Geoff Haydon Podcast Transcript
Geoff Haydon joins host Brian Thomas on The Digital Executive Podcast.
Brian Thomas: Welcome to Coruzant Technologies, home of the Digital Executive podcast.
Welcome to the Digital Executive. Today’s guest is Geoff Haydon. Geoff Haydon became Ontinue’s CEO in 2023, bringing over two decades of leadership in security and enterprise software. He’s responsible for ensuring that Ontinue Ion, the company’s MXDR product, helps Microsoft’s security customers reduce risk, minimize cost, and enable business performance.
Geoff previously joined Open Systems as CEO in 2021, where he led the companies manage safe’s product to connect and secure users applications and data globally.
Well, good afternoon, Geoff. Welcome to the show.
Geoff Haydon: Thank you, Brian. Great to be here. Thanks for having me.
Brian Thomas: Absolutely, my friend. I appreciate it, and I know sometimes traversing the globe doing these is a challenge, but I know that you’re just in a nice, cool, relaxing atmosphere up north of us in Canada at the moment, so I appreciate that.
Geoff, let’s jump into your first question here. You became CEO of Ontinue in 2023.
Geoff Haydon: Yes.
Brian Thomas: What drew you to the company and what vision did you have for the future of MXDR when you took the helm?
Geoff Haydon: So I really joined Open Systems originally with the intention of building a, a very strong MDR company. Prior to joining Open Systems, I spent several years kind of in and around managed cybersecurity services and, and MDR specifically.
I spent a couple of years at SecureWorks, which was a traditional MSSP, when I co-led the VMware security business unit. Primary routes to market for us included a lot of the larger NDR providers. And you know what I observed during that time is the NDR market is a massive market demand for MDR services is substantial and, and I believe enduring, but the market was entirely fragmented.
There was nobody that occupied more than 3% market share. The vast majority of the market was occupied by very small companies. And I think the reason for that is that historically these services were delivered very manually and it’s hard to scale great people. And so I just expect that at some point, technology would intervene and disrupt that traditional approach, apply automation, apply AI, and and create a new generation of MDR provider.
What I was introduced to open systems in consideration of the CEO role, I first of all admired. The extent to which the SSE business had been automated and a lot of kind of the AI based principles applied to that traditional business. What I also observed is that before Open Systems launched their MDR service, they acquired a data science and AI company.
Just anticipating that AI would eventually disrupt and, and redefine how these services were built and delivered. And so I really joined Open Systems with the intention of leveraging that startup MDR business as a platform to create a company that would play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic ai.
So that was my assumption at the time, and, and certainly it’s proven to be very valid, uh, as, uh, you know, I believe today that we’re one of the most advanced companies in terms of applying agenda AI to the development and delivery of, of cyber services.
Brian Thomas: Thank you. I appreciate that. I really like to talk to guests on the podcast that do have that vision.
You know, I know you’ve got an amazing background in the managed services space at SPMDR, et cetera, and what I heard is you saw that there was some transformational activities transforming the SaaS industry and you know, you could certainly leverage some of that emerging tech, particularly ai. To do the same in the MDR industry, and I really appreciate that.
So thank you, Geoff. You’ve led security and software companies through significant transformations. How does your experience at VMware, carbon, black SecureWorks and absolute software influence your leadership style at Ontinue?
Geoff Haydon: The shifts that, uh, I’ve seen across the MDR business. Really have to do with a couple of things.
First of all, the breadth of the services that are being provided. When I think of the MDR market 10 years ago, it was a very narrow defined scope that was managed DDR, that was managed sim. It was a very kind of very myopic approach to managed services. I think one of the big shifts that’s occurred that we’re playing a leadership role in is the redefinition of MXDR services to encompass the tax services holistically.
Not just looking at endpoint, but looking at network, looking at cloud, looking at identity, looking at OT and iot, and really creating a service that considers risk and manages risk across these diverse attack surfaces. That’s so one of the most important shifts. One of the other things that we’ve seen is an expansion of the definition of managed cybersecurity service.
Once again, 10 years ago, it was predominantly an alert service that was being provided. Where we would notify customers of a certain level of risk that was developing within their environment. And that was really the extent of the value. We did that 24/7, which at the time was unique. But I just take a look at how substantially the definition of these services have evolved and, and once again, we’re playing a leadership role in, in the definition of this, going beyond just basic detection and not just into response.
Into assessment, into prevention, really aligning the service definition with the NIST framework and providing customers with a much more holistic approach to understanding and and managing risk. The other thing I’ll comment on is that, uh, you know, customers are no longer satisfied with basic services.
They’re really looking for outcomes. They’re looking for quantifiable value, you know, for many years. CISOs were able to request funds with virtual, you know, not an unlimited support level, but very generously supported. And I think, uh, more recently, certainly the security line remains one of the most resilient lines in a a company’s budget.
But I think, uh, CFOs are scrutinizing with more discrimination, the extent to which the security program is performing, the extent to which a partner is delivering measurable value. And I think that’s going to be a central component of how these services are adopted moving forward. And once again, we’re making tremendous.
Progress and investments around not just delivering a valuable service, but being able to demonstrate to customers specifically what that value is, what we’re seeing, what we’re doing, how we’re improving security performance, and, and progressing the maturity of their security program. Brian.
Brian Thomas: Thank you. I appreciate that.
You know, we talked a bit about, in the first question about your experience and of course we covered that again and again. You, you definitely saw shifts in the MDR industry and I know that that vision that you had and that experience that you could bring to it, and I remember those days when back then things were very myopic, very much vertically siloed in some of the services that they would provide.
I like your view of providing customers with a more holistic approach to managing these security services. And I think it’s transformational, honestly. Geoff, my next question here, AI is everywhere right now, but a lot of companies are struggling to go beyond hype. What does it take to actually operationalize AI and security operations and what role does AgTech AI play in that?
Geoff Haydon: It’s a great observation, Brian. I mean, AI is at the peak of its hype cycle has been and will continue to be for a while. You know, we got caught up in that a little bit at one point, and we’re leading with this AI powered MDR service story. You know what we’ve learned a lot about since the advent of on is how customers value ai and what I’ve observed is they’re less interested in ai, quote unquote, and much more interested in how it delivers value to them, how it solves a problem that they’ve got.
And so we’re looking at AI almost entirely in the context of the problem that MXDR is trying to solve. There are a couple of good examples of where and how agentic AI is being applied. The first one just I, is in terms of speed and accuracy of detection and response. At the center of a strong MXDR service is speed of service, speed of detection, precision of response.
As you know, speed matters when it comes to cybersecurity, reducing DW all time, reducing blast radius. And you know, traditionally this was done manually with an analyst. Looking at an incident, coming up with a hypothesis, querying that hypothesis, providing context, informing that hypothesis, and ultimately drawing a conclusion regarding the level of risk and what an appropriate response would be.
A agentic AI is now doing that at machine speed and continually learning through the new incidents that it’s confronting. So that’s a game changer in terms of improving speed. Right now, over a third of the incidents that we confront are automatically resolved. By ai, I mean virtually, instantly, and so that enables our analysts to focus on much more complex, substantial incidents that are developing.
The other statistic we love to share is that 99.5 of the incidents that we resolve or resolve without any customer intervention. So we’re not only making our team more efficient and productive, but reducing the workload for customers once again, which is a very powerful proposition. But the application of a agentic AI goes beyond just detection.
You know, we talked earlier about the NIST framework and extending the service description beyond detection response into assessment prevention. One of the roles of an analyst historically also was not just to deal with immediate incidents, but to look across the threat landscape. We’ve got a very robust threat intelligence program.
We’ve got hundreds of customers, so. We’ve got a very unique perspective on risk and emerging risk. We refer to it as the network effect, and historically it took an analyst to look across that landscape, to observe attacks that were occurring and to anticipate where in our customer base those attacks might be executed, and to harden those environments in anticipation of those to prevent them from being consequential.
The other thing that analysts did is once again, consume this vast quantity of telemetry and to apply experience and analytics to that to determine. Where emerging risk was developing and how that emerging risk might manifest itself in the form of an attack, and who that attack would target. And once again, we would have to work with customers to configure, to introduce compensating controls, to build playbooks once again, to prevent that emerging risk from manifesting itself into an attack that was consequential.
Today, AG Agentic AI is doing that work and the capacity of an agent to ingest that volume of telemetry to apply reason and logic, to be able to draw informed conclusions and to learn continually from the evolving threat landscape, once again is improving the, the speed at which these observations are made, and the speed at which these corrective actions can be taken to prevent these attacks from occurring.
It’s a very powerful evolution.
Brian Thomas: It is amazing. I have the opportunity, Geoff, to interview great people like you that are in this space, whether it’s cyber or leveraging AI or people that actually build machine learning systems, large language models, it’s phenomenal. But just to highlight a couple things, AI is certainly off the charts accelerating exponentially right now, and I like the part where you said customers value ai.
Really, they’re more interested in how much value it’ll provide them, provide them a solution. Versus what AI is really doing. And of course in this business you mentioned speed of service and detection is really key. And I remember when I’ve used a lot of different platforms in my role as a CIO for security, and gosh, it was just a handful of years ago that they were leveraging machine learning to do some of this stuff.
You know, shifting from that human-centered process to leveraging AI and ml. I really appreciate you highlighting that. For us, our audience today, Geoff, the last question I have for you is CISOs today are under immense pressure to do more with less reducing costs while strengthening their security posture.
How does Ontinue’s ion platform help strike that balance and what role do innovations like a agentic AI provide?
Geoff Haydon: Great question. You know, the first thing that we’re focused on is really facilitating. Customer adoption of a security platform. You know, for years. As you know, Brian, we’ve been advocating this defense in depth idea where customers patch together this quilt of, you know, tens or hundreds of security tools in an effort to provide a strong security framework.
The cost of deploying and, and managing that patchwork quote has become untenable. The other reality is that patchwork quote, that defense in depth approach is also introducing vulnerabilities. Gartner, I think it was estimated that over 95% of attacks leverage misconfigurations or misaligned tools. So it’s not only expensive, but vulnerable to leverage this traditional approach.
And what we’re seeing is the deplacement of this traditional approach with the security platform. We think the gold standard for security platforms is the Microsoft security platform. And because of our expertise with it, we’re able to make it easier for companies to deploy it, to adopt it, to operate it, to operationalize it, to derive value from it.
So facilitating that shift from the patchwork quilt to an integrated, robust platform, first of all, has tremendous. Economic benefits. The other thing that we’re very adept at because of our experience with Microsoft and their platform, is extending that platform and displacing adjacent tools. So it’s not just the initial deployment, but over time, applying new features and functions that Microsoft develops to displace other adjacent tools so that economic value proposition is extended and expanded over time.
And finally what we do is we layer our ion platform on top of the Microsoft security platform, once again to leverage their intelligence and telemetry, but in a form that’s consumable and executable. I mentioned earlier that our Ag agentic AI addresses resolves over a third of security incidents without human intervention.
I mean, that’s an enormously valuable proposition, not just in terms of speed, but in terms of for a customer having to reduce the volume of noise that they’ve gotta pay attention to. And the other statistic that I’ll, I’ll reintroduce is that idea of 99.5% of incidents being resolved without customer intervention.
So that the economic proposition is not only around the platform and, and the reduction of tool cost and and maintenance, but you just need fewer people. To manage a security platform that is bringing an incident to a customer, that with that level of fidelity and resolution and confidence. And so because of the substantial reduction in that volumes, we’re also introducing some very compelling economics in terms of how these new security operations functions are staffed.
And this is one of the reasons that we’ve been recognized by Microsoft as one of their global go-to MSSP partners is that. Expertise at, at enabling customers to adopt and operationalize and optimize that platform is tremendously compelling financially. And the last comment I’ll make, as I mentioned earlier, certainly security budgets are resilient, but there is a level of sensitivity around the extent to which customers are realizing value from their investments.
And, and that’s really our primary focus, is ensuring that customers are realizing the maximum level of value from the Microsoft security investments that they’re making.
Brian Thomas: Amazing. Thank you so much, Geoff. We share so much here. We could talk about for hours, but I do remember the defense in depth idea, that layered security approach, right?
Everybody thought, gosh, there’s no magic bullet, so we got all these different systems that we have to manage. Yeah, and obviously that worked back in the day, but is no longer cost effective and there’s just too many platforms to manage and ensure you’re reviewing everything that’s going on, all the anomalies between the systems.
What I really highlighted is your system can obviously integrate, sits on top of that Microsoft platform, can review activity much more efficiently and reduces obviously a lot of overhead and reporting just with the power of your platform. So I appreciate you highlighting that for our audience today.
Geoff, it was such a pleasure having you on today and I look forward to speaking with you real soon.
Geoff Haydon: Brian, I really enjoyed the conversation. Thank you again for having me.
Brian Thomas: Bye for now.
Geoff Haydon Podcast Transcript. Listen to the audio on the guest’s Podcast Page.
