Over the past weeks, I’ve had a series of conversations across the cybersecurity ecosystem. Founders in early-stage security startups, VC firms exploring new segments, PE groups accelerating roll-ups, MSP leaders navigating change, and friends pushing the boundaries of what AI can do.
Individually, each conversation was fascinating. Taken together, they paint a picture of where the industry is heading — and where the real opportunities are emerging.
1. Network Security Isn’t Dead at All
One of the more surprising conversations was with a founder building something genuinely innovative in network security. For years, many assumed the category had settled — but the reality is that architectures, workloads, and adversaries continue to evolve. Even the DDoS and WAF spaces are not dead. To my surprise when I worked with one of the PEs to look at the space in more detail again.
The lesson: even “mature” markets have seams where real innovation can take hold.
2. The MSP Landscape Is Vast — and Misunderstood
I spoke with a VC firm considering deeper investments in the MSP ecosystem. There’s real opportunity, but also complexity that outsiders often underestimate:
Segmentation
Pricing mechanics
Packaged offerings
Integrations into broader ecosystems
and perhaps most importantly, helping MSPs actually sell security
Products don’t win in MSP without empathy for how MSPs operate and make money.
3. PE Roll-Ups Are Accelerating
One PE firm I talked to is running hard at the roll-up opportunity as the first generation of MSP founders, many starting in the late 90s, look to exit. Their playbook is all around optimized processes and joint buying power. While a European firm I am in touch with, is exploring consolidation not just for scale, but under a unified security platform strategy.
Two very different visions, both valid.
4. Connecting Leaders Amplifies Outcomes
A conversation with a European PE group was refreshing — they emphasize connecting portfolio company leaders so they can cross-pollinate learnings.
Having spent the past 18 months deep in my own leadership work (attending school for the past 18 months is a conversation for another day), I’ve become even more convinced that people dynamics are the highest leverage variable in cybersecurity execution. And it’s not just on the level of leadership that is being discussed widely. It’s about the differences in people and their unique styles. Again, a conversation for another day.
5. Building for MSPs Requires Being in Their Shoes
An MSP leader reminded me of a simple truth:
If you don’t understand the day-to-day realities of MSP life, you can’t build for them.
This applies to product, packaging, GTM, support, and everything in between.
6. AI: Beyond the Hype, Toward Real Value
I caught up with a friend who recently joined an AI company, and we talked about emerging approaches that leverage data inside the model and how one can connect their existing data stores to the various models. Love what they are building and I would have thought they were one of the hockey-stick companies, but it turns out, execution in a startup is hard and requires a lot of elbow greese.
The Unifying Thread
Across all these conversations, I keep coming back to one conclusion:
Security is fragmenting and converging at the same time: The biggest opportunities — for vendors, investors, and operators — are in the seams.
Ecosystems matter. Empathy matters. And clarity of execution matters more than ever.
It’s an exciting moment to be building in this industry.
At the Summa Equity Annual Investor Meeting in Oslo, I had the privilege of joining Jacob Frandsen on stage for a conversation about the state of cybersecurity and the broader forces shaping technology companies today. The dialogue revolved around four big questions. Each one central to how investors, founders, and operators should be thinking about the future:
1. Balancing Investing in Innovation vs. Delivering Profitability
“It’s not innovation or profitability. It’s knowing when and how to balance the two engines that drive growth.”
Innovation as survival – At smaller scale, innovation is paramount and innovation creates the moat that ensures relevance. Without it, companies risk being commoditized.
Profitability as discipline – Operational excellence, sales efficiency, and cost control are non-negotiable as you scale.
Two-engine model – Run one engine for profitability, another to push the edge of innovation.
AI disruption – Both of areas of profitability and innovation are nicely coming together with AI: AI applied in any are of a company are driving profitability, time to market, etc. On the other hand, entire cyber products are being rewritten with AI at the core. Missing the AI wave on either side kills your future relevance.
2. AI and Cyber: Opportunity and Risk
“AI is both a multiplier of capability and a source of new risks. Success comes from knowing when and how to use it.”
Force multiplier – AI accelerates development, marketing, sales, detection engineering, and lowers barriers for non-experts.
AI-led attacks – Still emerging, but attackers will adopt quickly — as defenders we must keep pace.
Security for AI – A number of new challenges we are facing. This will likely grow into its own market, but the fundamentals (data protection, trust, governance) remain the same.
3. Defensible Positions for Emerging Cyber Companies
Especially in the light of large security platforms like Crowdstrike or Microsoft or SentinelOne, how can smaller companies and startups be relevant at all?
“In cybersecurity, defensibility isn’t just about tech.”
Wedge strategy – Start narrow, with an overlooked market or product gap. For example, the MSP / SMB segment is still significantly underserved but presents a vast opportunity.
Data gravity – Unique datasets become the backbone of long-term defensibility, especially with AI to mine the data and make it actionable.
Ecosystem first – Build API-driven integrations that make you indispensable within workflows, rather than standing alone. Modern security organizations that are using one of the large platforms are still using about 20 other products to fill gaps. If those products are integrated into the larger platform it greatly reduces the complexity and ease for the operators. For the security vendors it opens up the opportunity for technology partnerships on the flip side.
4. Europe vs. US: Different Playbooks
“US is about speed and boldness; Europe is about trust and staying power — the opportunity for EU business is bridging both playbooks.”
Speed vs. trust – US rewards rapid scaling and bold claims; Europe emphasizes trust, compliance, references, and credibility. European customers are rarely early movers on new technologies.
Market fragmentation – Europe is highly localized; VARs and telcos dominate, with significant regional differences in regulation and go-to-market.
Talent edge – Europe offers strong technical talent from world-class universities. ETH anyone? 🙂
Opportunity – EU players can win by leaning into local strength; US entrants will struggle to replicate that quickly in all the markets. Adapting a product to local markets with different languages, different tax codes, cultures, labor laws, data privacy laws, etc. is a lot of work. That is why you see most US companies expand into UKI first and then slowly entering some of the countries in mainland Europe.
Closing Thoughts
The conversation reinforced for me that cybersecurity doesn’t exist in a vacuum. It intersects with innovation cycles, global talent pools, regulatory environments, and the transformative force of AI. Companies that thrive will be those that balance innovation with discipline, embrace ecosystems, and play the long game across diverse markets.
I left the stage energized. Not just by the challenges, but by the opportunities for European companies to seize if we approach them with clarity and conviction.
I had the pleasure to attend the Summa Equity Annual Investor meeting today in Oslo. It was inspiring to hear about companies in the Summa portfolio that are making a real difference. Taking a step back from day-to-day cybersecurity and business conversations, it’s refreshing to dive into themes that truly matter for humanity. At the Annual Investor Meeting in Oslo, Summa’s four investment areas came into sharp focus and they highlight both the scale of the challenges and the opportunities ahead.
Four Themes Shaping the Future
Here are the four themes that Summa invests in and some interesting facts that I gathered during the presentations:
Circularity
Desalination as a pathway to more clean water
How little of our waste is recycled, despite mounting pressure on resources
The ongoing pollution of water, air, and soil and the need to stop it at the source
Sustainable Food
The world will need ~55% more calories in the near future
Aquaculture (fish farming) is essential if we want to feed the planet sustainably – there is not enough grass to feed the cows that we’d need to feed the world
26% of global greenhouse gas emissions come from the food system
Energy Transition
Electricity demand is projected to double by 2050
Outdated grids will struggle to keep up with demand, especially from data centers
In Europe, electricity price volatility has surged 150% in just four years
Tech-Enabled Resilience
Cybercrime now costs the global economy more than $10 trillion annually
Resilience is not optional — from cybersecurity to supply chains, it underpins progress in every other theme
Why It Matters
These themes may sound broad, but they tie directly to the choices we make today. Food, water, energy, and digital resilience are the foundation of a thriving future. Hearing how Summa is approaching them — and backing real companies solving real problems — is both sobering and energizing.
As someone deeply engaged in cybersecurity, it’s eye-opening to connect that work to the bigger picture: resilience, sustainability, and how we ensure humanity thrives well into the future.
Thanks to Summa Equity for hosting such a thought-provoking gathering and for having me speak about cyber security.
