10 Big Cybersecurity Bets For 2022 From Optiv CEO Kevin Lynch

From data governance, anti-ransomware and managed XDR to advisory services, managed implementation and faster delivery, here’s where Optiv CEO Kevin Lynch plans to place his bets in 2022.

Moving Up The Value Stack

Kevin Lynch has been laser-focused on moving Optiv up the value stack from validating products and provisioning technology to providing customers with advisory, strategic and architectural services as well as managing and operating infrastructure on behalf of customers since starting as CEO 18 months ago. He came to Optiv from Deloitte, where he was tasked with growing merger-and-acquisition revenue.

Optiv has had the need for speed since Lynch’s arrival since he believes customers and prospects make decisions about digital transformation initiatives based more on speed to delivery than either price or quality. Specifically, Lynch expects Optiv to respond to customers or prospects coming forward with a need in less than one day rather than multiples and multiples of that currently.

“We think where we‘re heading is a really attractive space,” Lynch said. ”This notion of being all things to a select set of clients and doing it very well and doing it fast, and getting our materiality to rise with that client base equals growth.”

Lynch has also modified Optiv’s approach to vendor relationships, shifting from a model where the biggest suppliers were lavished with the most attention to one that prioritizes strategic engagement and joint services delivery. From cyber insurance and data governance to anti-ransomware and managed XDR, here’s what Lynch told Best of Breed 2021 attendees about where Optiv plans to focus its resources.

Automation And Data Governance

The cybersecurity industry has not invested enough in automation since it’s impossible to find and hire enough security talent to fulfill customer demand, according to Lynch. Vendors and partners need to look for places to automate to mitigate the talent gap, Lynch said.

Businesses need to focus more on data governance given the extent to which data is targeted by threat actors, according to Lynch. Even though moving computing assets to data is much easier and less risky than moving data itself, Lynch said businesses continue to make horrible choices around where data is located and how—if at all—it’s compartmentalized.

Zero-trust needs to be made practical and actionable to take it beyond just not trusting users or devices by default, Lynch said. Implementing a true zero-trust architecture requires thinking about data flows, organizational precedents and data governance, which Lynch said is something not enough companies are taking seriously.

More Data And Intelligence Sharing In The Industry

The Biden administration’s executive orders around cybersecurity seek a level of vendor collaboration that isn’t possible today, and Lynch said the industry must rise to make that actionable. Lynch expects to see the rise of multitenancy and collective defense over the next year or two where security vendors share more data, more telemetry and more threat intelligence with one another.

Lynch said he and another CEO have attempted to illustrate where more details can be shared and make each company’s tools and approach more comprehensive in hopes of delivering greater value to customers. The need for greater cybersecurity collaboration goes beyond economics or profitability and has become a matter of national security as seen by the federal government’s executive orders.

Cybersecurity was historically a very input-driven industry, meaning that customer CISOs looked good by buying and provisioning a lot of security products in a two-year or three-year cycle. But today, Lynch said boards, executives and business units have become much more focused on the outputs from security spending and the yield from assets provisioned by the CISO rather than the provisioning itself.

“If you were a CISO five, six, seven or 10 years ago, you looked great by buying a lot of technology,” Lynch said. ”You were not at risk if you provisioned, so inputs was the name of the game. You could have two or three years of growth, buy a lot of technology, build up some technical debt, and you were in a good spot. Those days are over. It‘s an outcome driven world, you’re now evaluated by your board, by your executive team, by the business units. And it’s about yield from the assets you provision, not just about the assets you provision.”

Drive More Business With New Or Innovative Vendors

Optiv thinks about its 447 vendor partners differently today than a few years ago, with an emphasis on how the company can help these suppliers get into the market. Some of Optiv’s suppliers are big and voluminous while others are new, and for every vendor that’s subsumed into a larger organization, two more new vendors emerge, according to Lynch.

The company classifies some suppliers with new functionality as innovator partners capable of accelerating Optiv’s line card beyond the tried and true. And for a smaller set of Optiv’s value partners, Lynch believes the future is to wrap Optiv’s services around the vendor’s technology and deliver the entire capability as a service in areas like identity governance or privileged access management.

Optiv classifies a select set of partners as ecosystem partners, meaning that the company intends to take its own intellectual property as well as the intellectual property of the vendor and build something together, according to Lynch. Dramatic vendor consolidation in the security industry would challenge Optiv’s position, but Lynch said there’s no sign of that happening anytime soon.

“There’s long been this discussion of, ’Will the industry consolidate?’ ’Will we get to a platform play of two or three?’ Maybe,” Lynch said. ”And when that day comes, it’ll challenge our position. But right now, for every logo that’s consumed, two more emerge.”

Expanding Focus And Resources Beyond Large Vendors

Optiv probably wouldn’t extend its line card beyond the vendors the company currently works with if it was purely about economics given that the company’s solution architects and field sales force already understand how to sell, position, install and renew existing products supported by the company, according to Lynch.

But if Optiv focuses only on large vendors, Lynch said the company would miss some functionality and capability that customers are increasingly looking for. Optiv had a bias toward large vendors when Lynch started at the company, and he’s been focused on resegmenting the company’s vendor base and investing in smaller companies that have demonstrated considerable innovation.

Some large vendors are only looking for a go-to-market relationship with Optiv, while other suppliers of all sizes want to build a services layer around the vendor’s technology to create better stickiness, Lynch said. Optiv is currently trialing an email security technology from an emerging vendor that’s focused on behavioral science and evaluating the behavior of users, according to Lynch.

“I might have a very very very sizable partner, that all it is is a go to market relationship and that‘s great, that’s valuable,” Lynch said. ”I might have a similarly sizable partner where they want us to build a services layer. And it creates better use cases ,better stickiness.”

Accelerate Speed To Delivery And Speed To Market

Solution providers have increasingly shied away from competing on price since that leads to eroding margins and instead competing on quality since that’s table stakes for the channel, Lynch said. Customers are choosing the partner that can deliver an outcome most quickly, meaning that Optiv has become laser-focused on developing processes that are repeatable, scalable and efficient, Lynch said.

Speed is critical in the hiring, innovation and product development process, with solution providers finding they miss out on engineers or other prospects if they’re slow to make a job offer, Lynch said. Similarly, Lynch said it’s much better for solution providers to set the tone by being first to market rather than getting compared to a competitor who got to market sooner.

The world is all about innovating at scale and in every single interaction with a customer, meaning that solution providers need to be able to keep up, according to Lynch. For this reason, Lynch said it’s unacceptable for virtually all customers if a solution provider tells their CIO or CISO that they’re moving slower than anticipated and calls for patience.

“Think about it, when was the last time you went and competed on quality?” Lynch asked. ”Do you remember that day? I don‘t remember that day. It’s table stakes. Was it price? Did you really want to go compete on price? I don’t think you did or do. But speed. Speed is everything in the competitive environment today.”

Speed Up Time To Engage With Customers To Less Than A Day

One of Lynch’s top imperatives since arriving at Optiv 18 months ago has been to increase the speed at which the company serves customers. Customer CISOs would tell Lynch that buying technology from Optiv was a fantastic, white-glove experience, but lamented that getting serviced by Optiv took too long since the company has been very complex to deal with.

Lynch wants to accelerate Optiv’s response time to customers or prospects coming forward with a need to less than one day from multiples and multiples of that currently. He expects Optiv to either have boots on the ground or deliver the customer’s desired outcome virtually within a 24-hour window.

In addition to increasing Optiv’s battle rhythm and pace and cadence, Lynch has taken a deep dive into Optiv’s strategy, capital allocation and culture. The strategy conversations have centered on where Optiv intends to play and how the company intends to win, while the capital allocation discussions have focused not only on economic capital, but also human capital and focus capital, he said.

“We wanted to take our average time to engage with the client when they said, ‘I have a need. It’s x.’ to the point where we’re boots on the ground, or we were delivering virtually, and take it sub one day versus the existing timeframe, which was multiples and multiples of that,” Lynch said. ”That’s what matters to me.”

Cyber Insurance Underwriting

Optiv currently conducts market diligence work on behalf of insurance carriers that are thinking about underwriting a client, and has twice during Lynch’s tenure evaluated becoming an insurance carrier itself. For now, though, Optiv remains focused on supporting the underwriters since there’s a financial incentive to raise the efficacy of the underwriting given the increase in premiums.

Lynch said Optiv would prefer to walk into the cyber insurance market given the liability and financial risks, and for now remains focused on building more trust with underwriters and customers in the space. Optiv is currently focused on reducing the risk of a cyberattack for businesses by building out a managed identity program, data governance program and active threat hunting program, according to Lynch.

Once Optiv adds penetration tests and environmental scans for its customers, Lynch said Optiv will be approximately 70 percent of the way toward eliminating risk for businesses and their insurance carriers. At that point, Lynch said Optiv might be open to actually insuring the gap itself.

“Liability in this marketplace is a big issue that‘s got to get resolved,” Lynch said. ”Do we go to that next step of becoming an insurance carrier? While it could be argued it’s consistent with our notion of security focused, I think we’re going to take the first step of supporting the underwriters. We think there’s a good profit motive for us.”

Manage Infrastructure And Drive Strategy

Optiv had a very good technical services capability when Lynch started, but the company lacked the ability to advise and drive strategy and architecture as well as the ability to manage infrastructure for its customers. Lynch is looking to build and stretch Optiv’s value proposition so that the company will have the ability to reconfigure as desired.

Lynch emphasized building a “bespoke at scale” platform that’s consistent, can feed customers what they need, and is capable of separating what’s off the shelf or configured by a solution provider versus what’s entirely custom. Bespoke at scale can be very expensive to deliver, but Lynch said creating a platform that’s automated and scalable should lower the cost.

In addition, Lynch said customers are walking away from static security partners that have little more than a broad portfolio in favor of innovation or co-innovation partners. Customers are frustrated to be locked into static, multiyear contracts for technology such as a co-managed SIEM and would prefer to work with tech vendors that are thinking about innovation platforms or expanding use cases, he said.

“We had a very good technical services capability I would call it, but not necessarily the ability to advise and drive strategy and architecture, and less ability to manage the infrastructure for our clients, which is where we‘re ultimately headed,” Lynch said.

“We had a very good technical services capability I would call it, but not necessarily the ability to advise and drive strategy and architecture, and less ability to manage the infrastructure for our clients, which is where we‘re ultimately headed,” Lynch said.

Advisory Services And Asset Operation

Optiv was very good at provisioning technologies when Lynch started and could validate specific products by thinking through if they would work in a customer’s environment. This resulted in higher cost for the sale but ensured that assets would be a great fit for a customer from a technical perspective, according to Lynch.

Lynch has pushed Optiv to do more around advisory services, strategy and architecture and has launched programs focused on helping CISOs through the one-year, two-year, or three-year journey to build a zero-trust architecture. Optiv leverages the threat hunting expertise on its managed detection and response (MDR) platform as well as its red team and blue team capabilities to achieve this, he said.

Optiv’s long-term vision is to increasingly operate more and more assets on behalf of its customers, Lynch said. It won’t be the largest customers that leverage this since an organization like JPMorgan Chase has a security engineering team that’s twice the size of Optiv’s, but rather customers in spaces like critical infrastructure that have security teams of perhaps just five, six or seven people, according to Lynch.

“Every business has an ethos beyond its processes, capabilities, services, headcount, and talent, and ours is about greatness,” Lynch said. ”Not our aspiration for it, but our aspiration is to really secure the greatness that our clients seek to do every single day in what they choose to do for their living.”

Managed XDR And Anti-Ransomware

Optiv is looking to build out technology-specific platforms with its ecosystem partners, starting with managed extended detection and response (XDR), where Lynch said logging and security analytics vendor Devo is positioned in the center as the first in a series of integration partners that the company will put into the platform.

Ecosystem partners don’t need to be voluminous or have a 20-year relationship with Optiv; all that’s important is that there’s something that the two organizations can build or do together. Following the inaugural managed XDR platform, Lynch said Optiv is looking to launch something new almost quarterly.

Right now, Lynch said Optiv has a lot of chips on the table focused on anti-ransomware since Lynch sees that market as massive and believes Optiv’s customers need something there. Optiv has therefore become very focused on building an infrastructure and resilience play to thwart ransomware in partnership with two of its vendors, according to Lynch.

“They want this bespoke at scale and they‘re all unique,” Lynch said. ”Even if you say, ’Look, I want to look at a vertical, I want to look at health care,’ which we play in to a very big degree, Every single one of our major clients is different in terms of their use, their configuration, their maturity, the size and scale of their security team. So you do have the ability to be innovative and serve them from this platform?”