- Return on Security
- Posts
- 💰 Security, Funded #193 - From RSA to ROI
💰 Security, Funded #193 - From RSA to ROI
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of May 5, 2025.

Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Dropzone AI, Cydea, and Specops.
Hey there,
I hope you had a great weekend, and a late Happy Mother’s Day to all those who serve! 🫡
I’m sure many of you are like me and are almost dug out of the backlog from RSA. Just in time, too, because Cyber Earnings Season™️ for this quarter is upon us.
A common thread I have seen so far is that almost every company (in and out of cyber) is mentioning macroeconomic uncertainty and tariffs, even if they are beating their expected results. Volatility has been “priced in,” and that’s leading to weaker forward-looking guidance (meaning how well they think they’ll do the rest of the year), and weaker stock performance than they have otherwise had.
These kinds of expectations will drive expense pressure, curb hiring, and lead companies to lean more into AI (which was already happening). These next five weeks of earnings season will show us if these companies are just being overly cautious or if we are seeing a real, lasting set of problems.

PARTNER
SOC Leaders & Analysts Trust Dropzone AI to Investigate Every Alert
Gartner Cool Vendor. RSA Finalist. Proven in production.
Analysts waste hours chasing alerts. SOC leaders struggle to scale. AI solutions often fall short, leaving teams overworked and real threats unchecked.
Dropzone AI is different. The AI SOC Analyst autonomously investigates every alert, reducing manual workload while ensuring no real threats go unnoticed. Faster investigations, fewer missed incidents, and a SOC that runs efficiently.

Table of Contents

😎 Vibe Check
Make sure to click on the options below to vote, whether you’re a practitioner, founder, or investor!
What’s the biggest lie we tell ourselves in cybersecurity? |
Last issue’s vibe check:
What trend in security is most misunderstood right now?
🟩🟩🟩🟩🟩🟩 Agents will replace analysts (85)
🟨⬜️⬜️⬜️⬜️⬜️ Secure-by-default is easy (29)
🟨🟨🟨⬜️⬜️⬜️ AI makes us less secure (32)
🟨🟨⬜️⬜️⬜️⬜️ AppSec is solved (30)
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (3)
179 Votes (Newsletter + LinkedIn) ← New High Score!
Wow, if this poll doesn’t sum up the state of the cybersecurity industry in 2025 in one swoop, I don’t know what does.
Over these last two years, we’ve seen an industry dumping billions into AI for Security to reduce the burden and workload from human defenders who are (some say) objectively “losing the fight” against attackers. And then, on the other hand, you’ve got practitioners who believe this is the least likely path of what will happen.
Innovation in any field requires making leaps that aren’t always obvious. Maybe we’re in that awkward, uncomfortable period of time where we can’t let go of the past but can’t yet envision the future. Will this be a real innovation leap in our field? The results last week tell a real story that security folks don’t think agents are coming to save them any time soon.
Some of the top comments from last week’s vibe check:
Agents Replace - “Analysts need to configure/monitor agents”
AppSec Solved - “AppSec will massively benefit from AI-driven bug finding (and hopefully fixing), while at the same time suffering from vulnerabilities introduced by AI coding tools used by junior engineers.”
AI Less Secure - “‘Vibe Coding’ will be the new hacking gold rush (supported with AI agents, of course)”

💰 Market Summary
Private Markets
4 companies from 4 countries raised $69.0M across 4 unique product categories
6 companies were acquired or had a merger event across 2 unique product categories
100%of funding went to product-based cybersecurity companies
Public Markets
3 public cyber companies had an earnings report
Public market moves last week

As of markets close on May 9, 2025.

📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
April 2025 finished on a very strong note, with cybersecurity companies raising over $2.1 billion in funding. April marked the first month to see over $2 billion in cybersecurity funding since May 2024. If you’re wondering why last year’s total funding for the week was so high, it’s because that was the week when Wiz announced a $1 billion Series E funding round at RSA and blew everyone’s mind.
April was also a very strong month for cyber M&A, with over 20 transactions as we strode into the start of the cyber conference season with the RSA Conference.

PARTNER
What if your board actually understood cyber risk?
From risk data to boardroom decisions
Drowning in technical data? Not all vulnerabilities are created equal. Make better decisions faster and without dumbing things down.
Cydea helps you connect cyber risk with business goals - giving security teams the context they need to prioritize smarter, justify the spending, and start securing what’s most important.

☎️ Earnings Reports
Earnings reports from last week: $FTNT ( ▲ 1.95% ), $QLYS ( ▲ 1.01% ), $VRNS ( ▲ 0.96% )
Macro Context:
The US Federal Reserve (and my boy JPow) kept interest rates steady but warned of economic problems due to trade policies and tariffs.
Fortinet - $FTNT ( ▲ 1.95% )
Fortinet kicked off 2025 with a strong first quarter, highlighting a 14% YoY growth in revenue, reaching $1.54 billion. Fortinet reported a record operating margin of 34%, showing a strong balance between growth and profitability.
EMEA was specifically called out as having a breakout quarter, while America and APAC were assumed to be consistent with expectations. While Fortinet's performance was strong, the company acknowledged potential headwinds from geopolitical uncertainties and currency fluctuations.
As a cyber vendor still selling physical hardware devices, supply chain constraints, tariffs, and the weakening USD can have real ripple effects.
Qualys - $QLYS ( ▲ 1.01% )
Qualys delivered a solid first quarter, with revenue growing 10% to $159.9 million. This growth was driven by the strong performance of their channel strategy, with 49% of total revenues coming from channel partners, up from 45% a year ago. Qualys also saw more customer demand for their cloud security platform.
Despite the positive results, Qualys was cautious about the macroeconomic environment, noting increased scrutiny on spending and longer sales cycles. The market response was still strong here, and the stock rose 4% after the call.
Varonis - $VRNS ( ▲ 0.96% )
Varonis Systems delivered a stellar first quarter, with revenue climbing 20% (!!) to $136.4 million. This growth was driven by a strong push in their SaaS transition, with SaaS ARR now making up 61% of total ARR, reaching $403.9 million.
As businesses rush to use more AI and Agentic AI (even though we’re still figuring out what that means as an industry), there will be a greater need for more data security and more access governance of sensitive data.
Despite the positive numbers and Varonis raising its forward-looking guidance, it also cited the challenges ahead, including a competitive landscape and uncertain macroeconomic factors.
Earning reports to watch this coming week: $CYBR ( ▲ 1.4% ) and $RPD ( ▲ 1.89% )

❌ Layoffs
CrowdSrike, a United States-based platform of endpoint detection and response (EDR) tools, laid off 500 people (5% of its workforce) due to streamlining operations and reducing costs. AI was mentioned on page 5 👀 (more)

🧩 Funding By Product Category
$60.0M for Software Supply Chain Security across 1 deal
$7.0M for Secure Communications across 1 deal
$2.0M for Application Security across 1 deal
An undisclosed amount for Identity Governance & Administration (IGA) across 1 deal

🏢 Funding By Company
Product Companies:
Ox Security, an Israel-based software supply chain security and risk management platform, raised a $60.0M Series B from DTCP. (more)
Valarian Technologies, a United Kingdom-based secure communications infrastructure platform, raised a $7.0M Seed from Artis Ventures and Scout Ventures. (more)
CodeAnt AI, a United States-based code quality and application security platform, raised a $2.0M Seed from Uncorrelated Ventures, VitalStage Ventures, and Y Combinator. (more)
Omada, a Denmark-based identity governance and administration (IGA) platform, raised an undisclosed Venture Round from GRO Capital. (more)
Service Companies:
None

🌎 Funding By Country
$60.0M for Israel across 1 deal
$7.0M for the United Kingdom across 1 deal
$2.0M for the United States across 1 deal
An undisclosed amount for Denmark across 1 deal

🤝 Mergers & Acquisitions
Product Companies:
spiderSilk, a United Arab Emirates-based continuous threat exposure management (CTEM) platform, was acquired by CPX for an undisclosed amount. spiderSilk had previously raised $11.3M in funding. (more)
Service Companies:
Datcom Cloud, an Australia-based managed security services provider (MSSP), was acquired by EFEX for an undisclosed amount. Datcom Cloud has not publicly disclosed any funding events. (more)
Nitra Security, a United States-based professional services firm focused on security engineering and compliance, was acquired by Qubika for an undisclosed amount. Nitra Security has not publicly disclosed any funding events. (more)
stackArmor, a United States-based professional services firm focused on cybersecurity and cloud compliance for the US federal sector, was acquired by Tyto Athene for an undisclosed amount. stackArmor has not publicly disclosed any funding events. (more)
Stratum Security, a United States-based professional services firm focused on application and cloud security services, was acquired by Cyber Advisors for an undisclosed amount. Stratum Security has not publicly disclosed any funding events. (more)
Triaplex, a United States-based professional services firm focused on network security for defense and military applications, was acquired by VT Group for an undisclosed amount. Triaplex has not publicly disclosed any funding events. (more)
Trustlink Technologies, a United States-based professional services firm focused on network security services, was acquired by Business Communications for an undisclosed amount. Trustlink Technologies has not publicly disclosed any funding events. (more)

📚 Great Reads
Why Security Needs to Get Smarter About AI - We need better technical understanding, cultural shifts, and new models of managing rapid change.
*Over 80% of breaches start with a password. Are yours already compromised? - This free tool scans your Active Directory for breached, weak, or stale passwords - and shows you how exposed your user credentials really are.
Real World Business Lessons From the World of Make Believe - How the challenges and constraints of the indie filmmaking world can translate into how founders can find success.
*Sponsored

🧪 Labs
Let’s get this intergalactic space bread
Lock in, fellas. The B2B SaaS market just got a whole lot bigger.
— Kyle Harrison (@kwharrison13)
1:39 AM • Apr 17, 2025


Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.

Reply