SIEM And MDR For MSPs (EP 993)

[0:21] Hello, friends. Uncle Marv here with another episode of the IT Business Podcast.

[0:26] And we are still coming at you live from Fort Lauderdale, Florida at the Omni Hotel, where we are part of the Enable Empower 2026 conference. And a lovely day here, folks. If you did not come down, you're missing a great day at the beach, but we're here inside. And I am joined right now by Robert Johnston, who was the co-founder and former CEO of Adlumin. But now you're the general manager because you guys are part of Enable. Yeah, that's correct, Uncle Marv. Okay. A little tricky there, but basically you're still the man. Basically, I've actually transitioned to a new role here. Oh, okay. I'm the chief innovation officer here at Enable. Okay, so they couldn't come up with a head nerd comment for you. Right, right, exactly Okay, we are going to go way off track And talk about the fact that before we started recording We found out that we are both from Satellite Beach, Florida What were the chances? And not only are we from there Because I've talked about other people from that area We actually graduated from the same high school Scorpion Prod So, nice, very nice Now, let me ask in terms of time frame, because I'm not going to try to ask if you're older or younger than me.

[1:48] But was the fence around the school when you graduated?

[1:55] The fence was around the school when I graduated. Because when I was there, we had no fence. People could just walk in day or night, go to the lockers, all of that stuff. Yep. Yeah. I think that may have actually been put up in my tenure there because you used to be able to go in through the halls, uh, and then towards my senior year, junior, senior year, it was, it was all fenced in, gated in, whatever you want to call it.

[2:21] So, yeah, we were, I'm not going to say we were kind of the cause of that, but, uh, did you guys sneak out of class and head over to the beach? Because, you know, most people don't realize we were literally, what, two blocks from the beach. Oh, yeah. Yeah. I mean, what a place to grow up in high school. It's like the senior skip days were always at the, always at the beach, you know, and all, a lot of fun to be had. Okay. There, there by the shore. Yeah. So I got there via the Air Force. My dad was in the Air Force. I was in Air Force. Brad, how did you end up there? Right. So my parents moved to that area. My dad worked in defense contracting, so he worked for Northrop Grumman. Okay. Which there was quite a few, Harris, Northrop Grumman, a lot of contractors. So I grew up there on Tortoise Island, which is, you know, right? Oh, Tortoise Island. You know, Tortoise Island? Yeah. Used to be called Spider Island back in the day. I did not know that. Yeah. Before they put the bridge to it, we would canoe over as part of the Boy Scouts. Okay. We would camp over there. Okay.

[3:24] That's right. I would, I would kayak. There was an island, a park or an island park. We would kayak over there and camp over there too, that still existed, but tortoise island, they turned into like a community. Right. And right down the street from Patrick Air Force Base. So I would go, that's where I learned to golf. It was on Patrick Air Force Base and I would use the gym because my dad was in the Marine Corps and retired from the Marine Corps. So I had access, I had access to the, the base facilities there. So I would end up on Patrick Air Force Base all the time. Oh, those were the days. Those were the days. And yeah, we would camp at the survival area on the base there. We would, we would hike from South Housing, which was right by the school, and hike onto the base and around the airfield to the survival camp. So very nice to chat with somebody from the area. I know. I mean, I used to play like Pop Warner football in South Housing right there. They had this, they had the satellite Seahawks. I played Pop Warner football there. Uh, you know, and I, if I would walk to school, I would, I would walk through South Housing. That was the route to get there. You know, you're bringing, you're bringing me back. What a. Yeah. Those were the days, weren't they?

[4:32] Back before it got all built up and now, oof, it has changed a lot. It's come a long way. But all right. So let's circle back now to your time here at Enable. Now, first of all, let's talk about your Adlumin. So you actually were doing cyber stuff before.

[4:52] And then in 2016, is that when you started Adlumin? At the very end of 2016, early 2017, around that time frame is when I started at Lumen. Prior to that, I was in the Marines and I worked, you know, mostly in security, cybersecurity. Worked for the National Security Agency for a little while. Worked for the Marine Corps' Network Operations and Security Center for a while. And then I left the Marine Corps in 2015. And I went to work for CrowdStrike for a short while. I was at CrowdStrike for, call it, five, six months. And then just enough time to do the DNC breach. And I ran that investigation

[5:32] for CrowdStrike. And that was a lot of fun. Then I left CrowdStrike to found Adlumin. End of 2016, early 2017. And ran that until its acquisition in November of 2024 to enable technologies. So here's a question. I don't know if anybody's asked you this because I wasn't able to do a ton of research ahead of time. I tried to normally. But did you get to CrowdStrike and say, I can do this better and start at Lumen? Is that what happened? No.

[6:03] I wouldn't say that's exactly what happened. But I think I always had this concept that I wanted to strike out on my own. That's certainly something I wanted. And it just, you know, things aligned and it made sense. I had, you know, the shell of an idea and decided to go chase down that dream. Okay. How much of what you were seeing with your days in the Marine Corps was far ahead of what we were seeing here in the channel in terms of cybersecurity? Because in 2016, that was still kind of new to us, in a sense. We were still pushing cybersecurity up until the year of our COVID. So what were you saying that was different than what we were seeing?

[6:50] Great question. So the original premise of Adlumin was to build a cost-efficient, easy-to-use, and simple-to-integrate SIEM back then in late 2016, early 2017, SIEM technology for the channel. This was a time in, I would call it SIEM's lifecycle, when it was very much a, you know, Fortune 500 technology. So it was sophisticated it was hard to install it could do a lot the products were very capable, but they were not easily consumable by the channel because of how sophisticated and complicated they were okay so we set out to build one on a firm fixed pricing model, one that was easy to integrate because sim integration back then would take you six months and it still wouldn't work right. And so that's what we set out to do is bring SIEM to the channel. And there weren't very many players in that space. It was a very Fortune 500-centered, enterprise-focused business. And so we set out to disrupt that dynamic.

[7:58] All right. So when did the other aspects come involved? Around 2021. Okay, after the year of our COVID. Yeah, the year of our COVID. Yeah, 2021, 2022.

[8:12] MDR started to rise up and that came to our business doorstep when our customers would say, we love your technology. I'm a middle market bank or I'm a community bank or I'm a community credit union or a dentist office. So I have a compliance and regulatory requirement to have a SIEM.

[8:33] But what I'd really also like you to do, I'll also like to do is, pay you to run it for me because I have a small internal IT team. And, and so I'm, I want managed services essentially on top of that. And that was the MDR business. And so, uh, around 2021, 2022, we entered, uh, we entered the MDR business and that became, I feel like what Adlumin was most known for at the end was our, our MDR products. Well, I, I'll be honest with you. I have a feeling, and I suspect, I don't know, you can correct me, MDR was much more easily integrated into our stack, if that makes sense. We could tie that to endpoints and, you know, resell it and all of that stuff. We knew all of the, you know, DR, you know, acronyms, you know, EDR, XDR, MDR. So that was familiar. Most did not see SIEM as something we needed or could use internally. So is that fair? It is fair, but you had a lot of.

[9:41] Uh managed service providers and bars that were servicing regulated environments like community banking in America they almost all use MSPs and so SIEM resonated there but you're right MDR was more broadly consumable for the long tail because of what it represented right and what it represented was the security problem and business problem that the MDR solves is at its core a human capital problem that most MSPs could never build a 24 by seven security operation center and staff it. They didn't have a business, many of them, that was independently big enough to support that kind of headcount increase where you'd have to hire 15, 20 people to get a 24 seven security operation center. And not to mention in a subject or in a domain that is, you know, It's hard. It's hard to find talent in this domain. Other than AI, still to this day, cybersecurity has one of the largest talent shortages in the United States, right? So it's very hard to find and staff these people, which gave a breath of air for MDR to succeed as a business because we could aggregate the talent, we could aggregate the efficiencies and software and distribute that broadly and convert or make MSPs.

[11:03] Essentially MSSPs. That was the opportunity that every single MSP got or value-added reseller got was to make that transition. Do you think the shortage... I'm going to think this is probably a chicken and egg scenario where the shortage in my mind, some of it stems from the fact that there's so many tools out there. And we were told that, well, just get this tool and this will solve the problem. So people didn't have to really think beyond that into, you know, the engineering behind it and the reasoning and the wise, as long as we had something that would take care of it. But then again, we needed people who understood it to make the tools better and stuff. So it's kind of like this circle. You think that's part of the reason we could have had a shortage or still do? That is part of the reason. The other part is cybersecurity rose to prominence very, very quickly. And we're behind the eight ball behind the eight ball of like a pipeline of trained people to do the job. And so it you know, when I first entered the business in 2008 in security, it was in its infancy. It was just a game that nation states played. And then, you know, essentially by 2016, less than a decade later, I mean, you had e-crime and ransomware everywhere. And so it accelerated so quickly.

[12:25] That trained people to do the job didn't catch up quickly and then you know academia got on board and they got behind it this is compounded by the problem that security is unique in the sense that it requires an organization to defend in multiple different locations at one time so you have to defend at the end point but then this was also taking place at the same time where cloud became dominant and that gave rise to SaaS technologies that opened up applications to SMB and mid-market businesses that weren't available before. Now, when those opened up, attackers took interest in them, right? Because they had sensitive data. And then that required MSPs to now defend in the cloud. So they had to defend at the endpoint through the network and into the cloud. And those required almost different skill sets. You know, a cloud expert is not an endpoint export. A network export is not a cloud expert. And so how are you supposed to be all of those things at one time and you can't find the talent to do it? And it really, it gave new life to a different breed of security companies that

[13:34] could aggregate all of that different knowledge and talent and build software around it. Yeah, we still have that issue. I mean, if you just look at 365 by itself.

[13:43] The 365 tenet is large that you could literally have one person inside your organization. That's all that they did. So it's the largest place on the Internet. I always say it. Okay. Yeah.

[13:56] So let's go back a little bit before Enable gobbled you guys up. It's probably not the right term. But what do you think it was that drew their attention to look at you? Or did you have a bunch of people looking at you? Uh, there was always people looking at us, so we were doing, uh, quite well. What is unique about, uh, in, in a really great acquisition by enable is enable is now in the business of business resilience.

[14:24] And that value proposition at its core has to have three tenants.

[14:30] Enable had two of them prior to the acquisition, and now they have three. And those tenants are secure endpoint management, right? Which is the blocking and tackling of proactive security operations. You're patching, you're scanning, your vulnerability, your endpoint management, all of those things that MSPs were used to doing for more than 20 years, right? Then you had security operations. security operations prior to the acquisition was absent at Enable, but now it is the core pillar, right? And that is finding and stopping breaches in real time as they occur, which in our world looks like SIEM, XDR, and MDR, right? And that's what Adlumin brought to the table. And then the pillar that they did have prior to the acquisition for a long time as well is now the backup, the data recovery, breach recovery, right? With the Cove backup utility. So now you've got the three core pillars that you need for business resilience. Pre-breach, make your network a hard target for attackers. Real-time breach prevention and breach detection through security operations with Adlumin. And then if something does happen, you can recover from breaches with Cove data protection. And so we rounded out that story. And now you see what used to be,

[15:47] you know, a two or three product company. Now we are one product company and we sell the product of business resilience. Yeah.

[15:55] Did you have to change the talk or the education around your product when you guys moved into enable? Because a lot of times those of us that are using our RMM tools, you know, as soon as there's an add-on, you know, we don't have the time ourselves to understand it, let alone implement it and stuff. Did you find yourself having to go back and rethink how to, you know, educate MSPs again? We didn't.

[16:23] Ad Lumen prior to the acquisition was a hundred percent channel company. So we were in. All right. So you were already. We were, our go-to markets were the same. Nice. Right. So we were already selling in and through the channel. And so it made a lot of sense from, you know, our go-to markets were exactly the same. So we didn't have to re-educate our sales team. We didn't have to re-educate their sales team. Nice. And we found that in most cases, many managed service providers understood the value of MDR at that particular point in time. So you didn't have to spend a lot of time educating the market on what MDR brought to the table. Now, there's still some mostly at the smaller end of the MSP spectrum where you had to do some education and their maturity in cybersecurity wasn't as far

[17:13] along, but that's catching up. Like eventually, even to this day, that catch up remains, I think, a tailwind for the MDR business and it remains a tailwind for enabled as well. I was going to ask about that in terms of smaller, less mature MSPs. They understand cybersecurity is important, but they're overwhelmed with trying to implement it and understand that. So you answered that question pretty good. Let me ask, has your.

[17:45] Your role changed, you know, in terms of professionally and personally, uh, the last two years with, you know, being into, you know, the enable ecosystem and stuff, you know, how are things different? How are things better, not better? Of course they've changed. You know, I'm no longer the CEO, uh, you know, the, the executive team here has largely integrated all the different functions or not largely has integrated at this point, uh, all the functions that Adlumin had, the functions that every business has, engineering, support, you know, sales, marketing, everything has been fully integrated. And I, you know, assisted and helped with that integration. And it is going, you know, swimmingly, right? It's quite fantastic to see it come to fruition. What helped with that is prior to even our acquisition, you know, Adlumin had partnered with Enable and for about, you know, almost 18 months, even prior to the acquisition, we were winning customers jointly together and bringing our, they were bringing our product to market as Enable MDR prior to the acquisition. And then, you know, it just kept going. And that was kind of like an add-on integration back then. Right. An OEM, whatever you would want to call it. They were selling Enable MDR. Enable MDR was powered by Adlumin. And then, you know, as time went on, it just made more sense to, to acquire a full roll up and all of that.

[19:14] Okay. So here at Empower, um, I've talked to some of the other execs and a couple of the head nerds and stuff, but what's more important is I've talked to some of the attendees and they were.

[19:27] Probably not the right term, but they've all told me that they're pleasantly surprised that this conference is different than others because the education component has been completely different. They're not being sold vendors or tools as much as they are at some of the other conferences and stuff. What's your one takeaway from Empower this year? This is Empower is our user conference. User conferences are definitely different than independent conferences. Like most of the people here, the partners here are already our customers and then ones that will be customers. So it is an opportunity for enablement as a company where we can teach and train our partners on new technologies, new features, new ways of doing things, new business processes. We get the opportunity to help them with their business and grow their business because when their business grows our business grows right so uh this is a great user conference and you're right they're not getting uh sold to we've already sold to them now we just need to help them right we need to help them we need to grow them and so that is at most at most user conferences that's going to be the focus right very nice uh we got a couple of minutes here i know i have you and until the top of the hour. So let me ask, let me go back and ask a question because I do get to chat with some vendors. Um.

[20:53] When a lot of people come into the IT space in general, you know, a lot of them will go enterprise. A lot of them will just go anywhere.

[21:01] What made you choose to be channel focused from the beginning? It was gap in the market. So remember, we were doing SIEM and later that kind of became XDR.

[21:11] We clearly noticed that, look, if you're going to implement a SIEM or you have to implement a SIEM, which community banks, finance, healthcare, insurance, state local government education, they had significant compliance drivers that required them to have that technology. You had one choice and that was this highly complex, sophisticated enterprise tech that just, they were buying these things and they were drowning. Right. And so that was the gap in the market that we saw. We said, okay, we're going to build one that makes business sense for them. Cost-efficient, easy to use, and simple to integrate. I must have said those three words a million times over the course of running Adlumin in 2016 and 17, right? And so that was the gap in the market and it resonated. If you needed a SIEM, if you were a middle market bank or credit union or healthcare company, you needed our technology and we were a breath of fresh air because we could sell you one that you could actually use, right? And so that gap was very, very important. And that's what we saw. Okay. For an enable partner, or let's just say even a prospect that has not attended here, and shame on them because Fort Lauderdale is a great place to be, what's one takeaway that you would leave with listeners for not being here?

[22:35] Uh, the one takeaway I would, I would leave, uh, is, uh, is the fact that business resilience is actually the new business that you were in. It's not endpoint security or firewall. The maturity of organizations has, uh, has been elevated and you must ensure that you've got pre-breach protection and hardening.

[23:01] You need real breach detection and prevention, and then post-breach recovery. You have to prepare for all three of those. And arguably, you know, no one likes breaches to occur, but post-breach recovery is probably one of the most important.

[23:16] And then I would say pre-breach hardening is probably the most forgotten skill. Yeah. Right. We were so focused on right of boom for a long time. We forgot there's a left of boom. And the left of boom is boring.

[23:30] It's mundane yeah it's why no one likes to do it why do we need this nothing's ever happened before, yep and security is one of those interesting businesses like it used to be in when i first got into it that the chances that an organization would sustain or experience a breach were very small so you selling security was almost like selling insurance yeah right because you were selling them a product for an event that may or may not ever happen. Someone might only experience one breach in their entire professional career. But now today, the SMB is three times more likely to get breached than an enterprise customer. Oh, yeah. Right. A lot faster and a lot sooner. Yeah. And all of that. So, all right. Last question. You're going to retire back in satellite beach ah i I’ve got such an affinity for the beach you know i grew up there I’m a scorpion for life and uh yeah i know yeah you know i haven't thought about it but i love i come back to satellite beach i love it there my mom is still there in Melbourne yeah um so we'll have a home to consider in a little bit uh.

[24:37] Uh i don't know it'll be interesting you ever come so far it has Da Kine Diego’s is still there really ever eat at Da Kine Diego's no i have not the burrito place on the beach i know it oh my goodness and that's sad because there's a lot of remember how open the beach actually you know you probably you were probably there when they started throwing up those condos uh yeah on the east side of it oh yeah there were lots of condos so they were you know from all in front of satellite beach they were open except for that realty company across from the McDonald’s yeah Yeah. Oh, yeah. I know that place as well. And then, of course, everything up through Patrick Air Force Base in Cocoa Beach. Yep. Yep. Very interesting. All right. Well, Robert, I know you got to go. Thank you very much for stopping by.

[25:19] We will certainly stay in touch because we got to talk about the beach. Love it. All right. All right, folks. Robert Johnston, General Manager at Lumen at Enable. Actually, your title was changed. Chief Innovation Officer. That's it. We'll be back with more from here at the Omni Hotel in Fort Lauderdale Beach at Empower 2026. See you soon. Holla.