If you’ve ever had a conversation with someone who truly gets both the human side and the tech side of our industry, then you know how powerful that connection can be. That’s exactly how I felt sitting down with Ryan Bowman, a longtime partner of IT By Design and one of the sharpest minds in cybersecurity today.
From the first moment, you can tell that Ryan doesn’t just speak tech. He lives it.
He’s not just another expert reading stats off a slide. Ryan is an MSP within himself. He’s worn multiple hats: engineer, account manager, director, and it’s this boots-on-the-ground experience that makes his perspective so real, so relatable, and so important.
Ryan told me: “I’ve had those meetings. I’ve had those conversations. I know what they’re going through.” And that’s exactly why MSPs trust him.
That solid foundation, spanning decades of MSP experience, is what powers his current work at ThreatLocker. Ryan isn’t just building cybersecurity solutions; he’s building understanding. And in an era where attacks are evolving faster than ever, that kind of empathy-driven expertise is rare.
The Threat Landscape: More Sophisticated, More Subtle
When I asked Ryan what he’s seeing in the field, his answer was clear: attacks are more layered, more creative, and more relentless than ever.
Some of them are the old-school brute force types. But others? They’re subtle, calculated, and designed to bypass detection. One example Ryan shared involved attackers using everyday tools like NetUse to brute force credentials: knowing that many IT pros have long since muted those alerts. That’s next-level manipulation.
Ryan reminded us that sometimes the most dangerous tools aren’t new, they’re familiar. It’s about how they’re used. Even legitimate software, like remote access tools, can become threats when misconfigured or exploited by bad actors.
What’s even more dangerous is how those threats move. Ryan broke it down: attackers don’t just get in. They pivot. From one vulnerable app to another, then onto servers, PowerShell, or RDP, where the real damage begins.
That’s why he believes the small and mid-market companies, especially those without full-scale MSP partnerships, remain soft targets.
“Big orgs make the headlines,” Ryan said. “But it’s the quieter attacks, on businesses with a few hundred to a few thousand users, that happen every day.”
AI: Friend, Foe, or Something In Between?
We couldn’t talk about cybersecurity in 2025 without bringing up AI. And Ryan’s take was one of the most balanced I’ve heard.
“AI can help. But it shouldn’t decide,” he said.
ThreatLocker is careful about how they use AI, leveraging it for insight, not decision-making. Because here’s the truth: AI can’t always tell whether a remote connection is your trusted IT tech or an attacker halfway across the world. Some things still require human judgment.
While others promise AI to be a silver bullet, Ryan warns: don’t outsource your judgment. Cybersecurity is a human responsibility.
Even more concerning? Attackers now use AI to morph their methods in real time. No longer do they need deep coding expertise. AI can write malicious scripts, obscure their tracks, and constantly tweak their attacks to sneak past traditional defenses.
Ryan even shared how attackers are now using AI to rewrite known attack scripts such as reverse shells, just enough to slip past traditional detection tools. It’s no longer just AI helping defenders. It’s also powering the offense.
So, what are we looking at?
Ryan aptly remarked: “It’s AI versus AI,” Ryan explained. “And in that fight, you need humans in the loop.”
The Zero Trust Mindset: More Than a Buzzword
If there was one message Ryan drove home for MSPs, it was this:
Stop chasing every new threat. Start protecting what’s known.
That’s the heart of a zero-trust approach. And no, it’s not just a ThreatLocker sales pitch. Ryan genuinely believes this philosophy can help MSPs escape the never-ending game of playing catch-up.
Instead of constantly trying to detect everything that’s bad, why not define what’s good and lock it down? It’s a shift in mindset, not just tooling. And according to Ryan, it’s one we all need to make, before it’s too late.
Because in Ryan’s words, it’s time to take a fresh look. Start exploring new perspectives. Don’t fear a modern security model, embrace it. The goal isn’t flipping a switch overnight; it’s starting the journey. As he put it: “Be open to a new concept. Don’t be scared of it.”
Final Thoughts: Real Leaders. Real Conversations.
One of my favorite moments from our conversation was when Ryan talked about his upcoming sessions at Build IT LIVE 2025. He’s not just showing up to present. He’s showing up to serve.
Whether it’s tactical guidance on how to secure environments or coaching techs on how to grow into leadership roles, Ryan brings it with clarity, humility, and experience.
One of his sessions? Empowering technicians to rise into leadership—because strong cybersecurity starts with strong people.
“It’s not all ThreatLocker,” he smiled. “It’s about real security. Real people.”
And that’s what makes Ryan such a valuable voice in our industry. Because cybersecurity isn’t just about tools, it’s about trust. And when someone like Ryan shows up with both, people listen.
If you’re joining us this August at Build IT LIVE 2025, don’t miss the chance to connect with Ryan. He’s not there to pitch you. He’s there to protect you.
Drop “BUILD IT” in the comments if you want to preview Ryan’s sessions. Or better yet, meet him in person.
Forget watching from the sidelines; the future of cybersecurity is unfolding at Build IT LIVE 2025!
