Optiv CEO Kevin Lynch On Giving Security Teams A ‘Bulletproof’ Approach To Enabling AI

“Today, one of the most pervasive conversations we're having with our clients in the market is, ‘How do I manage agentic AI in the context of identity and zero trust?’” Lynch tells CRN.

The industry’s rapid move to adopt AI agents is driving massive opportunities for Optiv that will undoubtedly reshape the company over the coming years, even as it stays steadfast in its commitment to remaining a pure-play security solution and service provider, Optiv CEO Kevin Lynch told CRN.

“One could imagine that our stance in AI, five years from now, with a security spin on it, will be enormous,” Lynch said during a recent interview. “There’ll be other new trends and new things that will [become a focus]. But will we fall back to being a generalist? I think that's unlikely.”

Lynch spoke with CRN in connection with Optiv’s 10th anniversary, as the company was formed through the merger of Accuvant and FishNet Security in 2015. Lynch himself joined the company as CEO in 2020 and has overseen the growth of Denver-based Optiv, No. 28 on CRN’s 2025 Solution Provider 500, from a team of 1,600 to 2,400 employees currently.

The addition of a professional services division and a far larger business in managed security, including through Optiv’s managed detection and response (MDR) offering, are two of the major developments that the company has driven during his tenure, he said.

More recently, Optiv has seen huge demand from customers to help with enabling the secure adoption of emerging AI capabilities, including GenAI and agentic technologies, according to Lynch.

“Today, one of the most pervasive conversations we’re having with our clients in the market is, ‘How do I manage agentic AI in the context of identity and zero trust?’” he said. “AI is not new, we all know that. But these new evolutions of the use of AI and the sophistication of the tools and platforms are driving use cases that are very expansive.”

In October 2024, Optiv debuted its AI Security Services offering, which aims to help organizations adopt AI at a faster rate while mitigating the numerous security risks associated with the technology.

For CISOs at many organizations, enabling AI adoption continues to be a major challenge, Lynch said. In part, this is because CISOs are often finding that security is not even brought into the conversation during initial planning phases but instead is “racing behind and trying to catch up,” he said.

“For a lot of our clients, we’re spending our advisory time trying to get them at that table early on, to shape the architecture and make sure that the organization has a bulletproof view on how to manage that,” Lynch said.

Speaking with CRN, Lynch also discussed how tool consolidation continues to play out among customers and his view of the competitive landscape in Optiv’s space.

What follows is more of CRN’s interview with Lynch.

What have been the biggest areas of growth for Optiv since you joined?

If you look at our technology business, it was dramatically smaller when I joined. Today, we have crested $4 billion in technology sales on an annual basis and are headed [higher]. That’s obviously a big milestone. If you think about our services business, there’s incredible growth and strength there. When I joined, we didn’t have a professional services business. Today, we have a very strong one. And then in terms of managed service, we had no offering or capability, or even ambition, to be in managed detection and response. Today, we have one of the best offerings in that space, and with our partner Google Security we have gotten some great wins in that. But even if I go back to those early days, our flagship offering on the managed side— which today represents more than half our services operation—was just a small idea. We had just gotten into the market with the Advanced Fusion Center. [Now] we’ve had well north of 120 percent growth in that business overall.

This is an offering that was built to effectively modernize and innovate in the SOC with the client. At the end of that period of performance, which on average is three years, the intent was to hand over a far improved Security Operations Center and capability back to the client. And the vast majority of them don’t do that. They ask us, ‘Will you renew and keep doing what you’re doing?’

What are some of the major challenges now, for both Optiv and your clients, that were not as present five years ago?

You could go look at our most recent threat report that we published, and it will tell you the vast majority of our clients continue to see a rise in activity from the adversary. They continue to see sophistication in that activity. At one very sizable client, a chief information security officer [told me] his challenge, like many others, is conditioning his stakeholders on what life is like in the security side of infrastructure for a company. One analogue to compare it to is ERP, which tends to be seasonal in terms of expenditures. Security tends to be an ongoing construct. And I think that conditioning of stakeholders, to start thinking about security as a constant investment, is something that most CISOs face. Five years ago, we were having very early conversations around zero trust—what is it? Is it a principle? Is it an actual security architecture? How does it work? Where do I start? How do I build a program? And we were inundated with that question over that five-year period of time. Now I think you’ve seen companies that really have embarked on this notion of zero trust. They’ve [especially] invested in one of the cornerstones of that, which is identity. Today, one of the most pervasive conversations we’re having with our clients in the market is, ‘How do I manage agentic AI in the context of identity and zero trust?’ AI is not new, we all know that. But these new evolutions of the use of AI and the sophistication of the tools and platforms are driving use cases that are very expansive. Agentic is one of those things that has real productivity possibilities, but with it you’re putting in play an AI agent to effectively run capabilities and operations for a company. You have to delegate that AI agent [the authorization] to conduct that work. And if you’re going to delegate authorities, whether it’s a human or an agent, you want to manage that in a strong identity and credential governance environment. So that’s a challenge that our CISOs are facing. They’re seeing that the general business view and IT view is, ‘Let’s go adopt more [AI] for productivity, yield, efficacy, client experience.’ And is security at the table at that point of advent? Or are they racing behind and trying to catch up? For a lot of our clients, we’re spending our advisory time trying to get them at that table early on, to shape the architecture and make sure that the organization has a bulletproof view on how to manage that. So it just shows you, in a short window of time, using one facet of security, how fast the world evolves.

You’ve also previously discussed how tool consolidation has emerged as a major theme for many customers—is that still something you’re seeing?

Five years ago, there was a lot of conversation around how the standard in the industry was still very much best of breed. And as such, you had a massive expansionary use of different tools. So the benchmark back then was more than 100 tools in the rack, [frequently] with low degrees of connectivity and use. That technical debt and complexity that comes is still resident in many of our clients. But you can see the industry consolidating. That’s starting to happen at a slightly increased pace. And I would forecast that will continue. You’re seeing clients try and move, not to a platform—because I don’t really believe today they have a true platform option—but they’re trying to think about, ‘Where can we reduce that complexity and look for places where we can streamline?’ For us, that’s where we’ve really set our competitive flag. Our groundbreaking Optiv Market System, or OMS, is where we continue to add features and functionality, staying in advance of that client demand. That’s allowing us to sit with a client and have a very cogent, technical conversation around the art of the possible—not only at the domain level up high, but then also down to the controls level. That’s where we can help them to craft a view around taking complexity out, lowering their per-cost, per-capita view of security risk and resilience. And then moving toward, maybe not one single platform, but clustering around core platforms within their environment. And then [it’s about] taking that next iteration on the journey.

What do you see in terms of the competitive landscape and how Optiv has been staying differentiated in the market?

We have a lot of competitors because we play in a broad space with one of the best, if not the best, brands in our space. But that creates a lot of people that want to chase you and do what you do and try to copycat. I think one thing Optiv has done brilliantly over 10 years is that we set an audacious goal to be a little different—to really be that unique, security-only organization. We want to be that security adviser and solution provider that wants to do something unique for our clients. And that kernel of an idea, 10 years later, we’ve landed it. Now we’re building on it. Will we look the same in five years? If history is a good predictor of the future, I would say it’s unlikely. But will our commitments change? It’s equally unlikely that those will change. One could imagine that our stance in AI, five years from now, with a security spin on it, will be enormous. There’ll be other new trends and new things that will [become a focus]. But will we fall back to being a generalist? I think that’s unlikely.