The Argument For More Cybersecurity Startups

The Argument For More Cybersecurity Startups

What is success and failure for a cybersecurity startup? And why are some of these companies not a great fit for the typical VC model?

This week’s episode is hosted by me, David Spark , producer of CISO Series and guest co-host Ross Haleliuk , author of Venture in Security . Joining us is Sid Trivedi , partner, Foundation Capital .?

A market response to industry failure

The bevy of cybersecurity startups could be a market response to simple operational inefficiency. Organizations choose to buy rather than optimize existing tooling. "We have this many security startups because so many organizations cannot deliver their own purchased security stack internally; they don’t know its capability and subsequently go out and seek extra luggage they likely don’t need. Let’s be honest. We are way overcomplicated in cybersecurity right now. It’s NOT that hard to secure and harden correctly up front," said Spencer M. of HealthEquity .?

The other issue for the confusion is the value proposition can appear dubious. Startups focused on decision-making efficiency could change that. "Many times, I feel like VCs are the only market participants who get value from how confusing the solution landscape has become. Startups focusing on systems that help security leaders make quick, risk-mitigated purchasing decisions could be an important new frontier in the industry," said Kier Lane of ID-Y .

Is this a business or a feature?

The market is flooded with startups that can offer interesting technical features. But that doesn’t mean they can connect that to business value. "The lack of go-to-market is one of the reasons they rely so much on POC (proof of concept). Selling features rather than business value is common amongst the so-called unicorns. Unfortunately, it doesn’t cut it anymore," said Aurelia Wiest of Illumio . Many startups fail because they can’t see their product as part of a larger ecosystem. If you think your startup will be blindingly obvious to the market, you’re in for a rude awakening. Allan Thompson stated, "Most cybersecurity startups lack the go-to-market talent at the top, but more importantly, they do not hire the proper sales teams to execute. Most CEOs believe the product will sell itself, but that’s only one key part of the ingredients to go public or be attractive to get a positive exit."

The economics of startups

Startups looking to go public will have a tough road ahead. They will likely need to rethink what a successful exit can look like. "If IPO was your only plan, trouble is on the horizon and we are unfortunately starting to see the cracks in the foundation because of it. We will see a TON of collateral damage because of poor planning, irresponsible spending, and bloated valuations," said Jared Ballou of DirectDefense . This is compounded by the number of startups not offering novel solutions. Investors' risk aversion drives this. Jon G Shende of 高知特 Cognizant said, "We typically see several cybersecurity startups solving the same problem operate in parallel and generate enough revenues to survive. One reason why others may ‘fail’ is a lack of understanding from investors. I cannot tell you the number of investors who say I don’t know what your product is about, so I will stick with what I know. This mindset is why the ‘me too’ companies offering a variation of the same ‘solution’ gets funded."?

Practicality over novelty

Organizations often don’t need what a startup is offering. The business value of a startup solution isn’t there if it can’t integrate into their broader cybersecurity ecosystem. "Cybersecurity is a very cluttered space with many good products and many mediocre products. The customer often requires good configuration and hygiene, not a stack of eclectic solutions. Most of these companies will not survive," said Jerome Tetreault of Eviden . The startup road is intrinsically tough, a struggle almost by definition. But that doesn’t mean we should count a startup out when it hits a rough patch. Richard Rushing , CISO, 摩托罗拉 , reminded us to keep our eyes on the ball: "It is ALWAYS harder than it looks given these macroeconomic headwinds in the industry. This will not be for the faint at heart. Do not write off companies that are struggling. Understand how they will make it through these issues, and watch closely. We all know the warning signs of trouble."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the full episode here.

Huge thanks to our sponsor, Nudge Security


Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.


Join us NEXT Friday [11-22-24], for "Hacking E-Crime Trends"

Join us Friday, November 22, 2024, for?“Hacking E-Crime Trends: An hour of critical thinking about staying on top of an ever-evolving threat landscape.”

It all begins at 1 PM ET/10 AM PT on Friday, November 22, 2024,?with guests Jason B. aker, principal security consultant, GuidePoint Security and Howard Holton , CTO and industry analyst, GigaOm .?We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, GuidePoint Security


Cyber Security Headlines - Week in Review

Make sure you?register on YouTube?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Brett Conlon , CISO, American Century Investments . Thanks to ThreatLocker .

Thanks to our Cyber Security Headlines?sponsor, ThreatLocker


Jump in on these conversations

"Is the US generally ahead of Europe in cyber security resilience?" (More here)

"What kind of activities you guys recommend to do on free time besides cybersecurity stuff?"?(More here)

"Do you feel held back by not having a Software Development background?"?(More here)


Coming up in the weeks ahead?on?Super Cyber Friday?we have:

  • 11-15-24 - NO SHOW
  • 11-22-24 - "Hacking E-Crime Trends"
  • 11-29-24 - NO SHOW
  • 12-06-24 - "Hacking the AI Supply Chain"

Save your spot and register for them all now!


Thank you! Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at?cisoseries.com.

Interested in sponsorship,?contact me,?David Spark.




Marco Morana

Chief Information Security Officer | Security Architecture

1 周

I think differentiation is also critical ref (outdated but knowing a few I would agree on the ranking) https://www.veriff.com/blog/state-of-americas-cybersecurity-startups

回复
Ross Haleliuk

Builder | Best Selling Author of "Cyber for Builders" ???? cyberforbuilders.com | Writing about cybersecurity ???? ventureinsecurity.net | Startup Advisor | Angel Investor

1 周

Thanks David Spark and Sid Trivedi for making it happen!

Sid Trivedi

Partner at Foundation Capital

2 周

Thank you for the fun conversation David and Ross!

Cory Wolff

Director | Offensive Security at risk3sixty. We help organizations proactively secure their people, processes, and technology.

2 周

All valid points, but there’s an even bigger reason why we need more startups. That’s where innovation thrives. https://www.dhirubhai.net/posts/corywolff_there-were-over-400-ma-cybersecurity-deals-activity-7201924756445552642-14aV?utm_source=share&utm_medium=member_ios

回复

要查看或添加评论,请登录

David Spark的更多文章