We spent a decade building security around the network. Then five years around the endpoint. The whole time, sitting right in front of every user, every day the browser. Unmanaged. Unexamined. Trusted by default.

The 2026 Verizon DBIR makes it hard to look away anymore. Infostealers, session token theft, OAuth attacks almost every major attack pattern this year runs through the browser at some point.

Today's guest thinks about this problem at a scale very few people get to. He's going to help us understand what the MSP community is missing and what it actually means to secure the place where work happens.

Arunesh Chandra, Head of Product, Microsoft Edge for Business joins The CyberCall to discuss these topics and more.

This week we're doing something a little different. Instead of talking about CMMC in the abstract, we're putting an actual document on the table the CMMC Program FAQ, freshly updated to Revision 2.3.

It's the kind of document most contractors skim and most MSPs never read closely.

To help us read between the lines, we have one of the sharpest interpreters of CMMC in the industry. Jacob Horne has spent years doing exactly this — taking dense regulatory language and turning it into something a contractor can actually act on. Today we're going to put him to work, page by page, on what this document really says, what it quietly doesn't, and where the traps are hiding.

If you serve the defense industrial base, this is the episode to take notes on.

CMMC is no longer theoretical the rule is final, the clock is running, and every MSP in the DIB is about to find out whether the work they've done actually holds up under an assessment.

To cut through the noise, we have someone who sees this from angles almost nobody else does. Scott Singer is chair of the Cyber AB’s C3PAO Advisory Council, former CEO of CyberNINES and current President of ControlCase’s Federal Division and he runs two authorized C3PAOs, CyberNINES and ControlCase and a FedRAMP 3PAO. He's helping shape the rules, sitting across the table doing the assessments, and preparing companies to pass them.

We're going to demystify the C3PAO role, talk honestly about the backlog, and get specific about what separates MSPs setting their clients up to pass from the ones setting them up to fail.