During my engagements with various Private Equity and Venture Capital outlets, I see a clear shift. The questions that is showing up more and more in due diligence is no longer, “What is your AI strategy?”

It is: “How far along are you in rebuilding the company around AI?”

That is a different question.

It applies to startups and incumbents alike. It applies to security companies, SaaS vendors, MSPs, and a lot of businesses outside those markets too. The point is no longer to add a few AI features, automate one workflow, or give employees access to a chatbot. The point is to rethink how the company actually operates.

AI Should Sit Under Every Corporate Function

The companies that will look strongest over the next few years are the ones treating AI as an operating system layer across the business.

That means product development, service delivery, sales and marketing, customer success, and finance and operations are all being reworked with AI in mind. Not as separate experiments, but as connected systems.

The important shift is not “where can we use AI?” It is “how should this function work if AI is built into the process from the start?”

That usually leads to a broader redesign. Workflows get compressed. Handoffs change. Data gets linked across teams. Software that used to just record tasks between humans starts becoming an orchestration layer between people and AI agents.

AI on Top Is Not Enough

Most companies are still treating AI like a feature layer. They add a copilot. They automate a few tasks. They run a few pilots in sales or support. Then they talk as if they have become an AI company. They have not.

If AI is going to matter as much as people claim, then it cannot live in isolated tools and side projects. It has to sit underneath the company as an operating layer. Product, service delivery, sales, marketing, customer success, finance, and operations all need to be rethought with AI built in from the start.

That is the real shift. Not AI as garnish. AI as infrastructure.

In practice, this means a company’s core operating logic can no longer live in forgotten decks, static docs, and tribal memory. Vision, mission, strategic priorities, ICP, and go-to-market motions need to be embedded into the AI layer itself so teams can interact with them in daily work (literally let them chat with these pieces of information via Slack!). The system should be able to explain the strategy, test whether execution matches it, and keep the company aligned as it changes. If that layer does not exist, most companies are still operating on fragments.

This Is Now a Capital Question

This is also why the conversation is changing in private equity and VC diligence.

We are not just looking for AI messaging anymore. We are looking for evidence that the operating model is changing. Is the company shipping faster? Is service delivery getting more leverage? Are teams linked better? Is software being used to orchestrate work between humans and AI agents rather than just record tasks? Is management actually rebuilding the business, or are they still presenting AI as an add-on?

Those questions now matter directly to competitiveness.

A company that keeps the old operating model and bolts AI on top will lose to one that rebuilds around it properly. The latter will move faster, learn faster, and eventually operate at a different level of efficiency.

The Companies That Wait Will Pay For It

I think this is becoming a funding imperative.

Before raising capital, before pursuing a sale, and before the board forces the discussion, management teams need to be doing the hard work of redesigning the company around AI.

Because the market is not going to wait for slow adopters to get comfortable. The companies that embrace AI as a true operating layer will look more scalable, more durable, and more investable. The ones that do not will increasingly look like they are running yesterday’s model in a market that has already moved on.

Over the past weeks, I’ve had a series of conversations across the cybersecurity ecosystem. Founders in early-stage security startups, VC firms exploring new segments, PE groups accelerating roll-ups, MSP leaders navigating change, and friends pushing the boundaries of what AI can do.

Individually, each conversation was fascinating. Taken together, they paint a picture of where the industry is heading — and where the real opportunities are emerging.

1. Network Security Isn’t Dead at All

One of the more surprising conversations was with a founder building something genuinely innovative in network security. For years, many assumed the category had settled — but the reality is that architectures, workloads, and adversaries continue to evolve. Even the DDoS and WAF spaces are not dead. To my surprise when I worked with one of the PEs to look at the space in more detail again.

The lesson: even “mature” markets have seams where real innovation can take hold.

2. The MSP Landscape Is Vast — and Misunderstood

I spoke with a VC firm considering deeper investments in the MSP ecosystem. There’s real opportunity, but also complexity that outsiders often underestimate:

• Segmentation
• Pricing mechanics
• Packaged offerings
• Integrations into broader ecosystems
• and perhaps most importantly, helping MSPs actually sell security

Products don’t win in MSP without empathy for how MSPs operate and make money.

3. PE Roll-Ups Are Accelerating

One PE firm I talked to is running hard at the roll-up opportunity as the first generation of MSP founders, many starting in the late 90s, look to exit. Their playbook is all around optimized processes and joint buying power. While a European firm I am in touch with, is exploring consolidation not just for scale, but under a unified security platform strategy.

Two very different visions, both valid.

4. Connecting Leaders Amplifies Outcomes

A conversation with a European PE group was refreshing — they emphasize connecting portfolio company leaders so they can cross-pollinate learnings.

Having spent the past 18 months deep in my own leadership work (attending school for the past 18 months is a conversation for another day), I’ve become even more convinced that people dynamics are the highest leverage variable in cybersecurity execution. And it’s not just on the level of leadership that is being discussed widely. It’s about the differences in people and their unique styles. Again, a conversation for another day.

5. Building for MSPs Requires Being in Their Shoes

An MSP leader reminded me of a simple truth:

If you don’t understand the day-to-day realities of MSP life, you can’t build for them.

This applies to product, packaging, GTM, support, and everything in between.

6. AI: Beyond the Hype, Toward Real Value

I caught up with a friend who recently joined an AI company, and we talked about emerging approaches that leverage data inside the model and how one can connect their existing data stores to the various models. Love what they are building and I would have thought they were one of the hockey-stick companies, but it turns out, execution in a startup is hard and requires a lot of elbow greese.

The Unifying Thread

Across all these conversations, I keep coming back to one conclusion:

Security is fragmenting and converging at the same time: The biggest opportunities — for vendors, investors, and operators — are in the seams.

Ecosystems matter. Empathy matters. And clarity of execution matters more than ever.

It’s an exciting moment to be building in this industry.

At the Summa Equity Annual Investor Meeting in Oslo, I had the privilege of joining Jacob Frandsen on stage for a conversation about the state of cybersecurity and the broader forces shaping technology companies today. The dialogue revolved around four big questions. Each one central to how investors, founders, and operators should be thinking about the future:

1. Balancing Investing in Innovation vs. Delivering Profitability

“It’s not innovation or profitability. It’s knowing when and how to balance the two engines that drive growth.”

• Innovation as survival – At smaller scale, innovation is paramount and innovation creates the moat that ensures relevance. Without it, companies risk being commoditized.
• Profitability as discipline – Operational excellence, sales efficiency, and cost control are non-negotiable as you scale.
• Two-engine model – Run one engine for profitability, another to push the edge of innovation.
• AI disruption – Both of areas of profitability and innovation are nicely coming together with AI: AI applied in any are of a company are driving profitability, time to market, etc. On the other hand, entire cyber products are being rewritten with AI at the core. Missing the AI wave on either side kills your future relevance.

2. AI and Cyber: Opportunity and Risk

“AI is both a multiplier of capability and a source of new risks. Success comes from knowing when and how to use it.”

• Force multiplier – AI accelerates development, marketing, sales, detection engineering, and lowers barriers for non-experts.
• AI-led attacks – Still emerging, but attackers will adopt quickly — as defenders we must keep pace.
• Security for AI – A number of new challenges we are facing. This will likely grow into its own market, but the fundamentals (data protection, trust, governance) remain the same.

3. Defensible Positions for Emerging Cyber Companies

Especially in the light of large security platforms like Crowdstrike or Microsoft or SentinelOne, how can smaller companies and startups be relevant at all?

“In cybersecurity, defensibility isn’t just about tech.”

• Wedge strategy – Start narrow, with an overlooked market or product gap. For example, the MSP / SMB segment is still significantly underserved but presents a vast opportunity.
• Data gravity – Unique datasets become the backbone of long-term defensibility, especially with AI to mine the data and make it actionable.
• Ecosystem first – Build API-driven integrations that make you indispensable within workflows, rather than standing alone. Modern security organizations that are using one of the large platforms are still using about 20 other products to fill gaps. If those products are integrated into the larger platform it greatly reduces the complexity and ease for the operators. For the security vendors it opens up the opportunity for technology partnerships on the flip side.

4. Europe vs. US: Different Playbooks

“US is about speed and boldness; Europe is about trust and staying power — the opportunity for EU business is bridging both playbooks.”

• Speed vs. trust – US rewards rapid scaling and bold claims; Europe emphasizes trust, compliance, references, and credibility. European customers are rarely early movers on new technologies.
• Market fragmentation – Europe is highly localized; VARs and telcos dominate, with significant regional differences in regulation and go-to-market.
• Talent edge – Europe offers strong technical talent from world-class universities. ETH anyone? 🙂
• Opportunity – EU players can win by leaning into local strength; US entrants will struggle to replicate that quickly in all the markets. Adapting a product to local markets with different languages, different tax codes, cultures, labor laws, data privacy laws, etc. is a lot of work. That is why you see most US companies expand into UKI first and then slowly entering some of the countries in mainland Europe.

Closing Thoughts

The conversation reinforced for me that cybersecurity doesn’t exist in a vacuum. It intersects with innovation cycles, global talent pools, regulatory environments, and the transformative force of AI. Companies that thrive will be those that balance innovation with discipline, embrace ecosystems, and play the long game across diverse markets.

I left the stage energized. Not just by the challenges, but by the opportunities for European companies to seize if we approach them with clarity and conviction.

I had the pleasure to attend the Summa Equity Annual Investor meeting today in Oslo. It was inspiring to hear about companies in the Summa portfolio that are making a real difference. Taking a step back from day-to-day cybersecurity and business conversations, it’s refreshing to dive into themes that truly matter for humanity. At the Annual Investor Meeting in Oslo, Summa’s four investment areas came into sharp focus and they highlight both the scale of the challenges and the opportunities ahead.

Four Themes Shaping the Future

Here are the four themes that Summa invests in and some interesting facts that I gathered during the presentations:

Circularity

• Desalination as a pathway to more clean water
• How little of our waste is recycled, despite mounting pressure on resources
• The ongoing pollution of water, air, and soil and the need to stop it at the source

Sustainable Food

• The world will need ~55% more calories in the near future
• Aquaculture (fish farming) is essential if we want to feed the planet sustainably – there is not enough grass to feed the cows that we’d need to feed the world
• 26% of global greenhouse gas emissions come from the food system

Energy Transition

• Electricity demand is projected to double by 2050
• Outdated grids will struggle to keep up with demand, especially from data centers
• In Europe, electricity price volatility has surged 150% in just four years

Tech-Enabled Resilience

• Cybercrime now costs the global economy more than $10 trillion annually
• Resilience is not optional — from cybersecurity to supply chains, it underpins progress in every other theme

Why It Matters

These themes may sound broad, but they tie directly to the choices we make today. Food, water, energy, and digital resilience are the foundation of a thriving future. Hearing how Summa is approaching them — and backing real companies solving real problems — is both sobering and energizing.

As someone deeply engaged in cybersecurity, it’s eye-opening to connect that work to the bigger picture: resilience, sustainability, and how we ensure humanity thrives well into the future.

Thanks to Summa Equity for hosting such a thought-provoking gathering and for having me speak about cyber security.