NinjaOne’s strategy for managing cybersecurity risk at scale – News

Cybersecurity today is less about building walls and more about deciding which risks to own and which to offload. Today’s chief information security officers are managing cybersecurity risk not as a fixed enemy, but as a moving target that requires flexibility, foresight and the right allies.

That shift requires a dual mindset: operational control to reduce immediate threats and strategic vision to decide when and how to transfer responsibility without losing visibility or trust. Leaders must justify security priorities in business terms while adapting to shifting environments, evolving tech stacks and leaner teams. It’s a balancing act that depends on having the right tools and knowing when to use them, according to Mike Arrowsmith (pictured), chief trust officer at NinjaOne LLC.

“It’s a set of tools in a toolbox … that toolbox has to morph and change with each organization,” he said. “We want to help as many customers as possible reduce their risk and ultimately improve their customer experience.”

Arrowsmith spoke with theCUBE’s Jackie McGuire at “The ART of Security Summit: Strategic Risk Management for CISOs”, during two exclusive interviews on theCUBE, News Media’s livestreaming studio. They discussed endpoint risk reduction, risk transfer to managed service providers and how CISOs can adapt their strategies to meet new demands. (* Disclosure below.)

Reducing risk: Managing cybersecurity risk at the endpoint level

Modern cybersecurity starts at the endpoint, where the risks are most immediate — and the most human. That’s where managing cybersecurity risk becomes both a technical and behavioral challenge, according to Arrowsmith.

“It’s very, very easy nowadays with gen AI and various phishing techniques to be able to get individuals to interact with some kind of messaging content that has a potential impact, being that endpoint,” he said. “It’s why, as cybersecurity professionals, we’re really fixated on trying to contain the specific threat or risk that an individual may have.”

Managing cybersecurity risk effectively requires more than just buying tools — it means deploying them strategically with input from vendors and architects. To be effective, vendor partnerships must go beyond tech and dive into operations, mapping goals and milestones that define success, according to Arrowsmith.

“We have a vast world-class customer support group that can absolutely help all of our customers with any day-to-day challenges,” he said. “We also have a whole group of solution engineers [and] solution architects that could really get to the bottom of how that customer’s operation is really being run, or maybe even forward-thinking what is a preference or a desired outcome for leveraging a tool or technology like Ninja.”

This tailored approach extends to endpoint support, training and consultation. Customers who leverage vendor-provided expertise — not just the software itself — are more likely to hit early milestones and build momentum, Arrowsmith explained.

“My number one recommendation is to use the vendor for all of the resources that are included in your subscription, and then also potentially look for opportunities to extend those solutions into … maybe a consultation, something light,” he said. “It doesn’t have to be very expensive … overwhelming or time-consuming, just to make sure that you’re really armed with all of the bits of information to really set you up for success.”

Boards and executives often resist investing in hypothetical outcomes, but risk quantification can be reframed through the lens of business function and data classification, according to Arrowsmith. A strong starting point is understanding what the team is responsible for and what types of data flow through the organization. Aligning tools to existing roles and data types creates a framework for budget requests and maturity roadmaps — one that must evolve with shifting threats and avoid reliance on outdated assumptions.

“Try to … do a baseline assessment,” Arrowsmith said. “What is the capabilities of the team? What services [and] functions are they providing in terms of [the] overall spectrum of cybersecurity roles and responsibilities? Second, what is the types of data that are actually flowing through the organization? … What we did two years ago likely isn’t applicable anymore.”

Here’s theCUBE’s first video interview with Arrowsmith, part of News’s and theCUBE’s coverage of “The ART of Security Summit: Strategic Risk Management for CISOs” event:

Risk transfer and building trust through MSPs

As companies look to offload certain types of risk, MSPs are stepping into a more strategic role, especially for smaller organizations that lack in-house security depth. Providers absorb risk on behalf of clients while delivering speed, precision and scalability that many internal teams can’t match, according to Arrowsmith

“When we think about transferring of risk, it is solely around that end point,” he said. “Ninja can help these MSPs and [managed security service providers] try to eliminate, reduce or effectively mitigate some of that transferred risk by those organizations. It really comes down to the data that those specific organizations have.”

MSPs gravitate toward NinjaOne’s platform because it combines broad device compatibility, integrated patching and backup tools and streamlined administration into a single interface, according to Arrowsmith. By streamlining essential functions into a single platform, NinjaOne helps customers focus less on infrastructure mechanics and more on delivering value.

“We don’t care what type of device you might have, whether it’s a Linux system, a Windows System [or] a Mac system; we can help manage all of them,” he said. “We provide not only a robust patching product that allows our customers to … easily apply patches … we can provide just a general administration applying other types of packages, applying remote access [and] privileged access to those specific endpoints.”

Customer service also plays a defining role. NinjaOne’s 97%-plus satisfaction score reflects a service-first mentality that scales in high-stakes environments where speed and trust go hand in hand, according to Arrowsmith. That responsiveness directly impacts the MSPs’ ability to serve their customers. This consistent support is critical for MSPs managing cybersecurity risk across diverse client environments.

“We want to give world-class service quickly [and] fast, responsive answers that are complete and to the point … so that our customers cannot worry about the technology stack, but what they need to do to service their customer,” Arrowsmith said.

Here’s theCUBE’s first video interview with Arrowsmith, part of News’s and theCUBE’s coverage of “The ART of Security Summit: Strategic Risk Management for CISOs” event:

(* Disclosure: NinjaOne LLC sponsored this segment of theCUBE. Neither NinjaOne nor other sponsors have editorial control over content on theCUBE or News.)

Photo: News