Crowdstrike, of course, had an early leg-up from its FBI & Deep State connections. Without which it would never have got off the ground. So I discount Crowdstrike as a benchmark.
The challenge for cybersec defense technology businesses from a technical perspective (as opposed to a capital return/valuation perspective) is that 97% of leaks, breaches and losses are socially-engineered, mainly (92%) resulting from phishing emails.
CISOs are spending most of their cybersec budgets on defending against the 3% pure-play technical exploits, because it is easier and sexier and everyone gets it.
The other 97% of the threat should be addressed by a blended HR, finance and organizational function, with IT playing a support role. Because the humans who fall for these attacks are outside the CISOs’ remits. Hackers Hack People.
Unless boards force HR to be part of the solution, no way will HR step up. CEOs and CFOs like to keep HR close and safe, whereas if HR owns the threat, then HR is going to take the fall that CISOs now take.
CISOs only last 18-24 months in each gig, because they are techies and they don’t run HR. When they stop being techies and play at being C Suite operators, they lose their cyber mojo and get fired. Catch 22.
So CISOs often value their cybertech vendor relationships more than they value their relationships with C Suites and boards: they will take the vendors into their new gigs, because the vendors make the CISOs look smart.
Meanwhile, the hackers in the darknet are technically smarter than the defense vendors and are unbounded by “the rules”.
Thinking outside the box is part of the hacking deal. And it is easy if you are technically adept and understand people.
So what?
Growth rates in Cyberlosses outpace cybersec industry growth rates maybe 10x each year. And everyone likes this: more salaries, more VC, more jam tomorrow. “More failure so we must try harder!”
Vendors that fix the gap that I have pointed out can change the game and outpace the likes of Crowdstrike.
It’s not hard: SentinelOne could do it but they are in the hammer-making business. They need to get into the people business as well.
Fascinating. So what you’re saying is that cybersecurity is a people problem and not a tech problem. The implication then, is that it almost doesn’t matter what product you’re running (S vs CRWD vs MSFT) because it comes down to the 3% at the end of the day really? And that’s a people problem. Am I getting that? Thanks for your feedback by the way
Yup. Pretty much. The numbers tell the story: in January 2026 the FBI’s Internet Crime and other stats for 2025 will reveal another record-breaking year of losses, alongside another record-breaking year for spending on cybersecurity. You’ll also read about a (fictitious) “cybersec skills shortage”, which apparently can only be resolved by bring in more (cheap) H1Bs.
This has occurred every year since the internet became a “thing”.
So the implications for a company like SentinelOne which is chasing CRWD, MSFT, PANW (huge company’s) is that the tech differentiation doesn’t actually matter. And therefore they’ll probably never really close any sort of
Market share gap?
Do you think there is merit to the recovery/resilience company’s like a Rubrik?
I think Sentinel is able to be more agile and nimble than MSFT, so whilst they build out their platform strategy, they can build market share through sales execution. The CEO seems determined to “under-commit and deliver” - with some commercial pixy dust (better & more aggressive sales ethos) they can “over-deliver”.
Recovery & Resilience - it’s still focused on targeted attacks via Identity, so it is a 3% solution wearing lipstick, but that’s where the CISOs spend their budgets, so addressing the inevitability of attack success and consequent recovery is sensible.
I struggle to understand their differentiation. They say AI but if I’m a CIO that sounds good, but am I willing to bet my high paying job on AI now? This might explain their lower profit margins. They may need to lower price to push sales over the line. Or maybe you have a better perspective on their differentiation? Not trying to attack, just wondering what your thoughts are.
Thanks! Very well presented.
My 2¢:
Crowdstrike, of course, had an early leg-up from its FBI & Deep State connections. Without which it would never have got off the ground. So I discount Crowdstrike as a benchmark.
The challenge for cybersec defense technology businesses from a technical perspective (as opposed to a capital return/valuation perspective) is that 97% of leaks, breaches and losses are socially-engineered, mainly (92%) resulting from phishing emails.
CISOs are spending most of their cybersec budgets on defending against the 3% pure-play technical exploits, because it is easier and sexier and everyone gets it.
The other 97% of the threat should be addressed by a blended HR, finance and organizational function, with IT playing a support role. Because the humans who fall for these attacks are outside the CISOs’ remits. Hackers Hack People.
Unless boards force HR to be part of the solution, no way will HR step up. CEOs and CFOs like to keep HR close and safe, whereas if HR owns the threat, then HR is going to take the fall that CISOs now take.
CISOs only last 18-24 months in each gig, because they are techies and they don’t run HR. When they stop being techies and play at being C Suite operators, they lose their cyber mojo and get fired. Catch 22.
So CISOs often value their cybertech vendor relationships more than they value their relationships with C Suites and boards: they will take the vendors into their new gigs, because the vendors make the CISOs look smart.
Meanwhile, the hackers in the darknet are technically smarter than the defense vendors and are unbounded by “the rules”.
Thinking outside the box is part of the hacking deal. And it is easy if you are technically adept and understand people.
So what?
Growth rates in Cyberlosses outpace cybersec industry growth rates maybe 10x each year. And everyone likes this: more salaries, more VC, more jam tomorrow. “More failure so we must try harder!”
Vendors that fix the gap that I have pointed out can change the game and outpace the likes of Crowdstrike.
It’s not hard: SentinelOne could do it but they are in the hammer-making business. They need to get into the people business as well.
Fascinating. So what you’re saying is that cybersecurity is a people problem and not a tech problem. The implication then, is that it almost doesn’t matter what product you’re running (S vs CRWD vs MSFT) because it comes down to the 3% at the end of the day really? And that’s a people problem. Am I getting that? Thanks for your feedback by the way
Yup. Pretty much. The numbers tell the story: in January 2026 the FBI’s Internet Crime and other stats for 2025 will reveal another record-breaking year of losses, alongside another record-breaking year for spending on cybersecurity. You’ll also read about a (fictitious) “cybersec skills shortage”, which apparently can only be resolved by bring in more (cheap) H1Bs.
This has occurred every year since the internet became a “thing”.
So the implications for a company like SentinelOne which is chasing CRWD, MSFT, PANW (huge company’s) is that the tech differentiation doesn’t actually matter. And therefore they’ll probably never really close any sort of
Market share gap?
Do you think there is merit to the recovery/resilience company’s like a Rubrik?
I think Sentinel is able to be more agile and nimble than MSFT, so whilst they build out their platform strategy, they can build market share through sales execution. The CEO seems determined to “under-commit and deliver” - with some commercial pixy dust (better & more aggressive sales ethos) they can “over-deliver”.
Recovery & Resilience - it’s still focused on targeted attacks via Identity, so it is a 3% solution wearing lipstick, but that’s where the CISOs spend their budgets, so addressing the inevitability of attack success and consequent recovery is sensible.
I struggle to understand their differentiation. They say AI but if I’m a CIO that sounds good, but am I willing to bet my high paying job on AI now? This might explain their lower profit margins. They may need to lower price to push sales over the line. Or maybe you have a better perspective on their differentiation? Not trying to attack, just wondering what your thoughts are.