Company news · 6 MIN READ · SCOUT SCHOLES · NOV 17, 2025 · TAGS: Announcement / leadership & management
Want more from Justin Bajko and other expert Expletives? Listen to them cover more in our Nerdy 30 video series: “The current state of managed detection and response (MDR)”.
TL;DR
- Justin Bajko, previously Expel’s VP of Strategy and Business Development, is now Expel’s Chief Strategy Officer
- We sat down with him for a brief Q&A on strategy, AI hype, and the market impact
- Justin has led and operated a SOC himself and been in the market at every level, making him perfect to step into this role as everyone navigates changing dynamics and evolving technologies (like AI)
Justin’s background & new role
Justin Bajko is an Expel co-founder, University of Tennessee football fan, video game connoisseur, and now Chief Strategy Officer (CSO) at Expel. His job history includes a litany of information security and managed services roles. Prior to Expel, he was senior director of global service delivery for FireEye’s managed service, where he built and managed their SOCs around the world. Before FireEye, he was the managing director of Mandiant’s Managed Defense service (one of the industry’s first MDR providers). He has also previously worked for Symantec in a variety of roles. It’s safe to say his experiences have fully prepared him for his new role.
Since our inception, it was Justin’s job as VP of Strategy and Business Development to stay close to our customers and partners and make sure we’re heading in the right direction. Now, as Expel’s CSO, Justin’s taking his role up a notch, setting and overseeing our corporate and product strategy. It’s his job to ensure our teams are moving in the same direction—mantaining Expel’s position as the world’s leading MDR provider in an industry full of change.
A conversation with Justin on strategy, AI hype & the market ahead
As part of Justin’s transition into his new role, our team sat down with him for a brief conversation on where he’s focused. Here’s what he shared with us.
What are the trends you’re seeing in market consolidation, and how does it impact our market?
“There’s a larger trend around ‘platformization’ happening right now and whether it’s good or bad. This is a pendulum that has existed for some time. We’ve seen the market previously swing to the platform side, and now it’s starting to swing back to the middle. Some customers want the middle, but may not have the safety net to do so. It’s constantly in motion. And I suspect that, as the pendulum swings towards buying platforms, some vendors will alienate their customers by offering more rigid packaging with limited personalized options.
“Theoretically, transparent platforms with one piece of paper, one rep, and great integrations are a great idea, as long as the packaging isn’t shady. But, in practice, platform providers can’t keep up with the security challenges customers need support on. They can support the legacy stuff from the big platforms, sure, but there’s a number of use cases they can’t handle.
“It’s a neverending cycle where people want to buy everything from one company, but just can’t. So they end up building their own tech ecosystems and have to make the decision whether they insource or outsource the SOC—the age-old build versus buy discussion. Which is, of course, another pendulum entirely.
“At Expel, we’re seeing this, and we don’t want to replicate old cable provider tactics where you have to buy 100 channels just to access the specific one you want. Customers don’t ever want to overbuy, but especially not in today’s economy.”
AI SOCs are everywhere. What’s your honest take?
“It’s turning out to be a very competitive market for them. There are tons of AI SOC companies in the marketspace at my last count, and it’ll probably be pushing triple digits soon. These companies are also competing against the large platform companies who are also building their own ‘AI-powered SOC solution’. There’s a lot of funding in this area, so some of these companies will likely gain traction and stick around, but I’d say those are the exceptions.
“To have a new market you need a new problem, and the problem being ‘solved’ by these solutions is the same as it’s always been. The general feeling I get from the security community is a lack of trust that AI can fully replace human analysts any time soon. If that’s the case, is the AI SOC going to solve a different problem than what MDR evolved to solve? Instead, we should lean into those companies already trying to tackle the problem by adding AI to address the problem.”
Do you see Expel’s strategic focus changing with these trends?
“Our focus is evolving alongside the market. When we started Expel, MDR was primarily a service play—you got our analysts and their expertise. But over the past few years, we’ve seen the market shift. Enterprise customers don’t just want a service; they want embedded capabilities that integrate into their security operations and force multiply their teams.
“That’s why we’ve evolved from pure MDR into what we call a product-led service model. Our threat detection engineering capability is a perfect example. We’re not just responding to alerts from customer tools—we’re actively building, tuning, and maintaining detections across their entire environment. That’s a product capability delivered as a service, and it’s what sets enterprise MDR apart from legacy MSSP models.
“The same evolution is happening with AI. While some vendors are chasing the ‘AI SOC’ hype, we’re taking a different approach. We’ve been using AI and automation through Ruxie since day one to augment our analysts. Now, as the Gartner® Market Guide for Managed Detection and Response Services recently highlighted, the industry is validating this ‘human-led, (automation and) AI-supported’ model. Our strategic focus is doubling down on this—using AI to make our analysts better and our detections smarter, which ultimately makes our customers safer. That’s not just vendor efficiency; that’s customer value.”
Where do you see opportunities across the MDR lifecycle for AI to make an impact?
“All over. But we also have to be solving the right problems. When I look around the industry, I see a lot of MDRs adding AI into the analyst workflow to help them scale productivity. It’s a great use case, but MDR efficiency doesn’t inherently improve a customers’ security or lower their bills. Those are often vendor outcomes, not customer ones.
“Our philosophy is different. We stood up a dedicated engineering team to focus on AI research innovation. The question we goal ourselves against is, ‘How does this make the customer safer?’ If the answer is ‘it makes us more efficient,’ that’s really a secondary goal.
“An example is how we’re working with Identity threats, which are the lead alerts for over half of our investigations. Using AI we can help our team make faster decisions and reach out fewer times to customers with questions.”
As you enter into this new role, what would you like to share with Expel customers?
“Expel was started to help customers achieve four key outcomes: reduce risk, gain control, force multiply their team, and maximize the ROI of what they’ve already done. That’s not changing.
“What is changing is how we’re focused on making it happen. We see AI as a massive innovation area for us, as do many of our customers. Fortunately, as I mentioned, we’ve been working with forms of AI and automation since we founded the company, so we’ve already learned a lot. Now we’re leveraging AI even more as we upgrade Ruxie and make innovations to Expel Workbench™. Ultimately, it’ll help us to go faster, deliver better outcomes to customers, and stay ahead of customer needs.
“If you have ideas or want to talk about how we can improve the service, that’s what I’m in this role for! Reach out. I’d love to chat.”
As a co-founder who’s been here since day zero, Justin is primed to take the next step in his career to help Expel’s strategy continue in the right direction. Keep an eye out for more from Justin and Expel around AI and how we’re using it to up-level the great work our analysts and tools are already accomplishing.
1. Gartner, Market Guide for Managed Detection and Response, 1 October 2025, By Pete Shoard, Andrew Davies, Angel Berrios
2. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
3. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
