Let's secure this bread, family
I hope you had a great weekend!
In this week's issue:
Setting a new precedent
Tech spending is still going up
Debt rules everything around me (D.R.E.A.M.)
It was a sobering week for many in the cybersecurity community last week.
News that Joe Sullivan, Uber's first CISO, was convicted for his role in a 2016 breach that the FTC said he covered up. He may be sentenced for up to eight years in prison as a result. This conviction is both precedent setting and demoralizing for the entire cybersecurity industry.
The threat landscape has changed exponentially since this breach in 2016. Fueled largely by the business of ransomware from organized crime gangs, the productization of the cyber risk insurance market (with hefty funding rounds and valuations), and over-correcting regulations attempting to "brute force" the problem away, the sins Joe Sullivan were convicted of have somewhat become commonplace in today's world.
I was on a podcast this past week where I talked about this topic and how it has created a flywheel that stands to benefit security practitioners the least. More facts and information will continue to be uncovered as time goes on, but as for my initial reaction knowing what I know now - this is bad for the future of our industry.
In funding related news - debt financing rounds are the new gold.
No cybersecurity companies have gone IPO in 2022 just, but that's not stopping the heavyweights like Arctic Wolf from taking on huge rounds (see below). With public valuations dropping, capital being more scrutinized, and fewer deals happening in the broader markets, taking debt loans to continue growth and acquisitions has become more commonplace than last year.
It's a great bet for everyone involved if the companies can continue their upward growth trends. The key question remains, however - will inflation and slowing economic growth overall tamper this rocketship? 🚀
It's now a matter of playing the waiting game, and the cards are (currently) stacked in favor of cybersecurity companies.
Let's dive in.
Subscribe to Security, Funded
Know what and who is moving the cybersecurity.
📊 Market News
💰 Funding Summary
21 companies raised $1.2B across 18 unique product categories
6 companies were acquired or had a merger event across 4 unique product categories
🧩 Funding by Product Category
$410.0M for Breach & Attack Simulation (BAS)
$401.0M for Security Operations
$75.0M for Data Protection
$63.9M for Endpoint Protection
$63.2M for Managed Security Services Provider (MSSP)
$55.0M for Security Orchestration and Automated Response (SOAR)
$28.7M for Threat Modeling
$27.0M for Fraud and Financial Crime Protection
$25.0M for Firmware Security
$20.0M for Cyber Insurance
$15.0M for Identity Threat Detection and Response (ITDR)
$13.7M for Threat Intelligence
$10.9M for Professional Services
$8.0M for Secure Networking
$7.5M for Remote Browser Isolation
$6.5M for Application Security
$4.0M for Threat Informed Defense (TID)
$200.0K for Attack Surface Management (ASM)
Featured Free Event: Fwd: Thinking. The Intelligent Security Summit (powered by Tessian)CISOs and industry experts are coming together on October 27th to discuss strategies for navigating an ever-changing threatscape, their secrets to building a strong security culture, and how to stop advanced email threats and demonstrate ROI at your organizations.Access the latest security insights from world-class speakers in just 2 hours. Don't miss out, register today.
🏢 Funding By Company
ThreatLocker, a platform that adds zero trust policy enforcement to the endpoint, raised a $63.9M Venture Round.
Narf Industries, a professional cybersecurity services firm focused on research projects and incident response, raised a $10.9M Post-IPO Equity Round.
🤝 Mergers & Acquisitions
🔐 Secure The Job
If you're looking for new opportunities (actively or passively), I've got two ways to help:
Are you hiring? Post a role and request access to start meeting world class candidates open to new opportunities. Learn more or request access here.
📚 Great Reads
Two CISOs discuss the conviction of ex-Uber CISO - Andrew Monaghan had Ben Halpert, the CISO of Groupon, and myself on the Sales Bluebird podcast to talk about what the sentencing could mean for the cybersecurity industry
Executive Order on Secure Supply Chain — in Plain English - You may have heard about EO 14028, the “Executive Order on Improving the Nation’s Cybersecurity”, which mandates the establishment of minimum supply chain security standards for all software consumed by the US government
What is a software supply chain attack? - Software supply chain security is all the rage these days, and for good reason. A steady increase in attacks over the past decade culminated in the “big one” (so far) in which the Russian SVR penetrated U.S. government networks, a cybersecurity company, and thousands of other targets via the IT company SolarWinds
Have questions, comments, or feedback about this issue? I'd love to hear from you. Reach out on Twitter or reply directly to the newsletter version of this issue.
Thanks for reading and see you again next time!
Whenever you're ready, there are a few ways I can help you: