The security vendor is working with three other cyber firms to enable MSPs to better ‘demonstrate the security programs that they have in place,’ Todyl Founder and CEO John Nellen tells CRN.
Todyl is working with three other cyber firms to enable MSPs to better “demonstrate the security programs that they have in place,” through the newly unveiled Todyl Assurance Marketplace, Founder and CEO John Nellen told CRN.
The cybersecurity vendor announced the new offering Tuesday, as Todyl embarks on what Nellen called the “third milestone of our journey” as a company.
[Related: The 20 Coolest Network Security Companies Of 2026]
During this stage, “we’re absolutely focused [on] the risk management, compliance management, the insurability, the new marketplace that we launched,” he said in an interview.
The Todyl Assurance Marketplace advances this effort through a collaboration with offensive security firm Optimize Cyber and security standards non-profit GTIA, as well as with Spectra, a cyber insurance and risk management platform.
The goal is to better equip MSPs to navigate four crucial stages of solidifying security and assurance—which break down as assess, strengthen, validate and assure, according to Todyl.
“The idea around all of this is that they’re able to bring in adjacent services to what Todyl does,” Nellen said.
For instance, “Spectra and GTIA are able to give a framework for assurance, but then also certify—so that the partners are able to get third-party validation,” he said.
Ultimately, through the new marketplace, “we’re elevating the capabilities of the entire community, and their ability to tell that story and demonstrate the security programs that they have in place,” Nellen said.
On the whole, Todyl’s third phase of growth—focused around risk management, compliance management and insurability—is a major extension of the company’s platform, he said. It builds upon the company’s initial offering as a SASE (secure access service edge) provider and the later expansion of the Todyl platform to include SIEM (security information and event management), endpoint security and GRC (governance, risk and compliance), Nellen said.
What follows is more of Nellen’s interview with CRN.
What are the biggest things for MSPs to know about Todyl and where you have momentum right now?
We’re at the third stage, or a third milestone, in our platform journey. We started out as a SASE company in 2020. We were able to help a lot of our partners with that transition to secure remote work when Covid happened. The vision has always been the same. It’s always been about, how do we bring together the different controls, the different components, streamline with the workflows—so that you’re able to do more with the single platform? I started the company myself because I was running security and technology for an HR services company, and just found that I was spending too much of my time dealing with fragmented point solutions and vendors, instead of driving toward a security vision that I had. I wanted to bring that together, and enable others to have the same. But after we went to market with SASE, the vision was always the same. We expanded in 2022 with SIEM and endpoint security. And we launched governance, risk and compliance as well. We’re at the third stage of our journey now, which is around risk management, compliance management, insurability, more security automation as well. And then our AI strategy that we’ve been working on for the last three years is starting to take a greater hold as well.
How are you helping MSPs to evolve amid intensifying threats and new opportunities?
One of the key things that we want to do is pivot the story and the way that our partners communicate with the end user businesses. Instead of just telling a purely technical story, bring a story [about] the changes in business risk that they’re able to have a conversation around—so that the end user business can understand it in business terms. One of the things that I say often is that you can be compliant, you can have a very ineffective security program, and the reverse can be absolutely true as well. We want to make sure that our partners are in an absolute position, and can leverage our platform, to tell the story—of how are they managing risk? How is the security program effective and the evidence behind it? Janus AI is the connective tissue between the different modules that we have in the platform. It supports case analysis as well. Rather than just having specific areas of AI throughout the platform, it’s this undercurrent that enables greater outcomes across the way that our partners operate and the workflows that they have.
What are the biggest things to know about your new Todyl Assurance Marketplace?
With the assurance marketplace, we’re bringing together different companies within the ecosystem to help them deliver assurance, deliver the proof, deliver the different controls that they need in this shifting environment. What it does is, it goes through a framework that we have—assess, strengthen, validate and assure. We’ve brought together Optimize Cyber, Spectra and GTIA. Really the idea around all of this is that they’re able to bring in adjacent services to what Todyl does. So Spectra and GTIA are able to give a framework for assurance, but then also certify—so that the partners are able to get third-party validation. At the same time, after that, they’re able to complement the program, the services that we have, with different IR services—readiness assessments, things along those lines. And then ultimately, what that enables them to go do is not only deliver on the assurance, the proof of the program that they have—but then they can also get better rates on cyber insurance since they’ve been validated. So it’s a pretty exciting value prop for them.
Given the growth in AI-powered discovery of vulnerabilities, should more MSPs be looking at solutions like SASE to help protect their customers?
Absolutely. And it’s not just the AI threats. It’s the supply chain threats. It’s how threat actors are leveraging credentials that they collected and harvested over time and then going after that edge infrastructure. SASE is a tremendous opportunity for partners to deliver stronger outcomes. And over the last few years, the education, the awareness, the overall impact that it’s had has been very significant. But there’s so much more that can be done, especially when we’re operating in this environment. If threat actors are able to log in to legacy VPNs, and then directly connect to a network—SASE can absolutely help with that. The way that we run detection even helps with that, too—making sure that ITDR (identity threat detection and response) extends into the VPN and firewall ecosystem. It’s not just focused on the Microsoft or Google ecosystem. So MSPs really need to step back and think about, where are the different entry points, what’s my attack surface area? What are the right controls to reduce the attack surface area and make sure that I have holistic coverage, not just partial coverage, across what my MDR and my SIEM are monitoring?
What’s your message to your MSP partners?
The third milestone of our journey is where we’re absolutely focused at this point—the risk management, compliance management, the insurability, the new marketplace that we launched. We’re incredibly excited to have a handful of other companies in there that are very MSP-focused, MSP-first—and are making sure that we’re elevating the capabilities of the entire community, and their ability to tell that story and demonstrate the security programs that they have in place. We take partnership very, very seriously here in Todyl. And the partners that work with us, they can feel it—the way that we’ve built our partner program, the way that we show up every day. As a company, we’re incredibly aware of the trust, the responsibility that gets placed on us on a regular basis, and it’s within our DNA to deliver on it. So if a partner hasn’t heard of Todyl, we encourage them to come check us out. But it’s pretty special what we’ve built here.
