Cynet’s MacKenzie Brown: ‘MSPs Don’t Need Drama. They Need Clarity And Process.’
‘We already produce monthly CTI reports, Cyber Threat Intelligence reports, but I want to build something bigger. I want to expand that into a more comprehensive threat intelligence system for MSPs,’ says MacKenzie Brown, Cynet’s vice president of threat intelligence strategy.
“But a lot of that storytelling is through operationalizing threat intelligence in a manner that empowers MSPs because it’s very different,” she told CRN. “Cynet has the attractive global telemetry. I like to think of it as if I’m building a meal, I want to dig into the ingredients. And those ingredients to that meal for MSPs is data, and structuring and cleaning up that data is really valuable in providing insights, especially around security.”
Brown, who was appointed vice president of threat intelligence strategy—a new role at Boston-based cybersecurity vendor Cynet—will serve as the company’s voice on adversary tactics, translating its global telemetry and CyOps intelligence into guidance for MSPs.
For Brown, the decision to join Cynet came down to one word: operationalization.
“I spent a lot of time understanding how things work and how things break and basically how to rebuild it,” she said. “Throughout my career, I’ve kind of stood on a soapbox about democratizing threat intelligence. The adversaries are winning the race right now. They collaborate better than we do. They share information faster than we do. Meanwhile, we’re behind on insight and context.”
She added that while vendors routinely publish threat reports, MSPs need tactical intelligence.
“The MSPs like actionable and tactical intel, so it has to be disseminated to them where it actually matters because that’s how they stay ahead of the adversaries,” she said. “Everyone publishes reports. But MSPs don’t need flashy reports—they need tactical, actionable intelligence. They need to know how they’re exposed, what their risk looks like and how to implement that insight into their security stack.”
Previously, Brown served as vice president of the adversary pursuit group at Blackpoint Cyber, where she helped formalize the company’s threat intelligence and research functions, and spent several years on the Incident Response team at Microsoft, supporting customers through large-scale global cyber campaigns.
“We need to bring more empathy, more actionable intelligence and more information sharing,” she said. “We need to rebuild the culture of MSPs and their relationship with vendors. … I’m inspired by Cynet because that’s what I’m seeing here in the culture.”
CRN spoke further with Brown about her new role, top priorities and how she will be spreading the message about threat intelligence.
What attracted you to Cynet in this role specifically?
I’ve spent a lot of time between Microsoft and Blackpoint, and even earlier at Optiv, really digging into how things work, how they break and how to rebuild them better. Throughout my career, I’ve kind of stood on a soapbox about democratizing threat intelligence. The adversaries are winning the race right now. They collaborate better than we do. They share information faster than we do. Meanwhile, we’re behind on insight and context.
When Jason [Magee, Cynet CEO] approached me about coming to Cynet, it wasn’t just about telling cool cyber stories, which I love to do, it was about operationalizing threat intelligence in a way that actually empowers MSPs. And that’s different. What’s valuable to MSPs isn’t the same as what’s valuable to a Fortune 50 enterprise.
Cynet has this incredible global telemetry. I always say, if I’m going to build a meal, I want access to the ingredients. For MSPs, the ingredients are data. If you can structure it, clean it and extract insight from it, especially around security, you’re creating real value. Sure, vendors like CrowdStrike have named threat actors and made them memorable, and Microsoft has phenomenal intelligence systems. Everyone publishes reports. But MSPs don’t need flashy reports, they need tactical, actionable intelligence. They need to know how they’re exposed, what their risk looks like and how to implement that insight into their security stack.
So what are your top priorities for the first 100 days?
First, I’m digging into the ingredients. I need to understand the depth of our telemetry and the insight we can extract from it. I’ve been studying how we structure data internally, what our research and threat intel teams are building and how our CyOps initiatives feed into the platform. We already produce monthly CTI reports, Cyber Threat Intelligence reports, but I want to build something bigger. I want to expand that into a more comprehensive threat intelligence system for MSPs.
The second big focus is taking these stories on the road. I’ll be at conferences [and] want to translate our insight into real use cases and testimonials. I want to explain threat actor behavior shifts in a way MSPs can immediately apply, whether that’s tooling, packaging or customer conversations.
There’s also a bigger opportunity: building a vendor-agnostic information-sharing framework for the channel. Not a Reddit thread. Not a massive Signal chat. A real collaborative space where MSPs and vendors can safely share what they’re seeing in their environments. MSPs are critical infrastructure. We’ve pushed modernization for enterprises, but we haven’t fully empowered the MSP layer. If we can democratize intelligence across the channel, that’s a game-changer.
What lessons from Microsoft and Blackpoint will you bring into this role?
At Microsoft, I lived in incident response. We were coming in after everything went wrong from ransomware, data exfiltration and destruction, and we had to restore the business. I ran global adversary investigations. It was like fantasy football for cyber: assembling the right experts to reconstruct the attack chain and drive recovery. Microsoft taught me depth and understanding the full attack life cycle and the value of digital transformation as the silver lining of incident response.
At Blackpoint, I moved left of boom. It was about agility: MDR, threat operations, speed. I led the Adversarial Pursuit Group, and we built feedback loops between the SOC [Security Operations Center] and threat intel. Pull indicators in, push improvements back out. Tight, continuous improvement.
Now at Cynet, I get to combine those experiences, right of boom and left of boom, and modernize them inside an all-in-one platform. I believe MSPs shouldn’t have to pay extra for threat intelligence. It should be built in. Vendors with the expertise should include it. That’s what I want to help deliver.
So what’s broken in the current setup, and how will Cynet help fix it?
The biggest issue is tool sprawl. Fragmentation. Too many disconnected tools. When you’ve seen a full-blown breach, not just a blocked event, you start asking, ‘Which tools didn’t fire? Which policies failed? Where was the visibility gap?’
That’s where ROI gets real. MSPs are investing heavily, but are they seeing value? The unified platform model makes sense because it reduces fragmentation and improves outcomes. If we can give MSPs strong margins and meaningful security value, without nickel-and-diming them for every add-on, that fixes the math. If I can help deliver valuable intelligence that doesn’t cost them extra, that improves their margins and strengthens their security posture, that’s the formula I want to fix.
How do you move the industry away from fear-based messaging and toward actionable intelligence?
Scareware fatigue is real. Saying ‘Scattered Spider did this’ or ‘This ransomware cartel is evolving’ doesn’t help an MSP on Monday morning. What helps is this: ‘A CVE just dropped. We’ve scanned your environments. These five client sites are exposed. Here’s the playbook.’
That’s actionable.
We have to take a calm, methodical, investigative and practical approach. Reverse-engineer the threat. Build detection rules even when there’s no patch. Monitor zero-days tactically … that’s how you stay ahead. Emerging threats are constant. Zero-days, day-ones, vulnerabilities from two years ago still being exploited. MSPs don’t need drama. They need clarity and process.
How will partner feedback influence Cynet’s road map?
I’ll be face-to-face with MSPs constantly. The best feedback happens at dinner tables and conference hallways. I want to know what do you actually care about? Is the intel useful? Is it too noisy? Is it helping you talk to customers? MSPs care about attack chains, crown jewels, exploitability and compromised credentials. They don’t necessarily care about flashy blog posts. Their feedback helps us curate intelligence that matters. If it’s not useful to them, it doesn’t belong in the format we’re delivering.
What excites you most about the work you’ll be doing at Cynet?
The culture, and I’ve never seen this level of partner-first energy. Sales, product, research …everyone is aligned around empowering MSPs. I feel like I’ve been handed a platform and an army that’s ready to go. That’s inspiring. We need more empathy in this space. Less ego. More collaboration. Cynet’s involvement with organizations like Global Technology Industry Association shows they’re serious about community. That positivity, that empowerment, that’s what excites me.”
How do you define success in your first year?
Success isn’t just brand exposure. It’s not just telling cool hack stories. It’s building playbooks. If someone hears me speak and walks away with something actionable they can implement on Monday, that’s success. If we create trusted adviser relationships, if we build collaborative intelligence sharing, that’s success.
If I can translate our global telemetry into practical, zero-cost value for MSPs and help foster a stronger information-sharing culture in the channel, I’ll consider that a win.
Lastly, if partners take away one thing about you joining Cynet, what should it be?
That I genuinely love this community. I chose Cynet because I see excitement, empowerment and potential for real growth. I’m motivated by the opportunity to help create something great, to bridge stories, intelligence and community. I’m grateful to be here. And I’m energized by the team and the direction we’re heading. That’s what partners should know.