If you’re in the business of providing technology services, you will inevitably be asked about your security protocols. After all, a company’s security is only as strong as the security of those they do business with. Now, more than ever, companies need to know that their data is safe which has them analyzing everything from IT service providers (ITSPs) to partners and suppliers. The critical question is: How can you truly show that your business is adhering to the right level of security? That’s where the GTIA Cybersecurity Trustmark comes in.
Why ITSPs are Choosing the GTIA Cybersecurity Trustmark
The World Economic Forum’s Global Cybersecurity Outlook 2025 reports that 72% of organizations have reported a rise in threats, making cybersecurity a central focus. Despite the push, many organizations are still facing internal resistance. Those that do adopt more stringent security measures have difficulty proving that they’ve taken those extra steps to secure their data, leading most to seek out something both specific to ITSPs and with clear and identifiable validation steps.
ITSP-Focused Security
For Josh Hohbein, information security lead at CentrexIT, the motivation to pursue the GTIA Cybersecurity Trustmark came from a need to level up from CIS controls, a common starting point for many providers. “We followed CIS controls, but we were only at about 80%. It’s kind of checks by a third-party, but not really. We needed something that would go a layer deeper.”
As someone who was personally certified in cybersecurity, he knew the value of checks and validations. But CentrexIT wanted something that would go beyond just proving their employees were certified and individually capable—they wanted to show that their organization, as a whole, is a secure partner. “The main reason we chose the GTIA Cybersecurity Trustmark is that we needed something with an MSP focus. We were definitely interested to see what was missing,” Hohbein said.
Similarly, Jim Harryman, founder and CEO of the Kinetic Technology Group in Dallas, also used CIS controls to help evaluate client security, but a lack of oversight had their organization looking for something that offered a more in-depth inspection. Thanks to a Secure Outcomes group with MSP Ignite, Harryman was urged to try the GTIA Cybersecurity Trustmark. He noted it’s been “refreshing to see the process and frameworks that go beyond the minimal governance of CIS.”
Michael Yudovin, senior engineer and CTO at Reliable Technology, also made cybersecurity a focus after being encouraged by MSP Ignite to strengthen security. After starting the process with CIS controls, they were able to improve their processes with the GTIA Cybersecurity Trustmark process. “We were secure on paper before we were secure physically and we needed to have better policies, so the Trustmark was a good choice for us,” he said.
Carmine Corridore, president and founder of Underdog Cyber Defense wanted real evidence that proved they had taken the extra steps to secure their company and show their value as a partner. “I was looking for something more than a general certification. I wanted something like what a doctor has, needing to pass something to get certified,” he said.
The Path to the GTIA Cybersecurity Trustmark
The process of validating your organization’s security can be a daunting undertaking, but many organizations report that the journey to getting the Trustmark is positive and helped them analyze every aspect of their approach to cybersecurity. “It’s about more than looking at tech tools, there were a lot of policies to consider,” Corridore said. “We did that and now, when I make decisions for the business, I look at things from a risk perspective—that whatever we put in place, we have to make sure it’s not a risk on our part, so there’s not a vulnerability.”
Others communicated a better understanding of their own stack, along with improved client relations. Eli Person, centralized services manager with Wolf Consulting, reports that clients are impressed with their processes when compared to other vendors. “We have some technical, security-minded clients and they are always impressed with what we have to offer. We hear that a lot, that we’re light years ahead of their former MSP and what they expected,” he said.
Kevin Mann, president of Resilient IT, provides cybersecurity services and his primary motivation for getting GTIA Cybersecurity Trustmark certified went beyond simply advising customers to be more secure to showing them how it’s done. “I want to be a company demonstrating those requirements,” he said. “It’s a market differentiator. We do these things so we know what we’re doing.”
In general, ITSPs say the process was beneficial and the reward worthy of the work. But anything worth having isn’t easy. Common reported obstacles include lack of stakeholder buy-in and a limited commitment to the process, but Mann firmly believes the process is worth the effort.
“The GTIA Cybersecurity Trustmark is definitely a lot of work, but going through the process is one of the best decisions you could make,” he said. “It provides you with foundational knowledge and information to do things correctly to run your business. Until there’s a standard for MSPs or regulated, this is about as close as you can get from an operational standpoint.”
One thing is remarkably clear. If you want to be trusted, you have to be secure. And the GTIA Cybersecurity Trustmark is that badge of success for ITSPs.
Learn more about the GTIA Cybersecurity Trustmark.
