• Return on Security
  • Posts
  • 💰Security, Funded #64 - Setting a new precedent, tech spending is 🔥, and debt rules 🤘

💰Security, Funded #64 - Setting a new precedent, tech spending is 🔥, and debt rules 🤘

The Security, Funded newsletter issue #64 - Global cybersecurity funding and M&A news from the week of October 3rd, 2022

Hey there,

I hope you had a great weekend!

In this week's issue:

  • Setting a new precedent

  • Tech spending is still going up

  • Debt rules everything around me (D.R.E.A.M.)

It was a sobering week for many in the cybersecurity community last week.

News that Joe Sullivan, Uber's first CISO, was convicted for his role in a 2016 breach that the FTC said he covered up. He may be sentenced for up to eight years in prison as a result. This conviction is both precedent setting and demoralizing for the entire cybersecurity industry.

The threat landscape has changed exponentially since this breach in 2016. Fueled largely by the business of ransomware from organized crime gangs, the productization of the cyber risk insurance market (with hefty funding rounds and valuations), and over-correcting regulations attempting to "brute force" the problem away, the sins Joe Sullivan were convicted of have somewhat become commonplace in today's world.

I was on a podcast this past week where I talked about this topic and how it has created a flywheel that stands to benefit security practitioners the least. More facts and information will continue to be uncovered as time goes on, but as for my initial reaction knowing what I know now - this is bad for the future of our industry.

In funding related news - debt financing rounds are the new gold.

No cybersecurity companies have gone IPO in 2022 just, but that's not stopping the heavyweights like Arctic Wolf from taking on huge rounds (see below). With public valuations dropping, capital being more scrutinized, and fewer deals happening in the broader markets, taking debt loans to continue growth and acquisitions has become more commonplace than last year.

It's a great bet for everyone involved if the companies can continue their upward growth trends. The key question remains, however - will inflation and slowing economic growth overall tamper this rocketship? 🚀

It's now a matter of playing the waiting game, and the cards are (currently) stacked in favor of cybersecurity companies.

Let's dive in.

Subscribe to Security, Funded

Know what and who is moving the cybersecurity.

📊 Market News

  • Former Uber security chief convicted for concealing a felony (more)

  • UK pauses data reform bill to rethink how to replace GDPR (more)

  • Tech spending holding steady, increasing despite market downturn (more)

💰 Funding Summary

  • 21 companies raised $1.2B across 18 unique product categories

  • 6 companies were acquired or had a merger event across 4 unique product categories

🧩 Funding by Product Category

  • $410.0M for Breach & Attack Simulation (BAS)

  • $401.0M for Security Operations

  • $75.0M for Data Protection

  • $63.9M for Endpoint Protection

  • $63.2M for Managed Security Services Provider (MSSP)

  • $55.0M for Security Orchestration and Automated Response (SOAR)

  • $28.7M for Threat Modeling

  • $27.0M for Fraud and Financial Crime Protection

  • $25.0M for Firmware Security

  • $20.0M for Cyber Insurance

  • $15.0M for Identity Threat Detection and Response (ITDR)

  • $13.7M for Threat Intelligence

  • $10.9M for Professional Services

  • $8.0M for Secure Networking

  • $7.5M for Remote Browser Isolation

  • $6.5M for Application Security

  • $4.0M for Threat Informed Defense (TID)

  • $200.0K for Attack Surface Management (ASM)


CISOs and industry experts are coming together on October 27th to discuss strategies for navigating an ever-changing threatscape, their secrets to building a strong security culture, and how to stop advanced email threats and demonstrate ROI at your organizations.

Access the latest security insights from world-class speakers in just 2 hours.

🏢 Funding By Company

🤝 Mergers & Acquisitions

  • Blue Hexagon, a cloud detection and response platform, was acquired by Qualys for an undisclosed amount. (more)

  • Hacktive, a professional services company focused on cyber risk services, was acquired by Deloitte for an undisclosed amount. (more)

  • Iron Vine Security, a professional services firm focused on cybersecurity services, was acquired by ECS Federal for an undisclosed amount. (more)

  • Kapstone Technologies, a managed security services provider (MSSP) focused on identity and access management (IAM), was acquired by iC Consult for an undisclosed amount. (more)

  • StarLink, a managed security services provider (MSSP), merged with Infinigate for an undisclosed amount. (more)

  • Yagaan, an application security scanning platform, was acquired by Pradeo for an undisclosed amount.

🔐 Secure The Job

If you're looking for new opportunities (actively or passively), I've got two ways to help:

Are you hiring? Post a role and request access to start meeting world-class candidates open to new opportunities. Learn more or request access here.

📚 Great Reads

  • Two CISOs discuss the conviction of ex-Uber CISO - Andrew Monaghan had Ben Halpert, the CISO of Groupon, and myself on the Sales Bluebird podcast to talk about what the sentencing could mean for the cybersecurity industry

  • Executive Order on Secure Supply Chain — in Plain English - You may have heard about EO 14028, the “Executive Order on Improving the Nation’s Cybersecurity”, which mandates the establishment of minimum supply chain security standards for all software consumed by the US government

  • What is a software supply chain attack? - Software supply chain security is all the rage these days, and for good reason. A steady increase in attacks over the past decade culminated in the “big one” (so far) in which the Russian SVR penetrated U.S. government networks, a cybersecurity company, and thousands of other targets via the IT company SolarWinds

You can see the full list of curated posts across all issues here, and you can submit an article, post, tweet, or video here, and it can show up in the newsletter!

🧪 Labs

It all starts with a series of tubes. The internet in those tubes eventually evaporates into the environment (WiFi) and if it rises high enough the cooler temperatures cause it to condense into The Cloud

That’s why us-east-1 goes down every time it rains.— a ghost 👻 in some machine (@crayzeigh) November 13, 2020 

👋 Thanks

Have questions, comments, or feedback about this issue? I'd love to hear from you. Reach out on Twitter or reply directly to the newsletter version of this issue.

Thanks for reading, and see you again next time!

Whenever you're ready, there are a few ways I can help you:

  • Browse some of the data I created to make the newsletter and reports here. 📊

  • Work 1:1 with me to evaluate a company or product category here. 🤝

  • Sponsor the newsletter to get cybersecurity and investing decision-maker eyeballs on your brand here. ✉️


Mike P

Join the conversation

or to participate.