💰 Security, Funded #192 - Markets Don't Do Conference Breaks

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of April 28, 2025.

Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Tines, Intruder, and Cydea.


LEAD PARTNER

Hey there,

I hope you had a great weekend!

I’m currently writing this opener at 30,000 feet on the way back from San Francisco. If you went to BSidesSF and/or RSA Conference last week, I hope you had an amazing time. It was really nice to meet so many new people and run into old friends that I only see 1-2 times a year.

Thank you to everyone who came up and told me they are a fan of the newsletter and how you’ve been using it! It’s that kind of support and feedback that keeps me grinding away and trying to bring as much value as possible to each issue.

Also, thank you to everyone who attended the parties I co-hosted this year! The support and turnout were incredible, and I can’t thank the other co-hosts enough. Here are a few pictures from last week. Maybe I should do more meetups/dinners outside of conferences? Let me know what you think!

A top highlight for me last week was being asked to give an impromptu update to the head of GCHQ with other senior leaders from US and UK governments, VC, AI security startups, and academia on AI security and the economy. 🤯 

And finally, congrats to ProjectDiscovery for winning the RSA Innovation Sandbox!

PARTNER

Top Security Team Priorities and Challenges in 2025, According to IDC Research

For Voice of Security 2025, sponsored by Tines and AWS, IDC surveyed security leaders in the US, Europe, and Australia. 

The research uncovered that 72% of respondents saw increased workloads last year, yet, 58% consider their teams "properly staffed.” Where’s the disconnect? What other challenges are leaders facing this year? Download to hear more on:

  • AI adoption progress and top use cases

  • Tool stack strengths and weaknesses

  • The skills analysts need to succeed

😎 Vibe Check

Make sure to click on the options below to vote in this week’s poll, whether you’re a practitioner, founder, or investor!

What trend in security is most misunderstood right now?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
What’s your take on the rise of vibe coding from a security perspective?
⬜️⬜️⬜️⬜️⬜️⬜️ Fun until security fixes it (14)
🟩🟩🟩🟩🟩🟩 OK for MVPs, not production (48)
🟨🟨🟨🟨⬜️⬜️ Vulnerability-as-a-Service (33)
98 Votes (via newsletter + LinkedIn)

Last week’s vibe check responses showed me just how far the security community has come in embracing AI.

While many people I spoke with at RSA are still skeptical of the true, concrete value that AI is bringing to their security programs, they are more supportive than I expected on the vibe coding shift. It looks like we’ve learned to lean in instead of lean out with this new technology wave, and that really says something about how far the industry has come.

Some of the top comments from last week’s vibe check:

MVP - "I think if it enables more people to show their ideas are tangible then great. Also a better starting point for developers, architects, security to start from.”

MVP - "Good practices won't lag the bad ones by much. I expect the world will need big dev brains for a long time. But they'll spend less time twiddling code and far more on requirements and AI agent swarm orchestration."

"Where's the 4th option: I'm SecEng vibing at the frequency of the universe and you can't stop me!"

💰 Market Summary

Private Markets

  • 12 companies from 5 countries raised $540.1M across 11 unique product categories

  • 8 companies were acquired or had a merger event across 5 unique product categories

  • 99%of funding went to product-based cybersecurity companies

Public Markets

  • 1 public cyber company had an earnings report

  • Public market moves last week

As of markets close on May 2, 2025.

📸 YoY Snapshot

Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

Click to see a larger version

Funding continued strongly last week through the deluge of announcements at the RSA Conference. Funding is up $1.5 billion YTD for the same time in 2024.

Click to see a larger version

Not to be outdone last week by funding, M&A had its own showing with some high-profile activities. M&A volume for 2025 YTD is about 5% less than the same timeframe last year.

PARTNER

Another Cloud Security Tool? Not Quite

Intruder launched Cloud Security - and immediately turned down a $32 billion offer from Google!

Alright, half true. But we’re still excited - and this isn’t just another cloud security tool. We know that security teams face too many tools, tight budgets, and not enough time to handle all the alerts.

So we’ve combined Cloud Security with VM, ASM, and our signature simplicity and noise reduction - all in one powerful platform. No alert fatigue. No hefty price tags. Only what you need to stay secure.

☎️ Earnings Reports

Earnings reports from last week: $TENB ( ▼ 0.75% ) 

Macro Context:

  • The US economy shrank 0.3% in Q1 2025 (missing the expected 0.4% increase), the steepest decline since the first quarter of 2022.

Tenable delivered a solid Q1 2025 report, with revenue climbing 11% to hit $239.1 million. The consolidated vulnerability management platform Tenable One drove over 30% of new business and contributed to a record number of seven-figure deals. Tenable also cited a strong channel performance as part of its success.

Despite a strong start to the year, however, Tenable adopted a cautious, forward-looking outlook. Tenable said this was due to macroeconomic uncertainties, particularly in the U.S. public sector, which accounts for about 15% of its total sales. The company is adjusting its guidance to account for potential delays and uncertainty in procurement decisions. The stock dropped 17% post-earnings call as government policies came home to roost in cyber.

At this point, I am bearish about Tenable, given the impacts that we will begin seeing in the public sector.

Earning reports to watch this coming week:

❌ Layoffs

  • Deep Instinct, a United States-based threat intelligence platform for identifying zero-day threats, laid off 20 people (~11%) of its workforce due to restructuring. (more)

🧩 Funding By Product Category

Click to see a larger version

  • $200.0M for Identity Verification across 1 deal

  • $115.1M for Data Protection across 2 deals

  • $108.0M for Container Security across 1 deal

  • $51.0M for Application Security across 1 deal

  • $35.0M for Brand Protection across 1 deal

  • $12.0M for Secure Networking across 1 deal

  • $11.0M for Remote Browser Isolation across 1 deal

  • $7.0M for Security Awareness across 1 deal

  • $962.7K for Professional Services across 1 deal

  • $10.0K for Penetration Testing across 1 deal

  • An undisclosed amount for Internet of Things (IoT) Security across 1 deal

🏢 Funding By Company

Product Companies:

Service Companies:

  • Cyberr, a Luxembourg-based cybersecurity recruiting platform, raised a $926.7K Funding Round.

  • Tulsi, a United States-based automated pen testing and red teaming platform, raised a $10.0K Grant from NC IDEA.

🌎 Funding By Country

Click to see a larger version

  • $463.0M for the United States across 7 deals

  • $62.0M for Israel across 2 deals

  • $7.1M for India across 1 deal

  • $7.0M for Norway across 1 deal

  • $962.7K for Luxembourg across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

  • Nyx Security, an Israel-based IoT security platform, was acquired by Upwind Security for an undisclosed amount. Nyx Security has not publicly disclosed any funding events. (more)

  • Protect AI, a United States-based platform for securing artificial intelligence (AI) and machine learning (ML) workloads, was acquired by Palo Alto Networks for an undisclosed amount. Protect AI had previously raised $108.5M in funding. (more)

Service Companies:

  • Amiosec Limited, a United Kingdom-based professional services firm focused on national security and cyber operations, was acquired by Penten for an undisclosed amount. Amiosec Limited has not publicly disclosed any funding events. (more)

  • AssuranceLab, an Australia-based professional services firm focused on security and compliance auditing, was acquired by Sensiba LLP for an undisclosed amount. AssuranceLab had previously raised $14.7K in funding. (more)

  • Conekt, an Australia-based managed security services provider (MSSP), was acquired by CipherWave for an undisclosed amount. Conekt has not publicly disclosed any funding events. (more)

  • CyberTee, a France-based professional services firm that offers cloud security, IAM, and data protection consulting through a freelancing community, was acquired by Cyberr for an undisclosed amount. CyberTee has not publicly disclosed any funding events.

  • Infigo IS, a Croatia-based professional services firm focused on offensive security consulting, was acquired by Allurity for an undisclosed amount. Infigo IS has not publicly disclosed any funding events. (more)

📚 Great Reads

  • An Open Letter to Third-Party Suppliers - Rapid SaaS adoption has led to a concentration risk where a breach at one provider can cascade through numerous organizations. How can software providers be incentivized to prioritize security over rapid feature deployment?

  • *How to Write a Good Risk Scenario - Despite their detail, risk registers often fail to communicate risk profiles effectively to non-technical audiences. Why risk scenarios provide a better approach to risk assessment and help stakeholders to understand and prioritize risks.

  • 6 Advanced Communication Strategies to Amplify Your Impact - Effective communication in cybersecurity transcends technical jargon, focusing on strategic engagement and trust-building with business leaders to enhance organizational security culture.

*Sponsored

🧪 Labs

I’m trying to do my part 🫡 

Security ROI > Coffee ROI

Get value every week? Back the mission.

Or forward this to someone smart.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using the Return on Security system.

  • Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.

  • Let us know if you spot any errors, and we’ll fix them.

Reply

or to participate.