Skip to content
Perspectives

Innovation and Insights: Eight Takeaways from Forgepoint’s Fall 2024 Advisory Council Meeting and Dinner

Tanya Loh

December 4, 2024

  • Blog Post

Where is the cybersecurity market headed in 2025 and beyond?  

What do effective, compliant, and secure generative AI use cases look like?  

Is it time to re-evaluate the public cloud model?  

How is the role of the modern CISO continually evolving? 

How can enterprise technology leaders find the balance between security, development and business needs?  

These are just some of the questions that took center stage at Forgepoint’s Fall 2024 Advisory Council Meeting and Dinner on November 19 at the Yale Club in New York City. Our annual invite-only gathering of 150+ stakeholders across the Forgepoint community saw attendance from our portfolio company CEOs, our Global Advisory Council, select co-investors and partners, C-Suite technology leaders, government executives, practitioners, and academics. Featuring a program of presentations, fireside chats, networking opportunities, cocktails, and dinner, the event was designed to enable security leaders and innovators building emerging technologies to engage with their peers.  

As we gathered with our community for conversations and meaningful collaboration around the latest trends and issues in cybersecurity, AI, infrastructure software, and beyond, several themes emerged.  

Here are our top 8 takeaways. 

 

Brian WhiteFall 2024 ACMD Don Dixon

1) Cybersecurity M&A and IPOs are on the Uptick, but Challenges Remain

Expect to see more M&A and IPOs as we head into 2025. There will likely be a dramatic increase in M&A activity over the next year and a half, largely due to pent-up demand, pressure to return and raise capital, and the current M&A regulatory framework. On the IPO side, 2024 activity was down due to a less favorable valuation environment but it’s very likely that the market will pick up in 2025. IPOs tend to lag market recoveries by a few months and the current down-cycle is lagging well beyond that timeframe, so expect the pipeline build-up to alleviate significantly. Not all IPOs are sustainable, though. Organizations need a large addressable market and high net retention rates (among other attributes) to thrive post-IPO; look to CrowdStrike and SentinelOne for case studies in growth at scale.  

Despite some tailwinds going into 2025, the cybersecurity market will still present challenges for startups seeking to raise funding, close an M&A deal, or successfully IPO. In terms of valuations, don’t expect to see 2021-like numbers any time soon. Dropping interest rates are unlikely to lift valuations broadly but may increase multiples at the margins on quality assets.  

2) CISO’s Mindset Going into 2025 

There’s a lot on CISOs’ minds: uncertainty around SEC reporting requirements and personal liability, the projected impact of how the incoming Trump administration may approach cybersecurity, shifting cyber insurance premiums and budgets, ongoing AI security concerns and opportunities to enhance security with AI, and much more. 

Amidst the opacity, it’s important to remember that CISOs and security teams can impact the broader market given their buying and hiring power. Negative CISO sentiments tend to significantly slow down the cybersecurity industry’s growth. Other cybersecurity leaders, business executives, and innovators should do all they can to ensure CISOs have the resources, support, and tools they need to secure their organizations effectively- no matter what factors are at play. 

3) Effective, Compliant, and Secure AI Use Cases  

AI and generative AI continue to dominate mindshare across the industry. There are unresolved questions related to AI and data governance including ethical considerations, regulatory frameworks, accountability, transparency, and the balance between innovation and risk management.  

However, with more implementation experience under our collective belts there’s some clarity around what makes an effective, sustainable, and secure AI use case. Today, only 40% of AI use cases will make it in the business environment and have an impact on key factors like revenue streams, cost reduction, or risk management. We have learned that to effectively leverage AI or machines to do what humans do, the focus should be on perceiving, reasoning, and acting. AI use cases which improve employee productivity are particularly opportunity-rich, whether they automate case management to give fraud analysts at banks more time to perform high-impact assessments or facilitate faster SOC alert management. These and other AI implementations have the potential to redefine cybersecurity by freeing up more time for security professionals to do impactful work. 

On the securing AI side of the equation, there’s GRC to consider. Every organization utilizing AI models must take an inventory of all AI usage. This basic step is still challenging for many organizations and needs to be a higher priority; at the very least, business and security leaders need to know where AI is operating in their organizations to inform a comprehensive security strategy.  

Most companies also need to step up their game when it comes to AI risk management and security controls. It’s essential that organizations have clear visibility into how employees are engaging with AI in order to create business and security-aligned policies and controls. Two more essential concepts- trust and responsibility- are entering the AI governance conversation, and we expect to see more innovation in this area in the next few years. 

Fall 2024 ACMD AI GovernanceRussell Spitler Nudge Security

4) Ransomware Attacks are Multifaceted 

In the past few years, ransomware attacks have become more frequent and sophisticated, posing significant threats to companies across industries. Protecting a company from these attacks is a multifaceted endeavor and there’s no “silver bullet” defense. It’s critical to implement coordinated measures to prepare for, respond to, and recover from ransomware- minimizing impacts and quickly restoring operations after a breach.  

Read Surefire Cyber CEO and Founder Billy Gouveia’s blog post for a deep dive into the stages of a ransomware attack and how to secure your organization every step of the way.  

5) Modern CISO Wears Many Hats 

Security leader. Guardian of digital assets. Business driver.  

These are just a few of the roles the modern CISO embodies on a daily basis. CISOs strive to balance security requirements with business objectives while fostering a culture of cybersecurity awareness and ensuring compliance with regulatory frameworks. To thrive in the ever-evolving threat landscape, they need a unique and balanced skillset which includes executive leadership, technical knowledge, strategic vision, and effective communication. 

Above all, CISOs need to be resilient and proactive, anticipating attack angles and implementing protective security mechanisms with business goals and impacts in mind. Case in point: risk management. CISOs don’t think about risk in a vacuum- they calculate the potential business impact in terms of costs and operational disruptions. 

 

6) Rethinking the Public Cloud and Beyond, from First Principles to New Approaches 

In light of high-profile software supply chain incidents like the SolarWinds breach and the CrowdStrike outage, it’s worth revisiting public cloud security vulnerabilities and business continuity risks. Many companies are left wondering if the public cloud is still the gold standard for efficiency or if private cloud solutions will make a resurgence given the greater levels of control and security they offer. 

This is a problem that intersects with other emerging dimensions as well. Cloud-specific questions aside, we need a new way to think about security as edge computing and AI drive advances in computation and data storage. Modern systems are becoming more distributed and have more complexity, components, and data than ever before. There’s a need for connective solutions to synchronize and secure disparate technologies across on-premises, cloud, multi-cloud, hybrid, and edge environments. From the cloud to the edge and beyond, one thing is clear: the traditional perimeter security model is no longer adequate. It doesn’t scale to meet the needs of decentralized and distributed systems, introducing limitations and tension between business innovation and security. 

Where can we turn to meet these intersecting problems? There’s a lot to be gained from a return to first principles: secure code, hardware, and product testing, the building blocks of cyberspace. By securing these ‘atomic units’ and moving beyond perimeter monitoring and traditional anomaly detection models, we can implement security at scale regardless of the computing technology at hand. Fundamentally, secure building blocks will enable more secure innovation.  

Billy Gouveia - Anatomy of a ransomware incidentFall 2024 ACMD Cloud panel - Anjana RajanAndres Andreu and Leo Casusol CISO Playbook FiresideAlberto Yepez and Joe Levy Fireside Chat

7) The Rise of Technical CEOs   

Cybersecurity subject matter experts and technologists are increasingly making the leap from technical leadership positions like CISO and CTO to company leadership at the CEO level. Though still a relatively rare occurrence, this is indicative of the value in combining technical expertise with visionary leadership in cybersecurity- a rapidly evolving industry that demands leaders who possess both technical acumen and strategic business vision. 

This transition from technical to business leadership is not without its challenges. A successful transition requires a leadership mindset, fostering strong relationships with stakeholders, steering company strategy and growth, and making critical business decisions. 

There are valuable lessons here for established CEOs, aspiring business leaders, and technologists alike. Cybersecurity companies operate in highly emergent spaces and must innovate to solve problems for customers in a sustainable manner that makes sense for the market. Both technical and business skillsets are invaluable in this context. Leaders who can integrate technical expertise into strategic decision-making are well-positioned to helm both major enterprises and up-and-coming disruptors. 

8) There’s More Room for Innovation and Collaboration 

Among the constant changes in technology, threats, and organizational needs, one thing remains certain: as long as there are security problems in the market, people and companies will continue to innovate and solve them.  

However, an innovation is just part of a broader solution that companies must effectively bring to the market and strategically support. Cybersecurity vendors need to sharpen their messaging around the problems they are solving to address implementation and operations- two keys to customer adoption and scaling at an enterprise level. This means thinking beyond the proof-of-concept to demonstrate value. How will you handle the product rollout? How will you support your customers to ensure ongoing results? Vendors that ask these and related questions will stand out and help their customers succeed. 

Collaboration is also an ever-present driver of success. Events that gather the security community to share stories, network, meet new people, see old colleagues, and learn from others with shared and different roles are invaluable. These gatherings broaden our perspectives and give us the opportunity to learn and teach, facilitating individual and company growth in addition to a stronger cybersecurity industry and collective defense. 

Conclusion 

As we look to 2025, Forgepoint is honored to partner with our exceptional community of security leaders, experts, innovators, investors, and supporters. Together, we will take on the latest challenges and learn from the past through our collaborations, discussions, and partnerships as we will collectively build a stronger digital future.  

Alberto, Le, Tanya at Fall 2024 ACMD

With Appreciation 

Special thanks to all our speakers, presenters, and guests for their insights, expertise, and participation. Here’s to your continued leadership and all you do to advance innovation.  

  • Dr. Ed Amoroso, Founder and CEO, TAG Infosphere  
  • Andres Andreu, Deputy CISO, Hearst  
  • Derek Collison, CEO and Founder, Synadia and Creator of NATs.io  
  • Drew Cukor, Former Head of AI/ML Transformation and Engagement and Chief Data Officer, JPMorgan Chase 
  • Billy Gouveia, Founder and CEO, Surefire Cyber  
  • Cyndi Gula, Co-Founder and Managing Partner, Gula Tech Adventures 
  • Hector Hoyos, Chief Strategy Officer and Head of Cybersecurity, Green Hills Software (GHS) 
  • Elena Kvochko, Founder, TrustGuard AI and Adjunct Professor, Cornell SC Johnson College of Business  
  • Will Lin, Co-Founder and CEO, AKA Identity 
  • Joe Levy, CEO, Sophos 
  • Scott Miller, Director, Cybersecurity Services, Lowe’s  
  • Anjana Rajan, Assistant National Cyber Director, The White House – Office of the National Cyber Director  
  • Marc Sorel, Partner and Cybersecurity Practice Lead, McKinsey & Company  
  • Russ Spitler, Co-Founder and CEO, Nudge Security  
  • Craig Unger, Founder and CEO, Hyperproof  
  • Sandip Wadje, Managing Director, Global Head of Emerging Tech Risks, BNP Paribas  
  • Brian White, Managing Director & Co-Head, Technology Investment Banking Group at Piper Sandler 

 With Alberto Yépez, Don Dixon, Kathryn Shih, Leo Casusol, Andrew McClure, and Tanya Loh from the Forgepoint team.   

Takan, Bo, Indi - Fall ACMD ReceptionSpecial Guests at our Fall 2024 ACMD2024 Forgepoint Impact Award Winners Aaron Hughes, Elena Kvochko and Jerry Kowalski - with Alberto YépezDon's Table at our Fall 2024 ACMD