- Return on Security
- Posts
- 💰 Security, Funded #192 - Markets Don't Do Conference Breaks
💰 Security, Funded #192 - Markets Don't Do Conference Breaks
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of April 28, 2025.

Hey there,
I hope you had a great weekend!
I’m currently writing this opener at 30,000 feet on the way back from San Francisco. If you went to BSidesSF and/or RSA Conference last week, I hope you had an amazing time. It was really nice to meet so many new people and run into old friends that I only see 1-2 times a year.
Thank you to everyone who came up and told me they are a fan of the newsletter and how you’ve been using it! It’s that kind of support and feedback that keeps me grinding away and trying to bring as much value as possible to each issue.
Also, thank you to everyone who attended the parties I co-hosted this year! The support and turnout were incredible, and I can’t thank the other co-hosts enough. Here are a few pictures from last week. Maybe I should do more meetups/dinners outside of conferences? Let me know what you think!
A top highlight for me last week was being asked to give an impromptu update to the head of GCHQ with other senior leaders from US and UK governments, VC, AI security startups, and academia on AI security and the economy. 🤯
And finally, congrats to ProjectDiscovery for winning the RSA Innovation Sandbox!

PARTNER
Top Security Team Priorities and Challenges in 2025, According to IDC Research
For Voice of Security 2025, sponsored by Tines and AWS, IDC surveyed security leaders in the US, Europe, and Australia.
The research uncovered that 72% of respondents saw increased workloads last year, yet, 58% consider their teams "properly staffed.” Where’s the disconnect? What other challenges are leaders facing this year? Download to hear more on:
AI adoption progress and top use cases
Tool stack strengths and weaknesses
The skills analysts need to succeed

Table of Contents

😎 Vibe Check
Make sure to click on the options below to vote in this week’s poll, whether you’re a practitioner, founder, or investor!
What trend in security is most misunderstood right now? |
Last issue’s vibe check:
What’s your take on the rise of vibe coding from a security perspective?
⬜️⬜️⬜️⬜️⬜️⬜️ Fun until security fixes it (14)
🟩🟩🟩🟩🟩🟩 OK for MVPs, not production (48)
🟨🟨🟨🟨⬜️⬜️ Vulnerability-as-a-Service (33)
98 Votes (via newsletter + LinkedIn)
Last week’s vibe check responses showed me just how far the security community has come in embracing AI.
While many people I spoke with at RSA are still skeptical of the true, concrete value that AI is bringing to their security programs, they are more supportive than I expected on the vibe coding shift. It looks like we’ve learned to lean in instead of lean out with this new technology wave, and that really says something about how far the industry has come.
Some of the top comments from last week’s vibe check:
MVP - "I think if it enables more people to show their ideas are tangible then great. Also a better starting point for developers, architects, security to start from.”
MVP - "Good practices won't lag the bad ones by much. I expect the world will need big dev brains for a long time. But they'll spend less time twiddling code and far more on requirements and AI agent swarm orchestration."
"Where's the 4th option: I'm SecEng vibing at the frequency of the universe and you can't stop me!"

💰 Market Summary
Private Markets
12 companies from 5 countries raised $540.1M across 11 unique product categories
8 companies were acquired or had a merger event across 5 unique product categories
99%of funding went to product-based cybersecurity companies
Public Markets
1 public cyber company had an earnings report
Public market moves last week

As of markets close on May 2, 2025.

📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Funding continued strongly last week through the deluge of announcements at the RSA Conference. Funding is up $1.5 billion YTD for the same time in 2024.
Not to be outdone last week by funding, M&A had its own showing with some high-profile activities. M&A volume for 2025 YTD is about 5% less than the same timeframe last year.

PARTNER
Another Cloud Security Tool? Not Quite
Intruder launched Cloud Security - and immediately turned down a $32 billion offer from Google!
Alright, half true. But we’re still excited - and this isn’t just another cloud security tool. We know that security teams face too many tools, tight budgets, and not enough time to handle all the alerts.
So we’ve combined Cloud Security with VM, ASM, and our signature simplicity and noise reduction - all in one powerful platform. No alert fatigue. No hefty price tags. Only what you need to stay secure.

☎️ Earnings Reports
Earnings reports from last week: $TENB ( ▼ 0.75% )
Macro Context:
The US economy shrank 0.3% in Q1 2025 (missing the expected 0.4% increase), the steepest decline since the first quarter of 2022.
Tenable - $TENB ( ▼ 0.75% )
Tenable delivered a solid Q1 2025 report, with revenue climbing 11% to hit $239.1 million. The consolidated vulnerability management platform Tenable One drove over 30% of new business and contributed to a record number of seven-figure deals. Tenable also cited a strong channel performance as part of its success.
Despite a strong start to the year, however, Tenable adopted a cautious, forward-looking outlook. Tenable said this was due to macroeconomic uncertainties, particularly in the U.S. public sector, which accounts for about 15% of its total sales. The company is adjusting its guidance to account for potential delays and uncertainty in procurement decisions. The stock dropped 17% post-earnings call as government policies came home to roost in cyber.
At this point, I am bearish about Tenable, given the impacts that we will begin seeing in the public sector.
Earning reports to watch this coming week:
❌ Layoffs
Deep Instinct, a United States-based threat intelligence platform for identifying zero-day threats, laid off 20 people (~11%) of its workforce due to restructuring. (more)

🧩 Funding By Product Category
$200.0M for Identity Verification across 1 deal
$115.1M for Data Protection across 2 deals
$108.0M for Container Security across 1 deal
$51.0M for Application Security across 1 deal
$35.0M for Brand Protection across 1 deal
$12.0M for Secure Networking across 1 deal
$11.0M for Remote Browser Isolation across 1 deal
$7.0M for Security Awareness across 1 deal
$962.7K for Professional Services across 1 deal
$10.0K for Penetration Testing across 1 deal
An undisclosed amount for Internet of Things (IoT) Security across 1 deal

🏢 Funding By Company
Product Companies:
Persona, a United States-based identity verification and anti-fraud platform for customer identities and account recovery, raised a $200.0M Series D from Founders Fund and Ribbit Capital. (more)
CAST AI, a United States-based Kubernetes security and cloud application and cost optimization platform, raised a $108.0M Series C from G2 Venture Partners and SoftBank Vision Fund. (more)
Veza, a United States-based data protection platform focused on identity and authorization, raised a $108.0M Series D from New Enterprise Associates (NEA). (more)
Minimus (formerly named Gutsy), an Israel-based secure-by-design container image platform, raised a $51.0M Seed from YL Ventures and Mayfield Fund. (more)
Doppel, a United States-based brand identity and risk protection platform, raised a $35.0M Series B from Bessemer Venture Partners. (more)
NetFoundry, a United States-based secure networking platform, raised a $12.0M Series A from SYN Ventures. (more)
LayerX Security, an Israel-based remote browser isolation platform, raised a $11.0M Series A from Jump Capital. (more)
QNu Labs, an India-based quantum-resistant cryptography platform, raised a $7.1M Series A from the National Quantum Mission. (more)
Pistachio, a Norway-based security awareness training platform, raised a $7.0M Series A from Walter Ventures. (more)
Phosphorus Cybersecurity, a United States-based Internet of Things (IoT) security platform, raised an undisclosed Venture Round from Neva SGR. (more)
Service Companies:

🌎 Funding By Country
$463.0M for the United States across 7 deals
$62.0M for Israel across 2 deals
$7.1M for India across 1 deal
$7.0M for Norway across 1 deal
$962.7K for Luxembourg across 1 deal

🤝 Mergers & Acquisitions
Product Companies:
Nyx Security, an Israel-based IoT security platform, was acquired by Upwind Security for an undisclosed amount. Nyx Security has not publicly disclosed any funding events. (more)
Protect AI, a United States-based platform for securing artificial intelligence (AI) and machine learning (ML) workloads, was acquired by Palo Alto Networks for an undisclosed amount. Protect AI had previously raised $108.5M in funding. (more)
Service Companies:
Amiosec Limited, a United Kingdom-based professional services firm focused on national security and cyber operations, was acquired by Penten for an undisclosed amount. Amiosec Limited has not publicly disclosed any funding events. (more)
AssuranceLab, an Australia-based professional services firm focused on security and compliance auditing, was acquired by Sensiba LLP for an undisclosed amount. AssuranceLab had previously raised $14.7K in funding. (more)
Conekt, an Australia-based managed security services provider (MSSP), was acquired by CipherWave for an undisclosed amount. Conekt has not publicly disclosed any funding events. (more)
CyberTee, a France-based professional services firm that offers cloud security, IAM, and data protection consulting through a freelancing community, was acquired by Cyberr for an undisclosed amount. CyberTee has not publicly disclosed any funding events.
Infigo IS, a Croatia-based professional services firm focused on offensive security consulting, was acquired by Allurity for an undisclosed amount. Infigo IS has not publicly disclosed any funding events. (more)

📚 Great Reads
An Open Letter to Third-Party Suppliers - Rapid SaaS adoption has led to a concentration risk where a breach at one provider can cascade through numerous organizations. How can software providers be incentivized to prioritize security over rapid feature deployment?
*How to Write a Good Risk Scenario - Despite their detail, risk registers often fail to communicate risk profiles effectively to non-technical audiences. Why risk scenarios provide a better approach to risk assessment and help stakeholders to understand and prioritize risks.
6 Advanced Communication Strategies to Amplify Your Impact - Effective communication in cybersecurity transcends technical jargon, focusing on strategic engagement and trust-building with business leaders to enhance organizational security culture.
*Sponsored

🧪 Labs


Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.

Reply