#36 - From The Trenches - Cyber Compliance & vCISO Opportunity (Dan Collins)

In this From the Trenches episode, independent assessor Dan Collins joins Josh Peterson to unpack how mid-market organizations should think about cyber risk, regulatory compliance, and security governance. Drawing on decades of work in technology audit and risk consulting, Dan explains the role of an independent assessor across frameworks like PCI, SOC, HIPAA, FedRAMP, and StateRAMP—and how those assessments intersect with MSPs, cyber insurers, and incident-response partners. Throughout the conversation, Josh and Dan connect these themes back to the broader operating system of an MSP, showing how programs like the BMK Vision platform help owners turn security and compliance obligations into a structured plan for growth, accountability, and risk reduction.

As the discussion progresses, Dan highlights why the emerging office of the CISO—and especially fractional vCISO services—represents a significant opportunity for MSPs willing to step beyond tools and tickets into true security leadership. He contrasts the behaviors of smaller firms that treat compliance as a checkbox with more mature organizations that align business risk, cyber insurance, and technical controls under cohesive governance. The episode closes with practical guidance on building a sales engine around security-led offerings, including how to budget 14–18% of revenue for sales and marketing, how to position advisory services alongside managed security, and how to recruit and develop the next generation of policy- and strategy-focused security leaders in an AI-enabled future.

For MSPs aiming to deepen their role in cybersecurity leadership and advisory services, explore these related articles: how MSPs improve cybersecurity posture and network security and the role of MSPs in implementing Zero-Trust security models.

Return to the BMK Vision Podcast main page →

Listen on Your Favorite Platform

Episode Highlights

• 00:00:32 – Dan’s journey from systems development and Big Four technology risk into founding an independent cybersecurity and compliance practice.
• 00:02:38 – How independent assessors support PCI, SOC, HIPAA, and other frameworks while collaborating with MSPs on remediation and ongoing operations.
• 00:07:27 – Why small healthcare and dental practices often lag in cybersecurity maturity despite HIPAA requirements and growing breach exposure.
• 00:11:10 – The impact of FedRAMP, StateRAMP, and public-sector regulations on vendors, subcontractors, and the MSPs that support them.
• 00:18:59 – Cyber insurance as a risk-transfer mechanism—and what underwriters are really looking for in controls, data, and incident history.
• 00:26:08 – Defining the “office of the CISO” and where vCISO services fit as a strategic, non-technical leadership function inside client organizations.
• 00:41:09 – Building a sales organization for security-led services, including targets for sales and marketing spend and balancing growth with profitability.

About the Guest

Dan Collins is the CEO and founder of 360 Advanced, a cybersecurity and compliance firm headquartered in St. Petersburg, Florida. With more than 20 years of experience in technology audit, risk consulting, and strategy—including prior roles in Big Four technology risk practices—Dan leads a team that delivers SOC, PCI, ISO, HITRUST, HIPAA, FedRAMP, StateRAMP, CMMC, and other security and privacy assessments for organizations ranging from fast-growing mid-market firms to large enterprises across healthcare, financial services, technology, government, and business services.

🌐 Learn more about 360 Advanced →

About the Host

Josh Peterson is the CEO of Bering McKinley and host of the BMK Vision Podcast. Through the From the Trenches series, Josh highlights MSP leaders who redefine growth through creativity, resilience, and genuine client connection.

📺 Subscribe on YouTube →   |   Connect with Josh on LinkedIn →