The rush to embrace AI has created a security problem: security teams often see agentic AI projects only after they're already running.
And that's where Anup Kumar, CEO of Optiv Consulting, sees a "generational" opportunity. Investment firm Vobis Venture bought the consulting practice from value-added reseller Optiv Security June 2, landing a team of approximately 500 consultants and about 200 Fortune 500 clients.
“It's a dream hunting ground for us and for any player in this space,” said Kumar, who also serves as operations executive partner at Vobis. “We were looking for an asset like this for a very long time. For us, this is super exciting as a foundational capability.”
Optiv Consulting has launched at a time when AI-focused consultants can garner support from behemoth LLM builders. Anthropic and OpenAI have both embraced consultants and SIs as key partners to reaching enterprise customers. Anthropic’s Claude Partner Network, rolled out in March, is an appealing collaborative opportunity.
“One of our key priorities would be to partner with Anthropic in particular, given they are more focused on the implementation in enterprise clients. I think our client bases are very similar, so we will look to partner with them to provide greater value to our clients,” Kumar said.
Enterprise adoption of Claude will grow “leaps and bounds” in the upcoming years and will demand proper security architectures, Kumar said.
“I think the timing is just right,” he said.
Separating consulting from resale
The decision by KKR-backed Optiv Security to offload its consulting business in an era when big VARs are touting their consulting capabilities is a question for another day.
The separated companies will be exclusive partners to one another to ensure customers are fully serviced, but Optiv Consulting has effectively moved out of the resale game. It’s part of how the firm is trying to tackle AI governance differently from its peers.
Kumar said cybersecurity vendors and partners focus on providing technology to identify and secure non-human identities. That’s a good foundation, but it doesn’t go far enough.
“It's really about what happens when you authorize an agent, which is really sort of downstream from there,” Kumar said. “How do you prevent agentic misbehaviors, and how do you prevent them from going rogue? I think that's the part that we are trying to resolve on a holistic level.”
Gartner coined the term cyber regret to describe how organizations have poured strategy and money into generative and agentic AI projects at the expense of cybersecurity. Kumar sees them as the same domain — the combination of AI adoption and AI governance. CISOs are routinely brought into agentic AI projects late in the process, with no opportunity to help proactively design the AI governance.
“The CISOs are not getting involved early on, and they don't have full visibility and control, and I think that's the challenge,” he said.
Vendors and consultants typically pitch their AI projects to CTOs, CIOs and business heads, while Optiv’s targeted stakeholder is typically a CISO. By pitching AI implementation and AI governance together, Optiv Consulting could widen its aperture.
“Tomorrow we think it will be a combination of business leaders and CISOs, because an initiative like this often would get driven at the business leader level,” Kumar said.
