• Return on Security
  • Posts
  • 💰 Security, Funded #122 - Decoding Cybersecurity's Year-End Dynamics: Gains & Pains 📉📈

💰 Security, Funded #122 - Decoding Cybersecurity's Year-End Dynamics: Gains & Pains 📉📈

A deep dive on cybersecurity funding and industry news from the week of November 27th, 2023.

Author

Mike Privette
December 04, 2023 • Reading Time: 10 minutes

Hey there,

Happy Monday, and I hope you had a great weekend. In this week’s issue, we’ve got:

  • 🌍 Economic optimism rising

  • 🛡️ Even breaches can’t shake investor confidence

  • 🎓 End-of-year training budget spending in full swing

The US Economy got a welcome bit of news last week, meeting the threshold for what many believe is, in fact, a “soft landing” of the economy. Many believe that interest rate cuts are in the not-so-distant future.

Why is that important? It means that the US (and by proxy much of the rest of the world’s economies) feel that the worst economic times are receding and that overall sentiment is turning positive. This will have positive downstream impacts on the startup and VC worlds, and companies will be more likely to both buy and invest their dollars in people and technology.

It doesn’t mean we’re out of the woods all the way, but we are totally, almost, definitely, completely so back(ish).

Also, a bit of year-end housekeeping - this is the second to last newsletter issue you’ll get from me this year! 😱 I take a break from sending emails for the last two weeks of the year so I make it that much harder to grind in January so I can pull together lessons learned from the year, catch up on blog posts I’ve been meaning to finish, and plan out how to tackle the next year.

Have an upcoming deal to share? Looking for funding? Looking for companies to fund? Drop me a message at [email protected].

Onward to this week's issue.

🗣Sponsor

Close more enterprise deals

Automate security and privacy compliance

With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process end-to-end. What makes Secureframe different?

  • Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.

  • Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.

  • Automate responses to RFPs and security questionnaires with AI.

  • Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

Which cybersecurity threat do you believe is most under-recognized in our industry?

Login or Subscribe to participate in polls.

Last week’s vibe check:
With the end of 2023 coming hurtling towards us, are you scrambling to spend your training and education budget?

The training must go on. Confirmed that it is that time of the year when the only budget that most people have left is for training. Those CPEs aren’t going to earn themselves! Did you know that writing blog posts about cybersecurity counts as CPE for certain certifications?

🔮 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.

  • Crowdstrike ($CRWD) - Crowdstrike had a solid quarter beating earnings estimates per usual, yet played it safe with conservative forward guidance. This is a typical move for them, especially towards year-end. Crowdstrike saw additional growth by making inroads into the legacy SIEM market with Log Scale, aiming to disrupt areas with high dissatisfaction, like SIEM and DLP. Its stock jumped ~10% post-earnings call.

    Crowdstrike also mentioned their ambition to unify IT and Security teams by moving into the IT Ops realm. This is one of the rare times I disagree with their approach to this. To the outsider, it might sound like a dream to unify IT and Security teams, but that move can often create more organizational headaches, internal politics, and operational friction than the efficiency it claims to bring.

  • Okta ($OKTA) - Okta continues to defy expectations, outperforming its estimates by >4% despite its ever-growing challenges with breaches and security incidents. It's a fascinating paradox in the cybersecurity world: even with continuous security breaches, OKTA's stock keeps climbing.

    I know what you might be thinking, “How can their stock keep going up with continued news of security incidents?” You’re right to ask that as a security professional. But, when you’re at the top of your category, with no viable competitors in sight, and you are deeply entrenched in all business operations, say it with me, folks:

    Security 👏 incidents 👏 don’t 👏 matter 👏 to 👏 the 👏 street 👏 .

    Does it make sense? No. Is it still true? Yes. This resilience points to the strength of its market position and product offering, even in the face of adversity.

  • Zscaler ($ZS) - ZScaler presented good results, exceeding expectations by around 5% with strong federal sales and with their data protection segment growing 60% YoY. Data protection growth is a clear example of disrupting a “high dissatisfaction” segment like DLP at rest and in motion.

    ZScaler's vision to “make the world free of firewalls” speaks to their confidence in a changing landscape as they continue to ride the wave of transitioning away from hardware-based firewalls to software-defined networking and zero-trust initiatives. Their approach of not relying on M&A (a jab at their competitors like Palo Alto) for growth sets them apart as one to watch in the competitive landscape.


    Despite not meeting their own internal projections, ZScaler sees signs of market stabilization, with less scrutiny on deals, which is a nod (however slight) to a turnaround.

📸 YTD Snapshot

A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

We’re in the time of year when funding announcements are moving into “Let’s catch up after the holidays” mode. Early-stage companies coming out of stealth may just be waiting to get through the holidays, or are trying to wrap up any last product and marketing pushes for their public reveal.

A bit of a lull in M&A activity last week, most likely from just a timing perspective. There was a last-minute rally in the final weeks of 2022, and we may yet see that with 2023 again.

💰 Funding Summary

  • 10 companies raised $161.9M across 9 unique product categories

  • 3 companies were acquired or had a merger event across 1 unique product category

🧩 Funding By Product Category

  • $140.0M for Managed Security Services Provider (MSSP) across 2 deals

  • $11.0M for Software Supply Chain Security across 1 deal

  • $6.0M for Passwordless Authentication across 1 deal

  • $1.5M for Threat and Risk Prioritization across 1 deal

  • $1.4M for Identity Verification across 1 deal

  • $1.0M for Security Awareness across 1 deal

  • $1.0M for Anti-Phishing across 1 deal

  • An undisclosed amount for Security and Compliance Automation across 1 deal

  • An undisclosed amount for Endpoint Detection and Response (EDR) across 1 deal

🏢 Funding By Company

🗣Sponsor

Attackers Shouldn't Have the Information Advantage

Streamline Your Continuous Threat Exposure Management

At Flare, we believe that attackers shouldn't have the information advantage. Our Continuous Threat Exposure Management platform gives you the upper hand. With automated monitoring across the dark and clear web, prioritized alerts, and rapid response, you can stay ahead of threats.

Try our free trial now and take control

🌎 Funding By Country

  • $142.4M for United States across 5 deals

  • $18.5M for Nothern Ireland across 4 deals

  • $1.0M for Switzerland across 1 deal

🤝 Mergers & Acquisitions

  • Conquest Cyber, a United States-based professional services firm focused on cybersecurity consulting for the defense sector, was acquired by BlueVoyant for an undisclosed amount. (more)

  • Keep Secure, a Canada-based professional services firm focused on cloud infrastructure and cybersecurity services, was acquired by Jot Digital for an undisclosed amount. (more)

  • KeyLogic Systems, a United States-based professional services firm focused on technology and cyber for the defense sector, was acquired by GAP Solution for an undisclosed amount. (more)

📚 Great Reads

  • Guidelines for secure AI system development - The NCSC UK and the CISA got together to create secure AI system guidelines for development and operations, emphasizing security considerations unique to AI systems.

  • *Real-Life Lessons in Breach Response - Data breaches are an unfortunate reality of our interconnected world, impacting our companies directly and via our vendors. How you respond makes a world of difference in building, maintaining, or repairing trust with buyers and customers. Explore examples of how to respond with transparency.

  • The Return on Security Tech Stack - Everyone loves a good tool roundup at the end of the year. Refreshed for 2023 after getting a few requests for what tools I use the most. Here's my breakdown of the tech stack I use to run Return on Security.

  • State of the Cloud 2023 - Bessemer Ventures shares insights for SaaS founders as they navigate today’s difficult financing climate and welcome the dawn of the AI era in the latest state of the cloud economy.

*Sponsored content and/or affiliate link.

🧪 Labs

MITRE has left the chat

Have an upcoming deal to share? Looking for funding? Looking for companies to fund? Drop me a message at [email protected].

How was this week's newsletter?

Login or Subscribe to participate in polls.

Join the conversation

or to participate.