Understanding Cybersecurity for Venture Capitalists

This guide helps VCs navigate the rapidly changing cybersecurity landscape, providing trends and resources for informed investment decisions.

Updated August 2024

Cybersecurity Industry Overview: Rapid Changes and Key Trends

The cybersecurity industry is noisy, and it changes. Fast.

There is no shortage of cybersecurity firms starting up every week, and there is no shortage of venture capital firms investing in them.

For some people familiar with the venture world, here's a hot take 🔥

There are not enough good companies out there to justify the amount of venture funds in existence.

In a previous post on On the Art of Selling to Cybersecurity, I summarized the industry like this:

Cybersecurity is field that has daily news of attacks, breaches, and failures combined with a barrage of marketing approaches promising solutions, fixes, and ways to solve all your problems.

Mike Privette

As a result, there is TONS of content about cybersecurity. Much of it, however, is very technical for people already in the cybersecurity world as operators or is straight sales material.

There is also TONS of content on venture capital's business. Much of it is very financially technical and covers valuations, multiples of invested capital (MOIC), and internal rates of return (IRR) concepts.

But there isn't much content that helps both audiences. It's really hard to find content that gives enough context to live in both the cybersecurity and venture capital worlds.

The Importance of Cybersecurity Knowledge for Investors

So why the need for this kind of content?

Part of the onus for writing this comes from how often I've been asked about it.

Many VCs I speak with are experts in investing but not in cybersecurity. They are looking for an orientation or a guide to making cybersecurity more sensible. So, I made one!

I also abide by the Three Strike Rule when creating content, so the timing was right.

These worlds are fast changing, and there has been a widening disconnect between companies, industry analysts, and venture capital funding.

The Synergy Between Venture Capital and Cybersecurity

The real reason is that I think the venture capital and cybersecurity worlds are more related than you might think on the surface:

  • Both fields require assumptions

  • Both fields require value trade-offs

  • Both fields have a high chance of loss

  • Both fields are part science and part art

  • Both fields require you to make future bets on imperfect data

  • Both fields are hard to get into and even harder to become an expert in

  • Both fields require you to go “a mile wide and an inch deep” (and at times go “an inch wide and a mile deep”)

  • Both fields require you to put your time, money, and effort into something that may not be fully proven yet

With public valuations dropping over 2022 and 2023, capital being scrutinized, and fewer deals happening in the broader markets when writing this (late 2022), there's no better time to get smarter on your investing thesis.

Private and public markets, macroeconomic forces, and the state of current global affairs affect everything and everyone. You might miss something if you're not looking at these global puts and takes.

This is a guide for both the seasoned investor and those new to the game.

Use this guide as a primer to help you get valuable cybersecurity industry context from a number of angles.

Essential Cybersecurity Newsletters and Blogs

The business side of cyber

  • Venture in Security - a newsletter about cybersecurity, product-led growth (PLG), and venture capital.

  • Strategy of Security - Deep research and analysis on the companies, ideas, and trends shaping the cybersecurity ecosystem.

  • Cyber Thoughts - a monthly newsletter from Lytical Ventures about cybersecurity and the VC landscape.

  • Return On Security (this publication) - Save hours of market research with a weekly review of cybersecurity funding and industry news in 5 minutes, with the occasional deep-drive blog post.

  • The Software Analyst Newsletter - Technological analysis of public and private software companies primarily in the cybersecurity space.

If you're looking for more "business of cyber" content, check out this list:

The business of VC investing in public and private companies

  • What's 🔥 in Enterprise IT/VC - Market observations and commentary from Ed Sim, a VC investing in IT and cybersecurity for decades.

  • Clouded Judgement - for the more financially savvy investor, Jamin Ball discusses public and private company valuations, MOIC, and more.

Cyber news, stories, broad takes, and current events

  • Risky Biz News - news and in-depth commentary from security industry luminaries

  • This Week in Security - A weekly tl;dr cybersecurity newsletter of all the major stuff you missed but really need to know.

  • Unsupervised Learning - a newsletter from Daniel Miessler about finding the patterns in security, tech, and society.

Must-Listen Cybersecurity Podcasts for Investors

Get the cyber founder's, marketing, and security leadership perspectives

Training & Bootcamps for Cybersecurity Investors

Get more hands-on with interactive training and feedback from experts

  • The Cybersecurity x SaaS Bootcamp - A bootcamp dedicated to operators and investors who want to learn how to analyze cybersecurity technologies and the financials behind these companies.

Books for Deepening Cybersecurity Knowledge

Great reference points

  • Cyber Defense Matrix - more on the technical front and into the weeds, but it’s a framework that combines NIST and real-world use cases to understand cyber products and landscape.

Key Industry Reports and Papers: Understanding Cybersecurity Threats and Business Models

Key security reports about cybercrime and the industry at large

  • Verizon DBIR - the annual data breach investigation report from Verizon

For context from the Venture Capital side

  • State of the Cloud - the annual report from Bessemer Venture Partners on top trends and insights in the global cloud economy.

  • State of the OpenCloud - the annual report from Battery Ventures on the state of cloud markets and building SaaS companies.

  • State of Cloud Security - This report from DataDog is more technical, but it focuses on understanding how organizations approach and mitigate common risks that frequently lead to documented public cloud security incidents.

Not-to-Miss Cybersecurity Conferences

The events you don't want to miss

Final Thoughts: Integrating Cybersecurity Insights into Strategies

Why this collection of seemingly unconnected resources?

This isn't meant to be an exhaustive list but more of a digital garden. Start here and get acclimated, or go even deeper if you're already in the game.

I'll prune, trim, and add to this list as time goes on and as I discover new and different content.

See something missing from this list that absolutely needs to be there? Reach out and let me know!

Cheers,

Mike P

Reply

or to participate.