Optiv Review 2026 — Identity & Security Consulting

Overview

Optiv is the largest pure-play cybersecurity solutions and services firm headquartered in the United States. Created in 2015 through the merger of Accuvant and FishNet Security, the firm was taken private by KKR in 2017 and remains under KKR ownership. Headquartered in Denver, Colorado, Optiv operates roughly 2,400 employees across the United States, Canada, the United Kingdom, and India, with reseller and managed-services capability in EMEA and APAC. Kevin Lynch was named chief executive in February 2024, succeeding Kevin Akeroyd.

Within identity and security consulting, Optiv runs one of the largest dedicated identity practices in North America. The firm holds top-tier partnerships with SailPoint, CyberArk, Okta, Ping, Saviynt, BeyondTrust, Microsoft Entra, and Delinea, and delivers across identity governance and administration (IGA), privileged access management (PAM), customer identity (CIAM), zero-trust network access, and machine identity. Optiv also fields Big Four-style strategy practices for cyber programme design, risk and compliance, and security architecture, plus managed identity services through its 24x7 advanced security operations centres.

Optiv is typically a fit for North American enterprises that want vendor-agnostic identity and security work delivered by a specialist rather than a generalist consulting firm. The firm is rarely the cheapest option and has thinner reach outside the United States, Canada, and the United Kingdom. Buyers that need globally integrated transformation programmes spanning ERP, HR, and identity in a single delivery contract are usually better served by a Big Four or tier-one systems integrator.

Services Offered

• Identity Governance and Administration (IGA) on SailPoint and Saviynt
• Privileged Access Management (PAM) on CyberArk, BeyondTrust, Delinea
• Customer Identity (CIAM) on Okta, Ping, ForgeRock, Microsoft Entra External ID
• Zero-trust architecture design and SASE/ZTNA implementation
• Cyber programme strategy, NIST CSF, ISO 27001, and SOC2 advisory
• 24x7 managed detection and response from Optiv ASOC facilities
• Offensive security, red team, and adversary simulation services
• Data security, DLP, and privacy-engineering advisory
• Machine and non-human identity (NHI) discovery and lifecycle
• Security technology rationalisation and tool consolidation roadmaps

Typical Engagement

Pricing ranges verified May 2026 from public procurement data, identity vendor channel benchmarks, and reference checks. Onshore-only US delivery sits at the upper end; India-blended pyramids are 25–40% lower.

Strengths

• Largest North American specialist identity practice, with deep multi-vendor SailPoint, CyberArk, Okta, Saviynt, and Microsoft Entra benches
• Vendor-agnostic positioning genuinely backed by certified consultants across all major identity platforms
• Strong delivery in regulated US verticals — banking, healthcare, federal, and state and local government
• Mature managed identity and managed detection operations from US-based advanced security operations centres
• Procurement leverage as a top-tier reseller can reduce identity tool licence costs alongside professional services
• Named a Leader in the 2025–2026 IDC MarketScape for Worldwide Cybersecurity GRC Consulting

Limitations

• Limited delivery footprint outside North America and the United Kingdom — APAC and Latin America rely on partner channels
• Reseller-led commercial model can introduce vendor preference bias buyers should test in source-selection
• Onshore senior architect bench is constrained; complex multi-product programmes can face staffing lead times of 60 to 90 days
• Cannot bundle identity work with broader ERP, HR, or cloud-transformation delivery the way Big Four and tier-one SIs can
• Private-equity ownership has driven episodic restructuring and changes to managed services pricing models

Regions Served

Alternatives