Dave MacKinnon, chief security officer at RMM vendor N-able, spoke with ChannelPro about the company’s participation in the Joint Cyber Defense Collaborative (JCDC). A partnership between public and private-sector organizations, the collaborative aims to reduce security risk in infrastructure and supply for MSPs and their customers. The Cybersecurity and Infrastructure Security Agency (CISA) created JCDC in 2021 as a collective effort to strengthen cyber defenses.
ChannelPro: What motivated this collaboration for N-able?
MacKinnon: The motivation for me is pretty simple. I want the community to be safer. There was no business motivation. It wasn’t an interest to make more money and it wasn’t an interest to get press releases. It was to drive a more secure ecosystem for our MSP partners and their customers.
ChannelPro: N-able’s background is in RMM. How does cybersecurity play into the company’s mission?
MacKinnon: It’s one of the three core pillars of the organization. John [Pagliuca, N-able president and CEO] takes security very seriously. I get to spend a significant amount of money in building both secure software and making sure the organization is treating security as part of the cultural DNA, making sure it’s infused in everybody’s DNA.
ChannelPro: What lessons did N-able absorb from the 2020 SolarWinds breach? (N-able spun off from SolarWinds subsequently.)
MacKinnon: There’s a number. The biggest one is there is an understanding that it can happen to anybody. There’s a huge awareness of security, and that’s why John is so big on having it be part of our culture. It also allows us to do a lot more training around preparedness, so one of the things we do twice a year is we actually practice cyber incidents. We go through our IR plans so when we have an incident, we are better for it. The intent is never to have an incident, but the reality is everybody has an incident. It’s just how big does that incident get over time.
ChannelPro: What do you expect the outcome of the collaboration with JCDC to be?
MacKinnon: The goal is to provide insight and best practices around securing the MSP ecosystem, so helping some of those MSPs know what to do, and how to share threat intelligence, things like that.
ChannelPro: How much of your contribution to this collaboration is inspired by feedback from your MSP partners?
MacKinnon: Obviously, I’ve learned a ton from MSPs. The huge benefit is MSPs are involved in the JCDC initiative. They have a voice at the table as well so we are able to collaborate and make sure we’re sharing information in an effective manner and a way that would positively impact both themselves and their customers.
ChannelPro: What can MSPs gain from this initiative that they wouldn’t otherwise?
MacKinnon: We’re all talking through the same microphone. It’s vendor-agnostic, which is important. When I talk about security, I talk about security as a team sport. And this is security for Team MSP. It’s not security for Team N-able. The huge benefit is you get a vendor-agnostic series of information and recommendations that apply to all MSPs. On the vendor side, our vendors should basically be taking similar initiatives internally to ensure we are collectively working to keep all our customers secure.