- Last Week As A vCISO
- Posts
- 2024 Wrap Up and 2025 Predictions In Cybersecurity
2024 Wrap Up and 2025 Predictions In Cybersecurity
Enterprise AI Security, Job Outlook, IPO's, and more!
A review of some notable events in 2024 and a few mini essays on keys areas of interest for 2025.
2024 In Review
2024 has been an interesting year in cybersecurity. In the past year we saw…
One of the largest internet outages in history caused by a non-security issue, but that reduced the confidence in cybersecurity software, especially Crowdstrike (“I had a CEO tell me recently he wants to see alternatives to Crowdstrike because ‘messed up my summer travel plans’)
Ransomware attacks that crippled 15k dealerships in the US and affected the private healthcare of millions and millions of Americans
Wiz rejected a $23 Billion acquisition meanwhile Lacework once valued at $8B(!) was acquired for only $152.3M😲
A dismal job market SATURATED with candidates, ghost jobs, less job opportunities, and CISO’s taking pay cuts
One cybersecurity IPO ending the “longest IPO drought the cybersecurity ecosystem has seen since the 90s”
And of course… let’s not forget AI
NVIDIA trying to create a AI SOC agent but falls flat on its face with the cybersecurity community
Companies baking in AI into security products or standalone ones, but no traction yet
Predictions For 2025
Enterprise AI Privacy Will Be A Thing
I think this is probably the MOST underrated aspect for the AI market. Even though we went full tilt on non-privacy over the years with social media, some people are catching on to, “Hey, we’re training our AI overloads with our personalities?”. Funny how it was ok to give it to big corporations, but not OK to give to machines that can think for themselves or emulate us. I guess, that cross some line for people.
But more importantly, and will really drive things, is Enterprise Privacy. Working with some AI companies at the forefront of enterprise AI, I see the questionnaires and lack of understanding of AI overall from enterprise security, compliance, and privacy teams. The questionnaires are very basic, right now.
I am starting to see more intelligent AI questionnaires though. People are asking (or at least sourcing) more intelligent questions about AI overall.
For example, let’s take a look at an analysis of the recent Perplexity acquisition and announcement:
This capability allows AI systems to pull data from diverse platforms such as Google Drive, SharePoint, Notion, Slack and other enterprise applications.
This is a big deal. Of course startups are always looking to go upmarket to the Enterprise and this is a big unlock. Solutions such as this could eventually displace traditional file storage systems. Yes, there is a big need for this (dunno about you, but file organization is still a PAIN for me) especially at the enterprise level and in sectors where combing through thousands of files at a time is a manual task.
So what if there was a way to make this data private? Well, take a look at Apple’s pioneering approach towards private cloud compute.
A dedicated hardware security controller switches between Application Processor and Secure Enclave tasks, resetting Neural Engine state on each transition to keep Optic ID or Face ID data secure.
In particular take a look at:
Apple’s Secure Neural Engine part of the Secure Enclave
Apple’s use of Oblivious HTTP
What will drive this is more and more enterprises asking for this level of privacy and security for their data when using AI. Companies will demand dedicated instances, on-prem models, and AI Security & Privacy Firewalls (I just made that up)
In order to secure the confidence of Enterprise companies, there will have to be an extra layer of security and privacy assurance. This is where I see a whole new space (and market) opening up almost overnight.
In the startup space, companies such as Anjuna, Edgeless, Skyflow, and PtetectAI for example are looking to solve some of those aspects.
3-5x Security IPOs and More Acquisitions
I’m being a little overconfident here, but 3x of 1 is 3, so I’m betting at least 3 IPOs next year. Investors want their money back.
The alternative is a BUNCH of companies getting acquired or sold to PE’s, because investors want their money back.
Companies that couldn’t get funding or had poor operating models will still continue to fail and be acquired for pennies on the dollar.
I am not an expert in this space though, so I would defer to The Strategy of Security by Cole Grolmus for the latest.
The Job Market Will Warmup
This is probably the optimist in me, but I think the job market will begin to warm up. I’ve already seen some signs of this already in H2 of this year, but don’t get me wrong it will be nowhere near peak.
In fact, I don’t think we’ll see that peak for some time.
Mid level and executive jobs are opening up again. With the plethora of new startups, will come a lot of first security hires as well.
However, I am pessimistic on the entry level job market and computer science graduates altogether. CS was a HOT field, and cybersecurity even hotter, but now, no longer. Some secondary effects of the layoffs have resulted in people seeking to be vCISO’s as an alternative.
AI will affect the market in two ways.
On a more immediate basis, it will open up more and more cybersecurity roles including Heads of Security and product security engineers.
As a lagging indicator. it will result in less entry level jobs. Slowly, but more in 2026 and beyond as agentic AI matures (still a ways away).
Other Predictions
More ransomware attacks having larger impact
CISA and federal cybersecurity management falling in disarray
5 “new” categories of security software with only AI- prepended next to it
Here are some other predictions and reflections from host Adrian Sanabria and co-host Katie Teitler-Santullo on Enterprise Security Weekly.
Hope you have a wonderful Christmas, and talk soon!
Reply back and let me know how things are going with you.
Reply