Making Sense of the Boom: Menlo’s Cyber Security Checklist

Venky Ganesan, follow me @venkyganesan

The global cybersecurity market is booming. Against a backdrop of uncertainty, it’s displayed resilience and has largely been insulated from the volatility of markets. Despite an expected slowdown in overall IT spending, cybersecurity remains one of the few bright spots in the IT budget. Gartner predicts that the cyber market, which continues to grow 8–12% YoY, will reach $170B by 2022 — a 48X growth since 2004. Cybersecurity companies in turn are capitalizing on the increased market demand. In the past 24 months, CrowdStrike, Sumo Logic, and Cloudflare, to name a few, have all gone public and performed well.

So, what will drive ’s driveing this interest and unprecedented growth in cybersecurity in 2021 and beyond? I put it down to a combination of new compliance and regulation, increased cloud adoption as well as a threat landscape that’s in constant evolution. It seems not a day goes past without a new cybersecurity law being enacted or a novel strain of malware detected in corporate networks. The pandemic has also played a part with the shift to digital but the reality is many companies were already on their way. It accelerated digitization and with that came an increased attack surface which organizations are now scrambling to protect.

In my 20+ years in the industry, I have observed the cybersecurity market reach a point of saturation with new solutions emerging daily to fight growing threats. Just look at any market map. Conventional wisdom in the industry used to be that all gains would go to the number one player and the rest would compete for scraps. However, in recent years we’ve seen that certain categories can support multiple players. Case in point; Tenable, Rapid7 and Qualys have all staked their claim to the vulnerability management market but the space is big enough for all of them to play a role.

The cybersecurity market is more boom than bust and we’ve created a checklist that has guided our investments in companies such as Abnormal Security, Appdome, Bitsight, Dedrone, Signifyd, Sonrai Security and StackRox.

  • Founder DNA — If you can combine founder experience with in-depth sector knowledge then you are onto something. We’ve found that successful security companies tend to be led by serial entrepreneurs who are making a second go or even a third as is the case with Abnormal Security. Co-founder and CEO, Evan Reiser, co-founded Bloomspot (acquired by JP Morgan Chase, and AdStack (acquired by TellApart). Or Brendan Hannigan and Sandy Bird who co-founded Q1 Labs (acquired by IBM) and then went onto build Sonrai Security.

These are the defining attributes which we look for in a security investment. We are actively investing in cybersecurity. If you’re building a company that ticks any of these boxes then we’d love to hear from you.



A venture capital firm that strives to have a positive impact on everything we do. When we’re in, we’re all in.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Menlo Ventures

A venture capital firm that strives to have a positive impact on everything we do. When we’re in, we’re all in.