- Return on Security
- 💰 Security, Funded #97 - Sequoia's Split, AI's Hit, Funding's Lit!
💰 Security, Funded #97 - Sequoia's Split, AI's Hit, Funding's Lit!
A review of cybersecurity funding and industry news from the week of June 5th, 2023.
Happy Monday, and I hope you had a great weekend!
🏃♂️ The Rundown
A meta roundup of all the important things affecting cybersecurity and the macro environment:
Secureworks dips and ZeroFox glides
Sequoia splits, Apple and Google up their game
Q2 2023 funding pacing with Q1 2023
12 firms secure $273.0M, 3 acquired for $6.6M
MSSP leads in deals
ChatGPT in threat modeling
Debunking security dreams
Two milestones this last week, one of growth and one of focus:
Growth requires saying ‘no’ sometimes, and I’m excited to be more laser-focused.
Onward to this week's issue.
Don’t waste time on security scavenger hunts. With pre-mapped controls and over 75 integrations to your tech stack, Drata automates the compliance process.
Drata supports 14 frameworks, including SOC2, ISO 27001, HIPAA, and GDPR, so your team can scale security without duplicating work. Best of all, you get real-time visibility into your risk levels with powerful dashboards and alerts.
Have to see it to believe it?
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
Secureworks ($SCWX) - posted a Q1 2023 loss with a 22% decline in revenue from the previous quarter. Secureworks said this revenue was pulled down by the MSSP offering in Japan. Secureworks adjusted their forward-looking revenue down for the back half of the year
ZeroFox ($ZFOX) - started 2023 strong with strong growth and ARR numbers off the back of increased traction in emerging markets outside of the US. Given that ZFOX went IPO back in August 2022 when all the markets got straight clapped, any positive performance is very good performance and was well received by investors.
Startups take note: if you’re not bringing a platform play right now or a play that dovetails nicely into a larger platform play (as in you bring something that companies can’t get in the larger platforms yet, and that compliments workflows nicely), you’re going to have a bit of a bad time. Everyone is moving to platform plays.
Also, a consistent and self-fulfilling theme: The Vibecession is real. When public cyber companies cut their forward-looking guidance to be more conservative, meaning the companies think the rest of the year will continue on a downward trend and not be as good as in previous quarters, the investor community punishes them. It’s the expectation that the future will not be as good that creates negative pressure on the stock price and creates negative vibes now, making it harder to dig themselves out in the eyes of customers and investors alike. Sentiment (founded or not) goes a lot further than you might think.
Who else loves the nuances of macroeconomic vibes and how things can be both good and not good, and easy to understand but confusing at the same time? 🙋🏽♂️
Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
Funding in Q2 2023 so far has now reached what Q1 2023 was at ~$2.9B. It's very interesting to me to see how different the start of Q2 2023 (week 14) was compared to how closely correlated the back half of Q2 has become. From the data, it appears companies and investors are in a better cadence, and expectations are better aligned.
💰 Funding Summary
12 companies raised $273.0M across 11 unique product categories
3 companies were acquired or had a merger event across 3 unique product categories for $6.6M
🧩 Funding By Product Category
$190.0M for Managed Security Services Provider (MSSP) across 1 deal
$33.0M for Operational Technology (OT) Security across 1 deal
$21.4M for Personal Cybersecurity across 1 deal
$15.0M for Security Operations across 1 deal
$3.9M for API Security across 1 deal
$3.3M for Application Security across 1 deal
$2.7M for SaaS Security Posture Management (SSPM) across 1 deal
$2.4M for Threat Detection and Response (TDR) across 1 deal
$1.3M for Continuous Compliance across 1 deal
$62.9K for Professional Services across 2 deals
An undisclosed amount for Threat Intelligence across 1 deal
🏢 Funding By Company
Shift5, a United States-based intrusion detection, prevention, and incident response platform for operational technology (OT) and battlefield tech, raised a $33.0M Series B from Moore Strategic Ventures. (more)
Private Tech, a United States-based personal digital sovereignty and security platform, raised a $21.4M Venture Round.
🌎 Funding By Country
$265.1M for United States across 7 deals 🇺🇸
$6.6M for France across 2 deals 🇫🇷
$1.3M for Chile across 1 deal 🇨🇱
$62.9K for United Kingdom across 2 deals 🇬🇧
Much like the often-messy technical process of incident response, security communications are frequently created on the fly, by many cooks, with little forethought (due to time constraints) and even less afterthought. This results in a security and incident comms process that is anything but resilient and sustainable and can leave everyone from external comms to executives annoyed at why something as simple as getting a message out always seems to be so hard.
In short, the process feels unreliable, and the amount of work that goes into managing it is often unsustainable. The best incident response communications are built on a foundation of strong, ongoing security communications. Here are a few thoughts from Melanie Ensign, CEO at Discernible on how to do that.
Read Melanie’s post
🤝 Mergers & Acquisitions
📚 Great Reads
Threat Modeling Example with ChatGPT - A quick demonstration of a threat modeling process using ChatGPT and STRIDE.
The three dreams about the future of security that are not likely to come true anytime soon - Discussing why people aren't likely to start caring about security, why magic tools won't save us, and why the "big industry consolidation" is unlikely anytime soon (at least in the form many imagine)
Forbes just created a top 200 list of the most secure companies. - And the Internet proceeded to go nuts on this blatantly misleading and terribly constructed sale piece. This kind of stuff only makes the cybersecurity industry worse and continues to create friction between buyers and sellers.
Passwords as a Service (Paas)
hacker: I have all your passwords
me: omg thank you, what are they
— Adam Cerious (@Browtweaten)
Jun 5, 2023
How was this week's newsletter?
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🔥 Security, Funded is brought to you by Return on Security.
🤝 Want to partner with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.