Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
It’s time to meet the man behind our weekly Threat Brief.
Adam spends hours researching the latest threats to find and share solutions with you, and I had the pleasure of sitting down with him for this week’s episode.
His 15 years investigating cybercrime as a police officer taught him lessons that directly apply to MSP incident response.
His biggest takeaway? Most MSPs have detailed procedures but struggle when chaos hits.
This week’s Threat Brief
From our guest, Adam Pilton – Cybersecurity Advisor at Heimdal and Ex-Cybercrime Detective
Hex Strike AI Automates Attack Workflows: A next-generation open source security framework links large language models like ChatGPT, Claude and Copilot with over 150 cybersecurity tools.
Originally designed for red teams and security researchers, threat actors saw the potential immediately.
Within hours of Citrix disclosing NetScaler zero days, hackers began using Hex Strike AI to automate entire exploitation processes.
The AI agents scan the internet for exposed appliances, fire off exploits, check if they landed, retry if they failed, and drop web shells for persistence.
All without human intervention.
✅ Three actions for today:
-
Patch Citrix systems immediately – don’t delay for change windows
-
Segment remote gateways and RMM consoles as crown jewels
-
Adjust patch pipelines to respond in hours, not weeks
If attackers are automating their exploitation, defenders must automate their response too.
The reality of incident response
“You can have perfect policies, procedures in place, but the reality is in that moment when you don’t know who’s attacking you, how they’re doing it, why they’re doing it, even if it’s over, it’s chaos, it’s panic, and you cannot fit that into a beautifully crafted procedure.” – Adam Pilton
Adam’s experience responding to 999 calls taught him that no incident ever looks the same.
Whether it’s a road traffic collision or a ransomware attack, there are core pillars that stick throughout: communication and governance.
The key is understanding what you’re trying to achieve and sticking to those core pillars rather than memorizing procedures.
Why Tabletop Exercises Are “Gold Dust”
Adam doesn’t understand why tabletop exercises aren’t used more often. “That is the moment that you find out what we’re strong in and what we’re not so strong in.”
His favorite reality check: Ask your team if they’d pay a ransomware demand. Everyone has an opinion. Then ask, “Who here knows how to get cryptocurrency?”
Silence.
He recommends making exercises relevant to your organization – something that could actually happen rather than a “far-fetched attack where everything goes wrong and it’s nuclear in its destruction.”
The opportunity extends beyond internal training.
It’s a service MSPs can provide to clients, helping them understand the value of cybersecurity while practicing their own response.
The Hotel That Lost Everything
Adam shared a story that hit hard. A hotel was hit by ransomware. No backups. Weak cybersecurity. They lost their entire booking system.
The immediate issue? They couldn’t take new reservations. The long-term issue was worse.
“Going into summer, they thought they were fully booked. But with no records, they couldn’t confirm who had booked and who hadn’t. They might have to turn people away or scramble to rehouse them.”
Their data was encrypted and lost forever. That’s awful.
Building Trust Through LinkedIn
Adam builds relationships before ever shaking hands.
“There are people I’ve never met in person. But when we finally do connect, it feels natural. We already have a relationship because we built it on LinkedIn.”
He adds, “It’s better to recognize someone’s face and greet them by name than to be approached by a stranger you don’t remember.”
Security Awareness Done Right
Many MSPs handle training the wrong way.
“What I see is this. I, the MSP, have a tool. And I give the same tool to everyone, regardless of context.”
Adam takes a different approach. He starts by understanding the organization first.
One client saw incredible results. They rolled out training every two weeks. Over 90 percent of employees consistently engaged.
Engagement was so high that one of the training contributors was invited to the client’s Christmas party.
🔥 MSP Hot Seat
A listener asked:
“I run a small but growing MSP. If you were starting from scratch, with limited resources and a big desire to stand out, what would you do first to land five clients?”
Adam replied:
“Trust and simplification are everything. Build trust, whether through LinkedIn, in-person meetings, or whatever fits. Become their trusted advisor.
“Keep the clients you already have. Give them reasons to stick with you. If they trust you, they’ll recommend you. And before long, those five new clients will show up.”
Adam’s message is clear. Simplicity and trust always win.
Whether it’s incident response, awareness training, or client acquisition, the MSPs who succeed are the ones who make cybersecurity clear and build relationships that last.
Thanks for reading!
PS. Got a question for the MSP Hot Seat? Or a guest suggestion? Get in touch on LinkedIn, I’d love to hear from you
