- Return on Security
- 💰 Security, Funded #84 - DNA Changes, The SVB Debacle, and John Cena Goes Cyber
💰 Security, Funded #84 - DNA Changes, The SVB Debacle, and John Cena Goes Cyber
Happy Monday, and I hope you had a great weekend and survived the SVB rollercoaster of emotions.
In this week's issue:
The SVB Debacle
John Cena Goes Cyber
What 👏 a 👏 week 👏 and 👏 weekend 👏
Bear with me, folks, today’s intro is longer than normal because of all that happened this last week.
The FDIC shut down Silicon Valley Bank (SVB) last week in the largest financial institution failing since the 2008 financial crisis, state regulators also shutdown Signature Bank citing system risk to the US banking industry, US Fed wants to stick to the script and keep on hiking rates, Atlassian will cut 5% of its workforce, the privacy-focused DuckDuckGo search engine has rolled out its own AI assistant integration, US unemployment rates rose in February, and John Cena (the professional wrestler and actor) is apparently following security people on Twitter (including me?!) - either he got hacked or is studying for a new role. Either way, I’m here for it.
The SVB Debacle
This one needs its own special callout today, and the impacts of this situation will still be developing for a while.
The major issue here as it pertains to the cybersecurity industry is that SVB was the most common bank used by cybersecurity startups, and the ripple effect this could leave will last years. Even with the recovery efforts by the FDIC over the weekend, we are still in the early innings of the second and third-order effects of what may happen with the banking sector next.
I also believe it has the potential to make the K-Shaped recovery of the cybersecurity industry even more pronounced. What will be really interesting is to see how the next few weeks play out from a funding perspective.
There are already so many good write-ups on all the events that led to the SVB demise, so I’m going to link out to the ones I found most useful:
Cue the speculative Tweets and LinkedIn posts and armchair quarterbacks this week about how all of this could have been avoided. 🙄
We’ve got two more heavyweights reporting last week:
CrowdStrike (CRWD) - crushed their earnings report as expected on the backs of gaining market traction on their new “better SIEM” and attack surface management (ASM) offering and replacing Microsoft because “good enough security isn’t good enough.” 🧨
Darktrace (DARK) - Reported its 1H 2023 earnings, beating expectations on growth, but mentioned a slowdown in new logos and selling less to the SMB market. Darktrace also mentioned that they hired Ernst & Young to do an independent financial controls audit after the serious fraud allegations from GCM. 🍿
What was also interesting to me on these calls is that CrowdStrike seems to be the only major cyber player that is actually seeing traction the SMB space. CrowdStrike has been the leader in the endpoint detection and response (EDR) space for years now and is well positioned and capitalized to take advantage where others cannot, and investors will thank them for that.
Last week in the newsletter, I asked folks to vote on what kind of digital referral rewards they would be interested in, and here are the results:
Thanks to everyone who took the time to vote, and be on the lookout for a separate email from me with the things you voted for. 🤝
Onward to this week's issue.
To close and grow major customers, businesses have to earn trust. But demonstrating security and compliance can be time-consuming, tedious, and expensive. Until you use Vanta. See if Vanta is right for your business by utilizing their SOC 2 compliance framework and Access Reviews solution for 7 days — at no cost or obligation.
Industry News Roundup
📅 YTD Funding
A running total and evolving series of charts for the year-to-date (YTD) funding and by the week or month of the year.
A considerable drop from the previous weeks’ funding, but it appears to be in line with what 2022 saw.
💰 Weekly Funding Summary
12 companies raised $231.3M across 11 unique product categories
4 companies were acquired or had a merger event for $10.0M across 3 unique product categories
🧩 Funding By Product Category
$150.0M for Secure Remote Access across 1 deal
$20.0M for Security Orchestration and Automated Response (SOAR) across 1 deal
$20.0M for Cybersecurity Education & Training across 1 deal
$20.0M for Cloud Security across 1 deal
$5.0M for Confidential Computing across 1 deal
$5.0M for Attack Surface Management (ASM) across 1 deal
$4.8M for Security Awareness across 1 deal
$3.0M for Password Management across 1 deal
$2.0M for Cloud Native Application Protection Platform (CNAPP) across 2 deals
$1.5M for Continuous Compliance across 1 deal
An undisclosed amount for Threat Intelligence across 1 deal
🆕 Now showing this breakdown with the deal count for each category - shoutout to Joe Pantoga for the idea!
🏢 Funding By Company
CultureAI, a United Kingdom-based security awareness and training platform, raised a $4.8M Seed from Conviction VC.
Tauruseer, a United States-based cloud-native application protection platform (CNAPP), raised a $1.5M Venture Round.
ai.moda, a Cayman Islands-based Linux hardening and workload protection platform, raised a $500.0K Seed.
Deep Instinct, a United States-based deep machine learning company to defend against zero-day attacks, raised an undisclosed Venture Round from PayPal Ventures.
🌎 Funding By Country
$150.0M for Australia 🇦🇺
$49.5M for United States 🇺🇸
$24.8M for United Kingdom 🇬🇧
$5.0M for Germany 🇩🇪
$1.5M for The Netherlands 🇳🇱
$500.0K for Cayman Islands 🇰🇾
🤝 Mergers & Acquisitions
📚 Great Reads
Software Security is More than Vulnerabilities - Shift from a pure focus on only reducing security vulnerabilities towards increasing systems reliability - which should include control validation as well as security assurance / vulnerability reduction.
Bearer Releases an Open Source SAST Tool - Bearer (portco) released a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD).
Cloud Security from First Principles - Thinking about cloud security from first principles. A guest post from Frank Wang of Frankly Speaking.
🐝 Cross Pollinate
Discover something 🆕 this week.
Check out Frank Wang’s substack, where he gives his unique takes on security from a former VC turned security engineer’s perspective
Cybersecurity professionals spend so much of their time defending, but not always enough time advancing their own careers. This short, 55-minute video course and field guide changes that.
Some changes are harder to make than others 🧐
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🤝 Interesting in a sponsor partnership with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.