IPO-Bound Optiv Expands Managed Security, Vulnerability Services

As Optiv adds to its portfolio of service offerings, the company is also preparing for an eventual IPO that would bring new funds into the business for acquisitions along with liquidity for employees, CEO Kevin Lynch tells CRN.

Cybersecurity powerhouse Optiv is doubling down on vulnerability management and adding to its portfolio of managed security services, while also keeping an eye on the right timing to pursue an initial public offering, executives told CRN.

Optiv—No. 24 on CRN’s 2023 Solution Provider 500—is undertaking numerous expansion initiatives driven by intensifying cyberthreats and evolving customer needs, top executives said in a series of recent interviews.

[Related: Palo Alto Networks CEO Nikesh Arora: ‘Disrupt Ourselves,’ Transform The Industry]

At the same time, Optiv has been laying the groundwork for an IPO that would aim to bring new funds into the business for acquisitions along with creating liquidity for employees, according to CEO Kevin Lynch.

For those reasons, the goal is to eventually go public rather than be acquired, Lynch said. And “we are in a position where, when it’s right for us, we can go out [for an IPO],” he told CRN.

Looking ahead, one key growth area for Optiv is around services for management and remediation of vulnerabilities, according to Bill Young, managing partner at the Denver-based company.

Countless organizations are known to be struggling to get a handle on the massive, ever-growing list of software vulnerabilities that could be expoited by attackers. And while diagnosing the problems is a good start, customers today really need more than that, Young told CRN.

Prioritization Is Key

In particular, helping customers to prioritize and actually eliminate their biggest security risks is increasingly crucial , he said.

“For years, I think most of our industry—Optiv included—was very good at telling our clients they have problems,” Young said. “Whether it’s a risk assessment, a penetration test, an architecture review—it was always, ‘Here are your gaps. Here are your deficiencies. Here are your challenges.’”

But now, Optiv is looking to go further for customers by bringing consulting services that can enable them to build an effective vulnerability management program, he said.

And importantly, this means doing more for customers than just scanning for vulnerabilities to identify the issues that need fixing, Young noted. “Now remediation [at Optiv] has become, ‘Let’s build your strategy to make you a more robust organization,’” he said.

Optiv is also standing out by taking more of a hands-on approach to fixing vulnerabilities, Young said.

Hands-on remediation has been eschewed in the past, he said, since it often includes activities that “start to push outside of cyber”—for instance, changing a configuration in a customer’s server infrastructure.

But at Optiv, “we have shifted our focus to say, ‘You know what? Of course we will [do that],’” Young said. “That’s part of the cyber charter.”

Managed Security

The addition of new managed services focused on specific products from key security vendors is another major expansion initiative for Optiv, said Jason Lewkowicz, executive vice president and chief services officer at the company.

For instance, Optiv is now offering a managed service specifically for Palo Alto Networks’ attack surface management offering, Cortex Xpanse. Recently added vendors for these targeted managed services have included Tanium, while the plan is to debut the managed service for products from Netskope and Zscaler this fall, Lewkowicz said.

While not a brand-new initiative for Optiv, the company is now “scaling it up,” he said.

Meanwhile, Optiv is also focused on expanding its authorized support services for cybersecurity products, Lewkowicz said.

“The advantage to our clients is they have one phone call to make, regardless of the technology they have,” Lewkowicz said, akin to having a single mechanic for cars from multiple manufacturers.

The authorized support services are available 24x7 and are offered at a lower price than going directly to the vendors for support, he said.

M&A

In addition to expanding organically, Optiv also continues to be interested in additional M&A, Lynch told CRN.

He pointed to Optiv’s major expansion in the federal government space—through its acquisition of solution provider ClearShark in March—as “a fantastic move for us [that] has taken our federal business to a much different scale.”

Now, “we’re looking at other” potential acquisitions, he said. “At some stage, a continuation of that would necessitate more capital into the business,” Lynch said, adding that going public would be one potential avenue for that.

Still, “we don’t need to” pursue an IPO any time soon, he said, characterizing the company’s financial footing as solid thanks in part to a debt recapitalization that was completed in April.

IPO Window

Liquidity for employees would be another motivation for going public, Lynch said.

“Owner-driven companies are better companies, period,” he said. “Our ambition is not only to find the capital to continue to fuel and fund our growth, but it’s to put equity and opportunity in the hands of everybody in the company.”

IPOs have been rare lately amid the ongoing economic uncertainty. But in a possible indicator of the IPO window reopening, tech companies including chip designer Arm, marketing automation firm Klaviyo and grocery delivery service Instacart last week filed paperwork with the U.S. Securities and Exchange Commission signaling their intentions to go public.

Optiv, meanwhile, has at this stage “done all the work to do [an IPO]. We have effectively been on file with the SEC,” Lynch said. “But we’ll wait for the public markets to be ready.”

Optiv previously filed its IPO intentions with the SEC in 2016, but was then acquired by private equity firm KKR in 2017. Last year, Reuters reported that KKR was exploring a sale or IPO for Optiv.

Partner Program

Key vendor partnerships for Optiv include cybersecurity giants Palo Alto Networks, CrowdStrike and Proofpoint, and the company has disclosed that it works with more than 450 vendors in total.

In April, Optiv announced a new partner program that brings a larger focus on using data to drive growth, according to Alan Mayer, senior vice president of partners, alliances and ecosystems.

The program—which provides the basis for Optiv’s partnerships with other companies, predominantly cybersecurity vendors—aims to provide a clear road map for working with the company to serve end customers, Mayer said.

Optiv’s program brings a “data-driven approach that allows us to give unprecedented value back to our partners, which in turn drives better outcomes,” he said.

According to Lynch, the partner program enables Optiv to provide more solutions and services that deliver a managed outcome leveraging “multiple technology partners,” instead of just one.

And that, he said, is “breaking convention. No one has ever done that.”