Top 10 resources about the business of cybersecurity
A list of resources for founders, product managers, investors, industry analysts, reporters, and others interested in the business side of cybersecurity
Welcome to Venture in Security! Before we begin, do me a favor and make sure you hit the “Subscribe” button. Subscriptions let me know that you care and keep me motivated to write more. Thanks folks!
Introduction
If you try to stay on top of what’s happening in cybersecurity, you’ll quickly realize that while there are hundreds of great sources about the technical side of the craft, little is available about the business side. Understanding the business of cybersecurity is important as it helps founders establish effective go-to-market strategy, enables investors to understand the space beyond the jargon, and makes it more likely that great ideas will find solid business models, something I believe is critical for the long-term success of the industry.
Over time, I’ve collected a list of sources that focus on the business side of security - making them a great reference for founders, product managers, investors, industry analysts, reporters, and others. Note this list is not exhaustive; please add your comments with suggested sources so I can evaluate them for inclusion in the V2 of the list.
Top 10 resources about the business of cybersecurity
Return on Security [ blog + newsletter ]
Return on Security by Mike Privette consists of three things:
1) Website offering original ideas on career advancement, security trends, and other security topics
2) Security Funded, a free weekly newsletter highlighting investing in the cybersecurity space with curated content
3) Cybersecurity Product Trend Reports, are free reports for people who buy, invest or use cybersecurity products.
Strategy of Security [ blog + newsletter ]
The Strategy of Security by Cole Grolmus analyzes the business and strategy of cybersecurity. Its mission is to provide thoughtful and practical perspectives for modern cybersecurity professionals. A few of the topics Strategy of Security covers are:
1) Broad trends and events across the cybersecurity industry and ecosystem
2) Specific cybersecurity companies and products, ranging from public companies to startups
3) Concepts, theories, and case studies relevant to cybersecurity leaders and operators.
Venture in Security [ blog + newsletter ]
Venture in Security (my blog and newsletter) focuses on the business of cybersecurity. I try to add value by diving deep into the different parts of the ecosystem and sharing insights about the space, its players, angel investing, and venture capital, as well as go-to-market strategy and product-led growth in cybersecurity.
Momentum Cyber [ industry report + newsletter ]
Momentum Cyber, the industry’s first and only investment bank exclusively focused on cybersecurity, regularly produces great resources about the ecosystem and market maps. Every month they provide an update on the dynamic cybersecurity landscape. They highlight M&A activity, Venture Capital, Initial Public Offerings, public market valuations, sector trends, and unique industry perspectives.
Business of Cyber [ podcast ]
The Business of Cyber podcast by Joe Vinck explores the non-technical aspects of the cybersecurity industry. The podcast offers over 40 episodes of great discussions and helps security, digital technology, and business leaders learn the best ways to manage & communicate the business of cybersecurity.
Audience 1st [ podcast ]
Audience 1st is a podcast for tech marketers and founders in cybersecurity looking to break out of the echo chamber to better understand their audience and turn them into loyal customers. Every week, Dani Woolf is having brutally honest conversations with busy tech buyers about what motivates them, the things they hate that vendors do, and what you can do about it.
Breaking Through in Cybersecurity Marketing [ podcast ]
In this podcast run by the Cybersecurity Marketing Society, you are going to hear from cybersecurity marketers who will share their ideas, their successes, and failures. This a very informative source for founders and cybersecurity marketers looking for ways to define and execute effective go-to-market strategies.
Anton on Security [ blog ]
Anton on Security, a blog by Dr. Anton Chuvakin, analyzes different market sub-segments of the industry (lots of focus on log management) and discusses emerging problems of cybersecurity.
Cyber Defense Matrix [ book ]
Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape, a book by Sounil Yu, organizes technologies, skillsets, and processes to help readers quickly discern what capabilities solve what problems, what gaps exist in one’s security program, and where there are opportunities for new capabilities to be created. This an essential read for those looking to understand the industry and go past buzzwords.
Rethinking Infosec [ book ]
Rethinking InfoSec: Thoughts on why today's Information Security doesn't work, and how we can do better, a book by Greg van der Gaast, presents views on what causes many of today's cybersecurity issues and costs and offers thoughts on how we can create a lot more assurance with far less. Although more focused on security leaders, I consider this an essential read for those trying to understand what the industry is going through.
Update: Bonus
The following two sources were added after the original piece was published based on recommendations from the community:
Daniel Miessler's Unsupervised Learning where he talks about tech trends and often discusses the business of security
Phil Venables’ Risk & Cybersecurity blog called by one of the community members “the Paul Graham of security” because of his great content on leadership, risk, and how it applies to the business of security
Closing Thoughts
No list can claim to be unbiased, so this one summarizes the sources I personally value and rely on in the day-to-day. Any industry player looking to dive deeper into the business of cybersecurity, or someone new to the space will be able to form a well-rounded understanding of the industry by going over the ten resources provided here.