💰 Security, Funded #109 - Earnings Spicy, Tools Dicey, Cash Pricey! 🌶️
A review of cybersecurity funding and industry news from the week of August 28th, 2023.
Happy Tuesday, and I hope you had a great weekend and a long one if you celebrated Labor Day.
This week, we’ve got:
🔥 Shots fired on earnings calls
📚 Tool overload and identity basics
📅 Seasonal downtick in macro trends
💰 $65.9M raised, 2 companies acquired
Plus lots of great content to check out. Thank you to everyone who has been voting on the recent addition of the Vibe Check polls and for all the helpful commentary that has come with it. If you’ve got questions you want me to ask, send them over, I love getting suggestions!
Onward to this week's issue. First time reading, or was this email forwarded to you? Sign up here.
Vibe Check #4 - AI Security Tools
Are you starting to evaluate or purchase this new wave of tools focused on the security or privacy of AI or LLM usage? Bonus points if you tell me why!
Last week’s poll:
Vibe Check #3 - Tool consolidation
If you are a practitioner, is your program currently focused on tool, vendor, or service consolidation?
80% of respondents said that tool consolidation was a big focus or a medium focus. This kind of focus is typically reserved for large companies with large security programs and budgets and with many groups making buying decisions. Practitioners and companies are always in various stages of “point solutions FTW” vs. “one vendor to rule them all” modes. I see this happen every 2-3 years across the industry, and it’s a cycle that won’t stop any time soon.
If you want to add commentary to your poll answer, leave an answer when you cast your vote or email me at [email protected]. All responses will be kept anonymous 🤫
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
CrowdStrike ($CRWD) - beat earnings estimates, as expected, on the back of consolidation and continued customer expansion on its subscription platform. CrowdStrike cited success in a new observability use case, an area typically reserved for the Datadogs of the word, as another driver of their success.
Like Ice Cube said, “[earnings] day was a good day.”
CrowdStrike also fired some shots, openly challenging competitors (see below) and going after Microsoft's complex and costly systems.
SentinelOne ($S) - This one was a spicy one! 🔥 SentinelOne squashed the rumors about being acquired by Wiz and called Wiz a “nice little company” but said they intended to remain a public and independent company.
The general vibe from the earnings call went something like this (using my own words):
CrowdStrike lies a lot
Don’t compare us to CrowdStrike
We’re going to do the exact same things as CrowdStrike
Despite the exciting commentary, SentinelOne beat its earnings estimates (even though they are still operating at a loss, just not as bad of a loss), and the shares rose 3% after hours.
Okta ($OKTA) - beat its earnings estimates on the back of increased new customer acquisition at larger stage companies, expanding Privileged Access Management (PAM) offerings, and continued growth in the US Federal sector.
IAM continues to have momentum and enjoys being one of the most deeply entrenched fields in cyber with respect to business operations. It’s constantly a board-level matter and has tangible impacts on things like organizational design, M&A, and audits. Federal mandates really help propel this, too, as all the government and 3-letter agencies have identity offices.
The [growth in identity] will continue until morale improves.
📅 YTD Funding
A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.
As you can see from last year’s data, this week was the bottom in 2022. In 2023, I think this is one part of typical downtime as founders are getting ready for that Q4 funding roadshow push. I expect this to come back up to the second half of the 2023 baseline we’ve seen so far.
The same holds true on the acquisition front for seasonal downtime of acquiring. If I were on the corp VC buy side, I’d wait until after Labor Day or Burning Man, too 👀 🔥 🕺
💰 Funding Summary
7 companies raised $65.9M across 7 unique product categories
2 companies were acquired or had a merger event for $3.9M across 2 unique product categories
🧩 Funding By Product Category
$40.0M for Continuous Compliance across 1 deal
$11.9M for Cyber Insurance across 1 deal
$6.4M for Anti-Bot across 1 deal
$4.3M for Secure Remote Access across 1 deal
$2.0M for Application Security across 1 deal
$1.3M for Fraud and Financial Crime Protection across 1 deal
An undisclosed amount for Data Protection across 1 deal
🏢 Funding By Company
Dattak, a France-based cyber risk insurance company, raised a $12.0M Series A.
🌎 Funding By Country
$42.0M for United States across 3 deals
$11.9M for France across 1 deal
$6.4M for Germany across 1 deal
$4.3M for Israel across 1 deal
$1.3M for United Kingdom across 1 deal
🤝 Mergers & Acquisitions
📚 Great Reads
The problem with buying too many security tools - Learn from Alex McGlothin about the challenges of striking the perfect balance in securing your tech stack. Discover how to mitigate risks without falling into the trap of excessive vendor reliance and tool overload.
The building blocks of modern enterprise identity - Former security leader at Netflix, Jason Chan, explains the fundamentals of a modern enterprise identity program and how any founder or security leader can start building one for their business
What Does ‘AI in Security’ Actually Mean? - For leaders in the security space, there’s a lot of pressure to incorporate generative AI into security systems. If we don’t use AI, the thinking goes, the attackers eventually will.
*Start a Newsletter - If you’re thinking about starting a newsletter, I can't recommend Beehiiv highly enough.
Also, consider checking out this other newsletter called Take Off 👇️
*Sponsored content and/or affiliate link.
Big brain moves only
✅ Let’s Work Together
How was this week's newsletter?