Independent assessor Dan Collins breaks down how SMBs should think about compliance (PCI, SOC, HIPAA), where MSPs fit, and why the vCISO lane is the biggest growth play. You’ll leave with a clear map of assessor vs. MSP roles, policy realities, insurance pressure, and sales metrics that drive enterprise value.
✅ Enjoyed this episode?
Like, subscribe, and share your biggest takeaway below.
https://beringmckinley.com/bering-mckinley-podcast-blog
In this episode of the BMK Vision Podcast, Josh Peterson sits down with Dan Collins of 360 Advanced, an independent security assessor serving the mid-market. Collins explains how assessors validate environments against standards like PCI, SOC, HIPAA, and StateRAMP/FedRAMP requirements—while MSPs remain the hands-on implementers and remediators. The conversation tackles real-world friction in healthcare and dental, why “teeth” in enforcement (and insurers) change buyer behavior, and how incident response should flow when things go sideways. It also spotlights a major opportunity: the Office of the CISO (vCISO) as a high-margin, MRR-friendly service motion MSPs can add without “hands on keyboard.”
👉 Clear roles: assessor vs. MSP vs. insurer vs. IR teams—who does what and when
👉 Healthcare/dental reality: weak HIPAA enforcement, low risk awareness, and what flips the switch
👉 Government pressure: StateRAMP/FedRAMP/CMMC are cascading down to state/local and vendors
👉 Insurance is the throttle: underwriting, questionnaires, and event-driven requirements
👉 Growth play for MSPs: vCISO policy/oversight, planning, and security governance as MRR
👉 Sales metrics that matter: balancing EBITDA + growth (Rule-of-40 style) for higher multiples
Collins closes with practical sales org structure, demand-gen tooling, and target spend bands to hit sustainable growth.
Visit https://beringmckinley.com for more MSP resources.
🔗 Resources & Links
• Dan Collins at 360 Advanced: https://360advanced.com
• Bering McKinley MSP Consulting: https://beringmckinley.com
⏱️ Chapters
• 00:00 – Dan’s path from systems dev to independent assessor
• 02:11 – “We’re not an MSP”: what independent assessors actually do
• 03:44 – Why assessors don’t remediate (and where MSPs plug in)
• 04:35 – Ideal client size & sophistication (50–3,000 seats)
• 06:17 – Healthcare & dental: low security urgency and HIPAA’s “no teeth”
• 10:12 – StateRAMP/FedRAMP/CMMC trickle-down and MSP opportunity
• 19:41 – Insurers as de-facto enforcers: underwriting & questionnaires
• 22:50 – When breach happens: call tree, stop bleeding, collaborate
• 26:28 – The Office of the CISO (vCISO) explained—no hands on keyboard
• 28:39 – Building a profitable vCISO practice (MRR margins)
• 41:10 – Sales evolution: org design, demand gen, and playbooks
• 47:21 – Sales/marketing spend bands & targeting sustainable growth
• 50:24 – Diminishing returns past ~20% growth; prioritize EBITDA
• 51:26 – Where to find Dan
🔍 Primary Keywords
vCISO services, security assessment, StateRAMP, FedRAMP, CMMC, MSP growth
🔍 Secondary Keywords
HIPAA compliance, PCI DSS, SOC 2 audit, cyber insurance underwriting, incident response
🏷️ Tags
bmk vision podcast, bering mckinley, josh peterson, dan collins, 360 advanced, vciso, compliance, pci dss, soc 2, hipaa, stateramp, fedramp, cmmc, cyber insurance, msp growth, sales metrics
#️⃣ Hashtags
#bmkvisionpodcast #beringmckinley #msp #msplife #cybersecurity #vciso #compliance #hipaa #pcidss #soc2 #stateramp #fedramp #cmmc #cyberinsurance #incidentresponse #mspsales #mspmarketing #itservices #infosec #riskmanagement
