Name: Steve Doty
Title: CEO
Company: Defensible Technology
Website: www.defensible.tech
Founded: 2014
Headquarters: New York, NY
Description: he MSP Built for Today’s IT & Security Challenges
Defensible Rethinks Cybersecurity for the Mid-Market
Steve Doty, CEO of Defensible Technology, has spent over three decades in IT and cybersecurity consulting, including nearly ten years in digital forensics and incident response. His experience navigating the aftermath of cyber incidents inspired him to build a company focused on proactive protection. In this interview, Doty shares how Defensible is helping organizations shift from reactive defense to resilient, risk-aligned cybersecurity strategies.
Excerpts:
A Career Built on Cyber Defense
“I’ve spent most of my 30-year career in IT and cybersecurity consulting,” Doty says. “After nearly a decade in digital forensics and incident response, I wanted to take that experience and build an integrated practice that helps clients avoid ever being in that situation.”
Defensible Technology was born from that vision: a managed service provider that embeds security into every layer of IT operations.
Security That’s Built In, Not Bolted On
Doty is clear about the company’s philosophy: “We set a minimum standard of care. MFA, EDR, email security, awareness training, and immutable backups—these aren’t optional. They’re part of our core offering.”
Defensible doesn’t allow clients to opt out of foundational protections. “It’s irresponsible to let a customer choose less. Security must be built in.”
A Risk-Based Approach to Cyber Investment
Rather than applying a one-size-fits-all model, Defensible helps clients align cybersecurity with their risk tolerance. “We operate like financial advisors. Some clients want an aggressive posture, others prefer conservative. We help them balance security investments accordingly” Doty explains.
This tailored approach ensures that every dollar spent on cybersecurity is intentional and proportional to the organization’s needs.
Compliance Grounded in Proven Frameworks
Defensible’s programs are anchored in the NIST Cybersecurity Framework and CIS Controls. From that foundation, the company customizes policies and procedures to meet specific regulatory requirements, including SOC 2, PCI, HIPAA, and FERPA.
“We build and operate security programs that are both compliant and practical.”
Digital Forensics as a Strategic Asset
With deep roots in digital forensics, Defensible offers more than just reactive support. “As part of our CISO service, we advise clients through tough decisions and connect them with cyber insurance options,” Doty explains.
The company also partners with top-tier forensics examiners, ready to deploy when needed. “It’s about being prepared, not just responsive.”
Measuring Cyber Resilience
Defensible’s vCISO service includes annual tabletop exercises, backup testing, and board-level reporting. These activities generate metrics that help clients demonstrate resilience. “Confidence comes from preparation. We make sure our clients can prove they’re ready.”
Serving the Mid-Market with Precision
While Defensible is industry agnostic, its sweet spot is the mid-market—organizations with 50 to 2,000 employees. “We have strong client clusters in SaaS, professional services, and nonprofits,” Doty notes. The company’s impact in the nonprofit sector earned it a finalist spot for the 2025 MSP Titans of Industry award.
Staying Ahead of Emerging Threats
Defensible’s leadership team is currently enrolled in a Generative AI training program. “We’re studying prompt injection, data poisoning, and other threats against AI models. Staying current is non-negotiable. “We’re active in the industry and always learning.”
Common Pitfalls in Cyber Strategy
Doty sees two recurring mistakes: underinvestment and underestimation. “Companies often don’t spend enough, and they assume their executives won’t support cyber investments. But when leadership understands the risks, they’re usually willing to act. It’s about presenting the ground truth.”
Balancing Security and Usability
Defensible helps clients find the right balance between protection and convenience. “Again, it’s like financial advising,” Doty says. “We help clients decide how much risk they’re comfortable with and tailor solutions accordingly.”
Partners That Power the Mission
Partnerships are central to Defensible’s model. “We rely on digital forensics and IR partners for reactive needs, and technology providers for managed services,” he explains.
These collaborations strengthen the company’s offerings and expand its capabilities.
Real-Time Feedback, Real-Time Innovation
Defensible maintains active Slack channels with many clients, allowing for immediate feedback. “We bring best-of-breed tech and supplement it with proprietary tools when needed. Client input shapes development. We react quickly and iterate often.”
Looking Ahead to 2025
AI will play a dual role in Defensible’s future. “We’ll integrate AI into our security operations and help clients use it to improve internal workflows. Innovation is about both defense and productivity.”
Advice for Building a Stronger Posture
Doty emphasizes the importance of understanding the attack surface. “Frameworks like CIS focus on asset inventory, but with AI, data inventory becomes critical.”
He offers a cautionary example: “If your Microsoft Copilot instance can train on an HR folder with misconfigured permissions, that’s a game-changer.”
Guided by Core Values
Defensible’s leadership principles are rooted in clarity and action. “We focus on risk, provide actionable advice, offer objective opinions, respond quickly, and get it right. In a fast-changing landscape, those values are the compass.”
