The Return on Security 2024 Year-End Letter

Dear Shareholders Return on Security Community,

As we wind down another remarkable year, I wanted to take a moment to reflect on 2024 and share my vision for what lies ahead in 2025 for Return on Security before we all get neck-deep in eggnog. This year has been a wild ride filled with big bets, personal growth, and some lessons I'll carry into the future.

For those of you wondering what's been happening with Return on Security (or how I've been making this work), this letter is for you.

A Year of Big Changes

2024 was a year of settling into the "new normal" in cybersecurity and riding the AI wave, which somehow managed to keep the global economy afloat (that and Taylor Swift).

For me, 2024 was a year of big bets, big changes, and personal growth.

It was also the first year I focused solely on Return on Security. This change didn’t happen all at once, but over the course of the year, I pivoted away from fractional CISO work and focused on making Return on Security survive without a safety net. It’s been a mix of terrifying and exhilarating, and I wouldn’t have it any other way.

Business Building at Return on Security

2024 was a big year for me and Return on Security. A few common questions/comments I got this year through various conversations and meetups:

• "So uhh, is this your job now?"

• "Wait, you can actually make money from that?"

• "I didn't know people read cybersecurity newsletters."

Plus, a ton of others. And, as it turns out, the answer was 'yes.'

The overall sentiments were a mixture of surprise and support for what I was building. That collection of reactions made me want to write this post this year and better explain what was happening with me and Return on Security.

Back in 2023, here are the things I said I wanted to do with Return on Security in 2024:

1. Write more blog posts.

2. Openly and freely share more data.

3. Add as much value as possible to the newsletter.

I think I delivered on all of that and more, and the response was better than I could have hoped for.

In 2024, I learned that the gap between expectations and reality is where all the good stuff happens. Building a business is messy, but it's also deeply rewarding.

Top Highlights in 2024

What started as a simple newsletter with some data and charts has evolved into something much bigger. This year, Return on Security.

1. Grew the newsletter to over 10,000 subscribers, cementing the position as the #1 source of cybersecurity market intelligence.
   

   

2. Established the first physical presence with an office in London.

3. Traveled to four new countries, meeting incredible readers and collaborators face-to-face along the way.

On the investment front, I doubled down on the future of cybersecurity by backing two more stealth startups (more on those in 2025!). 

But perhaps the most validating moment came at Black Hat USA, where moderating the first Innovators & Investors Summit panel wasn't just an honor – it was an "a-ha!" moment that showed just how far Return on Security has come in the industry.

My goal with Return on Security has always been to build a sustainable business that could stand the test of time and be something I was really excited to work on every day. 2024 showed me that I was a few steps closer to that goal. 

This year was all about vertical expansion and focus. I wanted to go deeper into building the newsletter and the surrounding social media to see if doubling down on a good thing truly made it accelerate. I think it's safe to say that the plan worked.

That said, the plan wouldn't work without creating useful, authentic content that people want to read, earning the trust of an engaged audience, and gaining the support of followers, subscribers, and customers. You are the backbone of Return on Security, and I couldn't have done it without you. 

A big shoutout to you all!

Top Content of 2024

Here are a few of the most popular things Return on Security has done this year.

Top Blog Posts

The most-read articles this year:

• The News of the Death of Cybersecurity Analyst Firms is Greatly Exaggerated

• CISO Networks Decoded: What Works, What Doesn't

• 25 Hard-Hitting Lessons from 17 Years in Cybersecurity

• The Revolution of Mobile Device Security: Navigating Threats and Solutions

• AI Security Shared Responsibility Model: Navigating Risks in AI Deployment

Top Talks/Podcasts

The top podcast/video appearances this year:

A Conversation with Mike Privette from Return on Security

Daniel Miesler and I discuss:

• The economic impact of COVID-19, the shift from prioritizing growth to operational efficiency, and the subsequent market crash and rebound in 2024.

• The rise of AI in application security, the importance of trust and safety, and the potential for AI to enhance personal digital sovereignty.

• The changing dynamics of startups, venture capital, and private equity in cybersecurity.

Resilient Cyber w/ Mike Privette - Cybersecurity Trends, Analysis and Observations

Chris Hughes and I discuss:

• The evolving role of cybersecurity leaders, balancing business priorities with security, and the challenges of justifying security investments.

• The rise of AI in cybersecurity, its dual role as a tool and a risk, and the emergence of AI-driven governance and security innovations.

• Market trends in cybersecurity, including the shift to profitability, industry consolidation, and the importance of networking at events like RSA.

Top Memes

2024 was the year I leaned more into memes.

As silly as it sounds, memes have a unique way of cutting through noise and delivering a message in ways that words alone often can't.

If you've been reading the newsletter or blog for some time, you know my writing style combines sharing data and introducing new perspectives with memes and the occasional pop culture reference.

Here are the top lulz from this year:

Not only did these resonate well, but they were personally a lot of fun to make. I always like to inject humor in unexpected places, so if I start laughing uncontrollably while making one of these, I'm usually on to something.

Safe to say that making memes is here to stay for me.

Lessons Learned

2024 was not without lessons learned along the way.

1. Compound interest is the most powerful force in the world. When you zoom out and see the trajectory up to today, things happened relatively overnight, but that couldn't be further from the truth. Building something enduring and worthwhile in almost any domain takes a consistent and relentless effort. It requires you to show up and make votes for your future self consistently. Every action or inaction counts as a vote for or against what your goals are. Being consistent over a long period of time is a superpower that can pay off far more than what you originally invested (just like compound interest).

2. Don't get bogged down with linear opportunities, look for exponential ones. Owning your audience is an exponential opportunity. Audiences value authenticity and the problems you can solve. The more specific the solution to their problem, the better. People also prioritize individual voices over brands, so work with your audience, build a relationship with them, listen to your core following, and adapt your content to stand out as a community leader. Otherwise, you'll be "just another newsletter."

3. Experimentation will help you discover, but focus helps you accelerate. In 2021 and 2022, I was all over the place with my personal brand and Return on Security. I was still trying to figure out what I wanted to do and where I wanted things to go, so I did a lot of experimentation (read: trying and failing). Being willing to experiment and try things more than others is a superpower. At the same time, however, being willing to drop those things that aren't working just as quickly as you pick them up is a superpower, too. 2023 was the year things started to get clearer for me, and I realized that this thing had legs. So, in 2024, I decided to go HAM in one direction and message, and the results speak for themselves. The truth is that you need to do both things, but the skill is knowing when to switch between modes.

4. Thoughtful diversification and complementing your strengths are the ultimate hedges. Going too deeply down one rabbit hole can leave you overexposed or underprepared in other areas. As strong as the concentration is on Return on Security, this year helped me realize I need to consider diversifying thoughtfully. I will have to use my standard playbook of experimenting and gathering data and will try to extend it beyond purely newsletter advertising. Be on the lookout for things like data subscriptions, targeted consulting, brand partnerships, and more investing.

These lessons weren't just theoretical. They're already shaping the roadmap for next year.

Looking Ahead to 2025

As I look ahead, I'm excited to share how I've built Return on Security to a point where I can now be more selective about the opportunities I pursue.

In 2025, I aim to focus on quality over quantity. I have reached a level of stability and growth with Return on Security that allows me the luxury of patience. This means I can take my time to find the right areas to focus on that can bring growth. I’ll be more thoughtfully looking at consulting gigs or even a role as a CISO again, should the right opportunities arise.

I've built a strong foundation that connects my work with what I truly care about and the impact I want to make in the cybersecurity industry.

A few other areas I'm planning to explore in more depth in 2025:

• Launching another medium for Return on Security (e.g., a podcast)

• Launching a database subscription

• Creating strategic brand partnerships that bring value to the Return on Security community

• Jointly collaborating on/hosting in-person events.

Above all else, I want to continue delivering a high-quality newsletter every week. If you’d like to weigh in and help shape the future of Return on Security, please consider filling out this short survey.

Closing Notes

If you made it this far, I appreciate you taking the time and hope you enjoyed it and found it helpful. I am very fortunate to have the chance to work on something I am so excited about every day.

If any of the above resonated with you and you'd like to find a way to partner or collaborate, please email me at [email protected]. Thank you all for your support throughout this ~four-year journey.

Here's to many more years of data-driven insights, news, and memes that help you understand the cybersecurity market. 🤝

Happy New Year!

Cheers, 
Mike P