn’t create friction. Ignore that, and you lose the deal before it starts.

The riskiest environments I see are the ones missing rhythm. No weekly checks. No monthly reviews. No quarterly documentation updates. No predictable cadence. Consistency = stability. Tools = amplification. Ppl mix these up all the time.

A quiet but very real question in every MSP eval: “Will this make me look good to my boss?” IT leaders carry the risk. They choose partners who lower it.

Every IT leader asks this when considering outside help (even if they won’t say it): “Are these guys actually better than what we have?” It’s the first filter. They’re not comparing tools. They’re comparing relief. If you can’t answer this for them, nothing else matters.

Small teams don’t hold on to tasks because they want control. They hold on because handing things off feels riskier. The question they’re asking themselves: “Will this be done right if I’m not watching it?” Fix that trust gap and capacity opens up fast.

Compliance isn’t scary. Reactive compliance is. You already run on rhythms—payroll, reviews, renewals. IT needs the same rhythm. Not a 3" or 4" binder. A monthly/quarterly cadence. Compliance-as-a-service = cadence.

If your stack has 100+ apps, there’s a good chance no one knows what half of them do. SaaS has become the Wild West. Before you buy new tech, clean up the tech you already pay for.

The “we’ll get to it later” approach to cyber risk is killing SMBs. 94% were hit at least once last year. A hit +/- $50K can close the doors. You don’t need a giant solution—you just need a program that keeps the basics tight, every month, not annually.