Global cybersecurity startup ecosystem map: a founder’s guide
Bringing together the components of the cybersecurity startup ecosystem: investors, accelerators & incubators, pitch competitions, awards, media, and more.
Welcome to Venture in Security! Before we begin, do me a favor and make sure you hit the “Subscribe” button. Subscriptions let me know that you care and keep me motivated to write more. Thanks folks!
Thanks for supporting Venture in Security!
Global cybersecurity startup ecosystem map
The cybersecurity space is growing and this growth is predicted to continue in the upcoming years. As more and more entrepreneurs are trying to transform the industry, there is a growing number of investors, startup incubators and accelerators, and other players in the ecosystem emerging to support this growth.
It is often the case that there isn’t an easy way for startup founders to see what resources are available to them.
In this piece, I collected over 70 resources for cybersecurity startup founders, which include cybersecurity-focused VCs, angel groups, investment banks, accelerators & incubators, awards, events, pitch competitions, and more.
The full list with links can be found here: Global cybersecurity startup ecosystem resources.
The map below and the writing that follows attempt to summarize all this in an easy-to-digest format.
If you know of any other resources that should be added, please comment in the google sheet or reach out on LinkedIn.
Notes & Disclaimers
I recognize that for the startup ecosystem to grow, there is a need for many industry players to work together — the government and think tanks, educational institutions, professional associations, industry analysts, event organizers, security vendors, and many more. The scope of this summary, however, is limited to organizations and services that can be immediately helpful for founders, not on the industry as a whole. Therefore, many critical players in the ecosystem including educational institutions, professional associations, government bodies, communities of practice, podcasts, and others were purposefully excluded from this summary.
To compile this map, I have used information from open sources and companies’ websites. While a minimal attempt to ensure the accuracy of this information has been made, I cannot guarantee that all statements in this article are correct.
Lastly, it’s important to note that I have only looked at resources available in English. I have full confidence there are many more resources out there that did not come under my radar. Any additions are therefore not just welcome but very much appreciated.
For venture capital, private equity firms, and angel investor syndicates, I only included those who either focus on cybersecurity exclusively or that have more than 50% of their portfolio in cybersecurity. For corporate venture capital, however, I did not implement such restriction — listing firms that have 5% or more of their portfolio companies in cybersecurity.
Venture Capital Firms
Lytical Ventures is a venture firm with a focus on corporate Intelligence, comprising cybersecurity, data analytics, and artificial intelligence. The firm is an affiliate of Lyrical Partners, which, with affiliates, manages over $10 billion in private equity, real estate, traditional equity, venture, and hedge funds.
As the investment arm of Merlin Cyber, Merlin Ventures is an investment firm that is focused on driving growth and value for cybersecurity software companies with market-leading potential. Merlin Ventures provide infrastructure for market readiness, cybersecurity engineering expertise, and go-to-market muscle for all of their partners.
Paladin is a global investor that supports and grows the world’s most innovative cyber companies through its Paladin Cyber Fund, a fund with focus on digital infrastructure resilience.
Paladin Capital Group actively invests globally in advanced technologies and solutions which enable, monitor, manage, and defend critical infrastructure that is dependent on cyberspace.
SYN Ventures invests in disruptive, transformational cybersecurity solutions. SYN Ventures was started by two former CISOs of Fortune 500 companies, who have successfully invested in and exited a number of prominent cybersecurity companies operating today.
By leveraging their operational background, the team at SYN Ventures is uniquely positioned to support founders with the go-to-market, tech, and other challenges that founders face.
According to the fund’s website, “YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead. Based in Silicon Valley and Tel Aviv, YL Ventures exclusively invests in cybersecurity. YL Ventures accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of Chief Information Security Officers and global industry leaders”. In May 2022, YL announced Fund V which at $400M, is the largest seed fund ever raised for cybersecurity.
Team8 is a global venture group with deep domain expertise that creates companies and invests in companies specializing in cybersecurity and enterprise tech. Team8’s leadership team represents serial entrepreneurs, industry pioneers, and the former leadership of Israel’s elite tech and intelligence Unit 8200. Founded in 2014, Team8 is backed by global companies including Microsoft, Walmart, Cisco, Barclays, and Moody’s, among others.
AllegisCyber is all about seed and early stage investing in cybersecurity and its applications in emerging technology markets. Today that focus encompasses related areas including big data analytics, the Internet of things (IoT), and virtualization. AllegisCyber believes the imperative for cybersecurity innovation will be with us for the foreseeable future and is focused on identifying and partnering with the creative and passionate entrepreneurs who are committed to securing the digital frontier, through disruptive innovation.
Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive. Ten Eleven supports cybersecurity entrepreneurs with the capital, connections, experience, and expertise that only a specialized security firm can. Ten Eleven Ventures focuses on early stage and growth investments in private companies that are innovating and poised to lead the digital security field. The firm is founded by security entrepreneur and investor, Alex Doll, a co-founder of PGP Corp.
Evolution Equity Partners is an international venture capital investor partnering with entrepreneurs to develop market-leading cybersecurity and enterprise software companies. The firm believes that cybersecurity represents one of the most promising areas for disruptive innovation today, and focuses a large part of its portfolio on cyber.
ForgePoint Capital is an American VC that started by solely investing in cybersecurity companies taking steps to protect the increasingly digital world. As technology and markets have evolved, they have broadened their investment thesis to include critical adjacent technologies (AI/ML, Blockchain, Cloud, DevOps, Insurtech, Fintech, and Privacy). ForgePoint Capital uses its network of security experts to provide connections, advice, and what is needed for a startup to grow.
NightDragon invests in and advises late-stage and growth companies, providing a platform of growth for the next generation of cybersecurity, safety, security, and privacy companies. The NightDragon team invests and advises companies that they believe can help close the gap between offense and defense. There are currently 17 companies in NightDragon’s portfolio.
Cyberstarts is one of the few VC firms primarily funded by the industry’s most successful cybersecurity founders. The VC firm puts a lot of emphasis on adding value and helping mission-driven cybersecurity entrepreneurs grow their companies.
As a boutique seed-stage venture capital firm, Security Leadership Capital invests in early-stage companies where cybersecurity will be a critical enabler for success. They work both with cybersecurity companies as well as companies in other sectors that require a strong cybersecurity foundation to differentiate their offering, including fintech, healthcare tech, blockchain, cloud, and datacenter infrastructure.
Sands Capital is an active, long-term investor in leading innovative businesses globally with a strong portfolio in cybersecurity.
TIIN Capital B.V. is a Dutch VC that invests in software and information technology companies at the seed and start-up phase. TIIN Capital focuses mainly on Dutch cybersecurity companies, but also helps foreign cybersecurity companies with rolling out in Europe.
Glilot Capital Partners is one of Israel’s leading venture capital funds, with a solid portfolio consisting of innovative startups in cybersecurity and enterprise tech.
Elron Ventures is a leading early-stage Israeli venture capital firm specializing in cybersecurity and enterprise software.
eCAPITAL is a European impact venture capital firm with strong thesis in cybersecurity that provides early to growth stage funding to technology companies.
Tikehau Ace Capital is a European investment firm with an explicit cybersecurity strategy.
Osney Capital is a UK-based value-add venture capital fund that invests in startup and growth businesses in the cyber and data security sector, whilst supporting them to navigate their operational complexity as it evolves with their scale.
33N Ventures is a European specialized venture capital company. Its first fund invests across Europe, Israel and the US in early growth-stage companies developing and commercialising emerging technology solutions in cybersecurity and infrastructure software.
Ballistic Ventures is a new kind of venture capital firm, built by and for cybersecurity entrepreneurs and investors. The firm is based in San Francisco.
Gula Tech Adventures invests in companies and nonprofits that defend the nation’s cyberspace.
Rain’s mission is to identify and invest in disruptive companies that push the boundaries of cybersecurity capabilities.
Secure Octane Investments focuses on early-stage investments in cybersecurity, data & infrastructure startups.
There are other funds not 100% focused on cybersecurity but where cybersecurity represents a large percentage of their portfolio, including Crosslink Capital, 11.2 Capital, and New North Ventures.
Option3Ventures is a Private Equity (PE) firm. According to their website, “Option3 is a specialist cybersecurity private equity firm with a cyber heritage from the classified world of national security, broad investment expertise that runs from venture to buyout, and deep operational experience spanning the entire C-suite”.
CyLon is Europe’s leading specialist early-stage investor in security and resilience. Having started as a cybersecurity accelerator and seed investment program, it evolved into an important player in the world’s cybersecurity ecosystem. CyLon Ventures is not a VC fund. Instead, they invest their own capital in angel-sized checks which allows them to be uniquely founder aligned.
Dreamit Ventures works with cybersecurity startups through their Securetech program. Aside from funding companies directory, they also provide accelerator-style support with a focus on scaling, customer acquisition, and capital, helping cybersecurity startups achieve the next milestone.
Corporate Venture Funds
I have previously written a summary of the corporate venture capital (CVC) landscape as it relates to cybersecurity. I observed that some CVCs such as M12, NTT DoCoMo Ventures, and Dell Technologies Capital choose to specialize in cybersecurity and have developed both internal expertise and industry connections to add a lot of value for startups looking to get more than growth capital. Others have some investments in cybersecurity without attempting to specialize in the field.
In addition to the funds outlined in the above article, it is worth looking at Falcon Fund, Okta Ventures, S Ventures, G+D Ventures, and CyberArk Ventures.
Falcon Fund is an investment fund managed by CrowdStrike, in partnership with Accel. Falcon Fund has made some great investments in a number of cybersecurity startups, including Automox, Tines, and JumpCloud. According to their website,
The Fund is focused on global, cross-stage investments in companies that provide differentiated capabilities to our shared customers. The Fund will not lead rounds but will co-invest as a strategic partner alongside lead investors. In addition to funding, CrowdStrike will provide access to the CrowdStrike Store partner resources that includes integration, marketing and go-to-market support. — Source: Falcon Fund/CrowdStrike
CyberArk Ventures is a $30 million global investment venture fund by CyberArk designed to empower the next generation of disruptors solving complex security challenges with innovative technology.
Okta Ventures invests and supports companies creating cutting edge technologies enabled by identity, security, and privacy.
S Ventures is a corporate arm of SentinelOne launched in 2022 that invests in the next generation of category-defining security and data companies.
G+D Ventures is the centure capital arm of the G+D Group that invest in growth-oriented companies, whose innovations promote trust in our society.
As corporate venture capital now accounts for 21% of the overall venture market, up from 11% ten years ago (Bain’s 2022 M&A Report), startup founders in the industry may want to pay attention to this growing investor segment. As with any funding source, there are pros and cons to working with CVCs. Founders must do their own research and consider all factors before deciding if investment from CVCs is the best option for their startup.
While there are many investment banks globally that work with cybersecurity companies, Momentum Cyber deserves an exclusive mention as the industry’s first and only investment bank exclusively focused on cybersecurity.
As their website states, Momentum Cyber offers “a new and innovative advisory model designed specifically for the Cybersecurity industry combining operational excellence, corporate finance, strategy, exit planning, and M&A services throughout the lifecycle of a company — Incubation to Exit”.
Angel groups, private investment clubs that act as syndicates, and individual angels are often the ones who support entrepreneurs at the earliest stage when institutional investors are not ready to place their bets. For an early-stage cybersecurity startup, getting money to start innovating and get a prototype to the market is important. What is even more important is gaining access to potential customers, getting the right introductions to partners, and feedback from trusted advisors. Arguably, nothing trumps the amount of value that can come from security leaders and experienced professionals turned investors.
There are many angel groups that make investments in cybersecurity startups. Many are low-key and can only be discovered through friends and friends of friends. The three investment groups of security leaders with high visibility and proven track record are Silicon Valley CISO Investments (SVCI), Cyber Club London (CCL), and KMEHIN Ventures.
Silicon Valley CISO Investments (SVCI)
Silicon Valley CISO Investments (SVCI) is a group of Chief Information Security Officers (CISOs) that operates as an angel investor syndicate. Their mission is to
“fuel the next generation of cybersecurity innovation by identifying promising early-stage startups, investing in them, and using their unmatched industry expertise to help them thrive”. — Source: SVCI
SVCI is an invite-only group, and new angels must be recommended by the existing members. Established in late 2019, SVCI has already invested in over 13 startups, including Cyral, Orca Security, and the above-mentioned Tines.
Cyber Club London (CCL) is a community of over 50 cybersecurity executives and experts, working together to foster the next generation of cybersecurity innovators. It is an invite-only organization that facilitates group investments in early-stage cybersecurity startups and provides advice, expertise, and what is needed to propel their success.
KMEHIN Ventures, based in Israel, is on the mission to identify and invest in early-stage security startups with great potential. They are also group of CISOs from different companies.
The Security Syndicate is the largest community of security founders, executives and leaders at F500 & G2000 organisations that focuses on partnering with early stage security founders.
Accelerators & Incubators
MACH37 is a US-based start-up accelerator designed to facilitate the creation of the next generation of cyber product companies. MACH37 designed a unique program that places heavy emphasis on the validation of product ideas and the development of relationships that produce an initial customer base and investment capital.
The Scalarator, operated by JVP, is New York City’s first scale-up accelerator focused on growing enterprise-ready, cybersecurity startups, offering participating startups access to potential customers, investors, industry mentors, personnel, funding, and workspace. The Scalarator is a part of the Cyber NYC initiative.
CyberTech|X Accelerator (Tampa, FL) is a highly specialized 90-day accelerator program exclusively for innovative and disruptive technology startups focused on cybersecurity. Participating startups get access to mentorship, tools, and resources as well as strategic support from the key program sponsors at A-LIGN, EY, and KnowBe4.
The Cyber Incubator@bwtech is home to more than 45 businesses. Members enjoy access to training programs such as the Government Contracting Institute with TargetGov, UMBC student internship subsidy programs, entrepreneurial services team technical support, and collaboration opportunities with UMBC faculty. In addition, the Cyber Incubator is in close proximity to UMBC, an NSA/DHS Academic Center of Excellence for Cybersecurity conveniently located within the Baltimore/Washington D.C. corridor.
Dreamit is a VC fund and a growth program focused on cybersecurity startups ready to scale. Customer Sprints® help startups grow their customer pipeline and Investor Sprints® accelerate their next round of funding.
The Catalyst Cyber Accelerator
The Catalyst Cyber Accelerator is the first cybersecurity-focused commercial accelerator in Canada. The Catalyst Cyber Accelerator helps early-stage Canadian cybersecurity companies grow into national and international competitors.
International Security Accelerator
The International Security Accelerator is a 3-month intensive accelerator that will invest in early-stage disruptive companies, in the areas of cybersecurity, Internet of Things, blockchain, AI, health & bioinformatics, defense, critical infrastructure, financial services & logistics. This accelerator, located in Cork, Ireland, and supported by industry partners such as Trend Micro, only accepts teams (no solo founders).
gener8tor Cybersecurity, a partnership between the tech co-working incubator and a Wisconsin-based national accelerator Gener8tor, offers a program for cybersecurity startups in San Antonio. The accelerator allows startups to gain traction for rapid growth in the dynamic tech ecosystem of Alamo City.
The CyberAccelerator UA is the first Ukrainian cybersecurity accelerator for product and service companies, created to accelerate the development of the Ukrainian cybersecurity market. The CyberAccelerator UA is implemented by SocialBoost within the USAID Cybersecurity Activity.
The UK National Cyber Security Centre (NCSC) For Startups
The UK National Cyber Security Centre (NCSC) For Startups combines the NCSC’s technical expertise and commercial expertise with the world’s entrepreneurial ecosystem. According to the NCSC For Startup website, “through a combination of technical and commercial mentorship and introductions, the program works with startups to: develop and communicate their core product or service, facilitate introductions to companies and investors, and create commercial growth opportunities”.
Tech Nation Cyber is a six-month, non-residential program to accelerate ambitious cyber scaleups in the UK. From online training, phishing prevention, and honeypots to deception security and fighting fake merchandise, they are forming a cohort of the most innovative companies operating in cybersecurity.
Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)
Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Asia-Pacific’s cybersecurity entrepreneur hub. Based in Singapore, ICE71 is a partnership between Singtel Innov8, the venture capital arm of the Singtel Group, and the National University of Singapore.
CyRise is an Australian cybersecurity venture accelerator program, powered by NTT and Deakin University. CyRise’s focus is on supercharging the growth of early-stage cybersecurity startups from the Asia-Pacific region. CyRise offers a three-month, mentor-driven program based in Melbourne and invests $50,000 as part of a capped SAFE note.
Startupbootcamp’s FinTech & CyberSecurity Accelerator
Startupbootcamp’s FinTech & CyberSecurity Accelerator is a 3-month digital dedicated innovation program with the mission to connect visionary founders from the selected companies by providing them with access to a global network of industry experts, investors, global corporate partners, and experienced business mentors.
Wise Guys Cyber (Estonia) is a dedicated acceleration program for early-stage cybersecurity startups that will help test their business assumptions, speed up growth and conquer the world. As per the accelerator’s website, “the program is meant for a wide spectrum of cyber startups working on identity and access management, data security, mobile security, threat and vulnerability management, network security, physical security, threat intelligence malware analysis, forensic analysis, and more”.
Cyber Booster’s mission is to contribute to security and the growth of French tech ecosystem by stimulating, supporting and financing entrepreneurial initiatives to bring out the future European leaders in cybersecurity.
Pitch competitions with an emphasis on cybersecurity are regularly hosted by various organizations across the globe. In this summary, I included only those events that are recurring (happened more than once).
The DataTribe Challenge is a “unique annual competition that brings together the best entrepreneurs in the world looking to disrupt cybersecurity and data science. DataTribe selects three finalists that split $20,000 in prize money and one winner that could receive up to $2 million in seed capital. The Challenge concludes in an invite-only pitch event where three finalists present to and network with cyber industry luminaries in-person. DataTribe will announce the winner at the end of this event” (source: DataTribe).
RSAC Innovation Sandbox Contest
Some of the brightest cybersecurity startups are discovered in the RSAC Innovation Sandbox Contest. For over 15 years, cybersecurity’s boldest new innovators have competed in the RSAC Innovation Sandbox Contest to put the spotlight on their potentially game-changing ideas.
Hatch Pitch, the pitch competition for innovative startups, is hosting Cyber Pitch, a competition for startups with digital solutions to cybersecurity and privacy. The event is a part of the Houston Cyber Summit/SXSW.
Startup pitch at the PwC Cybersecurity & Privacy Day
Startup pitch at the PwC Cybersecurity & Privacy Day is the annual cyber and privacy pitching contest. PwC is looking for the top five innovative solutions addressing major cybersecurity or privacy challenges.
Participating in cybersecurity awards contests can be a great way for startups to get additional visibility, validation, and media attention. The following are awards that recognize entrepreneurs in the industry.
The SC Awards are one of the most prestigious and competitive honors in the cybersecurity industry. For over 20 years, SC Awards recognize the solutions, organizations, and people that are advancing the practice of security. There are two award types: Trust Awards for cybersecurity products and services, and Excellence Awards for top cybersecurity companies and their leaders, investors, and financial partners.
Cyber Defense Magazine’s Cyber Defense Awards
The Cyber Defense Magazine’s Cyber Defense Awards is honoring cyber defense innovators across all verticals and segments of the industry.
International Cybersecurity Forum (FIC) Startup Award
The International Cybersecurity Forum (FIC) Startup Award aims to encourage innovation and entrepreneurship in the European cybersecurity sector. The jury consists of product users, investment funds, representatives of ANSSI and the Ministries of Interiors and of the Armed Forces from European countries.
ECSO’s Cybersecurity STARtup Award
ECSO’s Cybersecurity STARtup Award was created to increase the awareness and visibility of leading cybersecurity startups in Europe, both at the European and the global levels. The Award leverages ECSO’s Cyber Investors Day, a well-known industry event, as well as other events run by ECSO’s partners to spotlight some of the most promising European cybersecurity startups and SMEs.
The Startup Europe Awards (SEUA) is a European initiative promoted by the European Commission, supported by the Committee of the Regions and the European Parliament, and implemented by the Finnova Foundation in collaboration with Startup Europe. Cybersecurity is one of the areas covered by the award.
Black Hat is an “internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends” (source: Black Hat).
Security BSides is a series of loosely affiliated cybersecurity conferences hosted in many cities across the globe. The events are community-driven and generally attract security professionals looking to be a part of the community, learn and connect with fellow infosec folks.
Cyber Security Summits organized by the SANS institute bring together leading cybersecurity practitioners to share and discuss case studies, lessons learned, new tools, and innovative strategies to improve cybersecurity and overcome challenges in a particular focus area or industry.
The RSA Conference is a series of information security conferences. Approximately 45,000 people attend one of the conferences each year.
The Human Behavior Conference (HuBe) was created by the leaders of the social engineering field as an intensive program that brings together the greatest minds in communication, influence, and social psychology.
DEFCON is one of the world’s largest and most notable hacker conventions, held annually in Las Vegas, Nevada. Attendees include cybersecurity professionals, journalists, lawyers, federal government employees, researchers, students, and hackers interested in anything that can be “hacked”.
IT-Defense is an event in Germany featuring a series of interesting presentations focusing on relevant issues of cybersecurity.
ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security, cryptography, and cyberculture.
CyberTech Conference serves as the global cyber industry’s foremost B2B networking platform, with various industry-related events all around the world.
Blue Team Con is an annual cybersecurity conference for individuals interested in cybersecurity defense.
Infosecurity Europe has been the event connecting the cybersecurity community, showcasing the latest tech, sharing insider insights, and cultivating connections for over 25 years now.
Texas Cyber Summit is a hacker and cybersecurity conference in Texas, US.
Gartner Security & Risk Management Summits
Gartner Security & Risk Management Summits address the most significant challenges faced by security & risk leaders. Attendees join Gartner experts and peers and share valuable insights into key strategic challenges in risk management and cybersecurity.
SecureWorld is a host of in-person and virtual conferences across North America, frequent educational webcasts, weekly podcasts, and online training courses, as well as original news and analysis of the InfoSec world.
(ISC)² Security Congress is cybersecurity’s preeminent event, drawing thousands of leading professionals from around the world.
CyberSecurity Festival is an event that brings together CISOs and IT decision-makers to learn, collaborate, and tackle their biggest technology security challenges.
In this section, I listed some other resources helpful to cybersecurity startup founders.
Krit is a cybersecurity product design agency helping cybersecurity startups to plan, design, and build experiences their customers love.
Miscreants is a creative studio building memorable brands, investing in new ideas, and helping cybersecurity ventures connect with their audience.
Hacker Valley Studio is a media and podcast production company that hosts a number of cybersecurity shows.
People by Mimi is a recruitment agency for cybersecurity startups (often referred to as “Cybersecurity Matchmaker”) with a broad mandate of accelerating people-led growth.
LimaCharlie is a security infrastructure as a service provider that gives cybersecurity startups a way to get to market faster. LimaCharlie offers infrastructure grants to startup founders looking to leverage its infrastructure. [ Disclaimer: I am the head of product at LimaCharlie].
CyberRisk Alliance provides business intelligence and information services to help the growing cybersecurity community build effective strategies and make smart decisions, and innovative marketing solutions to galvanize an efficient marketplace. It includes many media channels known in the industry such as SC, Security Weekly, and MSSP Alert.