0:00
/

Cyber Valuations, Moats & the Road to Black Hat

An annual check-in with Foundation Capital’s Sid Trivedi on services-as-software, record AI SOC rounds, founder caution, and what’s actually defensible in the age of frontier labs.

In this episode, I sit down with my friend Sid Trivedi, Partner at Foundation Capital, for what has turned into an annual conversation heading into Black Hat and Hacker Summer Camp.

Sid invests at the earliest stages, seed and Series A, with a focus on cybersecurity and IT infrastructure, so he has a front-row seat to the teams building the future of this field. A lot has moved since we last spoke, from massive M&A closing to record-setting rounds in categories like the AI SOC, and I wanted to pressure test how much of it is grounded in reality.

We chatted about:

  • What has actually changed a year into the AI wave, and what hasn’t, in how Foundation Capital backs formation-stage founders

  • Services-as-software, the $4.6 trillion market thesis, and automating cybersecurity workflows across product security, detection and response, IR, pen testing, and threat intel

  • What AI means for cybersecurity jobs, and why Sid thinks the jobs change rather than disappear

  • Consolidation vs. best-of-breed after Palo Alto’s $25B CyberArk acquisition and Alphabet’s $32B Wiz deal

  • AI SOC valuations, including Seven AI’s record cyber Series A, Torq crossing a $1B valuation, and Exaforce’s massive raise

  • The double-edged sword of big raises, and why you can’t simply spend your way to growth in cybersecurity

  • Moats and defensibility when frontier labs can replicate a chunk of your product

  • The Black Hat Innovator Investor Summit and the Startup Spotlight competition


Prefer to listen?

Catch the episode on Spotify or Apple Podcasts.

Be sure to subscribe and leave a review!


Takeaways

Services-as-software is playing out, and the jobs question hangs over it

Sid’s colleagues at Foundation Capital wrote about services-as-software years ago, sizing it as a $4.6 trillion market, and he believes it is largely playing out as expected. Last year we talked about AI MDR and how managed detection would change with humans plus AI agents.

This year the aperture is wider. Sid framed it as looking at every task and team in cybersecurity, whether that’s product security, the SOC, incident response, pen testing, threat intel, or security strategy, and asking what portions of that work can be automated. That covers both external services from MSPs, MSSPs, and large consulting firms and the internal workflows of security teams themselves.

On the jobs question, Sid was direct. “I don’t worry that long term people will lose the ability to work. I think the jobs themselves will change.” I’ve been advocating the same thing for practitioners. Lean into these tools in your daily workflows now, because the adaptation is the job security.

Consolidation and best-of-breed will keep coexisting

Since our last conversation, Palo Alto closed its $25 billion acquisition of CyberArk and Alphabet finalized its $32 billion acquisition of Wiz, while players like ServiceNow keep expanding their security platforms through acquisition. I made the point that the convergence is bi-directional, with IT players moving into security and security players moving into IT, and you even see it in the workforce with leaders like Jamil at Equifax moving from CISO into broader IT leadership.

My view is that the platformization vs. best-of-breed debate never actually ends. There will always be innovative startups covering niche capabilities faster than incumbents can build them, and many of those startups will eventually get absorbed into the platforms. That cycle is the market working, not a contradiction.

Big valuations cut both ways for founders

The AI SOC category alone has produced Seven AI raising the largest cyber Series A on record, Torq crossing a billion-dollar valuation, and a massive raise from Exaforce. I pressed Sid on whether these numbers are grounded in what customers actually pay or whether the market is pricing a story ahead of the numbers, and on what happens to founders and teams who don’t grow into the valuations they accept.

The part I wanted practitioners and aspiring founders to sit with is that growth in cybersecurity is more nuanced than deploying capital. Buyers in this market behave differently, and there’s an implicit level of trust involved in procurement decisions, so you can’t simply spend your way to revenue, market share, and customers.

More capital raised means more expectation to grow into, and the congratulatory posts on social media rarely mention that side of it.

Moats in the frontier-lab era

We dug into the question every early-stage founder is wrestling with right now. If a frontier model can replicate a chunk of your product quickly, given the labs’ size, capacity, and distribution, what are investors actually underwriting, and what no longer counts as defensible? We touched on the trend of headless software, which some cyber companies are starting to move toward, and the viral rant from one of the largest defense tech companies about proprietary data as a moat, which has spurred a broader open source vs. closed source AI debate worth following.

See you at Black Hat

Sid is heavily involved in the Innovator Investor Summit at Black Hat, which brings together investors, founders, and the people building the future of this domain, and

I’m excited to be MCing it this year following Mike Privette and others who came before me. We also talked about the Startup Spotlight competition, which I’d call the World Cup of cybersecurity startups.

Black Hat is offering listeners $500 off registration with the code USA500Resilient.

-> Register Here! <-

Thanks again to Sid for coming back on. You can follow his work at Foundation Capital and connect with him on LinkedIn.

Discussion about this video

User's avatar

Ready for more?