FireTail’s 2022 Review on Macro, Industry, and Thoughts About What’s Next
FireTail founder and CEO shares some thoughts on 2022 and what's ahead for 2023. This includes macroeconomic, industry and company thoughts.
New beginnings, such as new years, provide a nice opportunity to look back at what we have just experienced, as well as look forward to what to expect. 2022 was a year of transition in many ways, and 2023 may well be the same. I wanted to reflect on some of those transitions from a few different perspectives:
2022 started with a strong macroeconomic outlook, after a massive positive swing in 2021, but then delivered a very strong downward performance, -35% for the year:
The “Internet” sector (if you can call that one sector) performed even worse for the year, down 45%:
Perhaps one interesting observation there is that the correction on the internet side happened in late Q1 and throughout Q2, with a pretty flat performance for the second half of the year.
The consensus by the end of year is that the overall economic situation in 2022 was…weird. Layoffs in the tech sector started part way through the year, and continued until the very last days of 2022. Yet, the unemployment rate remains a very low 3.5% in the USA, and tech companies find it difficult to find good job candidates.
"In the second quarter of 2022, global venture totals dipped, but inside of that slowdown is a shift away from the super-late-stage deals that helped push the value of VC deal-making to all-time highs last year."
"I would say it's more about a year of change, reacting to new realities, figuring out what a new normal looks like. In the end, start-up valuations are based on what the public market is doing. Even acquisitions, M&A activities, are going to follow what’s happening on the public markets."
"We’ve seen public market valuations grow so quickly and then drop so quickly, and we're still figuring out what the new normal will be. There’s still a lot of uncertainty. I don't think any of us really knows what the rest of the year will look like or what the new normal will be. It’s all part of the ebb and flow of the economy." - Will Lin
That question of valuations rising and falling is especially striking, coming out of 2021. There were a number of so-called “unicorns” created in cybersecurity in 2021. Rumors and whispers, even at the time, suggested that many of these companies hadn’t reached the unwritten rule of $100M recurring revenue, based on a longstanding practice of valuing companies at 10 times their revenues. And what happens to these companies now - are they zombies?
“We were also skeptical of some of these unicorns, with some receiving a $1B+ valuation at the same time we were hearing rumors of $5M ARR.” - The Cyber Why
How does this all match up? From one author and former industry analyst:
“June 2022 is the most bizarre month I’ve ever seen. June announced both three new cybersecurity unicorns and 1500 employees laid off from 9 cybersecurity vendors in the same month.” - The Cyber Why
"First, our world is growing smarter and more technological by the minute. For example, the adoption of cloud and artificial intelligence technologies is rapidly increasing. As a result, our reliance on all things cyber to power our society and its critical infrastructure is on an extremely fast pace. Companies are using more and more devices connected to the internet. Information technology budgets have ballooned. A market correction may slow progress, but it will not reverse this trend."
"A more connected society is also a more vulnerable one. These developments increase the attack surface for cybercriminals to exploit vulnerabilities and result in an increase in the frequency and severity of hacks, especially against critical infrastructure. With more technology and connectivity, there comes greater investment in cybersecurity." - Michael Steed, Paladin Capital
The continuation of 'cyber super cycles', meaning periods of mass investment, both from financial backers (VCs and private equity firms) and customers, in their purchasing of cybersecurity products and services.
2022 was overall a record year for VC investment ($19B+) and M&A ($118.5B) in cybersecurity.
Operational technology (aka OT; think power grids, electricity generators, elevators, HVAC, etc.), is a top area for investment for 2023. The Colonial Pipeline incident has sparked concern, and there are now three companies earning more than $100 million annually in OT security. The data intelligence of this space is with these systems reporting to central locations, all of which is done over APIs.
2022 was anecdotally the first year of “best in suite” prioritization for customers, meaning that customers focused on buying not necessarily the best solution for defending against any single particular attack vector; instead looking at a broader category, and choosing a blend of depth and breadth. Average number of vendors is 75, needs to come down; 5 is not realistic, but something between 40-50 probably is more manageable.
At the same time, increased cloud adoption and evolving application architectures brought very high complexity, and a difficult-to-monitor attack surface. As a result of this, companies started to experience technical debt in cybersecurity defense. This is currently the case in cloud security. In fact, the analysis here posits that cloud security is the number one need for enterprises in 2023. Enterprises have realized that cloud transformation is mandatory, and they need to refactor applications to get the cloud value and agility that they desire.
What’s the state of API security?
Stay tuned. We’re putting together our analysis of the current state of API security, and some predictions for API security in 2023. We’ll be releasing that report soon.
What’s the state of FireTail?
This is the easiest transition to address - the state of FireTail is great! Admittedly, it’s easiest to adapt to market changes when you’re a young company, as we are. Fun fact - we officially incorporated on February 11, 2022. We enter 2023 having hit a number of great milestones for a young company:
The FireTail.app platform is live in production with customers.
What’s next for FireTail?
We continue to push forward. We’re in a good position to expand beyond our current cohort of initial design partners in late Q1 2023. We also firmly believe what Dave DeWalt said during the NightDragon session:
“Great companies get started during down cycles.”
Bob Ackerman’s quote also resonated with us:
“Cyber is not a pick-up game; be committed or go home.”
We agree. We are also mindful of the macroeconomic environment around us. To that end, it’s always been part of our ethos to focus on security and customer outcomes first, and financial outcomes second. We believe that making our preventative API security middleware free and open source is the right thing to do, and we stand by that decision. If that means that many organizations will use it for its ability to block bad API calls, and never pay us, we accept that and still believe that it is a good outcome.
Is there anything we can share about the future direction of FireTail’s technology?
So much of our strategy is around solving security challenges for our customers. We will continue to produce versions of the FireTail middleware library as our customers need, and make sense for us to provide. And we will continue to expand its functionality as we learn of new attack vectors. We are also believers in examining a domain space holistically, so it’s not shift-left or shift-right; nor is it shift-left and defend-right, it’s:
Please also check out my recent video where I discuss some of the themes covered in this blog in more detail.