💰 Security, Funded #199 - The Model Weights Are Off

Hey there,

Summer is officially upon us now in the northern hemisphere, and I don't think anyone had it coinciding with WWIII on their bingo card for 2025.

Every so many months or years, some physical (kinetic) skirmish takes place, and as a result, there is a doubling down on both national security and cybersecurity across the globe. It’s not just in the news and in conversations, but in the markets as well. And as we’ve seen with various conflicts these past 2-3 years, any physical actions now get coupled with cyber actions from various government-sponsored and affiliated groups.

Even in times of general economic uncertainty, the cyber industry (along with much of big tech) is seen as a near hedge. This perspective makes a lot of sense when you take a step back. Cyber isn’t recession-resistant per se, but people tend to flock to “safety” during market turmoil. Cyber has experienced a long trend of growth. It’s been a hot field to work in for these past 15+ years, and cyber issues impact all of our lives through an ever-increasing number of touchpoints.

While the cyber industry is thriving (pacing well ahead of 2024), leaders in nearly every sector are under pressure to justify spending amid economic uncertainty, including in cyber. These factors, combined with an already fragile economic climate, further restrict an already tight cyber hiring and purchasing market.

Make sure to keep your head on a swivel out there. 👀 

💡 _{Share the newsletter in one click}

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Last issue’s vibe check:
What’s the most misleading “security win” teams still celebrate?
🟩🟩🟩🟩🟩🟩 Passed compliance audit (47)
🟨🟨⬜️⬜️⬜️⬜️ Closed all high CVEs (17)
🟨🟨🟨🟨⬜️⬜️ No "alerts" in the SIEM (32)
🟨🟨🟨🟨🟨⬜️ Zero findings on pentest (44)
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (4)
144 Votes

The security industry has no shortage of "wins" that feel good in the moment but fall apart under scrutiny. Last week’s results showed that the industry is fed up with check-the-box victories that hide reality rather than shine a light on it. It was nearly a tie between passing a compliance audit and having zero findings on a pentest. These are, ironically, two of the things that most third-party risk management programs seek out the most and push their suppliers to have. 🙄 

Across the board, people agreed that these wins often reflect process completion, not security improvement, and that they’re too often used to deflect scrutiny or calm leadership at the expense of truth. 🫠 

Some of the top comments from last week’s vibe check:

💬 Other - “We got our colleague’s password in a phishing test.”

💬 Passed compliance audit - “Passing a compliance audit does reduce risk -- of a fine.”

💬 Zero findings in pentest - “Zero findings on a pentest never feels good. Are they skilled enough? Did they get mis-scoped? What didn't they find? Guess we'll wait a year and see.”

💬 No “alerts” in the SIEM - “No alerts is only a good thing if you don't have an "assume breach" mentality... "no news is bad news", since there's always news -- it's just that you might not hear the metaphorical oncoming train.”

✍🏽 _{Have a question you want answered? Ask Return on Security.}

💰 Market Summary

📸 YoY Snapshot

A quieter week on the funding front compared to the last few, but still one more week left to wrap up Q2.

M&A activity will not be contained! It’s crazy to think about it, but after last week’s run of activity, Q2 2025 is now tied with Q2 2022, which was at the peak of the ZIRP market before the crash. This time is different, though, because it was a slow crawl back to this point.

_{Partner With Us}

☎️ Earnings Reports

🧩 Funding By Product Category

• $27.0M for Endpoint Protection across 1 deal

• $25.0M for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal

• $19.8M for Open-Source Intelligence (OSINT) across 1 deal

• $6.0M for Threat and Risk Prioritization across 1 deal

• $1.5M for Secure Communications across 1 deal

• $1.1M for Operational Technology (OT) Security across 1 deal

• An undisclosed amount for AI Security across 1 deal

🏢 Funding By Company

Product Companies:

• Fleet Device Management, a United States-based mobile device management (MDM) platform for employee laptops and cloud servers, raised a $27.0M Series B from Ten Eleven Ventures. (more)

• TaDaweb, a Luxembourg-based open-source intelligence and investigation platform, raised a $19.8M Venture Round from Arsenal Growth Equity and Forgepoint Capital International. (more)

• Circumvent, a United States-based cloud security threat and risk prioritization platform, raised a $6.0M Seed from Paladin Capital Group. (more)

• Sekur Private Data, a United States-based secure communication and collaboration suite, raised a $1.5M Post-IPO Equity round. (more)

• Steryon, a Spain-based IoT/OT security platform, raised a $1.1M Seed from 4Founders Capital and Abac Nest. (more)

• Nestria AI, a Singapore-based security platform for AI and agentic applications, raised an undisclosed Pre-Seed round.

Service Companies:

• Slide, a United States-based business continuity and disaster recovery platform for managed IT service providers, raised a $25.0M Series A from Base10 Partners. (more)

🌎 Funding By Country

• $59.5M for the United States across 4 deals

• $19.8M for Luxembourg across 1 deal

• $1.1M for Spain across 1 deal

• An undisclosed amount for Singapore across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

• Mesh, an Ireland-based email security platform, was acquired by Bitdefender for an undisclosed amount. Mesh had previously raised $1.7M in funding. (more)

• Zivver, a Netherlands-based email security and secure communications platform, was acquired by Kiteworks for an undisclosed amount. Zivver had previously raised $6.0M in funding. (more)

Service Companies:

• 1nteger Security, a United States-based managed security services provider (MSSP), was acquired by Integris for an undisclosed amount. 1nteger Security has not previously disclosed any funding events. (more)

• Aon Cyber, the cybersecurity and Intellectual Property (IP) litigation professional services group of United Kingdom-based Aon, was acquired by LevelBlue for an undisclosed amount. Aon’s Cyber division has not previously disclosed any funding events. (more)

• Entara, a United States-based managed security services provider (MSSP), was acquired by Abacus Group for an undisclosed amount. Entara has not previously disclosed any funding events. (more)

• Gray Tier Technologies, a United States-based professional services firm focused on cybersecurity for mission-critical systems for the US military, was acquired by TDI (Tetrad Digital Integrity LLC) for an undisclosed amount. Gray Tier Technologies has not previously disclosed any funding events. (more)

• Oktacron, a Serbia-based professional services firm focused on security operations and AI, was acquired by MDS Informatički inženjering for an undisclosed amount. Oktacron has not previously disclosed any funding events. (more)

• TechMD, a United States-based managed security services provider (MSSP), was acquired by Integris for an undisclosed amount. TechMD has not previously disclosed any funding events. (more)

📚 Great Reads

🧪 Labs