Understanding Cyber Industry Dynamics

Working in cyber and staying sane requires a healthy sense of accepting our inability to control or understand all the moving parts. This industry is a complex and dynamic field that presents both challenges and opportunities. To navigate this landscape effectively as a Cyber PMM, it's essential to understand its unique characteristics and the key factors shaping its future.

That's why the first series after the Vision Series is focused on Industry Dynamics. It's pragmatic to start with defining the "lay of the land" that we are operating in. And I won't pretend to understand it all, but let's start with high level observations on the key forces shaping cyber markets today.

Cyber is Now Central

Cyber is now central to most geopolitical and corporate strategic objectives. It's hard to find an organization or government without a growing digital presence or dependency. This has led to amazing advancements, but threat actors are exploiting vulnerabilities in digital systems to achieve their objectives. Cyber warfare is now at the forefront of international conflicts and is significantly impacting global order.

This digital age has made societies smarter yet more vulnerable. Democratic nations are struggling to secure election systems due to the vulnerabilities in outdated machines. There are systemic risks like this emerging everywhere, including risks in utility systems such as water plants and power grids. Cyber is now a central part of society and has driven great opportunities for advancement, yet it has also exposed us all to more risk and vulnerability than ever.

Social media has also taken us all by storm in the past ~15 years. We are glued to our phones and sharing increasing amounts of personal information that is being stolen regularly. So digital risks abound, making cyber a crucial topic for the foreseeable future. Working in cybersecurity is exciting because we are part of the group bringing order to the aforementioned chaos, and that's a good thing.

Market Sizing

The cybersecurity industry is substantial; according to Gartner, worldwide end-user spending on security and risk management is projected to total $215 billion in 2024, representing an increase of 14.3% from 2023. Security services represent the largest share of this spending. While this figure is significant, it pales in comparison to behemoths like Apple, which rakes in nearly $400 billion annually. Nevertheless, the industry's growth rates and increasing demand indicate a prosperous future.

I always like to use market sizes and CAGRs as a baseline for presenting GTM plans to my peers. If I am bringing a certain product to market, it's a good habit to know the size of the category/market I am competing in. This helps level set revenue and growth expectations for the field and marketing peers.

Private equity firms are significant players in the cybersecurity landscape, financing both startups and established companies. They wield considerable influence, and understanding their role can provide insights into decision-making processes within the industry. For example, I remember when I was working at Optiv, I was aware of the fact that Blackstone owned a large % of the company, impacting certain strategic decisions. We need to understand who the puppet masters are in the businesses we work for.

Funding rounds like Series A, B, C, and D are often celebrated in the cybersecurity community. I think it's crucial to recognize that funding doesn't necessarily indicate a technology's real-world viability. Many startups aim to be acquired by larger players, and the startup path can be arduous.

Just because a startup is good at raising capital doesn't mean they will succeed in this industry. Time will tell for fundraisers and funding isn't exactly a sign of cyber success. It is merely an indicator of potential market viability and future demand. Investors typically don't invest in ideas that have no chance of return, so it doesn't hurt to keep an eye on where the funding is happening.

Anyway, I'm not an expert in finance or how funding works. A good resource to dive into this topic more is Venture in Security if you're into this aspect of the industry.

3,700+ Vendors and 8,000+ Products