#36 - From The Trenches - Cyber Compliance & vCISO Opportunity (Dan Collins) episode artwork

EPISODE · Nov 12, 2025 · 51 MIN

#36 - From The Trenches - Cyber Compliance & vCISO Opportunity (Dan Collins)

from The BMK Vision Podcast · host Josh Peterson

Independent assessor Dan Collins breaks down how SMBs should think about compliance (PCI, SOC, HIPAA), where MSPs fit, and why the vCISO lane is the biggest growth play. You’ll leave with a clear map of assessor vs. MSP roles, policy realities, insurance pressure, and sales metrics that drive enterprise value. ✅ Enjoyed this episode? Like, subscribe, and share your biggest takeaway below. https://beringmckinley.com/bering-mckinley-podcast-blog In this episode of the BMK Vision Podcast, Josh Peterson sits down with Dan Collins of 360 Advanced, an independent security assessor serving the mid-market. Collins explains how assessors validate environments against standards like PCI, SOC, HIPAA, and StateRAMP/FedRAMP requirements—while MSPs remain the hands-on implementers and remediators. The conversation tackles real-world friction in healthcare and dental, why “teeth” in enforcement (and insurers) change buyer behavior, and how incident response should flow when things go sideways. It also spotlights a major opportunity: the Office of the CISO (vCISO) as a high-margin, MRR-friendly service motion MSPs can add without “hands on keyboard.” 👉 Clear roles: assessor vs. MSP vs. insurer vs. IR teams—who does what and when 👉 Healthcare/dental reality: weak HIPAA enforcement, low risk awareness, and what flips the switch 👉 Government pressure: StateRAMP/FedRAMP/CMMC are cascading down to state/local and vendors 👉 Insurance is the throttle: underwriting, questionnaires, and event-driven requirements 👉 Growth play for MSPs: vCISO policy/oversight, planning, and security governance as MRR 👉 Sales metrics that matter: balancing EBITDA + growth (Rule-of-40 style) for higher multiples Collins closes with practical sales org structure, demand-gen tooling, and target spend bands to hit sustainable growth. Visit https://beringmckinley.com for more MSP resources. 🔗 Resources & Links • Dan Collins at 360 Advanced: https://360advanced.com • Bering McKinley MSP Consulting: https://beringmckinley.com ⏱️ Chapters • 00:00 – Dan’s path from systems dev to independent assessor • 02:11 – “We’re not an MSP”: what independent assessors actually do • 03:44 – Why assessors don’t remediate (and where MSPs plug in) • 04:35 – Ideal client size & sophistication (50–3,000 seats) • 06:17 – Healthcare & dental: low security urgency and HIPAA’s “no teeth” • 10:12 – StateRAMP/FedRAMP/CMMC trickle-down and MSP opportunity • 19:41 – Insurers as de-facto enforcers: underwriting & questionnaires • 22:50 – When breach happens: call tree, stop bleeding, collaborate • 26:28 – The Office of the CISO (vCISO) explained—no hands on keyboard • 28:39 – Building a profitable vCISO practice (MRR margins) • 41:10 – Sales evolution: org design, demand gen, and playbooks • 47:21 – Sales/marketing spend bands & targeting sustainable growth • 50:24 – Diminishing returns past ~20% growth; prioritize EBITDA • 51:26 – Where to find Dan 🔍 Primary Keywords vCISO services, security assessment, StateRAMP, FedRAMP, CMMC, MSP growth 🔍 Secondary Keywords HIPAA compliance, PCI DSS, SOC 2 audit, cyber insurance underwriting, incident response 🏷️ Tags bmk vision podcast, bering mckinley, josh peterson, dan collins, 360 advanced, vciso, compliance, pci dss, soc 2, hipaa, stateramp, fedramp, cmmc, cyber insurance, msp growth, sales metrics #️⃣ Hashtags #bmkvisionpodcast #beringmckinley #msp #msplife #cybersecurity #vciso #compliance #hipaa #pcidss #soc2 #stateramp #fedramp #cmmc #cyberinsurance #incidentresponse #mspsales #mspmarketing #itservices #infosec #riskmanagement

Independent assessor Dan Collins breaks down how SMBs should think about compliance (PCI, SOC, HIPAA), where MSPs fit, and why the vCISO lane is the biggest growth play. You’ll leave with a clear map of assessor vs. MSP roles, policy realities, insurance pressure, and sales metrics that drive enterprise value. ✅ Enjoyed this episode?Like, subscribe, and share your biggest takeaway below.https://beringmckinley.com/bering-mckinley-podcast-blog In this episode of the BMK Vision Podcast, Josh Peterson sits down with Dan Collins of 360 Advanced, an independent security assessor serving the mid-market. Collins explains how assessors validate environments against standards like PCI, SOC, HIPAA, and StateRAMP/FedRAMP requirements—while MSPs remain the hands-on implementers and remediators. The conversation tackles real-world friction in healthcare and dental, why “teeth” in enforcement (and insurers) change buyer behavior, and how incident response should flow when things go sideways. It also spotlights a major opportunity: the Office of the CISO (vCISO) as a high-margin, MRR-friendly service motion MSPs can add without “hands on keyboard.”👉 Clear roles: assessor vs. MSP vs. insurer vs. IR teams—who does what and when👉 Healthcare/dental reality: weak HIPAA enforcement, low risk awareness, and what flips the switch👉 Government pressure: StateRAMP/FedRAMP/CMMC are cascading down to state/local and vendors👉 Insurance is the throttle: underwriting, questionnaires, and event-driven requirements👉 Growth play for MSPs: vCISO policy/oversight, planning, and security governance as MRR👉 Sales metrics that matter: balancing EBITDA + growth (Rule-of-40 style) for higher multiplesCollins closes with practical sales org structure, demand-gen tooling, and target spend bands to hit sustainable growth.Visit https://beringmckinley.com for more MSP resources. 🔗 Resources & Links• Dan Collins at 360 Advanced: https://360advanced.com• Bering McKinley MSP Consulting: https://beringmckinley.com ⏱️ Chapters• 00:00 – Dan’s path from systems dev to independent assessor• 02:11 – “We’re not an MSP”: what independent assessors actually do• 03:44 – Why assessors don’t remediate (and where MSPs plug in)• 04:35 – Ideal client size & sophistication (50–3,000 seats)• 06:17 – Healthcare & dental: low security urgency and HIPAA’s “no teeth”• 10:12 – StateRAMP/FedRAMP/CMMC trickle-down and MSP opportunity• 19:41 – Insurers as de-facto enforcers: underwriting & questionnaires• 22:50 – When breach happens: call tree, stop bleeding, collaborate• 26:28 – The Office of the CISO (vCISO) explained—no hands on keyboard• 28:39 – Building a profitable vCISO practice (MRR margins)• 41:10 – Sales evolution: org design, demand gen, and playbooks• 47:21 – Sales/marketing spend bands & targeting sustainable growth• 50:24 – Diminishing returns past ~20% growth; prioritize EBITDA• 51:26 – Where to find Dan 🔍 Primary KeywordsvCISO services, security assessment, StateRAMP, FedRAMP, CMMC, MSP growth 🔍 Secondary KeywordsHIPAA compliance, PCI DSS, SOC 2 audit, cyber insurance underwriting, incident response 🏷️ Tagsbmk vision podcast, bering mckinley, josh peterson, dan collins, 360 advanced, vciso, compliance, pci dss, soc 2, hipaa, stateramp, fedramp, cmmc, cyber insurance, msp growth, sales metrics #️⃣ Hashtags#bmkvisionpodcast #beringmckinley #msp #msplife #cybersecurity #vciso #compliance #hipaa #pcidss #soc2 #stateramp #fedramp #cmmc #cyberinsurance #incidentresponse #mspsales #mspmarketing #itservices #infosec #riskmanagement

NOW PLAYING

#36 - From The Trenches - Cyber Compliance & vCISO Opportunity (Dan Collins)

0:00 51:56

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of The BMK Vision Podcast?

This episode is 51 minutes long.

When was this The BMK Vision Podcast episode published?

This episode was published on November 12, 2025.

What is this episode about?

Independent assessor Dan Collins breaks down how SMBs should think about compliance (PCI, SOC, HIPAA), where MSPs fit, and why the vCISO lane is the biggest growth play. You’ll leave with a clear map of assessor vs. MSP roles, policy realities,...

Can I download this The BMK Vision Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!