FireTail founder and CEO shares some thoughts on 2022 and what's ahead for 2023. This includes macroeconomic, industry and company thoughts.
New beginnings, such as new years, provide a nice opportunity to look back at what we have just experienced, as well as look forward to what to expect. 2022 was a year of transition in many ways, and 2023 may well be the same. I wanted to reflect on some of those transitions from a few different perspectives:
2022 started with a strong macroeconomic outlook, after a massive positive swing in 2021, but then delivered a very strong downward performance, -35% for the year:
The “Internet” sector (if you can call that one sector) performed even worse for the year, down 45%:
Perhaps one interesting observation there is that the correction on the internet side happened in late Q1 and throughout Q2, with a pretty flat performance for the second half of the year.
The consensus by the end of year is that the overall economic situation in 2022 was…weird. Layoffs in the tech sector started part way through the year, and continued until the very last days of 2022. Yet, the unemployment rate remains a very low 3.5% in the USA, and tech companies find it difficult to find good job candidates.
For most people, the worst aspect of the economic changes in 2022 will be the return of aggressive inflation.
It was also a transition year of “back to normal”, following the possible end of the COVID-19 pandemic.
A lot of innovative companies get their start with the support of venture capital, as does FireTail. In general, venture capital (VC) follows macroeconomic trends. So as you might expect, VC did indeed slow down in 2022. But there is nuance, according to TechCrunch:
"In the second quarter of 2022, global venture totals dipped, but inside of that slowdown is a shift away from the super-late-stage deals that helped push the value of VC deal-making to all-time highs last year."
Just like the macroeconomic climate, there are adjustments going on.
"I would say it's more about a year of change, reacting to new realities, figuring out what a new normal looks like. In the end, start-up valuations are based on what the public market is doing. Even acquisitions, M&A activities, are going to follow what’s happening on the public markets."
"We’ve seen public market valuations grow so quickly and then drop so quickly, and we're still figuring out what the new normal will be. There’s still a lot of uncertainty. I don't think any of us really knows what the rest of the year will look like or what the new normal will be. It’s all part of the ebb and flow of the economy." - Will Lin
That question of valuations rising and falling is especially striking, coming out of 2021. There were a number of so-called “unicorns” created in cybersecurity in 2021. Rumors and whispers, even at the time, suggested that many of these companies hadn’t reached the unwritten rule of $100M recurring revenue, based on a longstanding practice of valuing companies at 10 times their revenues. And what happens to these companies now - are they zombies?
“We were also skeptical of some of these unicorns, with some receiving a $1B+ valuation at the same time we were hearing rumors of $5M ARR.” - The Cyber Why
How does this all match up? From one author and former industry analyst:
“June 2022 is the most bizarre month I’ve ever seen. June announced both three new cybersecurity unicorns and 1500 employees laid off from 9 cybersecurity vendors in the same month.” - The Cyber Why
Another analysis shows a decline in cyber funding, so there’s an open question about what that means moving forward. But there’s also contradictory evidence showing a lot of cybersecurity activity in Q4 of 2022.
Cybersecurity is still a high priority. Is cybersecurity recession-proof? Perhaps.
"First, our world is growing smarter and more technological by the minute. For example, the adoption of cloud and artificial intelligence technologies is rapidly increasing. As a result, our reliance on all things cyber to power our society and its critical infrastructure is on an extremely fast pace. Companies are using more and more devices connected to the internet. Information technology budgets have ballooned. A market correction may slow progress, but it will not reverse this trend."
"A more connected society is also a more vulnerable one. These developments increase the attack surface for cybercriminals to exploit vulnerabilities and result in an increase in the frequency and severity of hacks, especially against critical infrastructure. With more technology and connectivity, there comes greater investment in cybersecurity." - Michael Steed, Paladin Capital
This is echoed by most people in the cybersecurity industry, especially those who have spent decades in the space. Recently, NightDragon held their annual kickoff event, where they wrapped up 2022 and gave some thoughts about 2023. Some of the highlights from their analysis include the following:
Stay tuned. We’re putting together our analysis of the current state of API security, and some predictions for API security in 2023. We’ll be releasing that report soon.
This is the easiest transition to address - the state of FireTail is great! Admittedly, it’s easiest to adapt to market changes when you’re a young company, as we are. Fun fact - we officially incorporated on February 11, 2022. We enter 2023 having hit a number of great milestones for a young company:
We continue to push forward. We’re in a good position to expand beyond our current cohort of initial design partners in late Q1 2023. We also firmly believe what Dave DeWalt said during the NightDragon session:
“Great companies get started during down cycles.”
Bob Ackerman’s quote also resonated with us:
“Cyber is not a pick-up game; be committed or go home.”
We agree. We are also mindful of the macroeconomic environment around us. To that end, it’s always been part of our ethos to focus on security and customer outcomes first, and financial outcomes second. We believe that making our preventative API security middleware free and open source is the right thing to do, and we stand by that decision. If that means that many organizations will use it for its ability to block bad API calls, and never pay us, we accept that and still believe that it is a good outcome.
So much of our strategy is around solving security challenges for our customers. We will continue to produce versions of the FireTail middleware library as our customers need, and make sense for us to provide. And we will continue to expand its functionality as we learn of new attack vectors. We are also believers in examining a domain space holistically, so it’s not shift-left or shift-right; nor is it shift-left and defend-right, it’s:
Shift everywhere.
Please also check out my recent video where I discuss some of the themes covered in this blog in more detail.