Full episode and show notes

IPOs are back, AI jumps the shark, NGFWs have some serious security issues – ESW #391

In this week’s enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound...

Full Segment Notes

In this week's enterprise security news,

  1. the first cybersecurity IPO in 3.5 years!
  2. new companies
  3. new tools
  4. the fate of CISA and the cyber safety review board
  5. things we learned about AI in 2024
  6. is the humanless SOC possible?
  7. NGFWs have some surprising vulnerabilities
  8. what did generative music sound like in 1996?

All that and more, on this episode of Enterprise Security Weekly.

Announcements

  • Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!

List of Articles

Adrian Sanabria

  1. IPOs: SailPoint S-1

    Our first cyber IPO in FOREVER. After being taken private by Thoma Bravo in 2022 for $6.9B, SailPoint is going public again, and will use the same ticker symbol again (SAIL).

    Does it make sense for cybersecurity companies to go public? I don't think so, but it looks like it's going to start happening again anyway.

    When did we last see a security company IPO? Back in September 2021 - we were all still wearing masks, though most of us stopped washing our groceries by this time. ForgeRock went public for a hot minute before they were taken private again, only 13 months after going public.

    Why am I ignoring Rubrik? They're not cybersecurity - they're a backup company that has dipped into cybersecurity (honestly, I haven't looked at their last 10K/10Q, and I don't know what portion of their revenue comes from data security vs backups, so don't come at me).

    You might have noticed some interesting facts. Our last two cybersecurity IPOs are both IAM vendors that were both taken private by Thoma Bravo. Then, in 2023, Thoma Bravo merged ForgeRock and Ping Identity. This PE shop really went all in on identity!

    Are we going to see more IPOs in 2025? It's certainly possible, with Wiz and Netskope as the most likely candidates.

  2. FUNDING: Databricks Announces $15B in Financing to Attract Top AI Talent and Accelerate Global Expansion

    This isn't a cybersecurity company, but it's a useful foil for discussing whether or not cybersecurity companies should even consider going public at all.

    • going public takes a lot of work and prep - the road to an S-1 filing often takes years!
    • the initial capital raised is typically less than $15B. A LOT less
    • cybersecurity companies typically need to pivot or reinvent themselves every 5 years - the public market and shareholders don't like that, and it takes control and agility away from the company - then, the company often ends up getting taken private anyway
  3. NEW COMPANIES: Cybersecurity startup Tenex launches with an AI-powered cloud MDR service – SiliconANGLE

    Another AI-powered SOC startup, though this one is focused on providing an MDR service. I have thoughts and opinions.

  4. NEW TOOLS: Stratoshark

    It's like Wireshark, but for your cloud!

  5. LEGISLATION: Eric Geller on Twitter – Is the Cyber Safety Review Board dead?

    The tweet text:

    DHS has terminated the memberships of everyone on its advisory committees. Includes several cyber committees, like CISA's advisory panel & the Cyber Safety Review Board, which was investigating Salt Typhoon. That review is "dead," person familiar says.

  6. CYBERCRIME: Trump Pardons ‘Silk Road’ Dark Web Market Creator

    I recall thinking, "DAMN, that's a harsh sentence", but I definitely didn't see this coming.

  7. VULNERABILITIES: Microsoft fixes 159 bugs in first Patch Tuesday of 2025

    “This is the largest number of CVEs addressed in any single month since at least 2017 and is more than double the usual amount of CVEs fixed in January,”

    I had to reboot my Windows systems a LOT

  8. REPORTS: Security Navigator 2025: Latest Cybersecurity Threats and Trends

    From Orange Cyberdefense, this report is chock full of useful data points sourced by their engagements with their clients.

  9. ESSAYS: A Brief Guide for Dealing with ‘Humanless SOC’ Idiots

    Spicy, very on-brand take from my friend Anton Chuvakin!

  10. AI ROUNDUP: Things we learned about LLMs in 2024

    The amount of AI news in 2024 was a little overwhelming, so this is a nice resource to summarize and remind you of everything that happened. Some particularly interesting insights here, especially around AI agents.

  11. HISTORY: ShmooCon ends 20-year run with tears, malware and electronic fun
  12. VULNERABILITIES: Kevin Beaumont (@[email protected]) – A new group, Belsen Group, claim to have released Fortigate configs for 15k firewalls.
  13. VULNERABILITIES: Supply Chain Risks in Security Appliances – Eclypsium

    The black box that is NGFWs is opened a bit for all to see...

  14. SQUIRREL: Brian Eno released Generative Music on a floppy – here’s what it sounded like
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds