Get NIST-y is a podcast that breaks compliance out of the checkbox trap and turns it into a real security advantage. No fluff, no FUD—just practical strategies to make compliance work for your MSP. Each week, we'll dive into compliance topics based on real questions from our MSP partners and subscribers.

Get NIST-y
Claim This Podcastby Blacksmith InfoSec
Podcast Overview
Get NIST-y is a podcast that breaks compliance out of the checkbox trap and turns it into a real security advantage. No fluff, no FUD—just practical strategies to make compliance work for your MSP. Each week, we'll dive into compliance topics based on real questions from our MSP partners and subscribers.
Language
🇺🇲
Publishing Since
9/2/2025
1 verified contact email on file for Get NIST-y
Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.
Recent Episodes

July 7, 2026
Stop Selling Compliance Like a Scary IT Project
<p>MSPs keep asking how to sell compliance without sounding like a fearmongering weirdo or a walking control spreadsheet. This episode is a talk from ChannelPro Chicago on why compliance sales usually go sideways, and what to do instead.</p><p><br></p><p>Takeaways:</p><p>- FUD is a weak sales strategy because whoever tells the best ghost story wins</p><p>- Clients do not care about your feature list nearly as much as risk, progress, audit readiness, and cost</p><p>- Do not sell the whole mountain, sell the first step</p><p>- Compliance should be priced like an ongoing practice, not a one-time project</p><p><br></p><p>We answer:</p><p>- How should MSPs talk about compliance in a way clients actually care about?</p><p>- Why does selling controls, frameworks, and tool features make buyers tune out?</p><p>- How can compliance create the context for more revenue without turning into sleazy upselling?</p><p><br></p><p>Make sure to follow the podcast or ask your own questions at:</p><p><a href="https://blacksmithinfosec.com/nisty/" target="_blank" rel="noopener noreferer">https://blacksmithinfosec.com/nisty/</a></p>

June 30, 2026
Evidence Collection Without the Compliance Fire Drill
<p>Security questionnaires are not the finish line. They are the opening move in a negotiation, and saying “yes” to everything can create a bigger problem than admitting what is still in progress.</p><p><br></p><p>In this episode of Get NIST-y, the cybersecurity and compliance podcast from Blacksmith InfoSec, Jared and Michael talk about turning evidence collection into a recurring habit instead of a Friday afternoon panic spiral.</p><p><br></p><p>Takeaways:</p><p>- Treat customer security questionnaires like a negotiation, not a checkbox confession booth</p><p>- User audits should follow your policy, but monthly IDP reviews can catch offboarding misses and billing weirdness</p><p>- Screenshots are not evidence if the underlying work is fake</p><p>- Backup “success” logs are not enough if you never test whether restoration actually works</p><p><br></p><p>We answer:</p><p>- What evidence should an MSP collect regularly so client questionnaires stop becoming fire drills?</p><p>- How much evidence is enough before the MSP becomes a full-time document janitor?</p><p>- What should small businesses keep when changing vendors so old proof does not disappear?</p><p><br></p><p>Make sure to follow the podcast or ask your own questions at:</p><p><a href="https://blacksmithinfosec.com/nisty/" target="_blank" rel="noopener noreferer">https://blacksmithinfosec.com/nisty/</a></p>

June 23, 2026
Shared Responsibility, Shared Delusion, and MSP Risk
<p>Shared responsibility gets ugly when the client wants compliance, but not ownership. This week's episode is about keeping MSPs out of the unpaid compliance department trap.</p><p><br></p><p>We answer:</p><p>- A medical client's cyber insurer wants annual security policies, but the doctors want the front desk to handle it. What now?</p><p>- How should an MSP separate recurring compliance help from client-owned decisions and project work?</p><p><br></p><p>Takeaways:</p><p>- A front desk person can help gather answers, but policy authority needs an executive sponsor or true practice manager.</p><p>- MSPs can review vendor risk and explain options, but the client has to own the risk.</p><p>- Executives who carve themselves out of MFA, training, or policy rules are teaching the whole company what actually matters.</p><p>- Recurring compliance services need clear scope, with sprint work and emergency evidence collection treated as projects.</p><p><br></p><p>Follow or subscribe so you don't miss the next messy MSP compliance problem. Want to get your own questions answered? <a href="https://blacksmithinfosec.com/nisty/" target="_blank" rel="noopener noreferer">https://blacksmithinfosec.com/nisty/</a></p>
45 total episodes available
Similar Podcasts
Discover related shows you might enjoy
Deep-dive analytics for Get NIST-y
Frequently asked questions
Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.
- What is Get NIST-y?
- How often does this podcast release new episodes?
This podcast updates daily.
- Where can I listen to this podcast?
This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
- Does this podcast accept guests?
Yes, this podcast regularly features guests.
Legal Disclaimer
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.


