MSP Cybersecurity Stack: Crafting a Comprehensive Solution

In today’s rapidly evolving digital landscape, cybersecurity has become the cornerstone of safeguarding individuals and businesses against the relentless onslaught of cybercriminals.

Over the years, I’ve witnessed the profound impact of a well-structured cybersecurity stack, but I’ve also seen the confusion and paralysis that can plague MSPs when faced with the choice between low, medium, or high-end security solutions. To address this dilemma when my clients are building their stack, I start with a fundamental question: “If I were entrusted with the online security of my mother, grandmother, or sister, what cybersecurity measures would I install to protect them?”

This question transcends the traditional low-medium-high model and helps me identify the most suitable cybersecurity solution for my clients.


As an MSP, you play a multifaceted role in the modern digital world. Your responsibilities encompass a range of IT services, including providing cybersecurity solutions to both individuals and businesses. The challenge I regularly encounter is selecting the right cybersecurity stack for my diverse clientele, each with its unique needs, constraints, and expectations.

Traditionally, MSPs have employed a classification system, categorizing cybersecurity solutions into low, medium, and high-end categories. This approach, while seemingly logical, often falls short in addressing the intricacies of each client’s specific requirements. It’s a one-size-fits-all model that can result in either inadequate or overpriced protection, leaving both my clients and me in a perplexing situation.

The primary shortcoming of the low-medium-high model is its lack of personalization. Each client has distinct needs, budget considerations, and risk tolerances. This approach tends to focus on profit margins rather than the client’s safety and security. To overcome this challenge, I’ve adopted a more personalized approach.


The question I pose, “If I were supporting my mother, grandmother, or sister,” serves as a guiding light in my decision-making process. It compels me to view cybersecurity through a personal, caring lens. It shifts the focus from mere profit to the genuine well-being of the client.

By answering this question, I can create a cybersecurity stack that offers the highest level of protection within the client’s budget, aligning my offerings more closely with individual client needs.

This perspective is transformative. It directs me towards crafting a cybersecurity stack that not only ensures the client’s safety but also resonates with them on a personal level. It’s an approach that goes beyond business; it’s about safeguarding the people we care about most.


In the dynamic world of cybersecurity, staying current is non-negotiable. To emphasize the importance of evolving security measures, I wholeheartedly endorse Bruce McCully’s recommendation to incorporate a date into the solution’s name. For instance, “2024 Cybersecurity Solution” communicates a vital message: cybersecurity is not a one-time investment, but a commitment that demands constant adaptation.

Branding the solution with a date assures my clients that their cybersecurity stack will receive annual updates and upgrades. In the rapidly changing landscape of cyber threats, this commitment to ongoing enhancement brings peace of mind to clients. They know that their cybersecurity isn’t static but continually improving to protect against the latest vulnerabilities and dangers.


To further enhance the robustness of my cybersecurity offerings, I also embrace established cybersecurity frameworks. These frameworks serve as comprehensive guides, offering a structured path to building effective cybersecurity stacks that adhere to industry best practices.

  • NIST Cybersecurity Framework: The National Institute of Standards and Technology’s (NIST) framework offers a systematic approach to managing and reducing cybersecurity risk. It’s organized into five functions: Identify, Protect, Detect, Respond, and Recover, ensuring that all facets of security are covered.
  • CIS Controls: The Center for Internet Security (CIS) provides a prioritized set of actions to counteract the most common cyber threats. These controls are grouped into three Implementation Groups, enabling me to tailor my approach to each client’s specific needs.
  • ISO 27001: The International Organization for Standardization’s (ISO) 27001 standard offers a structured approach to managing sensitive information. Compliance with this standard guarantees the security of data and adherence to best practices in information security management.
  • CMMC (Cybersecurity Maturity Model Certification): Tailored for contractors working with the U.S. Department of Defense, CMMC assesses and enhances the cybersecurity practices of organizations in the defense supply chain.

By aligning with one or more of these frameworks, you can ensure your MSP cybersecurity stack is built upon internationally recognized best practices. This not only strengthens security but also instills confidence in your clients, assuring them that their data and systems are protected according to industry standards.


The world of cybersecurity is in constant flux. New threats and vulnerabilities emerge regularly, making it essential for me to remain updated and adaptive. As an MSP, you should be actively seeking opportunities for continuous education and stay informed about the latest developments in the field.

I recommend investing time and effort in attending cybersecurity conferences, webinars, and workshops to expand your knowledge and network with experts in the industry. This ongoing education ensures that you can provide your clients with the most up-to-date and effective cybersecurity solutions.


In the intricate world of cybersecurity, MSPs often grapple with the challenge of selecting the most suitable solutions for their clients. The traditional low-medium-high approach, while well-intentioned, can lead to confusion and inefficiency. However, by posing the simple yet profound question, “If I were supporting my mother, grandmother, or sister,” you can create an MSP cybersecurity stack that is not only effective but deeply personalized.

Bruce McCully’s recommendation to include a date in the solution’s name underscores the importance of annual updates, assuring clients that their cybersecurity is continually evolving to protect them from emerging threats. By aligning with established cybersecurity frameworks and investing in continuous education, you ensure that your clients receive the best protection in the digital age.

I firmly believe that cybersecurity should be a top priority for MSPs. If you have any inquiries or require guidance in shaping your cybersecurity strategy, please do not hesitate to contact me. I am here to assist you in navigating the ever-changing cybersecurity landscape and ensuring that your clients remain safe and secure.