CIO Influence Interview with Jon Murchison, CEO of Blackpoint Cyber

Originally written and published in CIO Influence here.

Jon Murchison, CEO of Blackpoint Cyber, chats about the biggest security gaps, integration of Zero Trust and MDR, real-world examples of major breach prevention, and more in this quick catch-up:

Your transition from the NSA to founding Blackpoint Cyber is fascinating. How has your journey been in the cybersecurity domain?

My journey into cybersecurity really began in network engineering and IT operations, eventually leading me to the NSA, where I spent over 12 years planning and executing high-priority national security missions. At the NSA, I operated like an adversary—finding vulnerabilities, exploiting networks, and employing advanced offensive techniques—essentially serving as a “bad guy for the good guys.” That experience shaped my perspective on cybersecurity and reinforced the need for proactive, real-time defensive strategies.

With cyber threats evolving at an unprecedented rate, what are the biggest security gaps organizations still struggle with, and how should they address them?

A major challenge that organizations consistently face is limited or fragmented visibility due to reliance on multiple, siloed security tools. Too many standalone solutions create noise, confusion, and delay effective threat responses. Security teams are overwhelmed, struggling to sift through alerts and lacking clear visibility across their environments.  Most organizations rely on collecting vast amounts of computer and network logs to mount a detection and response to malicious cyber acts.  This technology, while decent some time ago, is not actionable or fast enough for today’s current threat landscape.

Vendors have also created their own risk scoring systems that only address the specific part of the security stack they specialize in. It then falls on the customer to determine which score makes sense and provides an accurate assessment of their overall security posture.

Addressing this requires a significant shift toward unified cybersecurity platforms. By consolidating tools for asset discovery, vulnerability management, and threat detection into a single integrated system, security teams can gain actionable insights and respond decisively. For MSPs and MSSPs, this streamlined approach significantly reduces complexity, ensures more efficient security operations, and clearly demonstrates ongoing value and effectiveness to their customers.

Zero Trust is now a staple in cybersecurity strategies. How does Blackpoint Cyber integrate this principle into its MDR services?

I don’t believe in zero trust application control for every environment. I do believe in it for certain infrastructures where it’s just very static and you can do it, but the reality is when you are handling lots of endpoints and you go to the zero trust app control model, every little update becomes a challenge—a print driver update, every Windows update.

In IT and security, we ultimately exist to support companies and their operations. When security solutions block people from doing their regular work over something that isn’t a genuine security threat, it creates friction and undermines the value we’re trying to provide.

What we’ve done at Blackpoint is develop a threat intelligence-driven smart application control offering. We’ve built our MDR platform with the recognition that zero trust needs to be implemented thoughtfully, balancing security with practicality. Our approach integrates 

identity detection response at its core—something no other security vendor in this world has—alongside their endpoint detection response and cloud detection response capabilities.

This is critical because hackers want to be admins. We’ve been handling many incidents where attackers break into Microsoft Office 365 and use Intune to push malware down on-premises. You must be able to detect and respond in both directions. So, our MDR incorporates continuous monitoring of identities, endpoints, and cloud environments, enabling us to apply zero trust principles without creating unnecessary friction for users and IT teams.

Your MDR service emphasizes fast threat detection and remediation. Could you walk us through a real-world scenario where Blackpoint’s technology prevented a major breach?

Our MDR platform was recently put to the test when a Microsoft Intune global administrator account was compromised, allowing attackers to distribute RedLine Stealer malware across multiple endpoints. Within minutes, our SOC team identified unusual PowerShell activity originating from Microsoft Intune and quickly isolated the compromised machines.

Our SOC team immediately coordinated with our customer to disable the malicious policy and provided detailed indicators of compromise to guide their remediation efforts. Our 

Cloud Response platform proactively identified additional compromised accounts and swiftly neutralized these threats. Through rapid detection, decisive action, and close collaboration with our client, we effectively prevented the attacker from causing further harm and stopped a potentially major breach from escalating across both cloud and on-premises environments.

What’s your top advice for CIOs and CISOs in 2025 as they navigate the complexities of modern cybersecurity threats?

Adopt a structured cybersecurity maturity model. It’s crucial to regularly assess and measure your organization’s cybersecurity posture, focusing on areas like configuration management, patching practices, and user training. Using this structured approach allows you to clearly identify security gaps, allocate resources strategically, and make informed, data-driven decisions. Shifting from a reactive mindset to a proactive, maturity-driven strategy significantly enhances your overall security resilience and readiness.

Adopting a cybersecurity platform that unifies multiple security tools into one integrated system can dramatically reduce operational complexity and cost and boosts proactive defenses. It’s about being intentional with your cybersecurity strategy—understanding precisely where your clients stand on their security journey and methodically addressing their unique vulnerabilities.

Talk about the MDR evolution in the next five years and what role Blackpoint Cyber will play in shaping its future.

Looking ahead, MDR is moving towards full platformization—an approach I firmly believe is essential for the future. At Blackpoint, we originally built our cybersecurity tools to proactively hunt and respond across enormous numbers of devices, pinpoint vulnerabilities, and detect breaches early, aligning closely with my experiences at the NSA. However, the market has become too cluttered with point solutions that create complexity and confusion rather than clarity.

This year we’re launching a Unified Security Posture and Response platform. It is a SaaS-managed cybersecurity platform designed to help organizations prevent, detect, respond to, and remediate threats across their entire attack surface.

I’ve seen too many companies stitch together 10 different security products, and it just doesn’t work well. What we’re doing at Blackpoint is bringing everything together so MSPs can run their security business on a single platform and show real value to their clients. Our 24/7 SOC team is there to back you up, and this combination of technology and industry experts helps our partners grow their business without drowning in complexity. It’s about giving MSPs what they need to succeed at every stage of their security journey—from the basics all the way up to advanced enterprise-grade protection.