• Return on Security
  • Posts
  • 💰 Security, Funded #102 - London's Charm, SASE Storm, and AI Reform: A Cyber Saga 🎩

💰 Security, Funded #102 - London's Charm, SASE Storm, and AI Reform: A Cyber Saga 🎩

A review of cybersecurity funding and industry news from the week of July 10th, 2023.

Hey there,

Happy Monday, and I hope you had a great weekend!

🏃‍♂️ The Rundown

A meta roundup of all the important things affecting cybersecurity and the microenvironment:

  • 🤙 Answering London’s Call

  • 👤 Spotlight on Identity Verification

  • ⛈️ Microsoft Making it Rain on SASE

  • 💰 Q3's funding and acquisition momentum builds

  • 📚 AI against telemarketers, security team harmony

Microsoft just made it rain.

As I’ve said many times, over a long enough time horizon, the hyperscalers and cloud service providers (CSPs) will ultimately win. We see the most recent example of this with Microsoft’s move into the Secure Access Service Edge (SASE) space, taking direct aim at the likes of Zscaler, Palo Alto, and Cloudflare, to name a few. When you look at this offering combined with the rest of Microsoft’s security capabilities, it makes a lot of sense from a buying perspective.

Combine this with an increased focus on identity verification in this AI-driven world where the lines between humans, bots, and agents become more blurry, and you’ll see that securing authorized access (via human or approved agents) will become the most important over the next 6 months. Be on the lookout for a lot more acquisitions and acqui-hires 👀 

Also, for anyone who missed the LinkedIn or Twitter posts I made last week, the Return on Security HQ has been relocated to London, UK!

Drop me a recommendation on this LinkedIn post!

I’m looking forward to getting to know the cybersecurity and venture capital investing community here in London, not to mention all the great new cybersecurity conferences in my new backyard! If you have recommendations on people I should meet, or you’re in the London area and want to meet up for a coffee or pint, let me know!

Onward to this week's issue.


Detection - Remediation - Real-world CTI

CrowdSec is an open-source security stack that detects aggressive behaviors and prevents them from accessing your systems. Its ease of integration into your current security infrastructure offers a low technical entry barrier and a high-security gain.

Once an unwanted behavior is detected, it is automatically blocked. The aggressive IP, scenario triggered and the timestamp is sent for curation, to avoid poisoning & false positives. If verified, this IP is then redistributed to all CrowdSec users running the same scenario. By sharing the threat they faced, all users are protecting each other.

🔮 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:

None to report on this week! 🫡 

🛞 Industry News Roundup

  • Orca sues Wiz for patent infringement (more)

  • Microsoft steps into the network security game (more)

  • Google plans to scrape everything you post online to train its AI (more)

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

Funding volume is continuing to pick up as we are a few weeks into Q3 2023, with funding in terms of dollars doubling from last week, but we are not nearly at the funding rounds (or valuations) that we have seen in the past.

I expect we will continue to see a lot of earlier-stage deals at the Series A level and below as a lot of new startups emerge, but Series B/C and up will continue to have a bad time. These firms are now potentially looking like prime acquisition targets 🤑 

💰 Funding Summary

  • 16 companies raised $114.6M across 15 unique product categories

  • 9 companies were acquired or had a merger event across 8 unique product categories

🧩 Funding By Product Category

  • $50.0M for Cybersecurity Education & Training across 1 deal

  • $22.0M for SaaS Security Posture Management (SSPM) across 1 deal

  • $9.5M for Security and Compliance Automation across 1 deal

  • $8.5M for Breach & Attack Simulation (BAS) across 1 deal

  • $8.5M for Identity Threat Detection and Response (ITDR) across 1 deal

  • $5.8M for Trust & Safety across 1 deal

  • $5.0M for Cyber Risk Quantification across 1 deal

  • $2.7M for Data Privacy across 1 deal

  • $2.2M for Data Security Posture Management (DSPM) across 1 deal

  • $150.0K for Professional Services across 2 deals

  • $150.0K for Data Protection across 1 deal

  • $150.0K for Application Security Testing (AST) across 1 deal

  • An undisclosed amount for Secure Networking

  • An undisclosed amount for Managed Security Services Provider (MSSP)

  • An undisclosed amount for Data Access Governance

Here’s a new chart format today. Same data, just displayed differently:

Do you like this new chart format?

Login or Subscribe to participate in polls.

If you’ve got any other data visualization ideas that you think would make the newsletter better, I’m all ears!

🏢 Funding By Company

🌎 Funding By Country

  • $50.0M for Australia across 1 deal 🇦🇺

  • $33.1M for United States across 10 deals 🇺🇸

  • $31.5M for Israel across 2 deals 🇮🇱

  • An undisclosed amount for India across 1 deal 🇮🇳

  • An undisclosed amount for China across 2 deals 🇨🇳


Similar to how we implement strong security measures to stop attackers from escalating privileges and infiltrating our networks, it's crucial to actively combat career stagnation and progress up the ranks of success.

🤝 Mergers & Acquisitions

  • CyVig, a United States-based managed security services provider (MSSP), was acquired by GMI for an undisclosed amount. (more)

  • DataJAR, a United Kingdom-based mobile security platform for Apple devices, was acquired by Jamf for an undisclosed amount. (more)

  • Forcepoint, a United States-based data loss prevention company, was acquired by TPG for an undisclosed amount. (more)

  • Independent Software Solutions Consulting, a South Africa-based professional services firm focused on securing Microsoft services, was acquired by White Pearl Technology Group for an undisclosed amount. (more)

  • Oort, a United States-based detection and response platform focused on identity-based threats, was acquired by Cisco for an undisclosed amount. (more)

  • ProcessUnity, a United States-based third-party risk management platform, was acquired by CyberGRX for an undisclosed amount. (more)

  • RiskLens, a United States-based cyber risk quantification platform, was acquired by Safe Security for an undisclosed amount. (more)

  • SCADAfence, an Israel-based operational technology (OT) security platform, was acquired by Honeywell for an undisclosed amount. (more)

  • ThinkCSC, a United States-based managed security services provider (MSSP), was acquired by Ideal Integrations for an undisclosed amount. (more)

📚 Great Reads

  • Wasting Scam Callers’ Time with AI - Roger Anderson has been fighting telemarketers for almost a decade. His latest tool in his arsenal is a convincing-sounding voice powered by OpenAI’s GPT-4 that can waste and frustrate telemarketers and scammers by roping them into a painfully drawn-out and ultimately pointless conversation.

  • How To Be A Security Person That Engineers Don't Hate - Having less friction between security, engineering, and product teams is always beneficial for an organization because the bandwidth wasted on solving this friction can be spent on solving more impactful issues.

  • How to securely build product features using AI APIs - Many companies are quickly slapping together new product features leveraging AI platforms like OpenAI, and unsurprisingly, there are a lot of potential security risks.

  • *Embedded Security Primer - Securing embedded devices is a challenge. Where do you start? What needs to be secured and how? It can be overwhelming when starting to design security into your device. I wrote this Embedded Security Primer to help guide one through the process. The primer covers basic security concepts, identifying vulnerabilities, cryptographic tools, secure elements, and secure boot.

*Sponsored content and/or affiliate link.

🧪 Labs

Stay safe out there, folks.

How was this week's newsletter?

Login or Subscribe to participate in polls.

Let’s Work Together

Whenever you’re ready, I’ve got a few ways I can help support you:

  1. Promote your business to a hard-to-reach audience of cybersecurity and investment professionals by sponsoring this newsletter.

  2. Schedule a 1:1 coaching call on your company’s product strategy or GTM approach, the world of cybersecurity investing, reaching CISOs and security leaders, or anything else.

Join the conversation

or to participate.