[01:34] My guest today is MJ Shoer, the recently appointed executive director of the TSP-ISAO. We’re going to be talking about this new ISAO — information sharing and analysis organization in detail—what it is, who’s behind it, how it works, and why you as an MSP absolutely need to join it as soon as you’re done listening to this podcast.

[01:51] MJ ran his own MSP for almost 20 years, selling it in 2015. He’s now the lead coach for the ASCII Insider peer group, also a coach for Taylor Business Group, served as chairman of the board for CompTIA, along with other credentials too numerous to list—so very, very involved in the industry, and a logical choice to head up this new cross-vendor, community-wide ISAO.

[02:13] You’ll hear mention of Perch Security, who are playing a critical role in the ISAO. If you haven’t done so already, I recommend you go back and listen to episode 051 of this podcast where I talk to Wes Spencer at Perch about the spate of MSP-targeted ransomware attacks, and some of the steps you can take to protect yourself.

Listen here


The New TSP-ISAO and Why It Matters: Interview With MJ Shoer

MJ Shoer executive director TSP-ISAO MSP

[03:57] MJ: We’ve formed what we’re calling a technology service provider ISAO. Within that umbrella we’re including MSP, MSSPs, CSPs, TSPs.

[04:30] The ISAO was formed to help TSPs with current cyber security challenges by analyzing threats and providing actionable threat intelligence.

[05:19] Many channel vendors have been involved in discussions over the past year as the lead-up to the launch of the TSP-ISAO. ConnectWise volunteered the resources to get things up and running. The launch happened in November at IT Nation.

[05:46] There will be additional launch events that will bring in other organizations. The key message of the ISAO is that it’s intentionally designed to be an independent nonprofit organization.

[07:10] ConnectWise didn’t fund the TSP-ISAO. The initial funding announced at IT Nation was given by Arnie and Lauren Bellini through the charitable foundation, The Bellini Foundation. The TSP-ISAO is a 501c6, a completely independent nonprofit. MJ was hired as the executive director to run it and get it up off the ground and start communicating the message and the mission.

[08:58] Everyone needs to understand that it is its own independent entity and the success of the ISAO will be wholly dependent on the membership, including vendors and TSPs.

[09:38] The initial focus for the TSP-ISAO will be North America, but it will absolutely be global over time.

[09:58] ISAO.org—the parent body of the TSP-ISAO—was formed under the auspices of the US Department of Homeland Security.

[11:21] Feeds will be pulled in from all available government sources and vendor sources.

[11:30] They also hope TSPs will share threats that they uncover. Perch was selected as the communications platform because they have lots of experience working with ISACs and ISAOs.

[12:54] All TSP-ISAO members will get a free Perch login and access to the dedicated community on perch. Membership in the TSP-ISAO is free for 2020, then will be $99 annually after that.

[13:45] The goal is to push it proactively into the community.

[14:15] Ultimately the goal is to fully automate this as much as possible and leverage emerging concepts and technologies like SOAR to really make it a dynamic and interactive sharing of information.

[14:38] When people log on, they’ll find a profile of the threat and a risk analysis along with actionable remediation steps.

[16:02] Currently there are so many different sources that TSPs can’t consume threat information efficiently.

[19:09] It would be wonderful if long-term this organization could do things like enable insurance discounts for MSPs. This is a critical initiative at this time in our industry.

[19:57] We need to learn new ways to combat threats because the old strategies aren’t going to be enough.

[20:44] We have to share openly and in real time to fight back.

[21:29] If we band together and do everything in our power to openly share, we can make it more difficult for cybercriminals to succeed.

Listen here

Like what you hear? Listen and subscribe.