Too many business leaders — including MSPs — still approach cybersecurity in isolation, according to Kaseya CISO Jason Manar. Instead of treating it as a core business function, they fail to connect the dots between security and operations.
During an in-depth interview with ChannelPro at Kaseya Connect Global 2025, Manar shared what he’s learned from decades in law enforcement and technology, and how Kaseya’s cybersecurity approach is evolving to meet tomorrow’s challenges.
What Do MSPs Misunderstand About the Threat Landscape?
When a threat actor gains access to a system, think of it as a misalignment, Manar advised. “It’s a misalignment between security, product, business, and even personnel and IT. All those things are what ultimately cause what I dubbed ‘the breach before the breach.'”
That is Manar’s shorthand for the unspoken risk that builds up when organizations don’t understand how different areas of the business create vulnerabilities that bad actors can exploit.
CISOs should have in-depth knowledge of their company and its operations, Manar said, whether or not they report directly to the CEO. The goal is to gain a holistic understanding of business risk from multiple perspectives — financial, operational, reputational. You can make better security decisions with that shared context.
Jason Manar
Should MSPs adopt a similar mindset about business risk? Absolutely, Manar emphasized. “We all need to have that mindset.”
Back to Basics in Cybersecurity
Manar spent 16 years in the FBI before joining Kaseya. That background influences the way he approaches cyber preparedness.
One of the most common patterns he saw in cybercrime investigations was that victims could easily identify the cause in hindsight.
“Ninety-five percent of the time, they already knew the thing that got them hacked. The system that wasn’t patched. The misconfiguration that never got fixed,” Manar said. “That’s what makes it so frustrating — and so solvable.”
Basic cybersecurity hygiene isn’t optional; it’s table stakes. For MSPs, that means patching, asset management, user training, and data classification need to be prioritized at every opportunity.
Security First, Security Always
When asked if he thinks of Kaseya as a cybersecurity company, Manar paused for a moment and then said, “Yes, definitely.”
Since coming onboard, Manar’s team has pushed the organization to deepen its security-first commitment. That shift has filtered through internal training, product development, and partner-facing initiatives.
“Things have changed in the four years that I’ve been here, and so has the culture,” he said. “You can see that change on stage [at Kaseya Connect]. The culture is shifting in real time. It’s a new day, a new era. That applies to how we engage with the community, our partners, and our customers.”
He compared it to the way car safety evolved from the days when people would routinely drive without a seatbelt. “Even going 35 miles an hour and hitting an abrupt stop could cause serious injury. I’d be negligent if I didn’t make sure my kids are properly restrained, if I didn’t make sure my family is taken care of before I even put the car in gear.
“I’m still thinking about all the things I need to run the business effectively. I’m just making sure we think about security first.”
How AI and Automation Help
Internally, Kaseya’s cybersecurity capabilities lean on AI to optimize incident response and security operations. But Manar was careful to warn that AI can be as much of a liability as an advantage.
“If a company hasn’t done the basics of organizing and classifying its data, and they let AI loose in the environment, what happens?” he said. “AI is ingesting all that data. All someone has to do is prompt, ‘Find me a sequence of X number … of Social Security numbers, credit card numbers,’ whatever else? The results come back in tenths of seconds, not even a second.”
So, MSPs should treat AI like any other tool that can either amplify strength or multiply risk, he recommended. The right foundation built on security best practices makes all the difference.
Preparation is King
Being prepared is another recurring theme in Manar’s strategy. Kaseya runs multiple tabletop exercises each year using realistic attack simulations. “We practice a lot. We go through cyber ranges with real attack scenarios. We let people experience the pressure. And then we do after-action reviews to get better.”
He likened it to the flight training that commercial airline pilots go through. “If you don’t practice, you lose your ability to figure out what’s going on in a crisis and respond appropriately. A pilot friend of mine took a week off and he said he could tell the difference when he got back in the cockpit.”
Manar acknowledged that small MSPs don’t always have a deep bench of incident response professionals on staff. That said, they can still emulate Kaseya’s cybersecurity approach by investing in cross-training and treating security talent as a team effort.
“It’s not about hiring the smartest person in the room. It’s about building a team that works together, grows together, and supports the mission,” he said.
Compliance is Everyone’s Concern
Regulatory pressure adds yet another layer. Manar noted that Kaseya has to meet compliance requirements across GDPR, SOC 2, and various U.S. state regulations, with an eye on incoming frameworks like DORA in the European Union.
“Ignorance of the law is no excuse,” Manar noted. “Even for small MSPs, it’s on you to make sure your contracts, your MSA, and your data handling align with the law. Get good legal counsel early.”
He admits that while it’s a heavy lift, it is also a non-negotiable. “Your clients expect it. Regulators demand it.”
Parting Wisdom
Despite the challenges, Manar is optimistic. The MSP industry has a unique opportunity to elevate itself by becoming not just IT providers, but trusted security partners.
“I don’t know anyone who’s done anything meaningful and found it easy,” he said. “MSPs are on the front lines of keeping small businesses alive in a digital world. That makes this mission worth it.”
In addition, the MSPs that grow the fastest are the ones who are doing both IT and security, he shared. “Clients want a partner who can handle the full picture. So be that partner.”
➡️ Must-read announcements from the Kaseya Connect Global conference.
➡️ Chief Product Officer Jim Lippie addresses questions on Kaseya’s brand new MSP tools.
