The Digital Executive – Ep. 1090

Geoff Haydon on Redefining MXDR with Agentic AI
Date: July 28, 2025
Host: Brian (Coruzant Technologies)
Guest: Geoff Haydon, CEO of Ontinu

Episode Overview

This episode features Geoff Haydon, CEO of Ontinu, a leader in managed security (MXDR) solutions for Microsoft security customers. The conversation centers on redefining MXDR (Managed Extended Detection & Response) through agentic AI, the evolution of cybersecurity services, and strategies for delivering ROI and efficiency in a fast-changing, AI-driven landscape. Haydon pulls from a storied career across firms like VMware, Carbon Black, and SecureWorks, discussing the operational realities of AI in security and how Ontinu’s ION platform leads in automation and value delivery.

Key Discussion Points & Insights

1. Haydon’s Journey and Vision for MXDR

[01:14]–[03:14]

Industry Fragmentation: Haydon was drawn to the sector's fragmentation: "The MDR market is a massive market...there was nobody that occupied more than 3% market share. The vast majority of the market was occupied by very small companies. And I think the reason for that is that historically these services were delivered very manually and it’s hard to scale great people." (Haydon, 01:38)
Role of Technology & AI: He foresaw that technology would inevitably transform MDR: "I just expect that at some point technology would intervene and disrupt that traditional approach, apply automation, apply AI and create a new generation of MDR provider." (Haydon, 02:03)
Joining Ontinu: The “foundational bet” was on leveraging AI to disrupt and lead MDR: “I really joined Open Systems with the intention of leveraging that startup MDR business as a platform to create a company that would play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic AI.” (Haydon, 02:37)

2. The Evolution of Managed Security Services

[03:51]–[06:25]

Broader Attack Surface: Haydon highlights the shift from narrow, siloed MDR definitions (“very myopic”) to a holistic, risk-centric MXDR: "We’re playing a leadership role in is the redefinition of MXDR services to encompass attack surfaces holistically. Not just looking at endpoint, but looking at network, looking at cloud, looking at identity, looking at OT and IoT, and really creating a service that considers risk...across these diverse attack surfaces." (Haydon, 04:06)
Service Evolution Aligned to NIST: The focus has shifted from mere detection/alerting to aligning with frameworks (like NIST), encompassing prevention, assessment, and holistic risk management.
Demand for Outcomes: Today’s customers require measurable value, not just service availability: “Customers are no longer satisfied with basic services. They’re really looking for outcomes. They’re looking for quantifiable value.” (Haydon, 05:28)
Economic Pressure: CFOs increasingly scrutinize security investments: “I think CFOs are scrutinizing with more discrimination the extent to which the security program is performing, the extent to which a partner is delivering measurable value.” (Haydon, 05:40)

3. Operationalizing AI & The Role of Agentic AI

[07:07]–[10:41]

Beyond Hype: Haydon asserts, "AI is at the peak of its hype cycle...what I've observed is they're less interested in AI, quote, unquote, and much more interested in how it delivers value to them, how it solves a problem that they've got." (Haydon, 07:18)
AI's Transformational Impact:
- Speed & Precision: Agentic AI drives rapid, precise detection and response: “At the center of a strong MXDR service is speed of service, speed of detection, precision of response. As you know, speed matters when it comes to cybersecurity. Reducing dwell time, reducing blast radius.” (Haydon, 07:51)
- Volume and Automation: Over one-third of incidents are automatically resolved by AI, instantly: “Right now, over a third of the incidents that we confront are automatically resolved. By AI, virtually instantly.” (Haydon, 08:21)
- Effortless Customer Experience: “99.5% of the incidents that we resolve are resolved without any customer intervention.” (Haydon, 08:29)
Holistic Role: Agentic AI handles not just detection, but proactive risk identification and remediation: “The capacity of an agent to ingest that volume of telemetry, to apply reason and logic...and to learn continually from the evolving threat landscape...is improving the speed at which these observations are made and the speed at which these corrective actions can be taken...” (Haydon, 09:49)

4. Addressing CISO Challenges: Doing More With Less

[11:46]–[14:57]

Platform Over Patchwork: The previous “defense-in-depth” patchwork of tools is costly and increases risk through misconfigurations. Haydon argues for integrated platforms: "The cost of deploying and managing that patchwork quote has become untenable. The other reality is...that defense in depth approach, is also introducing vulnerabilities. Gartner...estimated that over 95% of attacks leverage misconfigurations or misaligned tools." (Haydon, 12:02)
Microsoft Security Ecosystem: Ontinu helps companies maximize their Microsoft security investments, simplifying deployment, adoption, and operationalization: "We're able to make it easier for companies to deploy it, to adopt it, to operate it, to operationalize it, to derive value from it." (Haydon, 12:37)
Agentic AI’s Cost Impact: Significant operational and economic value—fewer people can do more: "You just need fewer people to manage a security platform...with that level of fidelity and resolution and confidence." (Haydon, 13:48)
Recognized Expertise: Ontinu is a global go-to MSSP partner for Microsoft, owing to this highly efficient, value-driven approach.

Notable Quotes & Memorable Moments

“[The market] was entirely fragmented...historically these services were delivered very manually and it’s hard to scale great people.” (Haydon, 01:38)
“I joined Open Systems...to play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic AI.” (Haydon, 02:37)
“We’re playing a leadership role in is the redefinition of MXDR services to encompass attack surfaces holistically.” (Haydon, 04:06)
“Customers are no longer satisfied with basic services. They’re really looking for outcomes. They’re looking for quantifiable value.” (Haydon, 05:28)
“AI is at the peak of its hype cycle...what I've observed is they're less interested in AI, quote, unquote, and much more interested in how it delivers value to them, how it solves a problem that they've got.” (Haydon, 07:18)
“99.5% of the incidents that we resolve are resolved without any customer intervention.” (Haydon, 08:29)
“The cost of deploying and managing [a patchwork of tools] has become untenable...over 95% of attacks leverage misconfigurations or misaligned tools.” (Haydon, 12:02)
“You just need fewer people to manage a security platform...with that level of fidelity and resolution and confidence.” (Haydon, 13:48)

Key Timestamps

01:14 – Haydon on joining Ontinu and vision for MXDR
03:51 – Changing cybersecurity services: Breadth, value, and outcomes
07:07 – AI beyond the hype: delivering actual value in MXDR
08:21 – Agentic AI automates a third of incidents, 99.5% resolved without customers
12:02 – Platform approach replacing patchwork security; reducing cost and risk
13:48 – AI-driven efficiency: fewer people required, high confidence in outcomes

Conclusion

Geoff Haydon’s appearance on The Digital Executive delivers a succinct but rich exploration of how agentic AI is revolutionizing managed security. By moving past industry hype to deliver measurable, automated outcomes and enabling operational efficiency, Ontinu’s approach—anchored in the Microsoft security ecosystem and AI-driven automation—addresses real-world CISO challenges of scale, cost, and performance. Haydon’s experience and vision offer a compelling look at the future of MXDR and managed cybersecurity.

The Digital Executive – Ep. 1090

Geoff Haydon on Redefining MXDR with Agentic AI
Date: July 28, 2025
Host: Brian (Coruzant Technologies)
Guest: Geoff Haydon, CEO of Ontinu

Episode Overview

Key Discussion Points & Insights

1. Haydon’s Journey and Vision for MXDR

[01:14]–[03:14]

Industry Fragmentation: Haydon was drawn to the sector's fragmentation: "The MDR market is a massive market...there was nobody that occupied more than 3% market share. The vast majority of the market was occupied by very small companies. And I think the reason for that is that historically these services were delivered very manually and it’s hard to scale great people." (Haydon, 01:38)
Role of Technology & AI: He foresaw that technology would inevitably transform MDR: "I just expect that at some point technology would intervene and disrupt that traditional approach, apply automation, apply AI and create a new generation of MDR provider." (Haydon, 02:03)
Joining Ontinu: The “foundational bet” was on leveraging AI to disrupt and lead MDR: “I really joined Open Systems with the intention of leveraging that startup MDR business as a platform to create a company that would play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic AI.” (Haydon, 02:37)

2. The Evolution of Managed Security Services

[03:51]–[06:25]

Broader Attack Surface: Haydon highlights the shift from narrow, siloed MDR definitions (“very myopic”) to a holistic, risk-centric MXDR: "We’re playing a leadership role in is the redefinition of MXDR services to encompass attack surfaces holistically. Not just looking at endpoint, but looking at network, looking at cloud, looking at identity, looking at OT and IoT, and really creating a service that considers risk...across these diverse attack surfaces." (Haydon, 04:06)
Service Evolution Aligned to NIST: The focus has shifted from mere detection/alerting to aligning with frameworks (like NIST), encompassing prevention, assessment, and holistic risk management.
Demand for Outcomes: Today’s customers require measurable value, not just service availability: “Customers are no longer satisfied with basic services. They’re really looking for outcomes. They’re looking for quantifiable value.” (Haydon, 05:28)
Economic Pressure: CFOs increasingly scrutinize security investments: “I think CFOs are scrutinizing with more discrimination the extent to which the security program is performing, the extent to which a partner is delivering measurable value.” (Haydon, 05:40)

3. Operationalizing AI & The Role of Agentic AI

[07:07]–[10:41]

Beyond Hype: Haydon asserts, "AI is at the peak of its hype cycle...what I've observed is they're less interested in AI, quote, unquote, and much more interested in how it delivers value to them, how it solves a problem that they've got." (Haydon, 07:18)
AI's Transformational Impact:
- Speed & Precision: Agentic AI drives rapid, precise detection and response: “At the center of a strong MXDR service is speed of service, speed of detection, precision of response. As you know, speed matters when it comes to cybersecurity. Reducing dwell time, reducing blast radius.” (Haydon, 07:51)
- Volume and Automation: Over one-third of incidents are automatically resolved by AI, instantly: “Right now, over a third of the incidents that we confront are automatically resolved. By AI, virtually instantly.” (Haydon, 08:21)
- Effortless Customer Experience: “99.5% of the incidents that we resolve are resolved without any customer intervention.” (Haydon, 08:29)
Holistic Role: Agentic AI handles not just detection, but proactive risk identification and remediation: “The capacity of an agent to ingest that volume of telemetry, to apply reason and logic...and to learn continually from the evolving threat landscape...is improving the speed at which these observations are made and the speed at which these corrective actions can be taken...” (Haydon, 09:49)

4. Addressing CISO Challenges: Doing More With Less

[11:46]–[14:57]

Platform Over Patchwork: The previous “defense-in-depth” patchwork of tools is costly and increases risk through misconfigurations. Haydon argues for integrated platforms: "The cost of deploying and managing that patchwork quote has become untenable. The other reality is...that defense in depth approach, is also introducing vulnerabilities. Gartner...estimated that over 95% of attacks leverage misconfigurations or misaligned tools." (Haydon, 12:02)
Microsoft Security Ecosystem: Ontinu helps companies maximize their Microsoft security investments, simplifying deployment, adoption, and operationalization: "We're able to make it easier for companies to deploy it, to adopt it, to operate it, to operationalize it, to derive value from it." (Haydon, 12:37)
Agentic AI’s Cost Impact: Significant operational and economic value—fewer people can do more: "You just need fewer people to manage a security platform...with that level of fidelity and resolution and confidence." (Haydon, 13:48)
Recognized Expertise: Ontinu is a global go-to MSSP partner for Microsoft, owing to this highly efficient, value-driven approach.

Notable Quotes & Memorable Moments

“[The market] was entirely fragmented...historically these services were delivered very manually and it’s hard to scale great people.” (Haydon, 01:38)
“I joined Open Systems...to play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic AI.” (Haydon, 02:37)
“We’re playing a leadership role in is the redefinition of MXDR services to encompass attack surfaces holistically.” (Haydon, 04:06)
“Customers are no longer satisfied with basic services. They’re really looking for outcomes. They’re looking for quantifiable value.” (Haydon, 05:28)
“AI is at the peak of its hype cycle...what I've observed is they're less interested in AI, quote, unquote, and much more interested in how it delivers value to them, how it solves a problem that they've got.” (Haydon, 07:18)
“99.5% of the incidents that we resolve are resolved without any customer intervention.” (Haydon, 08:29)
“The cost of deploying and managing [a patchwork of tools] has become untenable...over 95% of attacks leverage misconfigurations or misaligned tools.” (Haydon, 12:02)
“You just need fewer people to manage a security platform...with that level of fidelity and resolution and confidence.” (Haydon, 13:48)

Key Timestamps

01:14 – Haydon on joining Ontinu and vision for MXDR
03:51 – Changing cybersecurity services: Breadth, value, and outcomes
07:07 – AI beyond the hype: delivering actual value in MXDR
08:21 – Agentic AI automates a third of incidents, 99.5% resolved without customers
12:02 – Platform approach replacing patchwork security; reducing cost and risk
13:48 – AI-driven efficiency: fewer people required, high confidence in outcomes

wavePod

Geoff Haydon on Redefining MXDR with Agentic AI | Ep 1090

Summary

The Digital Executive – Ep. 1090

Episode Overview

Key Discussion Points & Insights

1. Haydon’s Journey and Vision for MXDR

2. The Evolution of Managed Security Services

3. Operationalizing AI & The Role of Agentic AI

4. Addressing CISO Challenges: Doing More With Less

Notable Quotes & Memorable Moments

Key Timestamps

Conclusion

Summary

The Digital Executive – Ep. 1090

Episode Overview

Key Discussion Points & Insights

1. Haydon’s Journey and Vision for MXDR

2. The Evolution of Managed Security Services

3. Operationalizing AI & The Role of Agentic AI

4. Addressing CISO Challenges: Doing More With Less

Notable Quotes & Memorable Moments

Key Timestamps

Conclusion