Dom Kirby, CISSP, SSCP
@domkirby.com
Sr. Dir. Pro Services @Pax8 | Cybersecurity Practitioner | Modern Workplace Connoisseur | Inspired People Leader | Husband, Father | LI: https://domk.pro/li | 🌎 https://domkirby.com | Views my own.
2026 will be a year of "Managed Intelligence" and deeper advisory. To stay ahead, MSP leaders must navigate some critical shifts.
I’ve laid out my full roadmap for the industry—from the AI bubble to the risk register.
Link: domkirby.com/blog/ms...
1/3
I’ve laid out my full roadmap for the industry—from the AI bubble to the risk register.
Link: domkirby.com/blog/ms...
1/3
Beyond the Helpdesk: Reimagining MSP Value in the Age of AI
From the AI bubble pop to the life-or-death reality of cyber hygiene, see why 2026 will force MSPs to pivot or drown.
domkirby.com
December 23, 2025 at 11:28 PM
2026 will be a year of "Managed Intelligence" and deeper advisory. To stay ahead, MSP leaders must navigate some critical shifts.
I’ve laid out my full roadmap for the industry—from the AI bubble to the risk register.
Link: domkirby.com/blog/ms...
1/3
I’ve laid out my full roadmap for the industry—from the AI bubble to the risk register.
Link: domkirby.com/blog/ms...
1/3
New enhancement to my blog workflow, I now have a workflow in #n8n to automagically convert the Google Doc and start a draft in WordPress!
Original Post/Workflow: domk.pro/zlcbct?utm_...
Original Post/Workflow: domk.pro/zlcbct?utm_...
December 22, 2025 at 8:33 PM
New enhancement to my blog workflow, I now have a workflow in #n8n to automagically convert the Google Doc and start a draft in WordPress!
Original Post/Workflow: domk.pro/zlcbct?utm_...
Original Post/Workflow: domk.pro/zlcbct?utm_...
The basics of securing your clients' environments with #AI or even #Agents onboard haven't changed. It's the same 5 things we've been begging for for YEARS.
If the basics aren't covered, nothing you do specifically for AI protection matters, because it's built on no foundation.
If the basics aren't covered, nothing you do specifically for AI protection matters, because it's built on no foundation.
December 19, 2025 at 3:39 AM
2025 is the first "Year of the AI Agent" I'm told. So, my first 2026 AI prediction, we'll see the first companies post entry level roles demanding ten years of agent implementation experience.
December 17, 2025 at 3:12 PM
2025 is the first "Year of the AI Agent" I'm told. So, my first 2026 AI prediction, we'll see the first companies post entry level roles demanding ten years of agent implementation experience.
Anyone keeping count of how many times "smart glasses" will be the next big thing? Maybe it'll stick this time.
In 2025, tech giants decided smart glasses are the next big thing
As we near the end of 2025, it's becoming increasingly apparent that smart glasses are going to be the next "big" thing. Here's why.
www.engadget.com
December 16, 2025 at 11:05 PM
Anyone keeping count of how many times "smart glasses" will be the next big thing? Maybe it'll stick this time.
I would say it sounded like a good idea at first, but it really didn't. Flock is a total disaster and a complete misapplication of good intention...
Flock cameras remained active in two cities where officials had asked for them to be turned off
Officials in Cambridge, Massachusetts, and Eugene, Oregon, found that some Flock Safety license plate readers were still active after the municipalities asked for services to be terminated.
therecord.media
December 16, 2025 at 7:49 PM
I would say it sounded like a good idea at first, but it really didn't. Flock is a total disaster and a complete misapplication of good intention...
AI doesn't change cyber fundamentals. At all. The 700Credit breach seems to be the result of shitty supply chain, 5 million records. The breaches will continue until hygiene improves.
Nearly 20 million affected by Prosper, 700Credit data breaches
Fintech company Prosper Marketplace and car dealership services provider 700Credit are the latest financial institutions to report data breaches affecting millions of Americans.
therecord.media
December 16, 2025 at 3:57 PM
AI doesn't change cyber fundamentals. At all. The 700Credit breach seems to be the result of shitty supply chain, 5 million records. The breaches will continue until hygiene improves.
Thou shalt test, test, and retest thou's user termination processes!
Coupang data breach traced to ex-employee who retained system access
A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company.
www.bleepingcomputer.com
December 16, 2025 at 2:11 AM
Thou shalt test, test, and retest thou's user termination processes!
Of all the things that for sure did not happen, DNS did not double your speed 🙄
December 11, 2025 at 3:56 PM
Of all the things that for sure did not happen, DNS did not double your speed 🙄
🔥This is either an affirmation or a hot take, but you need to hear it either way...
Azure Files was meant to replace a file server IN AN AZURE NETWORK. It is not meant for direct remote access over a VPN.
That is all.
Azure Files was meant to replace a file server IN AN AZURE NETWORK. It is not meant for direct remote access over a VPN.
That is all.
December 11, 2025 at 1:50 AM
🔥This is either an affirmation or a hot take, but you need to hear it either way...
Azure Files was meant to replace a file server IN AN AZURE NETWORK. It is not meant for direct remote access over a VPN.
That is all.
Azure Files was meant to replace a file server IN AN AZURE NETWORK. It is not meant for direct remote access over a VPN.
That is all.
I refuse to post "AI Slop." 🚫
But I do use AI to help. My secret is the N+1 Rule:
Write the draft (me).
Edit with Gemini.
"Blind Judge" with ChatGPT.
AI isn't the writer; it's the editor.
Here is my exact workflow (including the prompts I use): domkirby.com/?p=2019
#AI #Writing #Workflow
But I do use AI to help. My secret is the N+1 Rule:
Write the draft (me).
Edit with Gemini.
"Blind Judge" with ChatGPT.
AI isn't the writer; it's the editor.
Here is my exact workflow (including the prompts I use): domkirby.com/?p=2019
#AI #Writing #Workflow
How I Use AI to Write (Without Losing My Voice)
I don't want to just put out 'AI slop.' Here is the N+1 rule I use to write, edit, and validate my content with AI (without losing my voice).
domkirby.com
December 10, 2025 at 7:15 PM
I refuse to post "AI Slop." 🚫
But I do use AI to help. My secret is the N+1 Rule:
Write the draft (me).
Edit with Gemini.
"Blind Judge" with ChatGPT.
AI isn't the writer; it's the editor.
Here is my exact workflow (including the prompts I use): domkirby.com/?p=2019
#AI #Writing #Workflow
But I do use AI to help. My secret is the N+1 Rule:
Write the draft (me).
Edit with Gemini.
"Blind Judge" with ChatGPT.
AI isn't the writer; it's the editor.
Here is my exact workflow (including the prompts I use): domkirby.com/?p=2019
#AI #Writing #Workflow
Moving a messy S: Drive to SharePoint isn't modernization.
It’s a Tech Debt Balance Transfer. 💳
You didn’t fix the problem; you just moved the interest payments to a new account.
Stop migrating the mess. Start paying down the debt. 👇 domkirby.com/blog/te...
#MSP #TechDebt
It’s a Tech Debt Balance Transfer. 💳
You didn’t fix the problem; you just moved the interest payments to a new account.
Stop migrating the mess. Start paying down the debt. 👇 domkirby.com/blog/te...
#MSP #TechDebt
December 9, 2025 at 7:31 PM
Moving a messy S: Drive to SharePoint isn't modernization.
It’s a Tech Debt Balance Transfer. 💳
You didn’t fix the problem; you just moved the interest payments to a new account.
Stop migrating the mess. Start paying down the debt. 👇 domkirby.com/blog/te...
#MSP #TechDebt
It’s a Tech Debt Balance Transfer. 💳
You didn’t fix the problem; you just moved the interest payments to a new account.
Stop migrating the mess. Start paying down the debt. 👇 domkirby.com/blog/te...
#MSP #TechDebt
We’re obsessed with #Agents. Clients are asking for them, and vendors are selling them hard.
But here’s the uncomfortable truth: Many small businesses don’t need an Agent. They need a workflow automation that creates value.
1/4
But here’s the uncomfortable truth: Many small businesses don’t need an Agent. They need a workflow automation that creates value.
1/4
December 8, 2025 at 9:03 PM
We’re obsessed with #Agents. Clients are asking for them, and vendors are selling them hard.
But here’s the uncomfortable truth: Many small businesses don’t need an Agent. They need a workflow automation that creates value.
1/4
But here’s the uncomfortable truth: Many small businesses don’t need an Agent. They need a workflow automation that creates value.
1/4
Yes, Windows Hello is MFA! domkirby.com/blog/hello-m...
Yes, Hello For Business Constitutes MFA
Is Windows Hello really multi-factor authentication? Short answer: yes. NIST defines it as a multi-factor cryptographic authenticator, combining something you have with something you are or know. Lear...
domkirby.com
September 23, 2025 at 2:55 PM
Yes, Windows Hello is MFA! domkirby.com/blog/hello-m...
Many MSPs make the same mistake: they sell the stack.
But your clients don’t care about your EDR, your email security, or your “enterprise tech for SMB.” They care about outcomes: revenue, efficiency, and risk reduction.
Latest blog post 👉 domkirby.com/blog/msp-bus...
#MSP #AI #BusinessOutcomes
But your clients don’t care about your EDR, your email security, or your “enterprise tech for SMB.” They care about outcomes: revenue, efficiency, and risk reduction.
Latest blog post 👉 domkirby.com/blog/msp-bus...
#MSP #AI #BusinessOutcomes
Nobody Cares About Your Tech Stack - Dom Kirby
The almighty tech stack. The best EDR, rock solid email security. “Enterprise technology for the SMB.” I could go on for a while with all the clichés, and I used many of them. I was a technical buyer,...
domkirby.com
August 26, 2025 at 7:25 PM
Many MSPs make the same mistake: they sell the stack.
But your clients don’t care about your EDR, your email security, or your “enterprise tech for SMB.” They care about outcomes: revenue, efficiency, and risk reduction.
Latest blog post 👉 domkirby.com/blog/msp-bus...
#MSP #AI #BusinessOutcomes
But your clients don’t care about your EDR, your email security, or your “enterprise tech for SMB.” They care about outcomes: revenue, efficiency, and risk reduction.
Latest blog post 👉 domkirby.com/blog/msp-bus...
#MSP #AI #BusinessOutcomes
👀 Is Microsoft quietly moving on from Windows?
Between #AI and Microsoft’s cloud & datacenter pivot, it feels like Windows — the product that made Microsoft into Microsoft — is just a delivery engine for other stuff.
👉 domkirby.com/blog/windows...
Between #AI and Microsoft’s cloud & datacenter pivot, it feels like Windows — the product that made Microsoft into Microsoft — is just a delivery engine for other stuff.
👉 domkirby.com/blog/windows...
Windows is a Mess - Dom Kirby
I’ve been a Windows user for as long as I’ve been a computer user for the most part. I’ve dabbled in Mac, used plenty of Linux distros. But, day-to-day, I still use Windows. Windows XP was the first O...
domkirby.com
July 19, 2025 at 9:01 PM
👀 Is Microsoft quietly moving on from Windows?
Between #AI and Microsoft’s cloud & datacenter pivot, it feels like Windows — the product that made Microsoft into Microsoft — is just a delivery engine for other stuff.
👉 domkirby.com/blog/windows...
Between #AI and Microsoft’s cloud & datacenter pivot, it feels like Windows — the product that made Microsoft into Microsoft — is just a delivery engine for other stuff.
👉 domkirby.com/blog/windows...
Do you have a way to communicate with clients when the email goes down? Last weekend's Microsoft outage reminded me of the value of the humble status page.
domkirby.com/blog/ou...
#MicrosoftOutage
domkirby.com/blog/ou...
#MicrosoftOutage
Can your MSP Communicate Outages Out of Band? - Dom Kirby
Over the weekend (on 3/1 to be exact), there was a significant outage at Microsoft impacting primarily Exchange Online but also some other services. Even though this outage was relatively short, many MSPs reported receiving lots of emergency calls, texts, tickets, etc. With that in mind, have you thought about how you communicate outages to […]
domkirby.com
March 5, 2025 at 12:45 AM
Do you have a way to communicate with clients when the email goes down? Last weekend's Microsoft outage reminded me of the value of the humble status page.
domkirby.com/blog/ou...
#MicrosoftOutage
domkirby.com/blog/ou...
#MicrosoftOutage
The legacy MFA and SSPR settings are moving to the Authentication Methods policy on 9/30/2025, definitely something you'll want to get ahead of to avoid any potential workflow interruptions: learn.microsoft.com/...
#EntraID
#EntraID
How to migrate to the Authentication methods policy - Microsoft Entra ID
Learn about how to centrally manage multifactor authentication and self-service password reset (SSPR) settings in the Authentication methods policy.
learn.microsoft.com
March 3, 2025 at 2:46 PM
The legacy MFA and SSPR settings are moving to the Authentication Methods policy on 9/30/2025, definitely something you'll want to get ahead of to avoid any potential workflow interruptions: learn.microsoft.com/...
#EntraID
#EntraID
This is why #AdBlockers can be a helpful security tool. This ad for a "PC App Store" was conveniently placed next to the download button for Notepad++
February 26, 2025 at 8:27 PM
This is why #AdBlockers can be a helpful security tool. This ad for a "PC App Store" was conveniently placed next to the download button for Notepad++
More food for thought... Human operated attacks can be hard to detect.
Especially if they are of the #LOTL variety.
Or perhaps not hard to detect, but tricky to adjudicate. This is why an MDR service is valuable.
1/3
Especially if they are of the #LOTL variety.
Or perhaps not hard to detect, but tricky to adjudicate. This is why an MDR service is valuable.
1/3
February 18, 2025 at 7:47 PM
More food for thought... Human operated attacks can be hard to detect.
Especially if they are of the #LOTL variety.
Or perhaps not hard to detect, but tricky to adjudicate. This is why an MDR service is valuable.
1/3
Especially if they are of the #LOTL variety.
Or perhaps not hard to detect, but tricky to adjudicate. This is why an MDR service is valuable.
1/3
Food for thought... We're at 41% MFA adoption, which means simply implementing strong auth makes your client more hardened than 59% of other companies. The basics matter!
#Cybersecurity #DoBetter #CyberHygiene
#Cybersecurity #DoBetter #CyberHygiene
February 18, 2025 at 3:10 PM
Food for thought... We're at 41% MFA adoption, which means simply implementing strong auth makes your client more hardened than 59% of other companies. The basics matter!
#Cybersecurity #DoBetter #CyberHygiene
#Cybersecurity #DoBetter #CyberHygiene
There's a good chance that zero of your users need to use device codes and, if they do, they only need it for a moment. In this post, I walk through making a simple Conditional Access Policy to block device code flow for your Entra identities. domkirby.com/blog/st...
#Cybersecurity #Phishing
#Cybersecurity #Phishing
Stop Device Code Phishing with Conditional Access - Dom Kirby
Device code phishing is a real threat that often goes unmitigated. Microsoft’s recent warning that threat actor Storm-2372 is actively executing a device-code phishing campaign drives that home. If you want to learn more about device-code phishing, check out the episode of “The Game” below or perform some research. In this article, I’ll talk through […]
domkirby.com
February 17, 2025 at 10:52 PM
There's a good chance that zero of your users need to use device codes and, if they do, they only need it for a moment. In this post, I walk through making a simple Conditional Access Policy to block device code flow for your Entra identities. domkirby.com/blog/st...
#Cybersecurity #Phishing
#Cybersecurity #Phishing
"State of cyber"
Telling people to run arbitrary commands from a website is pitched as a genuine method for distributing your great software. And then we get shocked Pikachu about it when someone drops an info stealer onto their own machine. #Cybersecurity
Telling people to run arbitrary commands from a website is pitched as a genuine method for distributing your great software. And then we get shocked Pikachu about it when someone drops an info stealer onto their own machine. #Cybersecurity
February 14, 2025 at 12:20 AM
"State of cyber"
Telling people to run arbitrary commands from a website is pitched as a genuine method for distributing your great software. And then we get shocked Pikachu about it when someone drops an info stealer onto their own machine. #Cybersecurity
Telling people to run arbitrary commands from a website is pitched as a genuine method for distributing your great software. And then we get shocked Pikachu about it when someone drops an info stealer onto their own machine. #Cybersecurity
Inbox zero is nice, but I admittedly don't do the best job maintaining it. I do perform a sweep and clear about twice a year though!
January 17, 2025 at 10:44 PM
Inbox zero is nice, but I admittedly don't do the best job maintaining it. I do perform a sweep and clear about twice a year though!
Another couple of useful #PowerShell functions. This fetches a list of Microsoft SKUs to enable translation of SkuPartNumber (returned by API calls) to product names! gist.github.com/domk...
Fetches a list of Microsoft SKUs to enable part number translation to product names
Fetches a list of Microsoft SKUs to enable part number translation to product names - Fetch-MicrosoftSkuList.ps1
gist.github.com
January 17, 2025 at 4:40 PM
Another couple of useful #PowerShell functions. This fetches a list of Microsoft SKUs to enable translation of SkuPartNumber (returned by API calls) to product names! gist.github.com/domk...