January 03, 2026
Mike Moran is the co-founder and president of Affiliated,
a cybersecurity, IT compliance, and IT Managed Services company based in
Columbus, Ohio. He recently sat down
for an interview to discuss the
importance of a proactive, compliant, business-aligned approach to
cybersecurity and managed services.
With more
than 30+ years of business technology consulting experience, Mike leads
Affiliated's company-wide strategy, marketing, and corporate development
activities.
How does Affiliated stay updated on the latest cyber threats and vulnerabilities?
We maintain a proactive and structured approach. Our internal team meets
regularly to review threat intelligence from multiple sources: cybersecurity
publications, industry groups, compliance communities, and our tool and service
providers. This ongoing intelligence gathering keeps us informed on emerging
threats and evolving vulnerabilities. It's not just about monitoring threats—we
also review real-time data from our Columbus and Central Ohio clients'
environments using advanced security tools. We then bring this intelligence
into internal discussions to refine our defense posture and adjust client
protections as needed. Our focus is on anticipating and adapting, not just
reacting.
Can you name some of your IT tool partners?
While we use a range of
industry-leading platforms—including MDR (Managed Detection & Response),
SIEM (Security Information and Event Management), SOAR (Security Orchestration,
Automation, and Response), and vulnerability scanners—we intentionally don't
name specific vendors. This is by design. Our philosophy is to focus on the
outcomes we deliver, not the brand names. These tools are layered to build
resilience across endpoints, networks, and cloud services. And because tools
change as threats evolve, we remain agile in our technology stack to provide
the best protection for our clients.
Can you describe a recent cybersecurity challenge and how it was resolved?
One Sunday morning, our on-call engineer received an alert at 7:30 a.m. from a
client whose systems had gone down unexpectedly. The initial diagnosis
suggested a cyber incident. Following our incident response plan, the engineer
escalated to leadership and assembled a response team immediately. We engaged
with the client's leadership, communicated transparently, and executed
remediation protocols. Within 26 hours, by Monday at 9:30 a.m., the client's
systems were fully operational again. The speed and efficiency were the result
of preparation—having a tested incident response plan made all the difference.
It underscores why we push our clients to build and rehearse their own response
plans with us.
What kind of cybersecurity training and certifications does your team maintain?
We emphasize both technical expertise and procedural discipline. Every team
member completes foundational cybersecurity training and we support ongoing
education toward certifications like CISSP, CISM, and CDPSE. We've also just
passed our SOC 2 Type 2 audit—this isn't just about having policies on paper,
it's proof that we follow them in practice. Additionally, we're advancing
certifications like CMMC for defense contractors and StateRAMP for
public-sector readiness. We also train in accordance with insurance provider
standards, positioning us as certified partners who can respond to insured
incidents effectively and compliantly.
Can you explain your monitoring capabilities and how they support your security posture?
Our approach is layered and adaptive. We use RMM tools for basic performance
monitoring and vulnerability scanners to assess networks and devices for
patching gaps and exposure to CVEs. For clients who opt in, we deploy advanced
endpoint protection (MDR) and SIEM platforms that collect behavioral and event
logs across networks, applications, and users. These data streams are analyzed
continuously by both internal security staff and external 24/7 SOC partners.
Weekly reviews ensure alerts are tracked and remediated. Monthly, we update key
documentation—like our incident response plan—and conduct exercises like
tabletop simulations to validate readiness. Cybersecurity isn't static. It's a
continuous cycle of detection, adaptation, and reinforcement.
How do you report activity and risks back to your clients?
We customize reporting to match each client's needs. At a minimum, clients
receive monthly operational and security reports. In the event of alerts, some
clients authorize us to act immediately; others want to be consulted first. For
co-managed clients with in-house teams, we take a more collaborative
stance—tracking open tickets, ensuring follow-up, and engaging management if
remediation lags. Our reporting process is about accountability: ensuring that
every threat or exposure is either resolved or on a clear path to resolution.
How do you train your clients and their teams on cybersecurity best practices?
We provide monthly security awareness training modules and simulate phishing
attacks tailored to specific roles. Participation and results are tracked and
shared with leadership, helping them gauge risk at the human level. Many
incidents stem from user behavior, not technology, so we treat users as the
first line of defense. Clients without an internal training program get full
coverage through our managed services offering.
Q: How do your services support regulatory compliance (e.g., HIPAA, CMMC)?
Our core cybersecurity tools—like endpoint encryption, MFA, and access
controls—directly support technical requirements found in regulations like
HIPAA and CMMC. But tools alone aren't enough. That's where our Liability-Guard program
comes in. It helps clients develop risk policies, conduct gap assessments, and
implement policies and procedures aligned with industry frameworks. For CMMC,
which requires third-party audits, we assist with configuration validation and
documentation (e.g., screenshots proving MFA is enabled). Compliance is not
about checking boxes—it's about building a system that meets evolving
obligations without sacrificing productivity.
Q: What is the difference between CyberWatch
and Liability-Guard?
CyberWatch is our
penetration testing and vulnerability detection service. It identifies
real-time exposures—missed patches, misconfigurations, accounts without MFA,
and more. It's about catching operational gaps before bad actors do.
Liability-Guard is a governance solution. It
focuses on policies, incident response, business continuity, AI acceptable use
policies, and compliance strategy. It helps clients prepare for audits, insurer
inquiries, and vendor risk assessments. Combined, these tools provide both
tactical defense and strategic risk management.
Q:
How does your Liability-Guard solution support client security and insurance
readiness?
Liability-Guard addresses foundational elements of cybersecurity that often get
overlooked—starting with the organization's risk policy. We help clients define
what level of cyber risk is acceptable to their leadership and structure
controls around that. This includes documenting policies, building incident
response plans, and aligning with cyber insurance expectations.
At a basic
level, it ensures clients can report accurately on their cybersecurity
posture—internally and to insurers or auditors. At an advanced level, it
supports business continuity planning, disaster recovery protocols, and
compliance with regulatory and contractual obligations. We emphasize that
security isn't just about tools—it's about integrating policies, procedures,
and operational discipline to protect both data and productivity.
Q:
How do you report back to clients about cybersecurity issues or progress?
Every client relationship is different, so our reporting is flexible. At a
baseline, clients receive monthly IT operations and security reports. For
clients with advanced security services, we review threat data, trends, and any
active incidents.
When an
incident occurs, we follow a predefined response and communication plan. Some
clients prefer we take full responsibility for response and remediation; others
handle it internally and we provide oversight. In co-managed environments, if a
ticket remains unresolved, we escalate it—first to IT leads, then to management
if needed. Our job is to ensure no vulnerability lingers unresolved due to
communication gaps or delays.
Q: How
do you train your clients' employees to play a role in cybersecurity?
User behavior is one of the biggest cybersecurity risk vectors, so we include
monthly security awareness training as part of our core managed services. Each
training focuses on specific threats—like phishing, password hygiene, or social
engineering—and is designed to be short, practical, and relevant to employees'
roles.
We also run
simulated phishing tests to measure how well employees apply what they've
learned. The results are tracked and reported to leadership so they can gauge
staff readiness and improvement over time. It's about cultivating a
security-aware culture, not just meeting a training requirement.
Q: How
do your services help clients meet compliance standards like HIPAA or CMMC?
Many of our technical
services align directly with compliance frameworks. For HIPAA, for instance, we
help secure data at rest and in transit by enforcing strong password policies,
enabling multi-factor authentication (MFA), and encrypting hard drives—especially
for mobile devices.
But
compliance is about more than technical controls. Through Liability Guard, we
guide clients in documenting and validating their policies and configurations.
For CMMC (required for defense contractors), we assist in preparing for audits,
ensuring clients can show evidence of controls like MFA—often through
screenshots and quarterly validation reports. We don't just deploy tools—we
make sure clients can prove they're using them correctly and consistently.
Q: What
are CyberWatch and Liability Guard, and how do they differ?
CyberWatch focuses on
visibility and detection. It's essentially a recurring penetration test that
checks for misconfigurations, missed patches, or gaps in enforcement—like
accounts without MFA or unused admin privileges. It's designed to catch lapses
before they become liabilities.
Liability-Guard, on the
other hand, is about governance and readiness. It helps clients define
acceptable risk, build policies, develop and test incident response plans, and
manage AI governance (e.g., acceptable use policies). It's designed for
continuous improvement and regulatory alignment, helping clients secure not
just their systems but their ability to prove compliance and resiliency.
Q: What's
the real-world value of having an Incident Response Plan (IRP)?
An IRP is your playbook for responding to cyber threats. It defines roles,
escalation paths, legal and insurance protocols, and communication procedures.
One client recently feared credential compromise in Microsoft 365, but our IRP
led us to validate it as a false alarm—a user had mistyped their new password.
No incident, just a well-managed event.
But when a
real incident hits—like ransomware—having an IRP ensures you don't make costly
mistakes. For example, cyber insurance may not reimburse any work done before a
claim is officially opened. The IRP helps clients know when to call legal
counsel, what steps must be taken, and how to communicate internally and
externally. It's about reducing chaos, preserving coverage, and speeding
recovery.
You emphasize the importance of having an Incident Response Plan. What is its strategic value?
At a strategic level, an Incident Response Plan (IRP) transforms chaos into
control. It isn't just a checklist of actions—it's a formalized approach to
identifying, assessing, and responding to cyber threats in a way that aligns
with your organization's business continuity, regulatory, and insurance
requirements.
Here's why it
matters:
· Clear Roles
and Protocols: An IRP
defines who does what, when, and how during a cyber event. That clarity reduces
confusion and speeds up decision-making during high-pressure situations.
· Insurance
Readiness: Cyber
liability insurance carriers now expect you to follow strict notification and
response procedures. If you begin remediation before officially opening a
claim, insurers may deny coverage. A well-structured IRP includes those
thresholds and ensures you don't jeopardize reimbursement or legal protections.
· Legal and
Reputational Risk Mitigation: Knowing when
to involve legal counsel, how to communicate with stakeholders, and how to
handle sensitive data exposures helps limit liability. It also ensures that
internal staff don't inadvertently say something damaging—like a receptionist
unknowingly confirming a ransomware attack to a caller.
· Business
Continuity: A good IRP
ensures the technical team isn't working in a vacuum. It connects IT response
to operational continuity—making sure payroll still runs, customer support
continues, and leadership has timely updates to make informed decisions.
· Strategic
Resilience: Most
importantly, the IRP shifts your cybersecurity posture from reactive to
proactive. It forces leadership to define acceptable risk, think through
worst-case scenarios, and invest in preparedness. That strategic discipline is
what turns a one-time breach into a survivable, learnable moment instead of an
existential threat.
In short, an IRP isn't just about response—it's about preparedness, alignment, and protecting the future of the business.
How do you measure the success of your cybersecurity services?
We don't define success as "no incidents"—that's unrealistic. The
real metric is how quickly and effectively we detect, contain, and recover from
threats. Are we reducing time to resolution? Are we communicating clearly? Are
we helping clients restore operations without long-term disruption?
For example,
a client once experienced an incident without having all our security tools in
place. But because they used our backup services and incident response plan, we
were able to get them operational by 9:30 a.m. the next business day. That's
success: limiting damage, protecting productivity, and restoring trust.
What does Affiliated do best?
What sets us apart in Columbus and Central Ohio is not any single tool or
certification—it's our holistic, partner-driven approach. We combine elevated technical
capability with operational discipline, client-specific responsiveness, and
strong relationships with tool providers.
Our success
comes from embedding ourselves in our clients' environments and acting with
care and accountability. We're not just here to prevent breaches; we're here to
build cyber resilience—top to bottom, tools to people, strategy to execution.
The bottom
line is this: With a business risk
management mindset, Affiliated helps
organizations avoid the cost of inaction through proactive,
compliant, business-aligned managed services.
Interested in a conversation or want to learn more? Contact us here.
