• Return on Security
  • Posts
  • 💰 Security, Funded #99 - Maturity Frenzy, Pocket Change, and Acquisition Bingo

💰 Security, Funded #99 - Maturity Frenzy, Pocket Change, and Acquisition Bingo

A review of cybersecurity funding and industry news from the week of June 19th, 2023.

Author

Mike Privette
June 26, 2023 • Reading Time: 12 minutes

Hey there,

Happy Monday, and I hope you had a great weekend!

🏃‍♂️ The Rundown

A meta roundup of all the important things affecting cybersecurity and the microenvironment:

  • Cybersecurity maturity key for product-market fit

  • Federal rate pause may revive investments

  • Lowest weekly cybersecurity funding at $17.7M across 5 firms

  • $107.0M spent on 6 company acquisitions

  • Regulation and AI shaping cyber landscape

  • Companies going out of business due to cyber-breaches

Let’s talk about the concept of maturity as it relates to cybersecurity tools and potential buyers. Customer maturity level is a missed recurring theme I see when I talk to investors and founders. I find myself having to explain the concept often, so I’m compelled to mention this sometimes elusive concept.

Have you ever noticed there is a large part of the cybersecurity market whose ideal customer has to be at a certain maturity level to care about or even be aware of the problem space they are solving for? Products that assume certain user personas in an organization, a certain organizational structure, a certain technology stack (i.e., “You just plug this right into your SIEM, XDR, or SOAR…”), or that the security teams care about a specific edge use case.

These companies may even need their target ideal customer to have a large enough team to operate or a certain maturity level in a specific domain to even engage with them. These products often add to or supplement an existing stack or program but don’t create a fundamental change around how security teams operate or how developers code.

These are “nice to have” things, not “change the way I work” things. These products aren’t moving the needle for security practitioners, they’re making small parts of their jobs a bit easier. It’s a classic case of an answer looking for a problem to solve instead of the other way around.

I’m not saying these products shouldn’t exist, but they should figure out how to pivot. Not a great place to be if you’re an early-stage founder looking for product-market fit today in today’s macro climate.

Yes, the macro environment vibes are looking a bit better with US Fed rate hike pauses. Yes, that means that investing will slowly start to pick back up across many sectors. Yes, some customers may eventually see expense headwinds wane (if they don’t fizzle out first 👀). Yes, the wave of generative AI innovations may actually pull the US out of a slow-burning recession and improve GDP. And yes, these are positive things at the broad level.

But if you’re a cybersecurity buyer today, you’re not quite out of the clear yet. You’ve got to be more judicious than you were in the past. If it’s not an already established player in your customer’s program and it’s not changing the tide for their security program, you’re gonna have a bad time™️.

All is not lost, however. As the saying goes, “[Bad] times create strong [people].” Consider your go-to-market strategies, evaluate your partnerships and alliances, and see how you can make the pie bigger for everyone.

Onward to this week's issue.

🗣Sponsor

Lacework is data-driven cloud security

Our platform, powered by Polygraph®, automates cloud security at scale so our customers can innovate with speed and safety across AWS, Azure, GCP, and Kubernetes environments

Schedule a meeting to start your cloud security journey today!

🔮 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:

No public earnings calls from last week to report on. 🫡

🛞 Industry News Roundup

  • Warnings Against Heavy-Handed AI Regulation (more)

  • JPMorgan Expects Cybersecurity Industry to Benefit from Generative AI (more)

  • IBM grants $5 million for cybersecurity, enhanced skilling on AI (more)

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

We’ve hit the lowest week in cybersecurity funding in 2023 YTD this week 😱.

I view this as a combination of founders being in “build mode,” trying to get their GTM together with generative AI offerings, and the investors being in a “stealthy waiting mode,” being cautious and optimistic about deploying capital while keeping things close so as not to tip off the competition. As the final week of Q2 2023 approaches, I’ll pull together some trend data.

💰 Funding Summary

  • 5 companies raised $17.7M across 5 unique product categories

  • 6 companies were acquired or had a merger event across 4 unique product categories for $107.0M

🧩 Funding By Product Category

  • $15.0M for Identity and Access Management (IAM) across 1 deal

  • $1.8M for API Security across 1 deal

  • $872.6K for Attack Surface Management (ASM) across 1 deal

  • $50.0K for Operational Technology (OT) Security across 1 deal

  • An undisclosed amount for Penetration Testing across 1 deal

🏢 Funding By Company

  • Oso, a United States-based authorization and authentication building blocks platform, raised a $15.0M Series B from Felicis. (more)

  • Corsha, a United States-based API security platform, raised a $1.8M Grant from AFWERX. (more)

  • Muscope, an Italy-based attack surface management (ASM) platform, raised an $873.0K Seed from Primo Ventures. (more)

  • Palitronica, a Canada-based operational technology (OT) security platform for critical infrastructure, won a $50.0K Grant from the University of Waterloo. (more)

  • Prelude, a United States-based automated security testing platform, raised an undisclosed venture round from CrowdStrike Falcon Fund. (more)

🌎 Funding By Country

  • $16.8M for United States across 3 deals 🇺🇸

  • $872.6K for Italy across 1 deal 🇮🇹

  • $50.0K for Canada across 1 deal 🇨🇦

🗣Sponsor

Prevent compromised packages from infiltrating your supply chain with real-time security information for developers directly in GitHub.

Socket is not a traditional vulnerability scanner. Built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month, it proactively detects and blocks 70+ signals of supply chain risk in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Find and compare millions of open-source packages

🤝 Mergers & Acquisitions

📚 Great Reads

  • EscalateGPT - An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.

  • Who’s Afraid of the SEC? - The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.

  • Destroyed by Breach - A list of businesses that have actually gone out of business due to a cybersecurity-related incident by Adrian Sanabria (Google Sheets link).

🧪 Labs

They really just dropped an easier way to do malware exploitation and said, “lol, not our problem anymore”

How was this week's newsletter?

Login or Subscribe to participate in polls.

✅ Here to Support

Whenever you’re ready, I’ve got a few ways I can help support you:

  1. Promote your business to a hard-to-reach audience of cybersecurity and investment professionals by sponsoring this newsletter.

  2. Schedule a 1:1 coaching call on newsletters, monetizing, cybersecurity trends, product strategy, or anything else.

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🐝 If you run a newsletter, I can't recommend Beehiiv enough.

Join the conversation

or to participate.