Summary6 min read

The Digital Executive – Ep. 1090

Geoff Haydon on Redefining MXDR with Agentic AI
Date: July 28, 2025
Host: Brian (Coruzant Technologies)
Guest: Geoff Haydon, CEO of Ontinu

Episode Overview

This episode features Geoff Haydon, CEO of Ontinu, a leader in managed security (MXDR) solutions for Microsoft security customers. The conversation centers on redefining MXDR (Managed Extended Detection & Response) through agentic AI, the evolution of cybersecurity services, and strategies for delivering ROI and efficiency in a fast-changing, AI-driven landscape. Haydon pulls from a storied career across firms like VMware, Carbon Black, and SecureWorks, discussing the operational realities of AI in security and how Ontinu’s ION platform leads in automation and value delivery.

Key Discussion Points & Insights

1. Haydon’s Journey and Vision for MXDR

[01:14]–[03:14]

Industry Fragmentation: Haydon was drawn to the sector's fragmentation: "The MDR market is a massive market...there was nobody that occupied more than 3% market share. The vast majority of the market was occupied by very small companies. And I think the reason for that is that historically these services were delivered very manually and it’s hard to scale great people." (Haydon, 01:38)
Role of Technology & AI: He foresaw that technology would inevitably transform MDR: "I just expect that at some point technology would intervene and disrupt that traditional approach, apply automation, apply AI and create a new generation of MDR provider." (Haydon, 02:03)
Joining Ontinu: The “foundational bet” was on leveraging AI to disrupt and lead MDR: “I really joined Open Systems with the intention of leveraging that startup MDR business as a platform to create a company that would play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic AI.” (Haydon, 02:37)

2. The Evolution of Managed Security Services

[03:51]–[06:25]

Broader Attack Surface: Haydon highlights the shift from narrow, siloed MDR definitions (“very myopic”) to a holistic, risk-centric MXDR: "We’re playing a leadership role in is the redefinition of MXDR services to encompass attack surfaces holistically. Not just looking at endpoint, but looking at network, looking at cloud, looking at identity, looking at OT and IoT, and really creating a service that considers risk...across these diverse attack surfaces." (Haydon, 04:06)
Service Evolution Aligned to NIST: The focus has shifted from mere detection/alerting to aligning with frameworks (like NIST), encompassing prevention, assessment, and holistic risk management.
Demand for Outcomes: Today’s customers require measurable value, not just service availability: “Customers are no longer satisfied with basic services. They’re really looking for outcomes. They’re looking for quantifiable value.” (Haydon, 05:28)
Economic Pressure: CFOs increasingly scrutinize security investments: “I think CFOs are scrutinizing with more discrimination the extent to which the security program is performing, the extent to which a partner is delivering measurable value.” (Haydon, 05:40)

3. Operationalizing AI & The Role of Agentic AI

[07:07]–[10:41]

Beyond Hype: Haydon asserts, "AI is at the peak of its hype cycle...what I've observed is they're less interested in AI, quote, unquote, and much more interested in how it delivers value to them, how it solves a problem that they've got." (Haydon, 07:18)
AI's Transformational Impact:
- Speed & Precision: Agentic AI drives rapid, precise detection and response: “At the center of a strong MXDR service is speed of service, speed of detection, precision of response. As you know, speed matters when it comes to cybersecurity. Reducing dwell time, reducing blast radius.” (Haydon, 07:51)
- Volume and Automation: Over one-third of incidents are automatically resolved by AI, instantly: “Right now, over a third of the incidents that we confront are automatically resolved. By AI, virtually instantly.” (Haydon, 08:21)
- Effortless Customer Experience: “99.5% of the incidents that we resolve are resolved without any customer intervention.” (Haydon, 08:29)
Holistic Role: Agentic AI handles not just detection, but proactive risk identification and remediation: “The capacity of an agent to ingest that volume of telemetry, to apply reason and logic...and to learn continually from the evolving threat landscape...is improving the speed at which these observations are made and the speed at which these corrective actions can be taken...” (Haydon, 09:49)

4. Addressing CISO Challenges: Doing More With Less

[11:46]–[14:57]

Platform Over Patchwork: The previous “defense-in-depth” patchwork of tools is costly and increases risk through misconfigurations. Haydon argues for integrated platforms: "The cost of deploying and managing that patchwork quote has become untenable. The other reality is...that defense in depth approach, is also introducing vulnerabilities. Gartner...estimated that over 95% of attacks leverage misconfigurations or misaligned tools." (Haydon, 12:02)
Microsoft Security Ecosystem: Ontinu helps companies maximize their Microsoft security investments, simplifying deployment, adoption, and operationalization: "We're able to make it easier for companies to deploy it, to adopt it, to operate it, to operationalize it, to derive value from it." (Haydon, 12:37)
Agentic AI’s Cost Impact: Significant operational and economic value—fewer people can do more: "You just need fewer people to manage a security platform...with that level of fidelity and resolution and confidence." (Haydon, 13:48)
Recognized Expertise: Ontinu is a global go-to MSSP partner for Microsoft, owing to this highly efficient, value-driven approach.

Notable Quotes & Memorable Moments

“[The market] was entirely fragmented...historically these services were delivered very manually and it’s hard to scale great people.” (Haydon, 01:38)
“I joined Open Systems...to play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic AI.” (Haydon, 02:37)
“We’re playing a leadership role in is the redefinition of MXDR services to encompass attack surfaces holistically.” (Haydon, 04:06)
“Customers are no longer satisfied with basic services. They’re really looking for outcomes. They’re looking for quantifiable value.” (Haydon, 05:28)
“AI is at the peak of its hype cycle...what I've observed is they're less interested in AI, quote, unquote, and much more interested in how it delivers value to them, how it solves a problem that they've got.” (Haydon, 07:18)
“99.5% of the incidents that we resolve are resolved without any customer intervention.” (Haydon, 08:29)
“The cost of deploying and managing [a patchwork of tools] has become untenable...over 95% of attacks leverage misconfigurations or misaligned tools.” (Haydon, 12:02)
“You just need fewer people to manage a security platform...with that level of fidelity and resolution and confidence.” (Haydon, 13:48)

Key Timestamps

01:14 – Haydon on joining Ontinu and vision for MXDR
03:51 – Changing cybersecurity services: Breadth, value, and outcomes
07:07 – AI beyond the hype: delivering actual value in MXDR
08:21 – Agentic AI automates a third of incidents, 99.5% resolved without customers
12:02 – Platform approach replacing patchwork security; reducing cost and risk
13:48 – AI-driven efficiency: fewer people required, high confidence in outcomes

Conclusion

Geoff Haydon’s appearance on The Digital Executive delivers a succinct but rich exploration of how agentic AI is revolutionizing managed security. By moving past industry hype to deliver measurable, automated outcomes and enabling operational efficiency, Ontinu’s approach—anchored in the Microsoft security ecosystem and AI-driven automation—addresses real-world CISO challenges of scale, cost, and performance. Haydon’s experience and vision offer a compelling look at the future of MXDR and managed cybersecurity.

Loading summary

Transcript14 lines

[00:00]
A
Foreign.
[00:09]
B
Welcome to Coruscant Technologies, home of the Digital Executive Podcast. Welcome to the Digital Executive. Today's guest is Jeff Hayden. Jeff Hayden became OntinU's CEO in 2023, bringing over two decades of leadership in security and enterprise software. He is responsible for ensuring that Ontinu is ion. The company's MXDR product helps Microsoft security customers reduce risk, minimize cost and enable business performance. Jeff previously joined Open Systems as CEO in 2021, where he led the company's Managed SAEs product to connect and secure users, applications and data globally. Well, good afternoon, Jeff. Welcome to the show.
[00:46]
A
Thank you, Brian. Great to be here. Thanks for having me.
[00:49]
B
Absolutely, my friend. I appreciate it. And I know sometimes traversing the globe doing these is a challenge, but I know that you're just in a nice, cool, relaxing atmosphere up north US in Canada at the moment, so I appreciate that. Jeff, let's jump into your first question here. You became CEO of Ontenu in 2023. What drew you to the company and what vision did you have for the future of MXDR when you took the helm?
[01:14]
A
So I really joined Open Systems originally with the intention of building a very strong MDR company. Prior to joining Open Systems, I spent several years kind of in and around managed CyberSecurity Services and MDR. Specifically I spent a couple of years at SecureWorks, which was a traditional MSSP when I co led the VMware Security Business Unit. Primary routes to market for us included a lot of the larger MDR providers. And you know, what I observed during that time is the MDR market is a massive market. Demand for MDR services is substantial and I believe enduring. But the market was entirely fragmented. There was nobody that occupied more than 3% market share. The vast majority of the market was occupied by very small companies. And I think the reason for that is that historically these services were delivered very manually and it's hard to scale great people. And so I just expect that at some point technology would intervene and disrupt that traditional approach, apply automation, apply AI and create a new generation of MDR provider. When I was introduced to Open Systems in consideration of the CEO role, I first of all admired the extent to which the SASE business had been automated and a lot of kind of the AI based principles were applied to that traditional business. What I also observed is that before Open Systems launched their MDR service, they acquired a data science and AI company, just anticipating that AI would eventually disrupt and redefine how these services were built and delivered. And so I really joined Open Systems with the intention of leveraging that startup MDR business as a platform to create a company that would play a central role in disrupting, redefining, and ultimately leading the next generation of MDR providers through the application of agentic AI. So that was my assumption at the time, and certainly it's proven to be very valid. As you know, I believe today that we're one of the most advanced companies in terms of applying agentic AI to the development and delivery of cyber services.
[03:15]
B
Thank you, I appreciate that. I really like to talk to guests on the podcast that do have that vision. I know you've got an amazing background in the managed services space, nsp, mdr, et cetera. And what I heard is you saw that there was some transformational activities transforming the SaaS industry, and you could see certainly leverage some of that emerging tech, particularly AI, to do the same in the MDR industry. And I really appreciate that. So thank you. Jeff, you've led security and software companies through significant transformations. How does your experience at VMware, Carbon Black, SecureWorks and Absolute Software influence your leadership style at Ontenu?
[03:51]
A
The shifts that I've seen across the MDR business really have to do with a couple of things. First of all, the breadth of the services that are being provided. When I think of the MDR market 10 years ago, it was a very narrow, defined scope. There was managed DDR, there was managed sim. It was a very kind of very myopic approach to managed services. I think one of the big shifts that's occurred that we're playing a leadership role in is the redefinition of MXDR services to encompass attack services holistically. Not just looking at endpoint, but looking at network, looking at cloud, looking at identity, looking at OT and IoT, and really creating a service that considers risk and manages risk across these diverse attack surfaces. That's one of the most important shifts. One of the other things that we've seen is an expansion of the definition of managed cybersecurity Service. Once again, 10 years ago, it was predominantly an alert service that was being provided where we would notify customers of a certain level of risk that was developing within their environment. And that was really the extent of the value. We did that 24 by 7, which at the time was unique. But I just take a look at how substantially the definition of these services have evolved, and once again, we're playing a leadership role in the definition of this, going beyond just basic detection and not just into response, into assessment, into prevention. Really aligning the service definition with the NIST framework and providing customers with a much more holistic approach to understanding and managing risk. The other thing I'll comment on is that, you know, customers are no longer satisfied with basic services. They're really looking for outcomes. They're looking for quantifiable value. You know, for many years, CISOs were able to request funds with virtual, you know, not an unlimited support level, but very generously supported. And I think more recently, certainly the security line remains one of the most resilient lines in a company's budget. But I think CFOs are scrutinizing with more discrimination the extent to which the security program is performing, the extent to which a partner is delivering measurable value. And I think that's going to be a central component of how these services are adopted moving forward. And once again, we're making tremendous progress and investments around not just delivering a valuable service, but being able to demonstrate to customers specifically what that value is, what we're seeing, what we're doing, how we're improving security performance and progressing the maturity of their security program. Brian, thank you.
[06:26]
B
I appreciate that. You know, we talked a bit about, in the first question about your experience, and of course we cover that again and again. You definitely saw shifts in the MDR industry. And I know that that vision that you had and that experience that you could bring to it. And I remember those days when back then things were very myopic, very much vertically siloed in some of the services that they would provide. I like your view of providing customers with a more holistic approach to managing these security services. And I think it's transformational, honestly. Jeff, my next question here. AI is everywhere right now, but a lot of companies are struggling to go beyond hype. What does it take to actually operationalize AI and security operations, and what role does agentic AI play in that?
[07:07]
A
It's a great observation, Brian. I mean, AI is at the peak of its hype cycle, has been and will continue to be for a while. You know, we got caught up in that a little bit at one point, and we're leading with this AI powered MDR service story. You know, what we've learned a lot about since the advent of Bontenu is how customers value AI. And what I've observed is they're less interested in AI, quote, unquote, and much more interested in how it delivers value to them, how it solves a problem that they've got. And so we're looking at AI almost entirely in the context of the problem that MXDR is trying to solve. There are a couple of good examples of where and how agentic AI is being applied. The first one just is in terms of speed and accuracy of detection and response. At the center of a strong MXDR service is speed of service, speed of detection, precision of response. As you know, speed matters when it comes to cybersecurity. Reducing dwell time, reducing blast radius. And, you know, traditionally this was done manually with an analyst looking at an incident, coming up with a hypothesis, querying that hypothesis, providing context, informing that hypothesis, and ultimately drawing a conclusion regarding the level of risk and what an appropriate response would be. Agentic AI is now doing that at machine speed and continually learning through the new incidents that it's confronting. So that's a game changer in terms of improving speed. Right now, over a third of the incidents that we confront are automatically resolved. By AI, I mean, virtually instantly. And so that enables our analysts to focus on much more complex, substantial incidents that are developing. The other statistic we love to share is that 99.5 of the incidents that we resolve are resolved without any customer intervention. So we're not only making our team more efficient and productive, but reducing the workload for customers once again, which is a very powerful proposition. But the application magentic AI goes beyond just detection. You know, we talked earlier about the NIST framework and extending the service description beyond detection response into a CEL assessment prevention. One of the roles of an analyst historically also was not just to deal with immediate incidents, but to look across the threat landscape. We've got a very robust threat intelligence program. We've got hundreds of customers, so we've got a very unique perspective on risk and emerging risk. We refer to it as the network effect. And historically, it took an analyst to look across that landscape to observe attacks that were occurring and to anticipate where in our customer base those attacks might be executed and to harden those environments in anticipation of those, to prevent them from being consequential. The other thing that analysts did is once again consume this vast quantity of telemetry and to apply experience and analytics to that, to determine where emerging risk was developing and how that emerging risk might manifest itself in the form of an attack and who that attack would target. And once again, we would have to work with customers to configure, to introduce compensated controls, to build playbooks once again to prevent that emerging risk from manifesting itself into an attack that was consequential. Today, agentic AI is doing that work and the capacity of an agent to ingest that volume of telemetry, to apply reason and logic to be able to draw informed conclusions and to learn continually from the evolving threat landscape once again is improving the speed at which these observations are made and the speed at which these corrective actions can be taken to prevent these attacks from occurring. It's a very powerful evolution.
[10:41]
B
It is amazing. I have the opportunity, Jeff, to interview great people like you that are in this space, whether it's cyber or leveraging AI, or people that actually build machine learning systems, large language models. It's phenomenal. But just to highlight a couple things, AI is certainly off the charts accelerating exponentially right now. And I like the part where you said customers value AI. Really, they're more interested in how much value it'll provide them, provide them a solution versus what AI is really doing. And of course, in this business you mentioned speed of service and detection is really key. And I remember when I've used a lot of different platforms in my role as a CIO for security and gosh, it was just a handful of years ago that they were leveraging machine learning to do some of this stuff. You know, shifting from that human centered process to leveraging AI and ML. I really appreciate you highlighting that for us, our audience today. Jeff, the last question I have for you is CISOs today are under immense pressure to do more with less, reducing costs while strengthening their security posture. How does on tenu's ION platform help strike that balance? And what role do innovations like agentic AI provide?
[11:47]
A
Great question. You know, the first thing that we're focused on is really facilitating customer adoption of a security platform. You know, for years, as you know, Brian, we've been advocating this defense in depth idea where customers patch together this quilt of, you know, tens or hundreds of security tools in an effort to provide a strong security framework. The cost of deploying and managing that patchwork quote has become untenable. The other reality is that patchwork quilt, that defense in depth approach, is also introducing vulnerabilities. Gartner. I think it was estimated that over 95% of attacks leverage misconfigurations or misaligned tools. So it's not only expensive but vulnerable to leverage this traditional approach. And what we're seeing is the placement of this traditional approach with the security platform. We think the gold standard for security platforms is the Microsoft security platform. And because of our expertise with it, we're able to make it easier for companies to deploy it, to adopt it, to operate it, to operationalize it, to derive value from it. So facilitating that shift from the patchwork quilt to an integrated, robust platform first of all, has tremendous economic benefits. The other thing that we're very adept at because of our experience with Microsoft and their platform is extending that platform and displacing adjacent tools. So it's not just the initial deployment, but over time applying new features and functions that Microsoft develops to displace other adjacent tools so that economic value proposition is extended and expanded over time. And finally, what we do is we layer our ion platform on top of the Microsoft security platform once again to leverage their intelligence and telemetry, but in a form that's consumable and executable. I mentioned earlier that our agentic AI addresses resolves over a third of security incidents without human intervention. I mean, that's an enormously valuable, valuable proposition, not just in terms of speed, but in terms of for a customer having to reduce the volume of noise that they've got to pay attention to. And the other statistic that I'll reintroduce is that idea of 99.5% of incidents being resolved without customer intervention. So that the economic proposition is not only around the platform and the reduction of tool cost and maintenance, but you just need fewer people to manage a security platform that is bringing an incident to a customer, that with that level of fidelity and resolution and confidence. And so because of the substantial reduction in that volume, we're also introducing some very compelling economics in terms of how these new security operations functions are staffed. And this is one of the reasons that we've been recognized by Microsoft as one of their global go to MSSP partners is that that expertise at enabling customers to adopt and operationalize and optimize that platform is tremendously compelling financially. And the last comment to make, as I mentioned earlier, certainly security budgets are resilient, but there is a level of sensitivity around the extent to which customers are realizing value from their investments. And that's really our primary focus, is ensuring that customers are realizing the maximum level of value from the Microsoft security investments that they're making.
[14:57]
B
Amazing. Thank you so much, Jeff. We share so much here we could talk about for hours. But I do remember the defense in depth idea, that layered security approach, right. Everybody thought, gosh, there's no magic bullet. So we got all these different systems that we have to manage, obviously that worked back in the day, but is no longer cost effective. And there's just too many platforms to manage and ensure. You're reviewing everything that's going on at all the anomalies between the systems. What I really highlighted is your ion system can obviously integrate, sits on top of that Microsoft platform can review activity much more efficiently and reduces obviously a lot of overhead and reporting just with the power of your platform. So I appreciate you highlighting that for our audience today. Jeff, it was such a pleasure having you on today and I look forward to speaking with you real soon.
[15:41]
A
Ryan, I really enjoyed the conversation. Thank you again for having me.
[15:44]
B
Bye for now.